Jump to content

Site Logger ?

d.shankar

By d.shankar
in PHP Coding Help

 Share

Recommended Posts

Wuhtzu Member

Wuhtzu

Posted
Posted

I personally do not understand what you want to do, please be a little more specific.

 

 

Right now it seem to me that you would like to track/log what URL your users type in the address bar when leaving your site?

 

 

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted
Is it possible to log it in a file

 

Its allready being logged in the Apache logs. However, if you don't have access to them, you could simply create your own using the $_SERVER[] array. The $_SERVER[] array contains quite a bit of information about each request.

Link to comment
Share on other sites
Wuhtzu Member

Wuhtzu

Posted
Posted

Can you please show us the website, because what you are saying is very conflicting - at least in my world / understanding.

 

If you have a website with forms - those could be contact forms, forms for posting to a forum, forms for searching ect. - you hopefully do something with the data the user inputs... If it is a contact form you hopefully send the data to your e-mail, if it is a search form you hopefully build some search queries using the data, if it is a form for posting to a forum you hopefully saves the data to a database.

 

A part of dealing with forms are validating input and you hopefully do that if you have forms on your site. And if you validate the input the user will never submit malicious input because it will get caught by your validation.

 

If you do not validate the input of your forms or can't figure out how to store user inputs from a form you should do some basics about handling and validating forms. And if you want to save the input to a file read some about filehandling:

 

Form validation / handling: http://www.htmlcenter.com/tutorials/tutorials.cfm/149/PHP/

Form validation / handling: http://www.php-mysql-tutorial.com/form-validation-with-php.php

PHP form handling: http://www.w3schools.com/php/php_forms.asp

File handling - read/write: http://www.tizag.com/phpT/files.php (click continue to go through all file handling stuff)

Link to comment
Share on other sites
d.shankar Regular Member

d.shankar

Posted
  • Author
Posted

Is it possible to log it in a file

 

Its allready being logged in the Apache logs. However, if you don't have access to them, you could simply create your own using the $_SERVER[] array. The $_SERVER[] array contains quite a bit of information about each request.

 

Wil check that out thorpe  :)

Link to comment
Share on other sites
d.shankar Regular Member

d.shankar

Posted
  • Author
Posted

Can you please show us the website, because what you are saying is very conflicting - at least in my world / understanding.

 

If you have a website with forms - those could be contact forms, forms for posting to a forum, forms for searching ect. - you hopefully do something with the data the user inputs... If it is a contact form you hopefully send the data to your e-mail, if it is a search form you hopefully build some search queries using the data, if it is a form for posting to a forum you hopefully saves the data to a database.

 

A part of dealing with forms are validating input and you hopefully do that if you have forms on your site. And if you validate the input the user will never submit malicious input because it will get caught by your validation.

 

If you do not validate the input of your forms or can't figure out how to store user inputs from a form you should do some basics about handling and validating forms. And if you want to save the input to a file read some about filehandling:

 

Form validation / handling: http://www.htmlcenter.com/tutorials/tutorials.cfm/149/PHP/

Form validation / handling: http://www.php-mysql-tutorial.com/form-validation-with-php.php

PHP form handling: http://www.w3schools.com/php/php_forms.asp

File handling - read/write: http://www.tizag.com/phpT/files.php (click continue to go through all file handling stuff)

 

 

That was a quite good explanation wuhtzu.

 

Actually i want to design some sort of intrusion detection system matey... It should monitor the user inputs and if anything found malicious it should alert the web administrator.

 

Hope you get it now.

Link to comment
Share on other sites
d.shankar Regular Member

d.shankar

Posted
  • Author
Posted

why instead of detecting and logging mlaicious just block it.  What sort of malicious are we talking swearing in forums or something else like trying to inject sql?

 

Yea cooldude.. u are absolutely right [You are trying to say prevention is better than cure .. right !!]

 

In my case actually i want to know what is trying to cause the chaos.

 

Consider i have an FBI Site and it is already heavily secured but still there may some hackers trying to crack the site with malicious inputs.. so in this case i need to record that sort of inputs too.

 

Link to comment
Share on other sites
d.shankar Regular Member

d.shankar

Posted
  • Author
Posted

Its allready being logged in the Apache logs. However, if you don't have access to them, you could simply create your own using the $_SERVER[] array. The $_SERVER[] array contains quite a bit of information about each request.

 

How to and where to catch the response from the user with the $_SERVER ???

 

Any ideas or help ?

 

 

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted
Do i have to include the $_SERVER vars in all pages

 

Just log what you actually want. And yes, you will need to include all your log code within any page you want logged.

 

You could also (or instead of) create your own customlog via your .htaccess. Take a look at the relevent parts of the Apache manual.

Link to comment
Share on other sites
shocker-z Regular Member

shocker-z

Posted
Posted

or like someone else said just fix the issues that you have?

 

Submit it to the testing forum they will check for any SQL exploits and so on then fix the issues they state then it doesn't matter if people try as if they try and succeed then there aint much you can do to stop them as they have already done it! if they try and dont succeed then no need to log as they didnt succeed. If someone really wanted to harm your site logging them would do nothing anyway as they would access u via a proxy.

 

Liam

Link to comment
Share on other sites
d.shankar Regular Member

d.shankar

Posted
  • Author
Posted

or like someone else said just fix the issues that you have?

 

Submit it to the testing forum they will check for any SQL exploits and so on then fix the issues they state then it doesn't matter if people try as if they try and succeed then there aint much you can do to stop them as they have already done it! if they try and dont succeed then no need to log as they didnt succeed. If someone really wanted to harm your site logging them would do nothing anyway as they would access u via a proxy.

 

Liam

 

Thanks liam.

 

If we have such feature configured in the site then no user will ever try to hack it.

They will fear that our actions are being noted so they will just ignore the site even though it is vulnerable !!!

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

Consider i have an FBI Site and it is already heavily secured but still there may some hackers trying to crack the site with malicious inputs.. so in this case i need to record that sort of inputs too.

 

I laughed at this, and agree.  You need to prevent intially and then watch all inputs for malicious attacks.  You can simply say on each page 

<?php
foreach($_GET as $key => $value){
$insert = "Insert into `logger` (key, value) Values '".$key."','".$value."'";
mysql_query($insert) or die(mysql_error());
}
?>

and you can then log all get variable data in a table for viewing later, however if you are passing more than 5 variables you might want to look for a better method.  I was just trying to develop a catch all.

Link to comment
Share on other sites
d.shankar Regular Member

d.shankar

Posted
  • Author
Posted

Hi guys with your guidance i checked out an example by myself.

 

Please tell me if i am in the right path !

 

<?php
?>

<html>

<body>
<form action=''>
<input type='text' name='txt1'>
<input type='submit' name='sub1'>
</form>
</body>
</html>

<?php
foreach($_REQUEST as $key => $value)
{
	//echo "The Key".$key;
	//echo "<br>";
	echo "User Submitted Value ".$value;
}

?>

 

 

Do reply guys. :-*

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

Request is all the data a browser sends which I belive includes GET, POST, SESSION and a few other odds and ends.  It would probably best if your server isn't horrible to simply log all the REQUEST and SERVER data.  You could spead things up really quickly by not using mysql now, instead use a flat file to store this data (So you can store a single string instead of a million strings).  Then simply run a cron job that will convert all the flat files to mysql every 15 minuites.  Make each page load its own flat file.  This will make your cron job run almost 24/7, but you will have so much data that you can find just about anything you want.  Also you might want to make your table dynamic.  Such as the fields should be added as they are discovered so you can make a much more linear table than a 3 field table.  It be a lot of work, but it would be a powerful tool when completed.

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

although it knida leves you open to injection there as a person could just keep adding nonsense get variables and your table would be forced to grow in the fields for each get variable, reguardless of if it showed up more than once, maybe what you want to do is define all your server defined get variables then make a field called other_get and then for every get that doesn't match the given fields just put them there comma seperated like

KEY: Value, Key2: Value2

 

It will save your table from crashing.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.