/**
* Write output to the debug log
* Use this for debugging when echo statements would come before headers are sent
* or would create havoc in the HTML.
* Creates (or adds to) a file named debug.log which is located in the zenphoto core folder
*
* @param string $message the debug information
* @param bool $reset set to true to reset the log to zero before writing the message
* @param string $log alternative log file
*/
function debugLog($message, $reset = false, $log = 'debug')
{
if (defined('SERVERPATH')) {
global $_zp_mutex;
$path = SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '.log';
$me = getmypid();
if (is_object($_zp_mutex)) {
$_zp_mutex->lock();
}
if ($reset || ($size = @filesize($path)) == 0 || defined('DEBUG_LOG_SIZE') && DEBUG_LOG_SIZE && $size > DEBUG_LOG_SIZE) {
if (!$reset && $size > 0) {
switchLog('debug');
}
$f = fopen($path, 'w');
if ($f) {
if (!class_exists('zpFunctions') || zpFunctions::hasPrimaryScripts()) {
$clone = '';
} else {
$clone = ' ' . gettext('clone');
}
fwrite($f, '{' . $me . ':' . gmdate('D, d M Y H:i:s') . " GMT} ZenPhoto20 v" . ZENPHOTO_VERSION . $clone . "\n");
}
} else {
$f = fopen($path, 'a');
if ($f) {
fwrite($f, '{' . $me . ':' . gmdate('D, d M Y H:i:s') . " GMT}\n");
}
}
if ($f) {
fwrite($f, " " . $message . "\n");
fclose($f);
clearstatcache();
if (defined('DATA_MOD')) {
@chmod($path, DATA_MOD);
}
}
if (is_object($_zp_mutex)) {
$_zp_mutex->unlock();
}
}
}
/**
* Does the log handling
*
* @param int $success
* @param string $user
* @param string $name
* @param string $ip
* @param string $type
* @param string $authority kind of login
* @param string $addl more info
*/
private static function Logger($success, $user, $name, $action, $authority, $addl = NULL)
{
global $_zp_authority, $_zp_mutex;
$pattern = '~^([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])$~';
$forwardedIP = NULL;
$ip = sanitize($_SERVER['REMOTE_ADDR']);
if (!preg_match($pattern, $ip)) {
$ip = NULL;
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$forwardedIP = sanitize($_SERVER['HTTP_X_FORWARDED_FOR']);
if (preg_match($pattern, $forwardedIP)) {
$ip .= ' {' . $forwardedIP . '}';
}
}
$admin = $_zp_authority->getMasterUser();
$locale = $admin->getLanguage();
if (empty($locale)) {
$locale = 'en_US';
}
$cur_locale = getUserLocale();
setupCurrentLocale($locale);
// the log will be in the language of the master user.
switch ($action) {
case 'clear_log':
$type = gettext('Log reset');
break;
case 'delete_log':
$type = gettext('Log deleted');
break;
case 'download_log':
$type = gettext('Log downloaded');
break;
case 'setup_install':
$type = gettext('Install');
$addl = gettext('version') . ' ' . ZENPHOTO_VERSION . '[' . ZENPHOTO_RELEASE . "]";
if (!zpFunctions::hasPrimaryScripts()) {
$addl .= ' ' . gettext('clone');
}
break;
case 'setup_proptect':
$type = gettext('Protect setup scripts');
break;
case 'user_new':
$type = gettext('Request add user');
break;
case 'user_update':
$type = gettext('Request update user');
break;
case 'user_delete':
$type = gettext('Request delete user');
break;
case 'XSRF_blocked':
$type = gettext('Cross Site Reference');
break;
case 'blocked_album':
$type = gettext('Album access');
break;
case 'blocked_access':
$type = gettext('Admin access');
break;
case 'Front-end':
$type = gettext('Guest login');
break;
case 'Back-end':
$type = gettext('Admin login');
break;
case 'auth_cookie':
$type = gettext('Authorization cookie check');
break;
default:
$type = $action;
break;
}
$file = SERVERPATH . '/' . DATA_FOLDER . '/security.log';
$max = getOption('security_log_size');
$_zp_mutex->lock();
if ($max && @filesize($file) > $max) {
switchLog('security');
}
$preexists = file_exists($file) && filesize($file) > 0;
$f = fopen($file, 'a');
if ($f) {
if (!$preexists) {
// add a header
fwrite($f, gettext('date' . "\t" . 'requestor’s IP' . "\t" . 'type' . "\t" . 'user ID' . "\t" . 'user name' . "\t" . 'outcome' . "\t" . 'authority' . "\tadditional information\n"));
}
$message = date('Y-m-d H:i:s') . "\t";
$message .= $ip . "\t";
$message .= $type . "\t";
$message .= $user . "\t";
$message .= $name . "\t";
switch ($success) {
case 0:
$message .= gettext("Failed") . "\t";
break;
case 1:
$message .= gettext("Success") . "\t";
$message .= substr($authority, 0, strrpos($authority, '_auth'));
break;
case 2:
$message .= gettext("Blocked") . "\t";
break;
default:
$message .= $success . "\t";
}
if ($addl) {
$message .= "\t" . $addl;
}
fwrite($f, $message . "\n");
fclose($f);
clearstatcache();
if (!$preexists) {
@chmod($file, 0660 & CHMOD_VALUE);
if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
$permission = fileperms($file) & 0700;
// on Windows owner==group==public
$check = $permission != 0600 & CHMOD_VALUE;
} else {
$permission = fileperms($file) & 0777;
$check = $permission != 0660 & CHMOD_VALUE;
}
if ($check) {
$f = fopen($file, 'a');
fwrite($f, "\t\t" . gettext('Set Security log permissions') . "\t\t\t" . gettext('Failed') . "\t\t" . sprintf(gettext('File permissions of Security log are %04o'), $permission) . "\n");
fclose($f);
clearstatcache();
}
}
}
$_zp_mutex->unlock();
setupCurrentLocale($cur_locale);
// restore to whatever was in effect.
}
