Attachments
opencart_access_log_permission.PNG (13.43 KiB) Viewed 1931 times
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
$this->data['Permission_access_log'] = $this->validatePermission('tool/access_log');
but when i change to
$this->data['Permission_access_log'] = $this->validatePermission('tool/error_log');
I can see the link in header menu, why???
I am using permission based menu btw.
Code: Select all
$this->data['access_log'] = $this->url->link('tool/access_log', 'token=' . $this->session->data['token'], 'SSL');
Code: Select all
$this->data['access_log'] = HTTPS_SERVER . 'index.php?route=tool/access_log&token=' . $this->session->data['token'];
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I don't quite understand this code. Does this actually work for you? Just quickly testing this, I log into my admin with 2 diff users from 2 diff PC's. the $_SESSION only contains the user_id of the current user for that session. Nothing in $GLOBALS contains the user_id of both users, as that would be a major security hole, so I don't know why you would loop through:straightlight wrote:Code: Select all
$user_ids = array(); $routes = array(); $post_keys = array(); $post_values = array(); if (isset($GLOBALS['_SESSION']) && isset($GLOBALS['_GET']) && isset($GLOBALS['_POST'])) { foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) { if ($user_key == 'user_id') { $user_ids[] = (int)$user_id; foreach($GLOBALS['_GET'] as $route_key => $route_name) { if ($route_key == 'route') { $routes[] = $route_name; } } if (!empty($GLOBALS['_POST'])) { foreach ($GLOBALS['_POST'] as $post_key => $post_value) { $post_keys[] = $post_key; $post_values[] = $post_value; } } } } }
Code: Select all
foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
I would think simply adding a single line in the footer that logs the current user_id, time(), and page to a log file or db table would be much more efficient. Then create a simple page to display the data. There you could even track every single page load.
File based log example added to footer.php:
Code: Select all
if ($this->user->isLogged()) {
$msg = time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI'];
file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND);
}
Is it possible to log user action with this mod?Qphoria wrote:I don't quite understand this code. Does this actually work for you? Just quickly testing this, I log into my admin with 2 diff users from 2 diff PC's. the $_SESSION only contains the user_id of the current user for that session. Nothing in $GLOBALS contains the user_id of both users, as that would be a major security hole, so I don't know why you would loop through:straightlight wrote:Code: Select all
$user_ids = array(); $routes = array(); $post_keys = array(); $post_values = array(); if (isset($GLOBALS['_SESSION']) && isset($GLOBALS['_GET']) && isset($GLOBALS['_POST'])) { foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) { if ($user_key == 'user_id') { $user_ids[] = (int)$user_id; foreach($GLOBALS['_GET'] as $route_key => $route_name) { if ($route_key == 'route') { $routes[] = $route_name; } } if (!empty($GLOBALS['_POST'])) { foreach ($GLOBALS['_POST'] as $post_key => $post_value) { $post_keys[] = $post_key; $post_values[] = $post_value; } } } } }
as it should always return only one.Code: Select all
foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
I would think simply adding a single line in the footer that logs the current user_id, time(), and page to a log file or db table would be much more efficient. Then create a simple page to display the data. There you could even track every single page load.
File based log example added to footer.php:Simple and efficient.Code: Select all
if ($this->user->isLogged()) { $msg = time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI']; file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND); }
This is already implemented in my version.Is it possible to log user action with this mod?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Absolutely. You could addadi_555 wrote: Is it possible to log user action with this mod?
print_r(debug_backtrace(), 1)
to the message and see the full call stack of their actions (probably overkill tho). But you could filter out the things you want to see with a bit of data massaging.
http://php.net/manual/en/function.debug-backtrace.php
Code: Select all
if ($this->user->isLogged()) {
$msg = (time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI'] . "\r\n" . print_r(debug_backtrace(), 1));
file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND);
}
The $_SESSION variable is for the current user. However, the microtime idea is indeed a good one.Qphoria wrote:I don't quite understand this code. Does this actually work for you? Just quickly testing this, I log into my admin with 2 diff users from 2 diff PC's. the $_SESSION only contains the user_id of the current user for that session. Nothing in $GLOBALS contains the user_id of both users, as that would be a major security hole, so I don't know why you would loop through:straightlight wrote:Code: Select all
$user_ids = array(); $routes = array(); $post_keys = array(); $post_values = array(); if (isset($GLOBALS['_SESSION']) && isset($GLOBALS['_GET']) && isset($GLOBALS['_POST'])) { foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) { if ($user_key == 'user_id') { $user_ids[] = (int)$user_id; foreach($GLOBALS['_GET'] as $route_key => $route_name) { if ($route_key == 'route') { $routes[] = $route_name; } } if (!empty($GLOBALS['_POST'])) { foreach ($GLOBALS['_POST'] as $post_key => $post_value) { $post_keys[] = $post_key; $post_values[] = $post_value; } } } } }
as it should always return only one.Code: Select all
foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
I would think simply adding a single line in the footer that logs the current user_id, time(), and page to a log file or db table would be much more efficient. Then create a simple page to display the data. There you could even track every single page load.
File based log example added to footer.php:Simple and efficient.Code: Select all
if ($this->user->isLogged()) { $msg = time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI']; file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND); }
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I agree, which is why it wasn't added in my code in the first place ..Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Some things may remain unexplained regarding the way your store may operate right now based on all the integrations you may have done before but according to my screen shot, the permission should definitely show right now. Assure to use the Top Administrator for instance, if it's still not there, this is certainly something I can't reproduce ...adi_555 wrote:But i am having trouble accessing, i cannot see the checkbox where i could assign the permission for top admin!
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
eh? it is at the top of your code.straightlight wrote:I agree, which is why it wasn't added in my code in the first place ..Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.
The method I show would work for all versions of opencart the same since the user class hasn't changed.adi_555 wrote:mayb Qphoria can suggest something here?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Just one action generated 1mb of data!Qphoria wrote:eh? it is at the top of your code.straightlight wrote:I agree, which is why it wasn't added in my code in the first place ..Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.
The method I show would work for all versions of opencart the same since the user class hasn't changed.adi_555 wrote:mayb Qphoria can suggest something here?
@ straightlight is the controller code 1.4.x compatible? I have once again checked every thing and i still do not see permission checkbox! and there is no error logs on thismod
Users browsing this forum: No registered users and 137 guests