Difference between revisions of "NATS4 Log Admin Activity"

From TMM Wiki
Jump to navigationJump to search
m
(No difference)

Revision as of 16:23, 21 November 2008

NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
NATS Configuration Admin
The Configuration Admin
Log Admin Activity
IP Address Filtering
MEMBER_EXPIRE_PAD
SKIP COUNTRIES
Fraud Configuration
Email Configuration
Affiliate Signup Email
Affiliate Postback
Affiliate Postback NEW
Affiliate Analytics
Throttling
NATS4 Terms of Service feature
GeoIP2

NATS can log every request made by any administrator logged into NATS, but this feature is disabled by default. To enable administrator activity logging, add the following line to your config.php file (located in the includes folder of your NATS install).

$config['ADMIN_ACTION_POSTBACK'] = 'http://example.com/myadminpostback.url';

Replace the URL in the example with a script you created to accept the postback and log it. You can write the log to either a simple text file or a database using one of the sample scripts below.

Text Log Example Script


<?php
//check to make sure the request is actually coming from NATS
if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install

//please make sure that log file and directory are read/write accessible to Apache
$logpath = "admin_activity.log"; //This is where your log file exists on your server
$logfile = fopen($logpath, 'a') or die;
//write the entry to the log file
foreach ($_REQUEST as $name=> $string) fwrite($logfile, htmlentities($name)." => ".htmlentities($string)."\n");
fclose($logfile);
?>

Database Log Example Script


<?php
//check to make sure the request is actually coming from NATS
if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install

//connect to the DB
$myDB = mysql_connect("mydb_hostname", "mydb_username", "mydb_password");

//checks for valid connection and valid name of the db as specified in DBname
if ($myDB && mysql_select_db('DBname', $myDB)) {

//pull only the info we want from the URL
$qs = $_REQUEST['query'];
$loginid = $_REQUEST['usr_loginid'];
$ip = $_REQUEST['performed_action_ip'];
$scr = $_REQUEST['performed_action_script'];
$time = $_REQUEST['performed_action_time'];

//strips any unwanted slashes from the postback
if(get_magic_quotes_gpc()) {
$qs = stripslashes($qs);
$loginid = stripslashes($loginid);
$ip = stripslashes($ip);
$scr = stripslashes($scr);
$time = stripslashes($time);
}

$query = sprintf("INSERT INTO admin_logs (query_string, loginid, ip, script, time) VALUES ('%s','%s','%s','%s','%s')",mysql_real_escape_string($qs),mysql_real_escape_string($loginid),mysql_real_escape_string($ip),mysql_real_escape_string($scr),mysql_real_escape_string($time));

//execute query
$res = mysql_query($query, $myDB);
mysql_close($myDB);
}
?>