XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. XOOPS Core Hacks 
  4.  / Q&D Admin Log
Register
1
Dave_L
Q&D Admin Log

  • 2006/2/15 0:00

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


This is a quick and dirty way of logging admin actions. More specifically, it logs non-trivial database updates.

The intent is that if you encounter an unexpected change to your configuration, then you can use the log to help determine whether it was an accident, a malicious action, or a software bug.

I'm using this hack in 2.2.3a-final, but it's probably compatible with XOOPS 2.0.13.2.

1. Create the directory /uploads/log and make it writable. To protect the log files from access by web browsers, create the file /uploads/log/.htaccess with contents "Deny from all". If you're not using Apache, you'd need a different method for protecting the files.

2. Edit footer.php.

After:

$xoopsLogger->stopTime();
    if (in_array(2$xoopsConfig['debug_mode']) && $xoopsUser && $xoopsUser->isAdmin($xoopsModule->getVar('mid'))) {
        echo $xoopsLogger->getSQLDebug();
    }


Insert:

#*#LOG_DB_UPDATES# - start
    global $xoopsDB;
    $protector_access_table $xoopsDB->prefix('protector_access');
    $online_table           $xoopsDB->prefix('online');
    $session_table          $xoopsDB->prefix('session');
    $logfile   XOOPS_ROOT_PATH '/uploads/log/' date('Ymd') . '_sql.log';
    $timestamp date('Y-m-d H:i:s');
    if (is_object($xoopsUser)) {
        $uid   $xoopsUser->getVar('uid');
        $uname $xoopsUser->getVar('uname');
    } else {
        $uid   0;
        $uname '-';
    }
    foreach ($xoopsLogger->queries as $logger_contexts) {
        foreach ($logger_contexts as $query) {
            $q trim($query['sql']);
            $q_lower strtolower($q);
            if (strpos($q_lower'select') !== 0
                and !preg_match("/^(deletes+from|inserts+into|update)s+($protector_access_table|$online_table|$session_table)s+/"$q_lower)
            ) {
                $q str_replace(array("n""r""t"), ' '$q);
                @error_log("[$timestamp] [{$_SERVER['REMOTE_ADDR']}] [$uid] [$uname$qn"3$logfile);
            }
        }
    }
#*#LOG_DB_UPDATES# - end


Each line of the log includes the date/time, IP address, user ID, username and database query.

SELECT queries are not logged, nor are some of the more common database updates, such as changes to the online and session table.

A new log file is created each day, to make it easy to purge old log files.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

163 user(s) are online (88 user(s) are browsing Support Forums)

Members: 0

Guests: 163

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits