From cbea4778efc9a187f5f6b61c21e284a01c00887a Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Fri, 5 Aug 2016 11:57:04 +0200
Subject: [PATCH] Implement logging. Closes #67

---
 img/delete.png          | Bin 0 -> 3167 bytes
 img/delete_inverted.png | Bin 0 -> 278 bytes
 includes/misc.inc.php   |  49 +++++++++++++++++-
 index.php               | 109 +++++++++++++++++++++++++++++++++++++++-
 zones.php               |  19 +++++--
 5 files changed, 168 insertions(+), 9 deletions(-)
 create mode 100644 img/delete.png
 create mode 100644 img/delete_inverted.png

diff --git a/img/delete.png b/img/delete.png
new file mode 100644
index 0000000000000000000000000000000000000000..f4c24dbc76713e3be268390e57c45dd7391200f5
GIT binary patch
literal 3167
zcmd5<O>7%Q6kdWTB~a)IQ9$izdjstKi~m-35_{KaEb0(BP8*OwS?^BlA?satcAPjl
z&{7Z-DHn=3qH;sxfK+aXLwe|?94K7jP^knVRiL6GAtVsx?XJCDCk852LPU=3oq6y3
zzW3(MoAEpIbH@&hKRM2E+=0rhUW3nr{{Q}c@P6c%+Xlxyyh!RxY^i!&HQjd7u-pbt
z_Szko=eYb-uVa|2n4t!45~sl5{Ct~7#47M7Q&q9r(Qu2*Zc@CkIafC~SIwNoPfd>J
zdny35F*8uFZ9AUYEARoX3g7)<fk%M}TP^TKpAaoo=aJ@8j3$zDQcjp+T0to#sifqz
zJn<ZoMKLRg89@;fQdX5@Rm!6NA3r&c^3+;UYx+!|4xS2pi?NO>2<z+X$#o^^(xxEg
zaydbi1zApjMZ()~n9)l(-ccVS#L%&4Qqp0>b&!u~G~6yL@I1_;K6t0)GS_RloruEm
z`dNeg3DLA5B}F0bSm`ix0`lUA8TkU28Hn?kCB!WP_aJ*iAmAVQ4)OMk&K^cEu2%oq
zyxksx_gHxi;_c^dB!O4o=wP9SJ-16uTwcQtI~otuG9&*^m)b#amMLHxx53l{k<t()
zh^&!ji+PdTNLm`$gq~53)nb>mT<Xoc9`V-<s);hB6N*jd(m>T6Ta99iKyZFVG(n1u
zR}2#;VbOLO>ITDL4DV3qvM7lOQG!=s6<;E?;xKI6z|}SEW7zSRwL^fpNsSN_VpFS7
z@0P&~A2kN2)MZIk6jf556(v;^1N30Q)E6LD;uyB>nq5C<6}`a2OwuBjn#yF;MM=@J
z(o9A#OH!^}EagN!BWAM2ncPG%26K<@6~|+SW8wij0rs?Bp3xK~UChj6efF#@Y2}HM
ztYykd8bkye3FU{96lBt+nhU$lWEE${4K~xT4JlewBW$C<&r_q>#X%Toug$#aT98F4
zE%q}u!bW2haI{Tqwonasx(%C{Bk{^@gV-ls3QcI$m>y9QyTKP}-+V*~34RYj`EUhi
zi3jz!5e$WmWdWZGpTb9*1W7<B*l;Q&Ca7M|Si@GRbudLnEW=$D0jLSV*IO7iMpVag
zT@qC}tER+Q;YG$~%W#^0-3xx7_Uo1pBkMQFdlOzNrFA_kih3!m-eL~=x>6R4lAKaX
zGx~7odxXP|kt9`4{rAHEweW|QbC>XuTm3FFo)`QhXizzMVQ+2aEmLI#I$5mJiZ&ar
zH2>UEZCF<5A_)tcUe{*)<Z!v86^bz;CLDVnW+Aan`lx}70c>6v;`9}G-NviX1Y;UX
zMsrxhqz^p|JJ<-5QOg{j51$4|0d1VfC${dK)-m#d(x_rbC!pRU9)cHZ^#fm_ZW}=x
zj~xtm(&G7fNup5_2Yi9V-I9Enrhk^WG$wJdrjf+SqK$ioV_}M(Cmx)YYonM3ZUIvq
z)n^G0$Qa2$S41*84?%w>YZ$Iy?Y8T9sK^*4jc#xUnsc3mKaQzM3>(e4NXL|{84Mh}
zQ4$BFfy9_3zcJQ=BV1kdj3%yQ+V=iGV*gHE7-H;J2$I7wxNX8kSBP%9@DSaVu>%d1
z!cF+`WADENx9CHxyu=pV6}E0r%!L=;N*l6J!-lnS>I%+-(T5eiSnqw)u+EHWn)VvP
z+~ot)KVCZXl+9g#=!dHpruJVKZ``<XOOfSC?$ZaJn0@fb()7-??bBDjeq?NH3)M93
zyTWJ5<u@<Z7Z-28_wnz){`BqEaq-IwQ>QQe24;_5{t9i4?d<IQ`G&YvJ@?kd7nk>O
z_n*J-gX+1%&OY?^Gcb7g=~vEtq@Or(;{3w(o7c7vz5DXduV4Oyt6k*|E_084|Hb}k
S`_@_icR{5*r+-pfKKmEWwAmH_

literal 0
HcmV?d00001

diff --git a/img/delete_inverted.png b/img/delete_inverted.png
new file mode 100644
index 0000000000000000000000000000000000000000..0b05aebaf357c9a122c99e3318da4a0d571d50c7
GIT binary patch
literal 278
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`Y)RhkE)4%caKYZ?lYt_f1s;*b
z3=G`DAk4@xYmNj^kiEpy*OmPN2P>zn`Bb|fzCfYHo-U3d7N_q{-pG4cLBLhMVA0m)
z3;JdpSe)9@Gf8w)1Gl+HNMh5DGUr(dHzz7Jt=8E8^L^KEs|#}<EiII>e!w!PvGM#a
zCh_-wc^!N&UwJy`y@UVmG)9ACGMQ{IL>)LD7M3uDY8;ypy?bu4*K{Wr0l_WT4x8&K
z{oXPq$WQa>AyfT5$0U*~p3nLpec)R-_w_&K^ETu?+N5)KcE;M!+nmpiRnK6Y7xclV
Uu7_K*1?XG`Pgg&ebxsLQ01W_ZFaQ7m

literal 0
HcmV?d00001

diff --git a/includes/misc.inc.php b/includes/misc.inc.php
index d626789..e0cfc2e 100644
--- a/includes/misc.inc.php
+++ b/includes/misc.inc.php
@@ -128,6 +128,7 @@ function do_db_auth($u, $p) {
     $db->close();
 
     if ($userinfo and $userinfo['password'] and (crypt($p, $userinfo['password']) === $userinfo['password'])) {
+        writelog('Succesful login.');
         return TRUE;
     }
 
@@ -151,6 +152,11 @@ function add_user($username, $isadmin = FALSE, $password = '') {
     $ret = $q->execute();
     $db->close();
 
+    if ($isadmin) {
+        writelog("Added user $username as admin.");
+    } else {
+        writelog("Added user $username.");
+    }
     return $ret;
 }
 
@@ -166,11 +172,13 @@ function update_user($username, $isadmin, $password) {
         $q = $db->prepare('UPDATE users SET isadmin = ?, password = ? WHERE emailaddress = ?');
         $q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER);
         $q->bindValue(2, $password, SQLITE3_TEXT);
-        $q->bindValue(3, $username, SQLITE3_TEXT); 
+        $q->bindValue(3, $username, SQLITE3_TEXT);
+        writelog("Updating password and/or settings for $username. Admin: ".(int)(bool)$isadmin);
     } else {
         $q = $db->prepare('UPDATE users SET isadmin = ? WHERE emailaddress = ?');
         $q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER);
         $q->bindValue(2, $username, SQLITE3_TEXT); 
+        writelog("Updating settings for $username. Admin: ".(int)(bool)$isadmin);
     }
     $ret = $q->execute();
     $db->close();
@@ -178,13 +186,14 @@ function update_user($username, $isadmin, $password) {
     return $ret;
 }
 
-function delete_user($id) {
+function delete_user($username) {
     $db = get_db();
     $q = $db->prepare('DELETE FROM users WHERE id = ?');
     $q->bindValue(1, $id, SQLITE3_INTEGER);
     $ret = $q->execute();
     $db->close();
 
+    writelog("Deleted user $username.");
     return $ret;
 }
 
@@ -242,7 +251,43 @@ function user_template_names() {
     return $templatenames;
 }
 
+function getlogs() {
+    $db = get_db();
+    $r = $db->query('SELECT * FROM logs ORDER BY timestamp DESC');
+    $ret = array();
+    while ($row = $r->fetchArray(SQLITE3_ASSOC)) {
+        array_push($ret, $row);
+    }
 
+    return $ret;
+}
+
+function clearlogs() {
+    $db = get_db();
+    $q = $db->query('DELETE FROM logs;');
+    $db->close();
+    writelog("Logtable truncated.");
+}
+
+function writelog($line) {
+    try {
+        $db = get_db();
+        $q = $db->prepare('CREATE TABLE IF NOT EXISTS logs (
+            id INTEGER PRIMARY KEY,
+            user TEXT NOT NULL,
+            log TEXT NOT NULL,
+            timestamp DATETIME DEFAULT CURRENT_TIMESTAMP);');
+        $ret = $q->execute();
+
+        $q = $db->prepare('INSERT INTO logs (user, log) VALUES (:user, :log)');
+        $q->bindValue(':user', get_sess_user(), SQLITE3_TEXT);
+        $q->bindValue(':log', $line, SQLITE3_TEXT);
+        $q->execute();
+        $db->close();
+    } catch (Exception $e) {
+        return jtable_respond(null, 'error', $e->getMessage());
+    }
+}
 
 /* This function was taken from https://gist.github.com/rsky/5104756 to make
 it available on older php versions. Thanks! */
diff --git a/index.php b/index.php
index d7a45f5..8729849 100644
--- a/index.php
+++ b/index.php
@@ -113,6 +113,9 @@ if ($blocklogin === TRUE) {
 <div id="wrap">
     <div id="dnssecinfo">
     </div>
+    <div id="clearlogs" style="display: none;">
+        Are you sure you want to clear all the logs? Maybe save them first?
+    </div>
     <div id="menu" class="jtable-main-container <?php if ($menutype === 'horizontal') { ?>horizontal<?php } ?>">
         <div class="jtable-title menu-title">
             <div class="jtable-title-text">
@@ -123,6 +126,7 @@ if ($blocklogin === TRUE) {
             <li><a href="#" id="zoneadmin">Zones</a></li>
             <?php if (is_adminuser()) { ?>
                 <li><a href="#" id="useradmin">Users</a></li>
+                <li><a href="#" id="logadmin">Logs</a></li>
             <?php } ?>
             <li><a href="#" id="aboutme">About me</a></li>
             <li><a href="index.php?logout=1">Logout</a></li>
@@ -148,6 +152,9 @@ if ($blocklogin === TRUE) {
     <div id="users">
         <div class="tables" id="Users"></div>
     </div>
+    <div id="logs">
+        <div class="tables" id="Logs"></div>
+    </div>
     <?php } ?>
 
     <div id="AboutMe">
@@ -847,26 +854,39 @@ $(document).ready(function () {
     });
 
     <?php if (is_adminuser()) { ?>
+    $('#Logs').hide();
     $('#Users').hide();
     $('#AboutMe').hide();
     $('#aboutme').click(function () {
+        $('#Logs').hide();
         $('#Users').hide();
         $('#MasterZones').hide();
         $('#SlaveZones').hide();
         $('#AboutMe').show();
     });
     $('#useradmin').click(function () {
-        $('#Users').show();
+        $('#Logs').hide();
         $('#MasterZones').hide();
         $('#SlaveZones').hide();
         $('#AboutMe').hide();
+        $('#Users').jtable('load');
+        $('#Users').show();
     });
     $('#zoneadmin').click(function () {
+        $('#Logs').hide();
         $('#Users').hide();
         $('#AboutMe').hide();
         $('#MasterZones').show();
         $('#SlaveZones').show();
     });
+    $('#logadmin').click(function () {
+        $('#Users').hide();
+        $('#AboutMe').hide();
+        $('#MasterZones').hide();
+        $('#SlaveZones').hide();
+        $('#Logs').jtable('load');
+        $('#Logs').show();
+    });
     $('#Users').jtable({
         title: 'Users',
         paging: true,
@@ -910,7 +930,92 @@ $(document).ready(function () {
             $("#SlaveZones").jtable('reload');
         }
     });
-    $('#Users').jtable('load');
+
+    $('#Logs').jtable({
+        title: 'Logs',
+        paging: true,
+        pageSize: 20,
+        sorting: false,
+        actions: {
+            listAction: 'logs.php?action=list',
+            deleteAction: 'logs.php?action=delete',
+        },
+        messages: {
+            deleteConfirmation: 'This entry will be deleted. Are you sure?'
+        },
+        toolbar: {
+            hoverAnimation: true,
+            hoverAnimationDuration: 60,
+            hoverAnimationEasing: undefined,
+            items: [
+                {
+                    icon: 'img/delete_inverted.png',
+                    text: 'Clear logs',
+                    click: function() {
+                        $("#clearlogs").dialog({
+                            modal: true,
+                            title: "Clear all logs",
+                            width: 'auto',
+                            buttons: {
+                                Ok: function() {
+                                    $.get("logs.php?action=clear");
+                                    $( this ).dialog( "close" );
+                                    $('#Logs').jtable('load');
+                                },
+                                Cancel: function() {
+                                    $( this ).dialog( "close" );
+                                    return false;
+                                }
+                            }
+                        });
+                    }
+                },
+                {
+                    icon: 'img/export.png',
+                    text: 'Save logs',
+                    click: function () {
+                        var $zexport = $.get("logs.php?action=export", function(data) {
+                            console.log(data);
+                            blob = new Blob([data], { type: 'text/plain' });
+                            var dl = document.createElement('a');
+                            dl.addEventListener('click', function(ev) {
+                                dl.href = URL.createObjectURL(blob);
+                                dl.download = 'nseditlogs.txt';
+                            }, false);
+
+                            if (document.createEvent) {
+                                var event = document.createEvent("MouseEvents");
+                                event.initEvent("click", true, true);
+                                dl.dispatchEvent(event);
+                            }
+                        });
+                    }
+                }
+                ],
+        },
+        fields: {
+            id: {
+                title: 'key',
+                key: true,
+                type: 'hidden'
+            },
+            user: {
+                title: 'User',
+                width: '10%',
+                display: displayContent('user'),
+            },
+            log: {
+                title: 'Log',
+                width: '80%',
+                display: displayContent('log'),
+            },
+            timestamp: {
+                title: 'Timestamp',
+                width: '10%',
+                display: displayContent('timestamp')
+            }
+        }
+    });
     <?php } ?>
     $('#MasterZones').jtable('load');
     $('#SlaveZones').jtable('load');
diff --git a/zones.php b/zones.php
index 20d5abf..a794cb2 100644
--- a/zones.php
+++ b/zones.php
@@ -188,9 +188,6 @@ case "listrecords":
     $zone = new Zone();
     $zone->parse($zonedata);
     $records = $zone->rrsets2records();
-    foreach ($records as &$record) {
-        $record['id'] = json_encode($record);
-    }
     if (isset($_GET['jtSorting'])) {
         list($scolumn, $sorder) = preg_split("/ /", $_GET['jtSorting']);
         switch ($scolumn) {
@@ -218,6 +215,7 @@ case "delete":
     $api->deletezone($_POST['id']);
 
     delete_db_zone($zone['name']);
+    writelog("Deleted zone ".$zone['name']);
     jtable_respond(null, 'delete');
     break;
 
@@ -302,6 +300,7 @@ case "create":
     }
 
     $zone = $api->savezone($zone->export());
+    writelog("Created zone ".$zone['name']);
     jtable_respond($zone, 'single');
     break;
 
@@ -327,6 +326,7 @@ case "update":
         }
     }
 
+    writelog("Updated zone ".$zone->name);
     jtable_respond($api->savezone($zone->export()), 'single');
     break;
 
@@ -363,6 +363,7 @@ case "createrecord":
     $record = $zone->addRecord($name, $type, $content, $_POST['disabled'], $_POST['ttl'], $_POST['setptr']);
     $api->savezone($zone->export());
 
+    writelog("Created record: ".$record['id']);
     jtable_respond($record, 'single');
     break;
 
@@ -378,8 +379,9 @@ case "editrecord":
 
     $api->savezone($zone->export());
 
-    $record['id'] = json_encode($record);
-    jtable_respond($zone->getRecord($_POST['name'], $_POST['type'], $_POST['content']), 'single');
+    $record = $zone->getRecord($_POST['name'], $_POST['type'], $_POST['content']);
+    writelog("Updated record ".$_POST['id']." to ".$record['id']);
+    jtable_respond($record, 'single');
     break;
 
 case "deleterecord":
@@ -392,10 +394,12 @@ case "deleterecord":
 
     $api->savezone($zone->export());
 
+    writelog("Deleted record ".$_POST['id']);
     jtable_respond(null, 'delete');
     break;
 
 case "export":
+    writelog("Exported zone ".$_GET['zoneid']);
     jtable_respond($api->exportzone($_GET['zoneid']), 'single');
     break;
 
@@ -403,6 +407,10 @@ case "clone":
     $name = $_POST['destname'];
     $src  = $_POST['sourcename'];
 
+    if (!string_ends_with($name, '.')) {
+        $name = $name.".";
+    }
+
     if (!_valid_label($name)) {
         jtable_respond(null, 'error', "Invalid destination zonename");
     }
@@ -424,6 +432,7 @@ case "clone":
     }
     $zone = $api->savezone($srczone->export());
 
+    writelog("Cloned zone $src into $name");
     jtable_respond($zone, 'single');
     break;