Create a Log File

transfield · 03-14-2006, 04:18 AM

Hello,
I would like to log all surfing activities of the user into a MySql database. These surfing activities are done within password protected pages that use sessions. The kind of surfing activities I would like to log include the user's username, password, keywords searched, date, time, etc.

Since there are many password protected pages & the user may be browsing from one page to another, I do not know how to log all the information efficiently. I've written a code to log the surfing activities but it doesn't make sense to insert this code on every single page. My code is below.

Is there a way to put this code only on 1 page & track the user's activities based on sessions or something like that?

Here's how my sessions look like:-

HTML Code:

$_SESSION['passwordprotect'] = mysql_result($result,0,"id");

Here's my code for the log files:-

HTML Code:

<html>
<head>
<title>Untitled Document</title>
</head>

<body>
<?PHP
function ConnectDB(){
$username="abc123";
$password="abc123";
$database="abc123";
$host="localhost";
$conn = mysql_connect("$host","$username","$password") or die('Could not connect: ' . mysql_error());
mysql_select_db($database) or die('Could not select database');
return $conn;
}

function WriteLog(){
$query="INSERT INTO logs SET date=CURDATE(), time=CURTIME()";
$results=mysql_query($query);
}

$conn=ConnectDB();
WriteLog();
$conn->close;
?>

</body>
</html>

sde · 03-14-2006, 08:33 AM

you should use includes. make a file called head.php and put all your logic that appears on every page in there.

PHP Code:


			
<?
// head.php

// set mysql connection
$username="abc123";
$password="abc123";
$database="abc123";
$host="localhost";

$conn = mysql_connect("$host","$username","$password") or die('Could not connect: ' . mysql_error());
mysql_select_db($database) or die('Could not select database');

// declare function
function WriteLog() {
    $query="INSERT INTO logs SET date=CURDATE(), time=CURTIME()";
    $results=mysql_query($query);
}

// call function
WriteLog();
?>

same thing for the bottom of every page, let's call this foot.php

PHP Code:


			
<?
// foot.php

mysql_close();

// any other logic you want at the end of each page
?>

now, a regular page might look like this:

PHP Code:


			
<?
include("includes/head.php");
?>
<html>
<head>
  <title> my page</title>
</head>
<body>
<h1>my web page</h1>
</body>
</html>
<?
include("includes/foot.php");
?>

transfield · 03-14-2006, 09:47 AM

Hi Sde,
Thanks for your reply & thanks for commenting & organizing my code. Now I understand my own code better :-)

I understand your explanation about using includes & will certainly use it.

My next question is as follows:-
1. How do I track the activities of a particular user once he logs in bearing in mind that he may browse from page to page & use various features on my website?

2. I have a feeling that I need to include some info from my

HTML Code:

$_SESSION['passwordprotect'] = mysql_result($result,0,"id");

but I'm not sure how.

3. If I change my $query to

HTML Code:

$query="INSERT INTO logs SET date=CURDATE(), time=CURTIME(), username='$user', password='$pass', keywords='$keywords'";

& include this in every page, will it work on every page bearing in mind that different pages have got different features for him to use?

Additional info:-
1. I have already created the necessary fields in the logs table to capture the user's username, password, keywords searched(he will be querying a database on a particular page), etc.

sde · 03-14-2006, 09:57 AM

what is the query you use to set $_SESSION['passwordprotect'] ?

do you have a user table in your database?

why are you tracking the password in the log? if a user is able to login, then they already submitted a valid password right?

what are keywords?

if you put the username in the session, then you will always have access to log that. depending what type of logging is for, you may want to log the user's IP address as well. $_SERVER['REMOTE_ADDR']

ChefFrank · 03-14-2006, 04:16 PM

OK - let me ask some stupid questions - since I was interested in doing something like this in the future.

Since HTML/PHP is 'context-free', you need to store user context someplace. Would this be an appropiate use of cookies?

My experience in designing client/server systems generally places the burden of context management on the client. So, you either have to do a lot of playing around with forms and hidden fields, or find another way to mantain context, hence, cookies -- which, I think, can be read at any time within a session.

Please correct me if I don't properly understand how cookies work.

Frank

transfield · 03-14-2006, 07:39 PM

Hello Sde,
Thank you for attempting to understand what I'm trying to achieve. I appreciate your efforts. The answers to your questions are as follows:-

1. I do not have a query when I set $_SESSION['passwordprotect']. Someone told me that I have to track the user's id(which is stored in the MySql database) in order to track his surfing activities. I hope you understand what I am talking about here.

2. Yes, I do have a user table in my MySql database. This table is called customers & contains the following fields - id, username, password, email & name.

3. Okay, maybe I should not be tracking his password since he has already succesfully logged in. Good point, thank you. I think I should be tracking his id only.

4. On a few the pages, there are forms that queries the database. It's something like a search engine so I want to track what keywords the user is using to query the database.

5. I do not need to log the user's IP address because all users are registered customers whose particulars are already in my MySql database.

Warm Regards.

sde · 03-14-2006, 08:11 PM

Quote:

Originally Posted by ChefFrank

OK - let me ask some stupid questions - since I was interested in doing something like this in the future.

Since HTML/PHP is 'context-free', you need to store user context someplace. Would this be an appropiate use of cookies?

My experience in designing client/server systems generally places the burden of context management on the client. So, you either have to do a lot of playing around with forms and hidden fields, or find another way to mantain context, hence, cookies -- which, I think, can be read at any time within a session.

Please correct me if I don't properly understand how cookies work.

Frank

Frank, in this case, I'd recommend storing the persistant data in a session. The session data is basically a cookie that gets stored on the server for the time the browser stays open or until you manually destroy the session in the php script.

I try to avoid using client side cookies as much as possible. There are instances where it does make a lot of sense though.

sde · 03-14-2006, 08:19 PM

transfield,

from your answers, it sounds like you have a handle on what you're trying to accomplish then.

good luck.

transfield · 03-14-2006, 08:48 PM

Have a handle? What handle?

sde · 03-14-2006, 09:10 PM

sorry, i read half of this while i was at work and missed the question.

do you use the GET method for your search engine? in other words, are the words they search for in the URL?

transfield · 03-14-2006, 10:22 PM

Hello Sde,
I'm using the POST method.

Thanks for your reply.

sde · 03-14-2006, 10:33 PM

$query="INSERT INTO logs SET date=CURDATE(), time=CURTIME(), username='$user', password='$pass', keywords='$keywords'";

based on the query above, it looks like you are achieving what you want to achieve. (except you mentioned taking out the pass)

what is not working for you?

transfield · 03-15-2006, 12:44 AM

Hello Sde,
Thanks for your reply. Here's what I've done so far:-
I've created a file called head.php like you suggested. This file is working properly on it's own. My code is below.

Here's my problem:-
When I include head.php into my login page, it does not work(no error message whatsoever). My code is below.

Head.php

HTML Code:

<?php

// set mysql connection
$username="abc123";
$password="abc123";
$database="abc123";
$host="localhost";
$pass=$_POST['pass'];
$user=$_POST['user'];


$conn = mysql_connect("$host","$username","$password") or die('Could not connect: ' . mysql_error());
mysql_select_db($database) or die('Could not select database');

// declare function
function WriteLog() {
    $query="INSERT INTO logs VALUES date=CURDATE(), time=CURTIME(), username='$user', password='$pass'";
    $results=mysql_query($query);
}

// call function
WriteLog();
?>

Login page

HTML Code:

<?php
session_start();
$username="abc123";
$password="abc123";
$database="abc123";
$host="localhost";
$pass=$_POST['pass'];
$user=$_POST['user'];
$r1 = $_POST['R1'];
$r2 = $_POST['R2'];
mysql_connect ("$host","$username","$password");
mysql_select_db($database) or die( "Where's the database man?");
$query = "SELECT * FROM customers WHERE username = '$user' AND password = '$pass'"; 
$result = mysql_query($query);
if ($r2=='V2')
{
if ($query = mysql_num_rows($result) == 0)
{
header('Location:retrieve_password.php');
}
else
{

if ($r1=='V1')
{
	setcookie(robert, date("G:i - m/d/y"), time()+3600); 
}
$_SESSION['passwordprotect'] = mysql_result($result,0,"id");
header('Location:query_form2.php');
include "head.php";
}
}
else
{
$_SESSION['termswrong'] = 1;
header('Location:login2.php');
}  
?>