diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2013-10-29 02:26:45 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2013-10-29 02:26:45 +0000 |
| commit | 7322419072402e8095d4bc8e9523375f33a89a4f (patch) | |
| tree | d3d19d8a7749544cf36cddb5c251cb515bf3e9a3 | |
| parent | 9e90326fc8bf264adeaa11d459e319dcf6526b9b (diff) | |
| download | acf-weblog-7322419072402e8095d4bc8e9523375f33a89a4f.tar.bz2 acf-weblog-7322419072402e8095d4bc8e9523375f33a89a4f.tar.xz | |
Add sourcename to viewweblog and ability to filter on sourcename
Also fix bug where boolean defaults were ignored in viewweblog, caused by using handle_clientdata
| -rw-r--r-- | weblog-controller.lua | 1 | ||||
| -rw-r--r-- | weblog-model.lua | 54 | ||||
| -rw-r--r-- | weblog-viewweblog-html.lsp | 2 |
3 files changed, 41 insertions, 16 deletions
diff --git a/weblog-controller.lua b/weblog-controller.lua index c3e47bd..54f3936 100644 --- a/weblog-controller.lua +++ b/weblog-controller.lua @@ -38,7 +38,6 @@ function mymodule.viewweblog(self) local retval = self.handle_form(self, self.model.getweblogparameters, self.model.getweblog, self.clientdata, "Update", "Display Weblog") -- We want to get the weblog even if form wasn't submitted if not self.clientdata.submit then - self.handle_clientdata(retval, self.clientdata) retval = self.model.getweblog(self, retval) end return retval diff --git a/weblog-model.lua b/weblog-model.lua index 103948d..7ca9c2c 100644 --- a/weblog-model.lua +++ b/weblog-model.lua @@ -286,7 +286,7 @@ local groompublogs = function() logme("Deleted " .. res .. " old records from pubweblog_history") end -local generatewhereclause = function(clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, selected) +local generatewhereclause = function(clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, selected, sourcename) local sql = "" local where = {} if clientuserid and clientuserid ~= "" then @@ -319,6 +319,13 @@ local generatewhereclause = function(clientuserid, starttime, endtime, clientip, if selected then where[#where+1] = "selected = 'true'" end + if sourcename and #sourcename > 0 then + tmp = {} + for i,s in pairs(sourcename) do + tmp[#tmp+1] = "sourcename = '"..escape(s).."'" + end + where[#where+1] = "("..table.concat(tmp, " OR ")..")" + end if #where > 0 then sql = " WHERE " .. table.concat(where, " AND ") @@ -327,11 +334,11 @@ local generatewhereclause = function(clientuserid, starttime, endtime, clientip, return sql end -local listlogentries = function(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected) +local listlogentries = function(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, sourcename) local entries = {} -- retrieve a cursor local sql = "SELECT * FROM "..escape(activelog) - sql = sql .. generatewhereclause(clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, selected) + sql = sql .. generatewhereclause(clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, selected, sourcename) sql = sql .. " ORDER BY "..escape(sortby) cur = assert (con:execute(sql)) row = cur:fetch ({}, "a") @@ -1098,6 +1105,7 @@ end local validateweblogparameters = function(params) local success = modelfunctions.validateselect(params.value.activelog) success = modelfunctions.validateselect(params.value.sortby) and success + success = modelfunctions.validatemulti(params.value.sourcename) and success if params.value.clientip.value ~= "" and string.find(params.value.clientip.value, "[^%d%.]") then params.value.clientip.errtxt = "Invalid IP Address" success = false @@ -1132,22 +1140,38 @@ local validateweblogparameters = function(params) return success end -function mymodule.getweblogparameters() +function mymodule.getweblogparameters(self, clientdata) local c = mymodule.getconfig() local result = {} result.activelog = cfe({ type="select", value="pubweblog", option={"pubweblog", "pubweblog_history"}, label="Active Weblog", seq=1 }) result.starttime = cfe({ value=c.value.auditstart.value, label="Start Time", seq=2 }) result.endtime = cfe({ value=c.value.auditend.value, label="End Time", seq=3 }) - result.clientuserid = cfe({ value="", label="User ID", seq=4 }) - result.clientip = cfe({ value="", label="Client IP", seq=5 }) - result.urisearch = cfe({ value="", label="URI Contains", descr="Retrieve records where the URI contains this word", seq=6 }) - result.score = cfe({ value=c.value.score.value, label="Minimum Score", descr="Minimum score to search on", seq=7 }) - result.sortby = cfe({ type="select", value=c.value.sortby.value, option=c.value.sortby.option, label="Sort By field", descr="Sort by this field when displaying records", seq=8 }) - result.badyesno = cfe({ type="boolean", value=c.value.badyesno.value, label="Show Suspect Records", descr="Limit search to records marked as suspect", seq=9 }) - result.deniedyesno = cfe({ type="boolean", value=c.value.deniedyesno.value, label="Show Denied Records", descr="Limit search to Denied URIs", seq=10 }) - result.bypassyesno = cfe({ type="boolean", value=c.value.bypassyesno.value, label="Show Bypass Records", descr="Limit search to Bypass attempts", seq=11 }) - result.selected = cfe({ type="boolean", value=false, label="Show Selected Records", descr="Limit search to records that have been selected", seq=12 }) - result.focus = cfe({ value="", label="Focus Time", seq=13 }) + result.sourcename = cfe({ type="multi", value={}, label="Source", option={}, seq=4 }) + result.clientuserid = cfe({ value=clientdata.clientuserid or "", label="User ID", seq=5 }) + result.clientip = cfe({ value=clientdata.clientip or "", label="Client IP", seq=6 }) + result.urisearch = cfe({ value="", label="URI Contains", descr="Retrieve records where the URI contains this word", seq=7 }) + result.score = cfe({ value=c.value.score.value, label="Minimum Score", descr="Minimum score to search on", seq=8 }) + result.sortby = cfe({ type="select", value=c.value.sortby.value, option=c.value.sortby.option, label="Sort By field", descr="Sort by this field when displaying records", seq=9 }) + result.badyesno = cfe({ type="boolean", value=c.value.badyesno.value, label="Show Suspect Records", descr="Limit search to records marked as suspect", seq=10 }) + result.deniedyesno = cfe({ type="boolean", value=c.value.deniedyesno.value, label="Show Denied Records", descr="Limit search to Denied URIs", seq=11 }) + result.bypassyesno = cfe({ type="boolean", value=c.value.bypassyesno.value, label="Show Bypass Records", descr="Limit search to Bypass attempts", seq=12 }) + result.selected = cfe({ type="boolean", value=false, label="Show Selected Records", descr="Limit search to records that have been selected", seq=13 }) + result.focus = cfe({ value="", label="Focus Time", seq=14 }) + + -- Get the source options + local res, err = pcall(function() + databaseconnect(DatabaseUser) + local sources = listsourceentries() + for i,s in ipairs(sources) do + result.sourcename.value[#result.sourcename.value + 1] = s.sourcename + result.sourcename.option[#result.sourcename.option + 1] = s.sourcename + end + databasedisconnect() + end) + if err and not res then + result.source.errtxt = err + end + return cfe({ type="group", value=result, label="Weblog Access Log" }) end @@ -1159,7 +1183,7 @@ function mymodule.getweblog(self, result) if success then local res, err = pcall(function() databaseconnect(DatabaseUser) - result.value.log.value = listlogentries(result.value.activelog.value, result.value.clientuserid.value, result.value.starttime.value, result.value.endtime.value, result.value.clientip.value, result.value.badyesno.value, result.value.deniedyesno.value, result.value.bypassyesno.value, result.value.score.value, result.value.urisearch.value, result.value.sortby.value, result.value.selected.value ) or {} + result.value.log.value = listlogentries(result.value.activelog.value, result.value.clientuserid.value, result.value.starttime.value, result.value.endtime.value, result.value.clientip.value, result.value.badyesno.value, result.value.deniedyesno.value, result.value.bypassyesno.value, result.value.score.value, result.value.urisearch.value, result.value.sortby.value, result.value.selected.value, result.value.sourcename.value ) or {} databasedisconnect() end) if not res then diff --git a/weblog-viewweblog-html.lsp b/weblog-viewweblog-html.lsp index e7f1a6a..51c158d 100644 --- a/weblog-viewweblog-html.lsp +++ b/weblog-viewweblog-html.lsp @@ -145,6 +145,7 @@ for i,watch in ipairs(subdata) do end %> <TH><input type="checkbox" id="chkHead"<% if checkhead then %> checked<% end %>></TH> <TH>Timestamp</TH> + <TH>Source</TH> <TH>Client IP</TH> <TH>User ID</TH> <TH>Size</TH> @@ -174,6 +175,7 @@ end %> "&endtime="..os.date("%Y-%m-%d %H:%M:%S", time + 60*(tonumber(data.value.window.value))).. "&focus="..watch.logdatetime, label=watch.logdatetime} %></TD> + <TD> <%= html.html_escape(watch.sourcename) %></TD> <TD <% if data.value.clientip.value == watch.clientip then %> style="font-weight:bold;" <% end %> ><%= html.html_escape(watch.clientip) %></TD> <TD <% if data.value.clientuserid.value == watch.clientuserid then %> style="font-weight:bold;" <% end %> ><%= html.html_escape(watch.clientuserid) %></TD> <TD><%= html.html_escape(watch.bytes) %></TD> |