Added registration for new event

index.php

@@ -65,11 +65,13 @@ $_setting['display_courses_to_anonymous_users'] = 'true';
 /* LOGIN */
 
 /**
- * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled.
- * @todo Consider removing this piece of code because does nothing.
+ * Registers in the track_e_default table (view in important activities in admin
+ * interface) a possible attempted break in, sending auth data through get.
+ * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it.
  */
 if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
-	// nice lie!!!
+        $i = api_get_anonymous_id();
+        event_system(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'].(empty($_POST['login'])?'':'/'.$_POST['login']),null,$i);
 	echo 'Attempted breakin - sysadmins notified.';
 	session_destroy();
 	die();
@@ -175,4 +177,4 @@ if (api_is_platform_admin() || api_is_drh()) {
     $controller->tpl->assign('skills_block',            $controller->return_skills_links());
 }
 
-$controller->tpl->display_two_col_template();
+$controller->tpl->display_two_col_template();

main/inc/lib/events.lib.inc.php

@@ -619,22 +619,12 @@ function event_system($event_type, $event_value_type, $event_value, $datetime =
 
     $user_id = intval($user_id);
 
-    $sql = "INSERT INTO $TABLETRACK_DEFAULT
-        		(default_user_id,
-        		 default_cours_code,
-                 c_id,
-        		 default_date,
-        		 default_event_type,
-        		 default_value_type,
-        		 default_value
-        		 )
-        		 VALUES('$user_id.',
-        			'$course_code',
-                    '$course_id',
-        			'$datetime',
-        			'$event_type',
-        			'$event_value_type',
-        			'$event_value')";
+    $sql = "INSERT INTO $TABLETRACK_DEFAULT ".
+      " (default_user_id, default_cours_code, c_id, ".
+      " default_date, default_event_type, default_value_type, default_value ".
+      " ) VALUES( ".
+      " '$user_id', '$course_code', '$course_id', ".
+      " '$datetime', '$event_type', '$event_value_type', '$event_value')";
     Database::query($sql);
     return true;
 }
@@ -644,6 +634,7 @@ function event_system($event_type, $event_value_type, $event_value, $datetime =
  *
  * @param int $etId
  * @return type
+ * @assert () !== false
  */
 function get_all_event_types() {
     global $event_config;

main/inc/lib/main_api.lib.php

@@ -161,7 +161,7 @@ define('LOG_CONFIGURATION_SETTINGS_CHANGE',     'settings_changed');
 define('LOG_PLATFORM_LANGUAGE_CHANGE',          'platform_language_changed');
 define('LOG_SUBSCRIBE_USER_TO_COURSE',          'user_subscribed');
 define('LOG_UNSUBSCRIBE_USER_FROM_COURSE',      'user_unsubscribed');
-
+define('LOG_ATTEMPTED_FORCED_LOGIN',            'attempted_forced_login');
 
 define('LOG_HOMEPAGE_CHANGED',                  'homepage_changed');
 
@@ -6430,4 +6430,4 @@ function api_get_bytes_memory_limit($mem){
             break;
     }
     return $mem;
-}
+}