XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. XOOPS Core Hacks 
  4.  / Q&D Admin Log
Register
1
Dave_L
Q&D Admin Log

  • 2006/2/15 0:00

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


This is a quick and dirty way of logging admin actions. More specifically, it logs non-trivial database updates.

The intent is that if you encounter an unexpected change to your configuration, then you can use the log to help determine whether it was an accident, a malicious action, or a software bug.

I'm using this hack in 2.2.3a-final, but it's probably compatible with XOOPS 2.0.13.2.

1. Create the directory /uploads/log and make it writable. To protect the log files from access by web browsers, create the file /uploads/log/.htaccess with contents "Deny from all". If you're not using Apache, you'd need a different method for protecting the files.

2. Edit footer.php.

After:


$xoopsLogger->stopTime();

    if (in_array(2$xoopsConfig['debug_mode']) && $xoopsUser && $xoopsUser->isAdmin($xoopsModule->getVar('mid'))) {

        echo $xoopsLogger->getSQLDebug();

    }



Insert:


#*#LOG_DB_UPDATES# - start

    global $xoopsDB;

    $protector_access_table $xoopsDB->prefix('protector_access');

    $online_table           $xoopsDB->prefix('online');

    $session_table          $xoopsDB->prefix('session');

    $logfile   XOOPS_ROOT_PATH '/uploads/log/' date('Ymd') . '_sql.log';

    $timestamp date('Y-m-d H:i:s');

    if (is_object($xoopsUser)) {

        $uid   $xoopsUser->getVar('uid');

        $uname $xoopsUser->getVar('uname');

    } else {

        $uid   0;

        $uname '-';

    }

    foreach ($xoopsLogger->queries as $logger_contexts) {

        foreach ($logger_contexts as $query) {

            $q trim($query['sql']);

            $q_lower strtolower($q);

            if (strpos($q_lower'select') !== 0

                and !preg_match("/^(deletes+from|inserts+into|update)s+($protector_access_table|$online_table|$session_table)s+/"$q_lower)

            ) {

                $q str_replace(array("n""r""t"), ' '$q);

                @error_log("[$timestamp] [{$_SERVER['REMOTE_ADDR']}] [$uid] [$uname$qn"3$logfile);

            }

        }

    }

#*#LOG_DB_UPDATES# - end



Each line of the log includes the date/time, IP address, user ID, username and database query.

SELECT queries are not logged, nor are some of the more common database updates, such as changes to the online and session table.

A new log file is created each day, to make it easy to purge old log files.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

205 user(s) are online (150 user(s) are browsing Support Forums)

Members: 0

Guests: 205

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits