/**
* Builds the file integrity table
*
*/
public static function buildFileIntegrity()
{
$files = array();
// Extensions to fetch, an empty array will return all extensions
$ext = array("php", "html");
// Directories to ignore, an empty array will check all directories
$skip = array();
// Build profile
$dir = new RecursiveDirectoryIterator(FROOT);
$iter = new RecursiveIteratorIterator($dir);
while ($iter->valid()) {
// Skip unwanted directories
if (!$iter->isDot() && !in_array($iter->getSubPath(), $skip)) {
// get specific file extensions
if (!empty($ext)) {
// PHP 5.3.4: if (in_array($iter->getExtension(), $ext)) {
if (in_array(pathinfo($iter->key(), PATHINFO_EXTENSION), $ext)) {
$files[$iter->key()] = hash_file("sha1", $iter->key());
}
} else {
// ignore file extensions
$files[$iter->key()] = hash_file("sha1", $iter->key());
}
}
$iter->next();
}
// Add hashes to databases
openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), null, 5, 1, "File integrity hash table built");
foreach ($files as $k => $v) {
$sql = "INSERT INTO integrity_hashes (file_path,file_hash) VALUES ('" . $k . "','" . $v . "')";
openRailwayCore::dbQuery($sql);
}
}
<?php
if (isset($_GET['action']) && $_GET['action'] == 'deleteall') {
$sql = "DELETE FROM `log` WHERE `security_relevant` = '1'";
$result = openRailwayCore::dbQuery($sql);
openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 1, 1, 'User deleted all security log entries');
header("Location: " . ROOT . "admincp/index.php?module=log_err");
}
$main = new Template();
$main->set_custom_template("includes/", 'default');
$main->assign_var('ROOT', ROOT);
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$main->assign_block_vars('if_linkback', '');
} elseif (isset($_GET['int'])) {
$sql = "SELECT * FROM `log` WHERE `interaction_identifier` = '" . $_GET['int'] . "' ORDER BY `event_id` DESC";
$result = openRailwayCore::dbQuery($sql);
$main->assign_block_vars('if_linkback', '');
$main->assign_block_vars('if_table_display', '');
while ($event = mysql_fetch_assoc($result)) {
if (isset($event)) {
$main->assign_var('SUBTITLE', "Viewing interaction " . $_GET['int']);
$main->assign_block_vars('log_err', array('ID' => $event['event_id'], 'TIME' => date("d-M-Y H:i:s", $event['event_timestamp']), 'SEV' => $event['event_severity'], 'INTID' => $event['interaction_identifier'], 'IP' => $event['source_ip'], 'SUA' => $event['source_user_agent'], 'DESC' => $event['description']));
}
}
} else {
$sql = "SELECT * FROM `log` WHERE `security_relevant` = '1' ORDER BY `event_id` DESC";
$result = openRailwayCore::dbQuery($sql);
$main->assign_block_vars('if_table_display', '');
while ($event = mysql_fetch_assoc($result)) {
if (isset($event)) {
$main->assign_block_vars('log_err', array('ID' => $event['event_id'], 'TIME' => date("d-M-Y H:i:s", $event['event_timestamp']), 'SEV' => $event['event_severity'], 'INTID' => $event['interaction_identifier'], 'IP' => $event['source_ip'], 'SUA' => $event['source_user_agent'], 'DESC' => $event['description']));
case "account":
Authentication::blockPageToVisitors();
// Account actions
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case "deactivate":
// Deactivates account
if (isset($_SESSION['user_id'])) {
Authentication::deactivateUser($_SESSION['user_id']);
}
break;
case "update":
// Update user details - AJAX implementation
if (isset($_POST['fname']) && isset($_POST['mname']) && isset($_POST['sname']) && isset($_POST['address']) && isset($_POST['dob']) && isset($_POST['mphone']) && isset($_POST['wphone']) && isset($_POST['hphone']) && isset($_POST['email'])) {
openRailwayCore::dbQuery("UPDATE `staff_master` SET `first_name` = '" . $_POST['fname'] . "', `middle_name` = '" . $_POST['mname'] . "', `surname` = '" . $_POST['sname'] . "', `date_of_birth` = '" . $_POST['dob'] . "', `address` = '" . $_POST['address'] . "', `email` = '" . $_POST['email'] . "', `home_phone` = '" . $_POST['hphone'] . "', `mobile_phone` = '" . $_POST['mphone'] . "', `work_phone` = '" . $_POST['wphone'] . "' WHERE `staff_id` = '" . $_SESSION['staff_id'] . "'");
openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 5, 0, "User (SID: " . $_SESSION['staff_id'] . ") own profile updated");
} else {
header("Location: " . ROOT . "user.php?mode=account");
}
break;
case "changepassword":
if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && isset($_POST['confirmpassword'])) {
// Change password code
}
break;
default:
header("Location: " . ROOT . "user.php?mode=account");
break;
}
}
$result = openRailwayCore::dbQuery("SELECT * FROM `staff_master` WHERE `staff_id` = '" . $_SESSION['staff_id'] . "'");
/**
* Reinstates a user account
* @param integer $uid The user account to reinstate
*/
public static function reinstateUser($uid)
{
$sql = "UPDATE `users` SET `suspended` = '0' WHERE user_id = '" . $uid . "'";
$result = openRailwayCore::dbQuery($sql);
openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 5, 1, "User (UID: " . $uid . ") reinstated by user (UID: " . $_SESSION['user_id'] . ")");
}
