/** * Used for logging our admin actions to our Avatar commit log * @param string $userid SteamID for the user taking the action. This will match $adminid for grant/revoke requests * @param string $adminid SteamID for the admin that granted the action * @param string $assignedname requested name for avatar * @param string $event one of the actions our users can take, 'add', 'delete', 'granting', 'gravatar', 'revoke', 'upload', 'error' */ function writeAvatarLog($userid, $adminid, $assignedname, $event) { global $avatarKeyPath; // userid should be 0 for file uploads and gravatar emails $steamID = is_numeric($userid) ? $userid : 0; // adminid should be 0 for ILLEGAL events $adminAuth = is_numeric($adminid) ? $adminid : 0; // assigned name should report the string given to the script (to log dodgy attempts) $eventName = sanitiseName($assignedname); // event should be a verb like: add/delete/gravtar etc $actionVerbs = array('add', 'delete', 'granting', 'gravatar', 'revoke', 'upload', 'error'); $event = in_array($event, $actionVerbs) ? $event : "error"; $logMsg = $steamID . ':' . $adminAuth . ':' . $eventName . ':' . $event . ':' . time() . "\n"; $logFile = $avatarKeyPath . '/logfile'; $value = file_put_contents($logFile, $logMsg, FILE_APPEND | LOCK_EX); }
$action = "Revoke Avatar Permission"; $requestedName = sanitiseName($_GET['name']); $requestedPath = $avatarKeyPath . '/' . $requestedName; if (file_exists($requestedPath) and !is_dir($requestedPath)) { writeAvatarLog(0, $me, $requestedName, 'revoke'); $body = "<p>Revoked permission for the user {$requestedName}.</p>"; unlink($requestedPath); } else { $style = "panel-danger"; $body = "<p>Can not revoke permission for the user {$requestedName}.</p>"; } } // are we supplying query for delete + name? → write to log, delete image if (isset($_GET['delete']) and isset($_GET['name'])) { $action = "Remove Avatar"; $requestedName = sanitiseName($_GET['name']); $originalPath = $avatarFilePath . '/original/' . $requestedName . '.png'; $requestedPath = $avatarFilePath . '/' . $requestedName . '.png'; if (file_exists($requestedPath) and !is_dir($requestedPath)) { if (file_exists($originalPath) and !is_dir($originalPath)) { unlink($originalPath); } writeAvatarLog(0, $me, $requestedName, 'delete'); $body = "<p>Removed avatar file for user {$requestedName}.</p>"; unlink($requestedPath); } else { // fancy this message up. $style = "panel-danger"; $body = "<p>Can not remove avatar file for user {$requestedName}.</p>"; } }