event logging has been simplified

html/admin/customers/building.php

@@ -7,7 +7,6 @@ if (getPOST("remove")) {
     $valid_ids = array_filter(array_map('intval', $fid), fn($id) => $id > 1);
 
     foreach ($valid_ids as $val) {
-        LOG_INFO($db_link, 'Remove building id: ' . $val . ' ' . dump_record($db_link, 'building', 'id=?', [$val]));
         delete_record($db_link, "building", "id=?", [$val]);
     }
 
@@ -35,7 +34,6 @@ if (getPOST("save")) {
 
         if ($name !== '') {
             $new = ['name' => $name, 'description' => $description];
-            LOG_INFO($db_link, "Change building id='{$save_id}': name=" . $name . " description=" . $description);
             update_record($db_link, "building", "id=?", $new, [$save_id]);
         }
     }
@@ -49,7 +47,6 @@ if (getPOST("create")) {
     
     if ($building_name !== '') {
         $new = ['name' => $building_name];
-        LOG_INFO($db_link, "Add building: " . $building_name);
         insert_record($db_link, "building", $new);
     }
     

html/admin/customers/index-subnets.php

@@ -12,7 +12,6 @@ if (getPOST("s_remove") !== null) {
             $net_id = trim($net_id);
             if ($net_id === '') continue;
             
-            LOG_INFO($db_link, "Remove subnet id: $net_id " . dump_record($db_link, 'subnets', 'id = ?', [$net_id]));
             delete_record($db_link, "subnets", "id = ?", [$net_id]);
             delete_record($db_link, "gateway_subnets", "subnet_id = ?", [$net_id]);
         }
@@ -60,7 +59,6 @@ if (getPOST("s_create") !== null) {
             'gateway'      => ip2long($range[5] ?? $first_user_ip)
         ];
 
-        LOG_INFO($db_link, "Create new subnet $new_subnet");
         insert_record($db_link, "subnets", $new);
     }
     

html/admin/customers/index.php

@@ -13,14 +13,12 @@ if (getPOST("create") !== null) {
         
         if (!empty($customer)) {
             $msg_error = "Login $login already exists!";
-            LOG_ERROR($db_link, $msg_error);
         } else {
             $new = [
                 'login'    => $login,
                 'api_key'  => randomPassword(20),
                 'rights'   => 3
             ];
-            LOG_INFO($db_link, "Create new login: $login");
             $id = insert_record($db_link, "customers", $new);
             if (!empty($id)) {
                 header("Location: editcustom.php?id=$id");
@@ -41,7 +39,6 @@ if (getPOST("remove") !== null) {
         foreach ($fid as $val) {
             $val = trim($val);
             if ($val === '' or $val == '1') continue;
-            LOG_INFO($db_link, "Remove login with id: $val " . dump_record($db_link, 'customers', 'id = ?', [$val]));
             delete_record($db_link, "customers", "id = ?", [$val]);
         }
     }

html/admin/devices/edit_gw_instances.php

@@ -15,7 +15,6 @@ if (getPOST("s_remove") !== null) {
         foreach ($s_id as $val) {
             $val = trim($val);
             if ($val === '') continue;
-            LOG_INFO($db_link, "Remove filter instances from gateway id: $val " . dump_record($db_link, 'device_filter_instances', 'id = ?', [$val]));
             delete_record($db_link, "device_filter_instances", "id = ?", [$val]);
         }
     }
@@ -31,7 +30,6 @@ if (getPOST("s_create") !== null) {
             'instance_id' => $new_instance,
             'device_id'   => $id
         ];
-        LOG_INFO($db_link, "Add instance id: " . $new['instance_id'] . " for gateway id: " . $id);
         insert_record($db_link, "device_filter_instances", $new);
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);

html/admin/devices/edit_gw_subnets.php

@@ -16,7 +16,6 @@ if (getPOST("s_remove") !== null) {
             $val = trim($val);
             if ($val === '') continue;
             
-            LOG_INFO($db_link, "Remove subnet from gateway id: $val " . dump_record($db_link, 'gateway_subnets', 'id = ?', [$val]));
             delete_record($db_link, "gateway_subnets", "id = ?", [(int)$val]);
         }
     }
@@ -35,7 +34,6 @@ if (getPOST("s_create") !== null) {
             'device_id' => $id
         ];
         
-        LOG_INFO($db_link, "Add subnet id: " . $new['subnet_id'] . " for gateway id: " . $id);
         insert_record($db_link, "gateway_subnets", $new);
     }
     

html/admin/devices/edit_l3int.php

@@ -17,7 +17,6 @@ if (getPOST("s_remove") !== null) {
             $val = trim($val);
             if ($val === '') continue;
             
-            LOG_INFO($db_link, "Remove l3_interface id: $val " . dump_record($db_link, 'device_l3_interfaces', 'id = ?', [$val]));
             delete_record($db_link, "device_l3_interfaces", "id = ?", [(int)$val]);
         }
     }
@@ -66,7 +65,6 @@ if (getPOST("s_create") !== null) {
                 'device_id'      => $id
             ];
             
-            LOG_INFO($db_link, "Create new l3_interface " . $new['name']);
             insert_record($db_link, "device_l3_interfaces", $new);
         }
     }

html/admin/devices/editdevice.php

@@ -76,7 +76,6 @@ if (getPOST("editdevice") !== null && isset($id)) {
                 'instance_id' => 1,
                 'device_id'   => $id
             ]);
-            LOG_INFO($db_link, "Added default firewall instance for gateway id: $id");
         }
     } else {
         // Не шлюз — удаляем все экземпляры
@@ -84,7 +83,6 @@ if (getPOST("editdevice") !== null && isset($id)) {
             $instances_count = get_count_records($db_link, 'device_filter_instances', 'device_id = ?', [$id]);
             if (!empty($instances_count) && $instances_count > 0) {
                 delete_records($db_link, 'device_filter_instances', 'device_id = ?', [$id]);
-                LOG_INFO($db_link, "Removed firewall instances for non-gateway device id: $id");
             }
         }
     }

html/admin/devices/switchport-conn.php

@@ -11,7 +11,6 @@ if (getPOST("remove") !== null) {
         foreach ($fid as $val) {
             $val = trim($val);
             if ($val !== '' && $val != 1) {
-                LOG_VERBOSE($db_link, "Remove connection id: $val " . dump_record($db_link, 'connections', 'id = ?', [$val]));
                 delete_record($db_link, "connections", "id = ?", [(int)$val]);
             }
         }

html/admin/groups/edit_group.php

@@ -53,7 +53,6 @@ if (getPOST("s_remove") !== null) {
             $val = trim($val);
             if ($val === '') continue;
             
-            LOG_INFO($db_link, "Remove rule id: $val " . dump_record($db_link, 'auth_rules', 'id = ?', [$val]));
             delete_record($db_link, "auth_rules", "id = ?", [(int)$val]);
         }
     }
@@ -129,7 +128,6 @@ if (getPOST("s_create") !== null) {
             'rule'    => $new_rule,
             'ou_id'   => $id
         ];
-        LOG_INFO($db_link, "Create new rule $new_rule for ou_id: $id");
         insert_record($db_link, "auth_rules", $new);
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);

html/admin/users/edit_alias.php

@@ -25,8 +25,6 @@ if (getPOST("s_remove") !== null) {
         foreach ($s_id as $val) {
             $val = trim($val);
             if ($val === '') continue;
-            
-            LOG_INFO($db_link, "Remove alias id: $val " . dump_record($db_link, 'user_auth_alias', 'id = ?', [$val]));
             delete_record($db_link, "user_auth_alias", "id = ?", [(int)$val]);
         }
     }
@@ -107,7 +105,6 @@ if (getPOST("s_create") !== null) {
             'auth_id'  => $id
         ];
         
-        LOG_INFO($db_link, "Create new alias $new_alias");
         insert_record($db_link, "user_auth_alias", $new_rec);
     }
     

html/admin/users/edit_rules.php

@@ -15,7 +15,6 @@ if (getPOST("s_remove") !== null) {
         foreach ($s_id as $val) {
             $val = trim($val);
             if ($val === '') continue;
-            LOG_INFO($db_link, "Remove rule id: $val " . dump_record($db_link, 'auth_rules', 'id = ?', [$val]));
             delete_record($db_link, "auth_rules", "id = ?", [(int)$val]);
         }
     }

html/admin/users/editauth.php

@@ -175,12 +175,6 @@ if (getPOST("editauth") !== null && !$old_auth_info['deleted']) {
             $new['enabled'] = 0;
         }
 
-        // Применение изменений
-        $changes = get_diff_rec($db_link, "user_auth", "id = ?", $new, 0, [$id]);
-        if (!empty($changes)) {
-            LOG_WARNING($db_link, "Changed record for $ip! Log: " . $changes, $id);
-        }
-
         if (is_auth_bind_changed($db_link, $id, $ip, $mac)) {
             $new_id = copy_auth($db_link, $id, $new);
             if (!empty($new_id)) {
@@ -205,15 +199,13 @@ if (getPOST("moveauth") !== null && !$old_auth_info['deleted']) {
     $new_parent_id = (int)getPOST("f_new_parent", null, 0);
     $moved_auth = get_record_sql($db_link, "SELECT description FROM user_auth WHERE id = ?", [$id]);
     $changes = apply_auth_rule($db_link, $moved_auth, $new_parent_id);
-    
+
     update_record($db_link, "user_auth", "id = ?", $changes, [$id]);
-    LOG_WARNING($db_link, "IP-address moved to another user! Applyed: " . hash_to_text($changes), $id);
-    
+
     // Удаляем старые правила
     delete_records($db_link, "auth_rules", "user_id = ? AND rule = ? AND rule_type = 2", [$old_auth_info["user_id"], $old_auth_info["mac"]]);
     delete_records($db_link, "auth_rules", "user_id = ? AND rule = ? AND rule_type = 1", [$old_auth_info["user_id"], $old_auth_info["ip"]]);
-    
-    LOG_INFO($db_link, "Autorules removed for user_id: " . $old_auth_info["user_id"] . " login: " . $user_info["login"] . " by mac and ip");
+
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;
 }
@@ -297,10 +289,6 @@ if (getPOST("recovery") !== null && $old_auth_info['deleted']) {
             ];
         }
 
-        $changes = get_diff_rec($db_link, "user_auth", "id = ?", $new, 0, [$id]);
-        if (!empty($changes)) {
-            LOG_WARNING($db_link, "Recovered ip-address. Applyed: $changes", $id);
-        }
         $new = apply_auth_rule($db_link, $new, $new['user_id']);
         update_record($db_link, "user_auth", "id = ?", $new, [$id]);
     } else {

html/admin/users/edituser.php

@@ -51,10 +51,6 @@ if (getPOST("edituser") !== null) {
         $new["permanent"]    = (int)getPOST("f_permanent", null, 0);
     }
 
-    $changes = get_diff_rec($db_link, "user_list", "id = ?", $new, 0, [$id]);
-    if (!empty($changes)) {
-        LOG_WARNING($db_link, "Changed user id: $id login: " . ($new["login"] ?? '') . ". \r\nApply: $changes");
-    }
     update_record($db_link, "user_list", "id = ?", $new, [$id]);
 
     // Отключаем авторизацию, если пользователь выключен
@@ -98,7 +94,6 @@ if (getPOST("addMacRule") !== null) {
 
 if (getPOST("delMacRule") !== null) {
     delete_records($db_link, "auth_rules", "user_id = ? AND rule_type = 2", [$id]);
-    LOG_INFO($db_link, "All autorules removed for id: $id login: " . $user_info["login"] . " by mac");
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;
 }
@@ -120,7 +115,6 @@ if (getPOST("addIPRule") !== null) {
 
 if (getPOST("delIPRule") !== null) {
     delete_records($db_link, "auth_rules", "user_id = ? AND rule_type = 1", [$id]);
-    LOG_INFO($db_link, "Removed all auto rules for id: $id login: " . $user_info["login"] . " by ip");
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;
 }
@@ -147,7 +141,6 @@ if (getPOST("showDevice") !== null) {
 
         $new_id = insert_record($db_link, "devices", $new);
         if (!empty($new_id)) {
-            LOG_INFO($db_link, "Created device with id: $new_id for auth_id: $id");
             header("Location: /admin/devices/editdevice.php?id={$new_id}");
             exit;
         }
@@ -216,7 +209,6 @@ if (getPOST("addauth") !== null) {
                 $new_auth['description'] = $fdescription;
             }
             update_record($db_link, "user_auth", "id = ?", $new_auth, [$fid]);
-            LOG_WARNING($db_link, "Add ip for login: " . $user_info["login"] . ": ip => $fip, mac => $fmac", $fid);
             header("Location: /admin/users/editauth.php?id=" . $fid);
             exit;
         }
@@ -282,7 +274,6 @@ if (getPOST("new_user") !== null) {
                 ];
                 $auth_update = apply_auth_rule($db_link, $auth_update, $new_user["id"]);
                 update_record($db_link, "user_auth", "id = ?", $auth_update, [$val]);
-                LOG_WARNING($db_link, "ip from id: $val moved to another user user_id: " . $new_user["id"], $val);
             } else {
                 $new_user_data = [
                     'login' => $login,
@@ -302,7 +293,6 @@ if (getPOST("new_user") !== null) {
                 if (!empty($l_id)) {
                     $auth_update = ['user_id' => $l_id, 'save_traf' => $save_traf];
                     update_record($db_link, "user_auth", "id = ?", $auth_update, [$val]);
-                    LOG_WARNING($db_link, "Create user from ip: login => $login. ip-record auth_id: $val moved to this user.", $val);
                 }
             }
         }

html/admin/users/index.php

@@ -45,7 +45,6 @@ if (getPOST("create") !== null) {
                 $new['filter_group_id']   = 0;
             }
             $lid = insert_record($db_link, "user_list", $new);
-            LOG_WARNING($db_link, "Создан новый пользователь: Login => $login");
             if (!empty($lid)) {
                 header("Location: edituser.php?id=$lid");
                 exit;

html/inc/auth.utils.php

@@ -52,6 +52,8 @@ ini_set('session.gc_maxlifetime', SESSION_LIFETIME);
 
 // Функция для логирования отладки сессий, нужна только для отладки
 function log_session_debug($db, $message, $data = null) {
+    return;
+/*
     $log_message = "SESSION_DEBUG: " . $message;
     if ($data !== null) {
         $log_message .= " | Data: " . (is_array($data) ? json_encode($data) : $data);
@@ -59,6 +61,7 @@ function log_session_debug($db, $message, $data = null) {
     $log_message .= " | SID: " . (session_id() ?: 'no-session-id');
     $log_message .= " | Cookies: " . ($_SERVER['HTTP_COOKIE'] ?? 'none');
     LOG_DEBUG($db, $log_message);
+*/
 }
 
 // Инициализация сессий в БД

html/inc/datetimefilter.php

@@ -19,7 +19,7 @@ $shift_array = [ 'h', '8h', 'd', 'm' ];
 // если время не передано или установлен интервал сдвига - обновить время
 if (empty($date_start) || empty($date_stop) || in_array($date_shift, $shift_array)) {
     // Устанавливаем конечную дату = текущее время
-    $datetime_stop = new DateTime();
+    $datetime_stop = (new DateTime())->modify('+1 minute');
     $date2 = $datetime_stop->format('Y-m-d H:i');
     $time_stop = $datetime_stop->getTimestamp();
     
@@ -66,7 +66,7 @@ if (empty($date_start) || empty($date_stop) || in_array($date_shift, $shift_arra
 // Защита от невалидных дат
 if (!$datetime_start || !$datetime_stop) {
     // Устанавливаем значения по умолчанию при ошибке
-    $datetime_stop = new DateTime();
+    $datetime_stop = (new DateTime())->modify('+1 minute');
     $datetime_start = clone $datetime_stop;
     $datetime_start->modify('-1 day');
     

html/inc/sql.php

@@ -2,156 +2,318 @@
 if (! defined("CONFIG")) die("Not defined");
 if (! defined("SQL")) { die("Not defined"); }
 
-$numericFields = [
-    'id',
-    'option_id',
-    'min_value',
-    'max_value',
-    'draft',
-    'uniq',
-    'device_id',
-    'port_id',
-    'auth_id',
-    'rights',
-    'device_type',
-    'device_model_id',
-    'vendor_id',
-    'building_id',
-    'ip_int',
-    'control_port',
-    'port_count',
-    'snmp_version',
-    'fdb_snmp_index',
-    'discovery',
-    'netflow_save',
-    'user_acl',
-    'dhcp',
-    'nagios',
-    'active',
-    'queue_enabled',
-    'connected_user_only',
-    'user_id',
-    'deleted',
-    'discovery_locked',
-    'instance_id',
-    'snmpin',
-    'interface_type',
-    'poe_in',
-    'poe_out',
-    'snmp_index',
-    'port',
-    'target_port_id',
-    'last_mac_count',
-    'uplink',
-    'skip',
-    'vlan',
-    'ip_int_start',
-    'ip_int_stop',
-    'dhcp_start',
-    'dhcp_stop',
-    'dhcp_lease_time',
-    'gateway',
-    'office',
-    'hotspot',
-    'vpn',
-    'free',
-    'static',
-    'dhcp_update_hostname',
-    'notify',
-    'router_id',
-    'proto',
-    'src_ip',
-    'dst_ip',
-    'src_port',
-    'dst_port',
-    'bytes',
-    'pkt',
-    'filter_type',
-    'subnet_id',
-    'group_id',
-    'filter_id',
-    'order',
-    'action',
-    'default_users',
-    'default_hotspot',
-    'nagios_ping',
-    'enabled',
-    'filter_group_id',
-    'queue_id',
-    'dynamic',
-    'life_duration',
-    'parent_id',
-    'Download',
-    'Upload',
-    'byte_in',
-    'byte_out',
-    'pkt_in',
-    'pkt_out',
-    'step',
-    'bytes_in',
-    'bytes_out',
-    'forward_in',
-    'forward_out',
-    'level',
-    'last_activity',
-    'is_active',
-    'day_quota',
-    'month_quota',
-    'permanent',
-    'blocked',
-    'changed',
-    'dhcp_changed',
-    'link_check'
-];
-
-$numericFieldsSet = array_flip($numericFields);
-
-function db_escape($connection, $value) {
-    // Обработка специальных значений
-    if ($value === null) {
-        return '';
+/**
+ * Prepares an audit log message with human-readable context using PDO.
+ *
+ * @param PDO    $pdo        Database connection
+ * @param string $table      Table name
+ * @param array|null $old_data Record data before operation (null for insert)
+ * @param array|null $new_data Record data after operation (null for delete)
+ * @param int    $record_id  Record ID
+ * @param string $operation  Operation: 'insert', 'update', 'delete'
+ * @return string|null       Audit message or null if no relevant changes
+ */
+function prepareAuditMessage(PDO $db, string $table, ?array $old_data, ?array $new_data, int $record_id, string $operation): ?string
+{
+    // === 1. Определяем отслеживаемые таблицы ===
+    $audit_config = [
+        'auth_rules' => [
+            'summary' => ['rule'],
+            'fields' => ['user_id', 'ou_id', 'rule_type', 'rule', 'description']
+        ],
+        'building' => [
+            'summary' => ['name'],
+            'fields' => ['name', 'description']
+        ],
+        'customers' => [
+            'summary' => ['login'],
+            'fields' => ['login', 'description', 'rights']
+        ],
+        'devices' => [
+            'summary' => ['device_name'],
+            'fields' => [
+                'device_type', 'device_model_id', 'vendor_id', 'device_name', 'building_id',
+                'ip', 'login', 'protocol', 'control_port', 'port_count', 'sn',
+                'description', 'snmp_version', 'snmp3_auth_proto', 'snmp3_priv_proto',
+                'snmp3_user_rw', 'snmp3_user_ro', 'community', 'rw_community',
+                'discovery', 'netflow_save', 'user_acl', 'dhcp', 'nagios',
+                'active', 'queue_enabled', 'connected_user_only', 'user_id'
+            ]
+        ],
+        'device_filter_instances' => [
+            'summary' => [],
+            'fields' => ['instance_id', 'device_id']
+        ],
+        'device_l3_interfaces' => [
+            'summary' => ['name'],
+            'fields' => ['device_id', 'snmpin', 'interface_type', 'name']
+        ],
+        'device_models' => [
+            'summary' => ['model_name'],
+            'fields' => ['model_name', 'vendor_id', 'poe_in', 'poe_out', 'nagios_template']
+        ],
+        'device_ports' => [
+            'summary' => ['port', 'ifname'],
+            'fields' => [
+                'device_id', 'snmp_index', 'port', 'ifname', 'port_name', 'description',
+                'target_port_id', 'auth_id', 'last_mac_count', 'uplink', 'nagios',
+                'skip', 'vlan', 'tagged_vlan', 'untagged_vlan', 'forbidden_vlan'
+            ]
+        ],
+        'filter_instances' => [
+            'summary' => ['name'],
+            'fields' => ['name', 'description']
+        ],
+        'filter_list' => [
+            'summary' => ['name'],
+            'fields' => ['name', 'description', 'proto', 'dst', 'dstport', 'srcport', 'filter_type']
+        ],
+        'gateway_subnets' => [
+            'summary' => [],
+            'fields' => ['device_id', 'subnet_id']
+        ],
+        'group_filters' => [
+            'summary' => [],
+            'fields' => ['group_id', 'filter_id', 'rule_order', 'action']
+        ],
+        'group_list' => [
+            'summary' => ['group_name'],
+            'fields' => ['instance_id', 'group_name', 'description']
+        ],
+        'ou' => [
+            'summary' => ['ou_name'],
+            'fields' => [
+                'ou_name', 'description', 'default_users', 'default_hotspot',
+                'nagios_dir', 'nagios_host_use', 'nagios_ping', 'nagios_default_service',
+                'enabled', 'filter_group_id', 'queue_id', 'dynamic', 'life_duration', 'parent_id'
+            ]
+        ],
+        'queue_list' => [
+            'summary' => ['queue_name'],
+            'fields' => ['queue_name', 'download', 'upload']
+        ],
+        'subnets' => [
+            'summary' => ['subnet'],
+            'fields' => [
+                'subnet', 'vlan_tag', 'ip_int_start', 'ip_int_stop', 'dhcp_start', 'dhcp_stop',
+                'dhcp_lease_time', 'gateway', 'office', 'hotspot', 'vpn', 'free', 'dhcp',
+                'static', 'dhcp_update_hostname', 'discovery', 'notify', 'description'
+            ]
+        ],
+        'user_auth' => [
+            'summary' => ['ip', 'dns_name'],
+            'fields' => [
+                'user_id', 'ou_id', 'ip', 'save_traf', 'enabled', 'dhcp', 'filter_group_id',
+                'dynamic', 'end_life', 'description', 'dns_name', 'dns_ptr_only', 'wikiname',
+                'dhcp_acl', 'queue_id', 'mac', 'dhcp_option_set', 'blocked', 'day_quota',
+                'month_quota', 'device_model_id', 'firmware', 'client_id', 'nagios',
+                'nagios_handler', 'link_check'
+            ]
+        ],
+        'user_auth_alias' => [
+            'summary' => ['alias'],
+            'fields' => ['auth_id', 'alias', 'description']
+        ],
+        'user_list' => [
+            'summary' => ['login'],
+            'fields' => [
+                'login', 'description', 'enabled', 'blocked', 'deleted', 'ou_id',
+                'device_id', 'filter_group_id', 'queue_id', 'day_quota', 'month_quota', 'permanent'
+            ]
+        ],
+        'vendors' => [
+            'summary' => ['name'],
+            'fields' => ['name']
+        ]
+    ];
+
+    if (!isset($audit_config[$table])) {
+        return null;
+    }
+
+    $summary_fields = $audit_config[$table]['summary'];
+    $monitored_fields = $audit_config[$table]['fields'];
+
+    // === 2. Нормализуем данные ===
+    if ($operation === 'insert') {
+        $old_data = array_fill_keys($monitored_fields, null);
+    } elseif ($operation === 'delete') {
+        $new_data = array_fill_keys($monitored_fields, null);
     }
-    if (is_bool($value)) {
-        return $value ? 1 : 0;
+
+    $old_data = $old_data ?: [];
+    $new_data = $new_data ?: [];
+
+    // === 3. Находим изменения ===
+    $changes = [];
+    foreach ($monitored_fields as $field) {
+	if (!isset($new_data[$field])) { continue; }
+        $old_val = $old_data[$field] ?? null;
+        $new_val = $new_data[$field] ?? null;
+
+        $old_str = is_null($old_val) ? '' : (string)$old_val;
+        $new_str = is_null($new_val) ? '' : (string)$new_val;
+
+        if ($old_str !== $new_str) {
+            $changes[$field] = ['old' => $old_val, 'new' => $new_val];
+        }
     }
-    if (is_int($value) || is_float($value)) {
-        return $value;
+
+    if (empty($changes)) {
+        return null;
     }
-    // Для строковых значений
-    $string = (string)$value;
-    if ($connection instanceof PDO) {
-        // Определяем тип базы данных
-        $driver = $connection->getAttribute(PDO::ATTR_DRIVER_NAME);
-        if ($driver === false) {
-            // Не удалось определить драйвер, используем универсальный метод
-            return addslashes($string);
+
+    // === 4. Формируем краткое описание записи ===
+    $summary_parts = [];
+    foreach ($summary_fields as $field) {
+        $val = $new_data[$field] ?? $old_data[$field] ?? null;
+        if ($val !== null && $val !== '') {
+            $summary_parts[] = (string)$val;
         }
-        try {
-            $quoted = $connection->quote($string);
-            if ($quoted === false) {
-                return addslashes($string);
+    }
+
+    $summary_label = !empty($summary_parts) 
+        ? '"' . implode(' | ', $summary_parts) . '"' 
+        : "ID=$record_id";
+
+    // === 5. Расшифровка *_id полей  ===
+    $resolved_changes = [];
+    foreach ($changes as $field => $change) {
+        $old_resolved = resolveReferenceValue($db, $field, $change['old']);
+        $new_resolved = resolveReferenceValue($db, $field, $change['new']);
+        $resolved_changes[$field] = ['old' => $old_resolved, 'new' => $new_resolved];
+    }
+
+    // === 6. Формируем сообщение ===
+    $op_label = match ($operation) {
+        'insert' => 'Created',
+        'update' => 'Updated',
+        'delete' => 'Deleted',
+        default => ucfirst($operation),
+    };
+
+    $message = sprintf("[%s] %s (%s) in table `%s`:\n", 
+        $op_label, 
+        ucfirst($table), 
+        $summary_label, 
+        $table
+    );
+
+    foreach ($resolved_changes as $field => $change) {
+        $old_display = $change['old'] === null ? '[NULL]' : (string)$change['old'];
+        $new_display = $change['new'] === null ? '[NULL]' : (string)$change['new'];
+        $message .= sprintf("  %s: \"%s\" → \"%s\"\n", $field, $old_display, $new_display);
+    }
+
+    return rtrim($message);
+}
+
+// === Вспомогательная функция: расшифровка ссылок ===
+function resolveReferenceValue(PDO $db, string $field, $value): ?string
+{
+    if ($value === null || $value === '') {
+        return null;
+    }
+
+    // Только для целочисленных значений
+    if (!is_numeric($value) || (string)(int)$value !== (string)$value) {
+        return (string)$value;
+    }
+
+    $id = (int)$value;
+
+    // Простая логика разрешения имён по *_id
+    switch ($field) {
+        case 'device_id':
+            return get_device_name($db, $id) ?: "Device#{$id}";
+
+        case 'building_id':
+            return get_building($db, $id) ?: "Building#{$id}";
+
+        case 'user_id':
+            return get_login($db, $id) ?: "User#{$id}";
+
+        case 'ou_id':
+            return get_ou($db, $id) ?: "OU#{$id}";
+
+        case 'vendor_id':
+            return get_vendor_name($db, $id) ?: "Vendor#{$id}";
+
+        case 'device_model_id':
+            return get_device_model_name($db, $id) ?: "Model#{$id}";
+
+        case 'instance_id':
+            return get_filter_instance_description($db, $id) ?: "FilterInstance#{$id}";
+
+        case 'subnet_id':
+            return get_subnet_description($db, $id) ?: "Subnet#{$id}";
+
+        case 'group_id':
+            return  get_group($db, $id) ?: "FilterGroup#{$id}";
+
+        case 'filter_id':
+            return get_filter($db, $id) ?: "Filter#{$id}";
+
+        case 'filter_group_id':
+            return  get_group($db, $id) ?: "FilterGroup#{$id}";
+
+        case 'queue_id':
+            return get_queue($db, $id ) ?: "Queue#{$id}";
+
+        case 'auth_id':
+            if ($id <= 0) {
+                return 'None';
             }
-            // Убираем внешние кавычки для совместимости
-            if (strlen($quoted) >= 2 && $quoted[0] === "'" && $quoted[strlen($quoted)-1] === "'") {
-                return substr($quoted, 1, -1);
+            $stmt = $db->prepare("
+                SELECT 
+                    COALESCE(ul.login, CONCAT('User#', ua.user_id)) AS login,
+                    ua.ip,
+                    ua.dns_name
+                FROM user_auth ua
+                LEFT JOIN user_list ul ON ul.id = ua.user_id
+                WHERE ua.id = ?
+            ");
+            $stmt->execute([$id]);
+            $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+            if (!$row) {
+                return "Auth#{$id}";
             }
-            return $quoted;
-        } catch (Exception $e) {
-            return addslashes($string);
-        }
-    } elseif ($connection instanceof mysqli) {
-        return mysqli_real_escape_string($connection, $string);
-    } elseif (is_resource($connection) && get_resource_type($connection) === 'mysql link') {
-        return mysql_real_escape_string($string, $connection);
-    } elseif (is_resource($connection) && get_resource_type($connection) === 'pgsql link') {
-        return pg_escape_string($connection, $string);
-    } else {
-        // Последнее средство
-        return addslashes($string);
+
+            $parts = [];
+            if (!empty($row['login'])) {
+                $parts[] = "login: " . $row['login'];
+            }
+            if (!empty($row['ip'])) {
+                $parts[] = "IP: " . $row['ip'];
+            }
+            if (!empty($row['dns_name'])) {
+                $parts[] = "DNS: " . $row['dns_name'];
+            }
+
+            if (empty($parts)) {
+                return "Auth#{$id}";
+            }
+
+            return implode(', ', $parts);
+
+        case 'target_port_id':
+            if ($id === 0) return 'None';
+            $stmt = $db->prepare("
+                SELECT CONCAT(d.device_name, '[', dp.port, ']')
+                FROM device_ports dp
+                JOIN devices d ON d.id = dp.device_id
+                WHERE dp.id = ?
+            ");
+            $stmt->execute([$id]);
+            return $stmt->fetchColumn() ?: "Port#{$id}";
+
+        default:
+            // Неизвестное *_id — возвращаем как есть
+            return (string)$value;
     }
 }
 
-
 function new_connection ($db_type, $db_host, $db_user, $db_password, $db_name, $db_port = null)
 {
 // Создаем временный логгер для отладки до установки соединения
@@ -593,7 +755,8 @@ function get_records_sql($db, $sql, $params = [])
         $records = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
         if (!empty($records)) {
-            return normalize_records($records);
+//            return normalize_records($records);
+            return $records;
         }
 
         return [];
@@ -740,7 +903,6 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
     if (empty($old_record)) { return; }
     $rec_id = $old_record['id'];
 
-    $changed_log = '';
     $set_parts = [];
     $params = [];
     $network_changed = 0;
@@ -776,6 +938,7 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
         'alias' => '1',
     ];
 
+    $valid_record=[];
     foreach ($newvalue as $key => $value) {
 
         if (!allow_update($table, 'update', $key)) {
@@ -805,13 +968,13 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
                 $dns_changed = 1;
             }
         }
-        if (!preg_match('/password/i', $key)) {
-            $changed_log = $changed_log . " $key => $value (old: " . ($old_record[$key] ?? '') . "),";
-        }
         $set_parts[] = "$key = ?";
         $params[] = $value;
+	$valid_record[$key] = $value;
     }
 
+    $changed_msg = prepareAuditMessage($db, $table, $old_record, $valid_record, $rec_id, 'update');
+
     if ($table === "user_auth" and $dns_changed) {
         if (!empty($old_record['dns_name']) and !empty($old_record['ip']) and !$old_record['dns_ptr_only'] and !preg_match('/\.$/', $old_record['dns_name'])) {
             $del_dns['name_type'] = 'A';
@@ -834,20 +997,20 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
             insert_record($db, 'dns_queue', $del_dns);
         }
 
-        if (!empty($newvalue['dns_name']) and !empty($newvalue['ip']) and !$newvalue['dns_ptr_only'] and !preg_match('/\.$/', $newvalue['dns_name'])) {
+        if (!empty($valid_record['dns_name']) and !empty($valid_record['ip']) and !$valid_record['dns_ptr_only'] and !preg_match('/\.$/', $valid_record['dns_name'])) {
             $new_dns['name_type'] = 'A';
-            $new_dns['name'] = $newvalue['dns_name'];
-            $new_dns['value'] = $newvalue['ip'];
+            $new_dns['name'] = $valid_record['dns_name'];
+            $new_dns['value'] = $valid_record['ip'];
             $new_dns['operation_type'] = 'add';
             if (!empty($rec_id)) {
                 $new_dns['auth_id'] = $rec_id;
             }
             insert_record($db, 'dns_queue', $new_dns);
         }
-        if (!empty($newvalue['dns_name']) and !empty($newvalue['ip']) and $newvalue['dns_ptr_only'] and !preg_match('/\.$/', $newvalue['dns_name'])) {
+        if (!empty($valid_record['dns_name']) and !empty($valid_record['ip']) and $valid_record['dns_ptr_only'] and !preg_match('/\.$/', $valid_record['dns_name'])) {
             $new_dns['name_type'] = 'PTR';
-            $new_dns['name'] = $newvalue['dns_name'];
-            $new_dns['value'] = $newvalue['ip'];
+            $new_dns['name'] = $valid_record['dns_name'];
+            $new_dns['value'] = $valid_record['ip'];
             $new_dns['operation_type'] = 'add';
             if (!empty($rec_id)) {
                 $new_dns['auth_id'] = $rec_id;
@@ -871,9 +1034,9 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
             }
             insert_record($db, 'dns_queue', $del_dns);
         }
-        if (!empty($newvalue['alias'])  and !preg_match('/\.$/', $newvalue['alias'])) {
+        if (!empty($valid_record['alias'])  and !preg_match('/\.$/', $valid_record['alias'])) {
             $new_dns['name_type'] = 'CNAME';
-            $new_dns['name'] = $newvalue['alias'];
+            $new_dns['name'] = $valid_record['alias'];
             $new_dns['operation_type'] = 'add';
             if (!empty($auth_id)) {
                 $new_dns['auth_id'] = $auth_id;
@@ -895,7 +1058,6 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
         $set_parts[] = "dhcp_changed = 1";
     }
 
-    $changed_log = substr_replace($changed_log, "", -1);
     $run_sql = implode(", ", $set_parts);
 
     if ($table === 'user_auth') {
@@ -914,9 +1076,17 @@ function update_record($db, $table, $filter, $newvalue, $filter_params = [])
             LOG_ERROR($db, "UPDATE Request: $new_sql | params: " . json_encode($all_params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
             return;
             }
-        if ($table !== "sessions") {
-            LOG_VERBOSE($db, "Change table $table WHERE $filter set $changed_log | params: " . json_encode($filter_params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
+
+        if (!preg_match('/session/i', $table)) {
+            if (!empty($changed_msg)) {
+                if (!preg_match('/user/i', $table)) {
+                    LOG_INFO($db, $changed_msg);
+                    } else {
+                    LOG_WARNING($db, $changed_msg);
+                }
             }
+        }
+
         return $sql_result;
     } catch (PDOException $e) {
         LOG_ERROR($db, "SQL: $new_sql | params: " . json_encode($all_params, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) . " | error: " . $e->getMessage());
@@ -974,17 +1144,7 @@ function delete_record($db, $table, $filter, $filter_params = [])
     if (empty($old_record)) { return; }
     $rec_id = $old_record['id'];
 
-    $changed_log = 'record: ';
-    if (!empty($old_record)) {
-        asort($old_record, SORT_STRING);
-        $old_record = array_reverse($old_record, 1);
-        foreach ($old_record as $key => $value) {
-            if (empty($value) || preg_match('/\b(action|status|time|found)\b/i', $key)) {
-                continue;
-                }
-            $changed_log .= " $key => $value,";
-        }
-    }
+    $changed_msg = prepareAuditMessage($db, $table, $old_record, [], $rec_id, 'delete');
 
     $delete_it = 1;
 
@@ -1053,11 +1213,18 @@ function delete_record($db, $table, $filter, $filter_params = [])
         }
         } else { return; }
 
-    if ($table !== "sessions") {
-        LOG_VERBOSE($db, "Deleted FROM table $table WHERE $filter $changed_log");
+    if (!preg_match('/session/i', $table)) {
+        if (!empty($changed_msg)) {
+            if (!preg_match('/user/i', $table)) {
+                LOG_INFO($db, $changed_msg);
+                } else {
+                LOG_WARNING($db, $changed_msg);
+            }
+        }
     }
 
-    return $changed_log;
+    return $old_record;
+
 }
 
 function insert_record($db, $table, $newvalue)
@@ -1075,7 +1242,6 @@ function insert_record($db, $table, $newvalue)
         return;
     }
 
-    $changed_log = '';
     $field_list = [];
     $value_list = [];
     $params = [];
@@ -1115,8 +1281,16 @@ function insert_record($db, $table, $newvalue)
             return;
         }
         $last_id = $db->lastInsertId();
-        if ($table !== "sessions") {
-            LOG_VERBOSE($db, "Create record in table $table: $changed_log with id: $last_id");
+
+        if (!preg_match('/session/i', $table)) {
+            $changed_msg = prepareAuditMessage($db, $table, [], $newvalue, $last_id, 'insert');
+            if (!empty($changed_msg)) {
+                if (!preg_match('/user/i', $table)) {
+                    LOG_INFO($db, $changed_msg);
+                    } else {
+                    LOG_WARNING($db, $changed_msg);
+                }
+            }
         }
 
         if ($table === 'user_auth_alias') {

html/utils/auth_apply.php

@@ -26,9 +26,6 @@ if (getPOST("ApplyForAll", $page_url)) {
     $n_link = (int)getPOST("n_link", $page_url, 0);
     $n_handler = getPOST("n_handler", $page_url, '');
 
-    $msg = "Massive User change!";
-    LOG_WARNING($db_link, $msg);
-
     $all_ok = true;
 
     foreach ($auth_id as $val) {
@@ -87,9 +84,6 @@ if (getPOST("ApplyForAll", $page_url)) {
             $user_updates = ['ou_id' => $a_ou_id];
             $auth_updates_for_all = ['ou_id' => $a_ou_id];
 
-            $log_msg = "For user id: " . $cur_auth['user_id'] . " login: " . ($user_info['login'] ?? '') . " set: ou_id = " . $a_ou_id;
-            LOG_INFO($db_link, $log_msg);
-
             // Обновляем user_list
             $ret = update_record($db_link, "user_list", "id = ?", $user_updates, [(int)$cur_auth['user_id']]);
             if (!$ret) $all_ok = false;
@@ -113,13 +107,11 @@ if (getPOST("ApplyForAll", $page_url)) {
                             'rule' => $cur_auth['mac']
                         ];
                         insert_record($db_link, "auth_rules", $new_rule);
-                        LOG_INFO($db_link, "Created auto rule for user_id: " . $cur_auth['user_id'] . " and mac " . $cur_auth['mac']);
                     } else {
                         LOG_INFO($db_link, "Auto rule for user_id: " . $cur_auth['user_id'] . " and mac " . $cur_auth['mac'] . " already exists");
                     }
                 } else {
-                    run_sql($db_link, "DELETE FROM auth_rules WHERE user_id = ? AND rule_type = 2", [(int)$cur_auth['user_id']]);
-                    LOG_INFO($db_link, "Remove auto rule for user_id: " . $cur_auth['user_id'] . " and mac " . $cur_auth['mac']);
+                    delete_records($db_link, "auth_rules", "user_id = ? AND rule_type = 2", [(int)$cur_auth['user_id']]);
                 }
             } else {
                 LOG_ERROR($db_link, "Auto rule for user_id: " . ($cur_auth['user_id'] ?? 'N/A') . " not created. Record not found or empty mac.");
@@ -140,13 +132,11 @@ if (getPOST("ApplyForAll", $page_url)) {
                             'rule' => $cur_auth['ip']
                         ];
                         insert_record($db_link, "auth_rules", $new_rule);
-                        LOG_INFO($db_link, "Created auto rule for user_id: " . $cur_auth['user_id'] . " and ip " . $cur_auth['ip']);
                     } else {
                         LOG_INFO($db_link, "Auto rule for user_id: " . $cur_auth['user_id'] . " and ip " . $cur_auth['ip'] . " already exists");
                     }
                 } else {
-                    run_sql($db_link, "DELETE FROM auth_rules WHERE user_id = ? AND rule_type = 1", [(int)$cur_auth['user_id']]);
-                    LOG_INFO($db_link, "Remove auto rule for user_id: " . $cur_auth['user_id'] . " and ip " . $cur_auth['ip']);
+                    delete_records($db_link, "auth_rules", "user_id = ? AND rule_type = 1", [(int)$cur_auth['user_id']]);
                 }
             } else {
                 LOG_ERROR($db_link, "Auto rule for user_id: " . ($cur_auth['user_id'] ?? 'N/A') . " not created. Record not found or empty ip.");

html/utils/devices_apply.php

@@ -17,9 +17,6 @@ if (getPOST("ApplyForAll", $page_url) !== null) {
     $a_ro_community = trim(getPOST("a_ro_community", $page_url, 'public'));
     $a_rw_community = trim(getPOST("a_rw_community", $page_url, 'private'));
 
-    $msg = "Massive change devices!";
-    LOG_WARNING($db_link, $msg);
-
     $all_ok = true;
 
     foreach ($dev_id as $val) {

html/utils/user_apply.php

@@ -26,9 +26,6 @@ if (getPOST("ApplyForAll", $page_url)) {
     $a_dhcp_acl = trim(getPOST("a_dhcp_acl", $page_url, ''));
     $a_dhcp_option_set = trim(getPOST("a_dhcp_option_set", $page_url, ''));
 
-    $msg = "Massive User change!";
-    LOG_WARNING($db_link, $msg);
-
     $all_ok = true;
 
     foreach ($auth_id as $user_id_raw) {
@@ -127,13 +124,11 @@ if (getPOST("ApplyForAll", $page_url)) {
                         'rule_type' => 2,
                         'rule' => $b_mac
                     ]);
-                    LOG_INFO($db_link, "Created auto rule for user_id: $user_id and mac $b_mac");
                 } else {
                     LOG_INFO($db_link, "Auto rule for user_id: $user_id and mac $b_mac already exists");
                 }
             } else {
-                run_sql($db_link, "DELETE FROM auth_rules WHERE user_id = ? AND rule_type = 2", [$user_id]);
-                LOG_INFO($db_link, "Remove auto rule for user_id: $user_id and mac $b_mac");
+                delete_records($db_link, "auth_rules","user_id = ? AND rule_type = 2", [$user_id]);
             }
         }
 
@@ -155,13 +150,11 @@ if (getPOST("ApplyForAll", $page_url)) {
                         'rule_type' => 1,
                         'rule' => $b_ip
                     ]);
-                    LOG_INFO($db_link, "Created auto rule for user_id: $user_id and ip $b_ip");
                 } else {
                     LOG_INFO($db_link, "Auto rule for user_id: $user_id and ip $b_ip already exists");
                 }
             } else {
-                run_sql($db_link, "DELETE FROM auth_rules WHERE user_id = ? AND rule_type = 1", [$user_id]);
-                LOG_INFO($db_link, "Remove auto rule for user_id: $user_id and ip $b_ip");
+                delete_records($db_link, "auth_rules","user_id = ? AND rule_type = 1", [$user_id]);
             }
         }