NATS3 Log Admin Activity

From TMMwiki
Jump to: navigation, search
NATS 3
Configuration Admin
NATS3 Configuration Options
Extra Country Options
PayVia Minimum
Log Admin Activity
IP Address Filtering
MEMBER EXPIRE PAD
Second Sign-up Matching
Affiliate Signup Email
GeoIP
Fake Upgrade

Applies to NATS v3.1.41.3 or greater.

NATS can log every request made by any administrator logged into NATS, but this feature is disabled by default. To enable administrator activity logging, add the following line to your config.php file (located in the includes folder of your NATS install).

$config['ADMIN_ACTION_POSTBACK'] = 'http://mydomain.com/myadminpostback.url';

Replace the URL in the example with a script you created to accept the postback and log it. You can write the log to either a simple text file or a database using one of the sample scripts below.

Text Log Example Script


<?php
//check to make sure the request is actually coming from NATS
if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install

//please make sure that log file and directory are read/write accessible to Apache
$logpath = "admin_activity.log"; //This is where your log file exists on your server
$logfile = fopen($logpath, 'a') or die;
//write the entry to the log file
foreach ($_REQUEST as $name=> $string) fwrite($logfile, htmlentities($name)." => ".htmlentities($string)."\n");
fclose($logfile);
?>

Database Log Example Script


<?php
//check to make sure the request is actually coming from NATS
if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install

//connect to the DB
$myDB = mysql_connect("mydb_hostname", "mydb_username", "mydb_password");

//checks for valid connection and valid name of the db as specified in DBname
if ($myDB && mysql_select_db('DBname', $myDB)) {

//pull only the info we want from the URL
$qs = $_REQUEST['query_string'];
$loginid = $_REQUEST['performed_action_loginid'];
$ip = $_REQUEST['performed_action_ip'];
$scr = $_REQUEST['performed_action_script'];
$time = $_REQUEST['performed_action_time'];

//strips any unwanted slashes from the postback
if(get_magic_quotes_gpc()) {
$qs = stripslashes($qs);
$loginid = stripslashes($loginid);
$ip = stripslashes($ip);
$scr = stripslashes($scr);
$time = stripslashes($time);
}

$query = sprintf("INSERT INTO admin_logs (query_string, loginid, ip, script, time) VALUES ('%s','%s','%s','%s','%s')",mysql_real_escape_string($qs),mysql_real_escape_string($loginid),mysql_real_escape_string($ip),mysql_real_escape_string($scr),mysql_real_escape_string($time));

//execute query
$res = mysql_query($query, $myDB);
mysql_close($myDB);
}
?>