/** Return ID of currently logged in user or NULL if no user is logged in. */ public static function get_user_id() { static $cached_result = false; if ($cached_result !== false) { return $cached_result; } $cookie_name = Settings::get('OC_COOKIE_NAME'); if (!isset($_COOKIE[$cookie_name])) { return null; } $OC_data = unserialize(base64_decode($_COOKIE[$cookie_name])); if (!isset($OC_data['sessionid'])) { return null; } $OC_sessionid = $OC_data['sessionid']; if (!$OC_sessionid) { return null; } return Db::select_value("\n select sys_sessions.user_id\n from sys_sessions, user\n where sys_sessions.uuid = '" . Db::escape_string($OC_sessionid) . "'\n and user.user_id = sys_sessions.user_id\n and user.is_active_flag = 1\n "); }
static function escape_string ($value) { // Escape the string for MySQL return mysql_real_escape_string(Db::escape_string($value)); }
/** * Log detailed geocache data access * @param OkapiRequest $request * @param mixed $cache_ids An index based array of geocache ids, or a single geocache id. * The parameter MUST contain only valid, non duplicated geocache ids. */ public static function log_geocache_access(OkapiRequest $request, $cache_ids) { if (Settings::get('OCPL_ENABLE_GEOCACHE_ACCESS_LOGS') !== true) { return; } if (Settings::get('OC_BRANCH') == 'oc.pl') { // TODO: can we use the _SERVER global here? or should we make them abstract, and // pass along with request object? $remote_addr_escaped = "'" . Db::escape_string($_SERVER['REMOTE_ADDR']) . "'"; $user_agent_escaped = isset($_SERVER['HTTP_USER_AGENT']) ? "'" . Db::escape_string($_SERVER['HTTP_USER_AGENT']) . "'" : "null"; $forwarded_for_escaped = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? "'" . Db::escape_string($_SERVER['HTTP_X_FORWARDED_FOR']) . "'" : "null"; $consumer_key_escaped = "'" . Db::escape_string($request->consumer->key) . "'"; $original_caller_escaped = "'" . Db::escape_string(self::get_original_caller()) . "'"; $user_id = null; if ($request->token != null) { $user_id = $request->token->user_id; } $user_id_escaped = $user_id === null ? "null" : "'" . Db::escape_string($user_id) . "'"; if (is_array($cache_ids)) { if (count($cache_ids) == 1) { $cache_ids_where = "= '" . Db::escape_string($cache_ids[0]) . "'"; } else { $cache_ids_where = "in ('" . implode("','", array_map('\\okapi\\Db::escape_string', $cache_ids)) . "')"; } } else { $cache_ids_where = "= '" . Db::escape_string($cache_ids) . "'"; } $sql = "\n select cache_id\n from CACHE_ACCESS_LOGS cal\n where\n cache_id {$cache_ids_where}" . ($user_id === null ? " and cal.user_id is null" : " and cal.user_id = {$user_id_escaped}") . "\n and cal.source = 'O'\n and cal.event = {$original_caller_escaped}\n and cal.okapi_consumer_key = {$consumer_key_escaped}\n and date_sub(now(), interval 1 hour) < cal.event_date "; if ($user_id === null) { $sql .= " and cal.ip_addr = {$remote_addr_escaped} "; $sql .= isset($_SERVER['HTTP_USER_AGENT']) ? " and cal.user_agent = {$user_agent_escaped} " : " and cal.user_agent is null "; } $already_logged_cache_ids = Db::select_column($sql); unset($cache_ids_where); unset($sql); // check, if all the geocaches has already been logged if (is_array($cache_ids) && count($already_logged_cache_ids) == count($cache_ids) || !is_array($cache_ids) && count($already_logged_cache_ids) == 1) { return; } if (is_array($cache_ids)) { $tmp = array(); foreach ($cache_ids as $cache_id) { $tmp[$cache_id] = true; } foreach ($already_logged_cache_ids as $cache_id) { unset($tmp[$cache_id]); } if (count($tmp) <= 0) { return; } $cache_ids_filterd = array_keys($tmp); unset($tmp); } else { $cache_ids_filterd = $cache_ids; } if (is_array($cache_ids_filterd)) { if (count($cache_ids_filterd) == 1) { $cache_ids_where = "= '" . Db::escape_string($cache_ids_filterd[0]) . "'"; } else { $cache_ids_where = "in ('" . implode("','", array_map('\\okapi\\Db::escape_string', $cache_ids_filterd)) . "')"; } } else { $cache_ids_where = "= '" . Db::escape_string($cache_ids_filterd) . "'"; } Db::execute("\n insert into CACHE_ACCESS_LOGS (event_date, cache_id, user_id, source, event, ip_addr,\n user_agent, forwarded_for, okapi_consumer_key)\n select\n now(), cache_id, {$user_id_escaped}, 'O',\n {$original_caller_escaped}, {$remote_addr_escaped}, {$user_agent_escaped}, {$forwarded_for_escaped},\n {$consumer_key_escaped}\n from caches\n where cache_id {$cache_ids_where}\n "); } }