From 9ffe0e777ce0b2cd9f9fd6ff52390d826c368db5 Mon Sep 17 00:00:00 2001
From: x2003bruneau <x2003bruneau@839d8a87-29fc-0310-9880-83ba4fa771e5>
Date: Sun, 4 Mar 2007 10:47:21 +0000
Subject: [PATCH] Fix SUID logging. PHP5-ise CoreLogger

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1543 839d8a87-29fc-0310-9880-83ba4fa771e5
---
 classes/corelogger.php       | 23 +++++++++++++----------
 include/xorg/session.inc.php |  2 +-
 modules/platal.php           |  6 +++---
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/classes/corelogger.php b/classes/corelogger.php
index ef6940c..c4b909b 100644
--- a/classes/corelogger.php
+++ b/classes/corelogger.php
@@ -19,13 +19,14 @@
  */
 
 
-class CoreLogger {
+class CoreLogger
+{
     /** user id */
-    var $uid;
+    private $uid;
     /** id of the session */
-    var $session;
+    private $session;
     /** list of available actions */
-    var $actions;
+    private $actions;
 
     /** The constructor, creates a new entry in the sessions table
      *
@@ -33,7 +34,8 @@ class CoreLogger {
      * @param $suid the id of the administrator who has just su'd to the user
      * @return VOID
      */
-    function CoreLogger($uid, $suid='') {
+    public function __construct($uid, $suid = null)
+    {
         // write the session entry
         $this->uid     = $uid;
         $this->session = $this->writeSession($uid, $suid);
@@ -52,7 +54,7 @@ class CoreLogger {
      * @param $suid the id of the administrator who has just su'd to the user
      * @return session the session id
      */
-    function writeSession($uid, $suid = null)
+    private function writeSession($uid, $suid = null)
     {
         $ip      = $_SERVER['REMOTE_ADDR'];
         $host    = strtolower(gethostbyaddr($_SERVER['REMOTE_ADDR']));
@@ -69,7 +71,7 @@ class CoreLogger {
         }
 
         XDB::execute("INSERT INTO logger.sessions
-                     SET uid={?}, host={?}, ip={?}, forward_ip={?}, forward_host={?}, browser={?}, suid={?}, flags={?}",
+                         SET uid={?}, host={?}, ip={?}, forward_ip={?}, forward_host={?}, browser={?}, suid={?}, flags={?}",
                      $uid, $host, $ip, $forward_ip, $forward_host, $browser, $suid, $proxy);
 
         return XDB::insertId();
@@ -82,13 +84,14 @@ class CoreLogger {
      * @param $data les données (id de liste, etc.)
      * @return VOID
      */
-    function log($action, $data = null) {
+    public function log($action, $data = null)
+    {
         if (isset($this->actions[$action])) {
             XDB::execute("INSERT INTO logger.events
-                         SET session={?}, action={?}, data={?}",
+                             SET session={?}, action={?}, data={?}",
                          $this->session, $this->actions[$action], $data);
         } else {
-            echo "unknown action : $action<br />";
+            trigger_error("CoreLogger: unknown action, $action", E_USER_WARNING);
         }
     }
 }
diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php
index a5383b3..90731e0 100644
--- a/include/xorg/session.inc.php
+++ b/include/xorg/session.inc.php
@@ -238,7 +238,7 @@ function start_connexion ($uid, $identified)
     $suid = S::v('suid');
 
     if ($suid) {
-        $logger = new CoreLogger($uid, $suid);
+        $logger = new CoreLogger($uid, $suid['uid']);
         $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
         $sess['suid'] = $suid;
         $sess['perms'] = $_SESSION['perms'];
diff --git a/modules/platal.php b/modules/platal.php
index a462e79..0c51235 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -178,9 +178,9 @@ class PlatalModule extends PLModule
             $_SESSION['password'] = $password = Post::v('response2');
 
             XDB::execute('UPDATE  auth_user_md5 
-                                       SET  password={?}
-                                     WHERE  user_id={?}', $password,
-                                     S::v('uid'));
+                             SET  password={?}
+                           WHERE  user_id={?}', $password,
+                           S::v('uid'));
 
             $log =& S::v('log');
             $log->log('passwd', '');
-- 
2.1.4