function mystery_log_violation($code, $message = '')
{
// This function process a serious error/violation
global $_MYSTERY;
$types['Red'] = 'Spoofed User';
$types['Orange'] = 'Spoofed File';
$types['Yellow'] = 'Spoofed Action';
$types['Green'] = 'Illegal Query';
$types['Blue'] = 'Virus Upload';
$types['Purple'] = 'Spoofed Table';
$types['Brown'] = 'Illegal Many To Many Addition';
ob_start();
echo "SERVER: ";
print_r($_SERVER);
echo "SESSION: ";
print_r($_SESSION);
echo "REQUEST: ";
print_r($_REQUEST);
$context = ob_get_contents();
ob_end_clean();
$table = $_MYSTERY['table_prefix'] . 'security_log';
$data['exception_type'] = $types[$code] . ' - ' . $message;
$data['exception_code'] = $code;
$data['user_id'] = $_SESSION['user_id'];
$data['user_ip_address'] = $_SERVER['REMOTE_ADDR'];
$data['user_action'] = $_REQUEST['action'];
$data['user_time'] = date('Y-m-d h:i:s');
$data['user_request'] = $_SERVER['REQUEST_URI'];
$data['user_variables'] = $context;
$log_id = mystery_insert_query($table, $data, 'record_id');
// Prepare error string
$error_parts = array();
while (list($key, $value) = each($data)) {
$error_parts[] .= ucwords(str_replace('_', ' ', $key)) . ': ' . $value;
}
$error_string = implode("\n", $error_parts) . "\n\n";
mystery_log_error_to_file('security_log', $error_string);
// make them wait a couple seconds so they won't automate the attack
sleep(2);
mystery_header();
echo '
<h1>Access Denied</h1>
<p>Sorry, but the account you arelogged in as cannot perform the requested action. (<em>Code: ', $code, '</em>)</p>
';
mystery_display_admin_contact_info();
if ($code == 'Blue') {
echo '<p>The file you tried to upload is infected with a <strong>virus</strong>.
Please <strong>disinfect the file</strong> and try again.</p>
<p><code>', $_MYSTERY['virus_feedback'], '</code></p>';
}
mystery_footer();
}
function mystery_simple_error_handler($type, $message, $file, $line, $context)
{
// This function replaces the built in PHP error handler in a very simple way to display a nice message to the user
global $_MYSTERY;
// Check to see if this error was prepended with @
if (error_reporting() == 0) {
return;
}
$nice_types[E_NOTICE] = 'PHP Notice';
$nice_types[E_USER_NOTICE] = 'Application Notice';
$nice_types[E_WARNING] = 'PHP Warning';
$nice_types[E_USER_WARNING] = 'Application Warning';
$nice_types[E_USER_ERROR] = 'Application Fatal Error';
if (defined('E_STRICT')) {
$nice_types[E_STRICT] = 'PHP Code Needs Update';
}
if (defined('E_RECOVERABLE_ERROR')) {
$nice_types[E_RECOVERABLE_ERROR] = 'Recoverable Application Error';
}
$now = date('Y-m-d h:i:s');
$error_parts = array();
$error_parts[] = 'Date: ' . $now;
$error_parts[] = 'Type: ' . $nice_types[$type];
$error_parts[] = 'Message: ' . $message;
$error_parts[] = 'File: ' . $file;
$error_parts[] = 'Line: ' . $line;
$error_string = implode("\n", $error_parts) . "\n\n";
if (!defined('E_STRICT') || $type != E_STRICT) {
mystery_log_error_to_file('error_log', $error_string);
}
switch ($type) {
case E_NOTICE:
case E_USER_NOTICE:
if (@$_SESSION['is_administrator'] == 'yes') {
echo '<p style="background-color: #CEFFB5;">Notice: ', nl2br($error_string), '</p>';
}
break;
case E_WARNING:
case E_USER_WARNING:
if (@$_SESSION['is_administrator'] == 'yes') {
echo '<p style="background-color: #FCFFB5;">Warning: ', nl2br($error_string), '</p>';
}
break;
case E_USER_ERROR:
//mystery_header();
if (@$_SESSION['is_administrator'] == 'yes') {
echo '<p style="background-color: #FFB5B5;">Fatal Error: ', nl2br($error_string), '</p>';
// The following outputs way too much data. Uncomment if you must.
// echo '<pre style="background-color: #FFB5B5;">' . print_r($context) . '</pre>';
} else {
echo '
<h1>An Unexpected Error Occurred</h1>
<p>We regret than an unexpected error has occurred. The error has been logged
and the administrator of the system will look into it as soon as possible.</p>
';
mystery_display_admin_contact_info();
}
//mystery_footer();
exit;
break;
}
}
