Diff -- /var/www/vhosts/3dshawn.com/repricer.3dshawn.com/admin_audit.cgi

O Operator
Diff

/var/www/vhosts/3dshawn.com/repricer.3dshawn.com/admin_audit.cgi

added on local at 2026-07-11 18:33:21

Added
+104
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 3690837005f6
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1#!/usr/bin/perl
2#======================================================================
3# RePricer -- admin audit log viewer.
4#
5# /admin_audit.cgi
6# /admin_audit.cgi?admin_id=N
7# /admin_audit.cgi?target_id=N
8# /admin_audit.cgi?action=impersonate_start
9#
10# Lists rows from admin_action_log (impersonate start/stop, plan
11# overrides, credit grants, account closures, etc.). Filter by admin,
12# target, or action.
13#======================================================================
14use strict;
15use warnings;
16
17use lib '/var/www/vhosts/3dshawn.com/repricer.3dshawn.com';
18use CGI;
19use MODS::DBConnect;
20use MODS::Login;
21use MODS::RePricer::Config;
22use MODS::RePricer::Wrapper;
23
24$|=1;
25my $q = CGI->new;
26my $form = $q->Vars;
27my $auth = MODS::Login->new;
28my $wrap = MODS::RePricer::Wrapper->new;
29my $db = MODS::DBConnect->new;
30my $cfg = MODS::RePricer::Config->new;
31my $DB = $cfg->settings('database_name');
32
33my $userinfo = $auth->login_verify();
34unless ($userinfo) { print "Status: 302 Found\nLocation: /login.cgi\n\n"; exit; }
35unless ($userinfo->{is_admin}) {
36 print "Status: 302 Found\nLocation: /dashboard.cgi?denied=admin\n\n"; exit;
37}
38
39sub _h { my $s = shift // ''; $s =~ s/&/&amp;/g; $s =~ s/</&lt;/g; $s =~ s/>/&gt;/g; $s =~ s/"/&quot;/g; $s }
40
41my $admin_id = $form->{admin_id} || ''; $admin_id =~ s/[^0-9]//g;
42my $target_id = $form->{target_id} || ''; $target_id =~ s/[^0-9]//g;
43my $action_f = $form->{action} || ''; $action_f =~ s/[^a-z_]//g;
44
45my @where = ('1=1');
46push @where, "l.admin_user_id='$admin_id'" if length $admin_id;
47push @where, "l.target_user_id='$target_id'" if length $target_id;
48push @where, "l.action='$action_f'" if length $action_f;
49my $where = join(' AND ', @where);
50
51my $dbh = $db->db_connect();
52my $rows = $db->db_readwrite_multiple($dbh, qq~
53 SELECT l.id, l.admin_user_id, l.target_user_id, l.action,
54 l.detail, l.ip_address, l.created_at,
55 UNIX_TIMESTAMP(l.created_at) AS created_at_epoch,
56 a.email AS admin_email,
57 t.email AS target_email
58 FROM `${DB}`.admin_action_log l
59 LEFT JOIN `${DB}`.users a ON a.id = l.admin_user_id
60 LEFT JOIN `${DB}`.users t ON t.id = l.target_user_id
61 WHERE $where
62 ORDER BY l.id DESC LIMIT 200
63~, $ENV{SCRIPT_NAME}, __LINE__);
64$db->db_disconnect($dbh);
65
66my $body = '<div style="max-width:1100px;margin:0 auto;padding:24px 28px">';
67$body .= '<div style="font-size:12px;color:#7e92b6;margin-bottom:8px"><a href="/admin.cgi" style="color:#7e92b6">&larr; Admin</a></div>';
68$body .= '<h1 style="font-size:24px;color:#fff;margin:0 0 6px;font-weight:700">Admin audit log</h1>';
69$body .= '<p style="color:#7e92b6;font-size:14px;margin:0 0 18px">Every privileged action: who, what, when, against whom. Filter via URL params: <code>?admin_id=N</code>, <code>?target_id=N</code>, <code>?action=impersonate_start</code>.</p>';
70
71if (@$rows) {
72 $body .= '<section style="background:#0b1226;border:1px solid #1f2a4a;border-radius:12px;overflow:hidden">';
73 $body .= '<table style="width:100%;font-size:13px;color:#e6ecf6;border-collapse:collapse"><thead><tr style="color:#7e92b6;text-align:left;font-size:11px;text-transform:uppercase;letter-spacing:1px;background:#0a0f1f"><th style="padding:10px 12px">When</th><th style="padding:10px 12px">Admin</th><th style="padding:10px 12px">Action</th><th style="padding:10px 12px">Target</th><th style="padding:10px 12px">Detail</th><th style="padding:10px 12px">IP</th></tr></thead><tbody>';
74 foreach my $r (@$rows) {
75 my $act_color = $r->{action} =~ /impersonate/ ? '#14b8a6'
76 : $r->{action} =~ /credit|refund/ ? '#10b981'
77 : $r->{action} =~ /delete|close|revoke/ ? '#fca5a5'
78 : '#14b8a6';
79 $body .= '<tr style="border-top:1px solid #1f2a4a">';
80 my $_when_h = _h($r->{created_at} // '');
81 my $_when_e = int($r->{created_at_epoch} || 0);
82 $body .= '<td style="padding:8px 12px;color:#7e92b6"><span class="ts" data-ts="' . $_when_e . '" data-fmt="datetime">' . $_when_h . '</span></td>';
83 $body .= '<td style="padding:8px 12px"><a href="?admin_id=' . _h($r->{admin_user_id}) . '" style="color:#e6ecf6;text-decoration:none">' . _h($r->{admin_email} // '?') . '</a></td>';
84 $body .= '<td style="padding:8px 12px"><a href="?action=' . _h($r->{action}) . '" style="color:' . $act_color . ';text-decoration:none;font-family:ui-monospace,Menlo,monospace">' . _h($r->{action}) . '</a></td>';
85 if ($r->{target_user_id}) {
86 $body .= '<td style="padding:8px 12px"><a href="?target_id=' . _h($r->{target_user_id}) . '" style="color:#e6ecf6;text-decoration:none">' . _h($r->{target_email} // ('user#' . $r->{target_user_id})) . '</a></td>';
87 } else {
88 $body .= '<td style="padding:8px 12px;color:#7e92b6">--</td>';
89 }
90 $body .= '<td style="padding:8px 12px;color:#9ca3af;font-size:12px">' . _h(substr($r->{detail} // '', 0, 120)) . '</td>';
91 $body .= '<td style="padding:8px 12px;color:#7e92b6;font-family:ui-monospace,Menlo,monospace;font-size:11px">' . _h($r->{ip_address} // '') . '</td>';
92 $body .= '</tr>';
93 }
94 $body .= '</tbody></table>';
95 $body .= '</section>';
96} else {
97 $body .= '<div style="background:#0b1226;border:1px solid #1f2a4a;border-radius:12px;padding:32px;text-align:center;color:#7e92b6">No admin actions logged yet.</div>';
98}
99
100$body .= '</div>';
101
102print "Content-Type: text/html; charset=utf-8\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\nPragma: no-cache\nExpires: 0\n\n";
103$wrap->render({ userinfo => $userinfo, page_key => 'admin', title => 'Admin audit log', body => $body });
104exit;