[svn r22205] Added tracking/logging of admin activity see FS#842

17 years ago · 258acfea64
parent ed2ff5f77b
commit 258acfea64
10 changed files with 216 additions and 19 deletions
--- a/documentation/changelog.html
+++ b/documentation/changelog.html
@ -131,6 +131,7 @@ calendar_event table, instead this value is 0.</li>
  <li>Improvements to the User profile</li>
  <li>Improvements to the Learning path display view (no more frames)</li>     
  <li>Added HTML Purifier</li>
+  <li>Added tracking/logging of admin activity FS#842</li>
 </ul>
 <br />
 <h3>Debugging</h3>
--- a/main/admin/settings.php
+++ b/main/admin/settings.php
@ -1,4 +1,4 @@
-<?php // $Id: settings.php 22019 2009-07-13 06:16:38Z ivantcholakov $
+<?php // $Id: settings.php 22205 2009-07-17 21:11:52Z cfasanando $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -279,7 +279,14 @@ if (!empty($_GET['category']) and !in_array($_GET['category'], array('Plugins',
 				}
 			}
 		}
-		header('Location: settings.php?action=stored&category='.$_GET['category']);
+		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();		
+		$category = $_GET['category']; 		
+		event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, $time, $user_id);
+		
+		header('Location: settings.php?action=stored&category='.Security::remove_XSS($_GET['category']));
 		exit;
 	}
 }
@ -394,7 +401,13 @@ function handle_plugins()

 	if (isset($_POST['submit_plugins']))
 	{
-		store_plugins();
+		store_plugins();		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();		
+		$category = $_GET['category']; 		
+		event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, $time, $user_id);
+
 		Display :: display_normal_message(get_lang('SettingsStored'));
 	}

@ -581,6 +594,13 @@ function handle_stylesheets()
 		$picture_element = & $form->getElement('new_stylesheet');
 		$picture = $picture_element->getValue();
 		upload_stylesheet($values, $picture);
+		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();		
+		$category = $_GET['category']; 		
+		event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, $time, $user_id);
+		
 		Display::display_confirmation_message(get_lang('StylesheetAdded'));
 	}
 	else 
@ -874,9 +894,22 @@ function handle_templates()

 	if ($_GET['action'] == 'add' OR ( $_GET['action'] == 'edit' AND is_numeric($_GET['id']))) {
 		add_edit_template();
+		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();		
+		$category = $_GET['category']; 		
+		event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, $time, $user_id);
+		
 	} else {
 		if ($_GET['action'] == 'delete' and is_numeric($_GET['id'])) {
 			delete_template($_GET['id']);
+			
+			// add event to system log		
+			$time = time();
+			$user_id = api_get_user_id();		
+			$category = $_GET['category']; 		
+			event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, $time, $user_id);
 		}
 		display_templates();
 	}
--- a/main/admin/statistics/index.php
+++ b/main/admin/statistics/index.php
@ -49,6 +49,7 @@ require_once ('statistics.lib.php');

 $strCourse  = get_lang('Courses');
 $strUsers = get_lang('Users');
+$strSystem = get_lang('System');


 $tools[$strCourse]['action=courses'] = get_lang('CountCours');
@ -64,6 +65,7 @@ $tools[$strUsers]['action=logins&amp;type=day'] = get_lang('Logins').' ('.get_la
 $tools[$strUsers]['action=logins&amp;type=hour'] = get_lang('Logins').' ('.get_lang('PeriodHour').')';
 $tools[$strUsers]['action=pictures'] = get_lang('CountUsers').' ('.get_lang('UserPicture').')';

+$tools[$strSystem]['action=activities'] = get_lang('ImportantActivities');


 echo '<table><tr>';
@ -133,6 +135,9 @@ switch($_GET['action'])
 	case 'pictures':
 		statistics::print_user_pictures_stats();
 		break;
+	case 'activities':	 		
+		statistics::print_activities_stats();		
+		break;
 }

 Display::display_footer();
--- a/main/admin/statistics/statistics.lib.php
+++ b/main/admin/statistics/statistics.lib.php
@ -80,6 +80,62 @@ class Statistics
 		$obj = Database::fetch_object($res);
 		return $obj->number;
 	}
+	
+		/**
+	 * Count activities from track_e_default_table 
+	 * @return int Number of activities counted
+	 */
+	function get_number_of_activities()
+	{		
+		// Database table definitions
+		$track_e_default 	= Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_DEFAULT);		
+		
+		$sql = "SELECT count(default_id) AS total_number_of_items FROM $track_e_default ";				
+		$res = api_sql_query($sql, __FILE__, __LINE__);
+		$obj = Database::fetch_object($res);
+		return $obj->total_number_of_items;
+	}
+		
+	/**
+	 * Get activities data to display
+	 */
+	function get_activities_data($from, $number_of_items, $column, $direction)
+	{
+		global $dateTimeFormatLong;
+		$track_e_default 	= Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_DEFAULT);
+		$table_user = Database::get_main_table(TABLE_MAIN_USER);
+		$table_course = Database::get_main_table(TABLE_MAIN_COURSE);
+		
+		$sql = "SELECT
+				 	default_event_type  as col0,
+					default_value_type	as col1,
+					default_value		as col2,																
+					user.username 	as col3, 					
+					default_date 	as col4									
+				FROM $track_e_default track_default, $table_user user
+				WHERE track_default.default_user_id = user.user_id ";
+				
+		if (isset($_GET['keyword'])) {
+		$keyword = Database::escape_string($_GET['keyword']);
+		$sql .= " AND (user.username LIKE '%".$keyword."%' OR default_event_type LIKE '%".$keyword."%' OR default_value_type LIKE '%".$keyword."%' OR default_value LIKE '%".$keyword."%') ";
+		}		
+						 				 
+		if (!empty($column) && !empty($direction)) {						 				 
+			$sql .=	" ORDER BY col$column $direction"; 
+		} else {
+			$sql .=	" ORDER BY col4 DESC ";
+		}
+		$sql .=	" LIMIT $from,$number_of_items ";				
+											
+		$res = api_sql_query($sql, __FILE__, __LINE__);
+		$activities = array ();
+		while ($row = Database::fetch_row($res)) {
+			$row[4] = api_ucfirst(format_locale_date($dateTimeFormatLong,strtotime($row[4])));
+			$activities[] = $row;
+		}		
+		return $activities;
+	}
+		
 	/**
 	 * Get all course categories
 	 * @return array All course categories (code => name)
@ -159,7 +215,7 @@ class Statistics
 								<td align="right">'.$number_label.'</td>';
 			if($show_total)
 			{
-				echo '<td align="right"> '.number_format(100*$number/$total, 1, ',', '.').'%</td>';
+				echo '<td align="right"> '.($total>0?number_format(100*$number/$total, 1, ',', '.'):'0').'%</td>';
 			}
 			echo '</tr>';
 			$i ++;
@ -274,6 +330,43 @@ class Statistics
 		$result[get_lang('Yes')] = $count2->n; // #users with picture
 		Statistics::print_stats(get_lang('CountUsers').' ('.get_lang('UserPicture').')',$result,true);
 	}
+	
+	function print_activities_stats() {				
+		
+		echo '<h4>'.get_lang('ImportantActivities').'</h4>';
+				
+		// Create a search-box
+		$form = new FormValidator('search_simple','get',api_get_path(WEB_CODE_PATH).'admin/statistics/index.php?action=activities','','width=200px',false);
+		$renderer =& $form->defaultRenderer();
+		$renderer->setElementTemplate('<span>{element}</span> ');
+		$form->addElement('hidden','action','activities');
+		$form->addElement('hidden','activities_direction','DESC');
+		$form->addElement('hidden','activities_column','4');		
+		$form->addElement('text','keyword',get_lang('keyword'));
+		$form->addElement('style_submit_button', 'submit', get_lang('SearchActivities'),'class="search"');							 
+		echo '<div class="actions">';		
+			$form->display();				
+		echo '</div>';
+		
+				
+		$table = new SortableTable('activities', array('Statistics','get_number_of_activities'), array('Statistics','get_activities_data'),4,50,'DESC');
+		$parameters = array();
+		
+		$parameters['action'] = 'activities';		
+		if (isset($_GET['keyword'])) {
+			$parameters['keyword'] = Security::remove_XSS($_GET['keyword']);
+		}
+		
+		$table->set_additional_parameters($parameters);											
+		$table->set_header(0, get_lang('EventType'));
+		$table->set_header(1, get_lang('DataType'));
+		$table->set_header(2, get_lang('Value'));		
+		$table->set_header(3, get_lang('Username'));
+		$table->set_header(4, get_lang('Date'));		
+		$table->display();
+		
+	}
+	
 	/**
 	 * Shows statistics about the time of last visit to each course.
 	 */
--- a/main/inc/lib/add_course.lib.inc.php
+++ b/main/inc/lib/add_course.lib.inc.php
@ -2381,6 +2381,13 @@ function register_course($courseSysCode, $courseScreenCode, $courseRepository, $
 		} else {
 			UrlManager::add_course_to_url($courseSysCode,1);
 		}
+		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();				
+		event_system(LOG_COURSE_CREATE, LOG_COURSE_CODE, $courseSysCode, $time, $user_id, $courseSysCode);
+		
+		
 	}
 	return 0;
 }
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -79,7 +79,7 @@
 		Configuration files
 -----------------------------------------------------------
 */
-include_once (api_get_path(CONFIGURATION_PATH).'add_course.conf.php');
+require_once api_get_path(CONFIGURATION_PATH).'add_course.conf.php';

 /*
 -----------------------------------------------------------
@ -88,8 +88,8 @@ include_once (api_get_path(CONFIGURATION_PATH).'add_course.conf.php');
 -----------------------------------------------------------
 */

-include_once (api_get_path(LIBRARY_PATH).'database.lib.php');
-include_once (api_get_path(LIBRARY_PATH).'add_course.lib.inc.php');
+require_once api_get_path(LIBRARY_PATH).'database.lib.php';
+require_once api_get_path(LIBRARY_PATH).'add_course.lib.inc.php';

 /*
 -----------------------------------------------------------
@ -317,6 +317,12 @@ class CourseManager {
 		} else {
 			$sql = "DELETE FROM $table_course_user WHERE user_id IN (".$user_ids.") AND course_code = '".$course_code."'";
 			api_sql_query($sql, __FILE__, __LINE__);
+			
+			// add event to system log		
+			$time = time();
+			$user_id = api_get_user_id();				
+			event_system(LOG_UNSUBSCRIBE_USER_FROM_COURSE, LOG_COURSE_CODE, $course_code, $time, $user_id);
+			
 		}
 	}

@ -411,6 +417,12 @@ class CourseManager {
 											status    = '".$status."',
 											sort  =   '". ($course_sort)."'";
 					$result = @api_sql_query($add_course_user_entry_sql, __FILE__, __LINE__);
+					
+					
+					// add event to system log		
+					$time = time();
+					$user_id = api_get_user_id();				
+					event_system(LOG_SUBSCRIBE_USER_TO_COURSE, LOG_COURSE_CODE, $course_code, $time, $user_id);										
 					}
 					if ($result) {
 						return true;
@ -1661,6 +1673,12 @@ class CourseManager {
 				}
 			}
 		}
+		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();				
+		event_system(LOG_COURSE_DELETE, LOG_COURSE_CODE, $code, $time, $user_id, $code);
+		
 	}

 	/**
--- a/main/inc/lib/events.lib.inc.php
+++ b/main/inc/lib/events.lib.inc.php
@ -1,4 +1,4 @@
-<?php // $Id: events.lib.inc.php 21091 2009-05-29 19:58:15Z juliomontoya $
+<?php // $Id: events.lib.inc.php 22205 2009-07-17 21:11:52Z cfasanando $
 /* See license terms in /dokeos_license.txt */
 /**
 ==============================================================================
@ -625,21 +625,21 @@ function event_system($event_type, $event_value_type, $event_value, $timestamp =
 		$course_code = '';
 	}

-	$sql = "INSERT INTO ".$TABLETRACK_DEFAULT."
+	$sql = "INSERT INTO $TABLETRACK_DEFAULT
 				(default_user_id,
 				 default_cours_code,
-				 default_date, .
+				 default_date,
 				 default_event_type,
 				 default_value_type,
 				 default_value
 				 )
 				 VALUES
-					('".$user_id."',
-					'".$course_code."',
-					FROM_UNIXTIME(".$timestamp.")," .
-					"'$event_type'," .
-					"'$event_value_type'," .
-					"'$event_value')";
+					('$user_id.',
+					'$course_code',
+					FROM_UNIXTIME($timestamp),
+					'$event_type',
+					'$event_value_type',
+					'$event_value')";
 	$res = api_sql_query($sql,__FILE__,__LINE__);
 	return true;
 }
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -176,6 +176,22 @@ define('INTL_INSTALLED', function_exists('intl_get_error_code'));	// intl extens
 define('ICONV_INSTALLED', function_exists('iconv'));				// iconv extension, for PHP5 on Windows it is installed by default.
 define('MBSTRING_INSTALLED', function_exists('mb_strlen'));			// mbstring extension.

+// event logs types
+define('LOG_COURSE_DELETE', 'course_deleted');
+define('LOG_COURSE_CREATE', 'course_created');
+define('LOG_USER_DELETE', 'user_deleted');
+define('LOG_USER_CREATE', 'user_created');
+define('LOG_SESSION_CREATE', 'session_created');
+define('LOG_SESSION_DELETE', 'session_deleted');
+define('LOG_SESSION_DELETE', 'session_deleted');
+define('LOG_CONFIGURATION_SETTINGS_CHANGE', 'settings_changed');
+define('LOG_SUBSCRIBE_USER_TO_COURSE', 'user_subscribed');
+define('LOG_UNSUBSCRIBE_USER_FROM_COURSE', 'user_unsubscribed');
+// event logs data types
+define('LOG_COURSE_CODE', 'course_code');
+define('LOG_USER_ID', 'user_id');
+define('LOG_SESSION_ID', 'session_id');
+define('LOG_CONFIGURATION_SETTINGS_CATEGORY', 'settings_category');
 /*
 ==============================================================================
 		MAIN API EXTENSIONS
--- a/main/inc/lib/sessionmanager.lib.php
+++ b/main/inc/lib/sessionmanager.lib.php
@ -75,6 +75,12 @@ class SessionManager {
 			} else {
 				api_sql_query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".Database::escape_string($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")",__FILE__,__LINE__);
 				$id_session=Database::get_last_insert_id();	
+								
+				// add event to system log		
+				$time = time();
+				$user_id = api_get_user_id();				
+				event_system(LOG_SESSION_CREATE, LOG_SESSION_ID, $id_session, $time, $user_id);
+
 				return $id_session; 
 			}
 		}
@ -231,6 +237,12 @@ class SessionManager {
 				}	
 			}			
 		}
+		
+		// add event to system log		
+		$time = time();
+		$user_id = api_get_user_id();				
+		event_system(LOG_SESSION_DELETE, LOG_SESSION_ID, $id_checked, $time, $user_id);
+		
 	}	
 	
 	
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -1,4 +1,4 @@
-<?php // $Id: usermanager.lib.php 21700 2009-07-01 19:05:11Z aportugal $
+<?php // $Id: usermanager.lib.php 22205 2009-07-17 21:11:52Z cfasanando $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -132,7 +132,13 @@ class UserManager
 			} else {
 				//we are adding by default the access_url_user table with access_url_id = 1
 				UrlManager::add_user_to_url($return, 1);				
-			}			
+			}
+			
+			// add event to system log
+			$time = time();
+			$user_id_manager = api_get_user_id();				
+			event_system(LOG_USER_CREATE, LOG_USER_ID, $return, $time, $user_id_manager);			
+						
 		} else {
 			//echo "false - failed" ;
 			$return=false;
@ -179,6 +185,7 @@ class UserManager
 	 */
 	function delete_user($user_id)
 	{
+		global $_configuration;
 		if (!UserManager :: can_delete_user($user_id))
 		{
 			return false;
@ -252,7 +259,7 @@ class UserManager
 		$sqlv = "DELETE FROM $t_ufv WHERE user_id = $user_id";
 		$resv = api_sql_query($sqlv,__FILE__,__LINE__);
 		
-		global $_configuration;
+		
 		if ($_configuration['multiple_access_urls']) {
 			require_once (api_get_path(LIBRARY_PATH).'urlmanager.lib.php');
 			$url_id=1;				
@ -261,6 +268,11 @@ class UserManager
 			UrlManager::delete_url_rel_user($user_id,$url_id);	
 		}
 		
+		// add event to system log
+		$time = time();
+		$user_id_manager = api_get_user_id();				
+		event_system(LOG_USER_DELETE, LOG_USER_ID, $user_id, $time, $user_id_manager);				
+		
 		return true;
 	}