Post by adi_555 » Sun Jan 29, 2012 7:03 am

Cant seem to find the permission box for access_log! can you please check the codes again?

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by straightlight » Sun Jan 29, 2012 7:10 am

As you can see from the screenshot, there's absolutely nothing wrong with my code.

Attachments

opencart_access_log_permission.PNG

opencart_access_log_permission.PNG (13.43 KiB) Viewed 1931 times


Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by adi_555 » Sun Jan 29, 2012 7:21 am

admin controller/header.php
$this->data['Permission_access_log'] = $this->validatePermission('tool/access_log');

but when i change to
$this->data['Permission_access_log'] = $this->validatePermission('tool/error_log');

I can see the link in header menu, why???

I am using permission based menu btw.

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by straightlight » Sun Jan 29, 2012 7:26 am

Without knowing exactly what permission based menu is but since you're using 1.4.9x and stated on another topic, it may rather be because of this line from the same file you mention above:

Code: Select all

$this->data['access_log'] = $this->url->link('tool/access_log', 'token=' . $this->session->data['token'], 'SSL');
to:

Code: Select all

$this->data['access_log'] = HTTPS_SERVER . 'index.php?route=tool/access_log&token=' . $this->session->data['token'];

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by adi_555 » Sun Jan 29, 2012 7:28 am

I know i had already changed that but no luck :(

and when i try to access via direct path it says permission denied and moreover i cannot see any access log permission checkbox in settings also :(((((

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by Qphoria » Sun Jan 29, 2012 7:33 am

straightlight wrote:

Code: Select all

$user_ids = array();
		$routes = array();
		$post_keys = array();
		$post_values = array();
		if (isset($GLOBALS['_SESSION']) && isset($GLOBALS['_GET']) && isset($GLOBALS['_POST'])) {
			foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
				if ($user_key == 'user_id') {
					$user_ids[] = (int)$user_id;
					
					foreach($GLOBALS['_GET'] as $route_key => $route_name) {						
						if ($route_key == 'route') {
							$routes[] = $route_name;
						}
					}
					
					if (!empty($GLOBALS['_POST'])) {
						foreach ($GLOBALS['_POST'] as $post_key => $post_value) {
							$post_keys[] 		= $post_key;
							$post_values[] 		= $post_value;
						}							
					}
				}
			}
		}
I don't quite understand this code. Does this actually work for you? Just quickly testing this, I log into my admin with 2 diff users from 2 diff PC's. the $_SESSION only contains the user_id of the current user for that session. Nothing in $GLOBALS contains the user_id of both users, as that would be a major security hole, so I don't know why you would loop through:

Code: Select all

foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
as it should always return only one.

I would think simply adding a single line in the footer that logs the current user_id, time(), and page to a log file or db table would be much more efficient. Then create a simple page to display the data. There you could even track every single page load.

File based log example added to footer.php:

Code: Select all

if ($this->user->isLogged()) {
    $msg = time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI'];
    file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND);
}
Simple and efficient.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by adi_555 » Sun Jan 29, 2012 7:38 am

Qphoria wrote:
straightlight wrote:

Code: Select all

$user_ids = array();
		$routes = array();
		$post_keys = array();
		$post_values = array();
		if (isset($GLOBALS['_SESSION']) && isset($GLOBALS['_GET']) && isset($GLOBALS['_POST'])) {
			foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
				if ($user_key == 'user_id') {
					$user_ids[] = (int)$user_id;
					
					foreach($GLOBALS['_GET'] as $route_key => $route_name) {						
						if ($route_key == 'route') {
							$routes[] = $route_name;
						}
					}
					
					if (!empty($GLOBALS['_POST'])) {
						foreach ($GLOBALS['_POST'] as $post_key => $post_value) {
							$post_keys[] 		= $post_key;
							$post_values[] 		= $post_value;
						}							
					}
				}
			}
		}
I don't quite understand this code. Does this actually work for you? Just quickly testing this, I log into my admin with 2 diff users from 2 diff PC's. the $_SESSION only contains the user_id of the current user for that session. Nothing in $GLOBALS contains the user_id of both users, as that would be a major security hole, so I don't know why you would loop through:

Code: Select all

foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
as it should always return only one.

I would think simply adding a single line in the footer that logs the current user_id, time(), and page to a log file or db table would be much more efficient. Then create a simple page to display the data. There you could even track every single page load.

File based log example added to footer.php:

Code: Select all

if ($this->user->isLogged()) {
    $msg = time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI'];
    file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND);
}
Simple and efficient.
Is it possible to log user action with this mod?

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by straightlight » Sun Jan 29, 2012 7:41 am

Is it possible to log user action with this mod?
This is already implemented in my version.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Qphoria » Sun Jan 29, 2012 7:41 am

adi_555 wrote: Is it possible to log user action with this mod?
Absolutely. You could add
print_r(debug_backtrace(), 1)
to the message and see the full call stack of their actions (probably overkill tho). But you could filter out the things you want to see with a bit of data massaging.
http://php.net/manual/en/function.debug-backtrace.php

Code: Select all

if ($this->user->isLogged()) {
    $msg = (time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI'] . "\r\n" . print_r(debug_backtrace(), 1));
    file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND);
}

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by straightlight » Sun Jan 29, 2012 7:42 am

Qphoria wrote:
straightlight wrote:

Code: Select all

$user_ids = array();
		$routes = array();
		$post_keys = array();
		$post_values = array();
		if (isset($GLOBALS['_SESSION']) && isset($GLOBALS['_GET']) && isset($GLOBALS['_POST'])) {
			foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
				if ($user_key == 'user_id') {
					$user_ids[] = (int)$user_id;
					
					foreach($GLOBALS['_GET'] as $route_key => $route_name) {						
						if ($route_key == 'route') {
							$routes[] = $route_name;
						}
					}
					
					if (!empty($GLOBALS['_POST'])) {
						foreach ($GLOBALS['_POST'] as $post_key => $post_value) {
							$post_keys[] 		= $post_key;
							$post_values[] 		= $post_value;
						}							
					}
				}
			}
		}
I don't quite understand this code. Does this actually work for you? Just quickly testing this, I log into my admin with 2 diff users from 2 diff PC's. the $_SESSION only contains the user_id of the current user for that session. Nothing in $GLOBALS contains the user_id of both users, as that would be a major security hole, so I don't know why you would loop through:

Code: Select all

foreach ($GLOBALS['_SESSION'] as $user_key => $user_id) {
as it should always return only one.

I would think simply adding a single line in the footer that logs the current user_id, time(), and page to a log file or db table would be much more efficient. Then create a simple page to display the data. There you could even track every single page load.

File based log example added to footer.php:

Code: Select all

if ($this->user->isLogged()) {
    $msg = time() . ' -- ' . $_SESSION['user_id'] . ' :: ' . $_SERVER['REQUEST_URI'];
    file_put_contents(DIR_LOGS . 'access.log', $msg . "\r\n", FILE_APPEND);
}
Simple and efficient.
The $_SESSION variable is for the current user. However, the microtime idea is indeed a good one.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by adi_555 » Sun Jan 29, 2012 7:42 am

But i am having trouble accessing, i cannot see the checkbox where i could assign the permission for top admin!

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by Qphoria » Sun Jan 29, 2012 7:43 am

straightlight wrote: The $_SESSION variable is for the current user. However, the microtime idea is indeed a good one.
Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by straightlight » Sun Jan 29, 2012 7:49 am

Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.
I agree, which is why it wasn't added in my code in the first place ..

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Sun Jan 29, 2012 7:50 am

adi_555 wrote:But i am having trouble accessing, i cannot see the checkbox where i could assign the permission for top admin!
Some things may remain unexplained regarding the way your store may operate right now based on all the integrations you may have done before but according to my screen shot, the permission should definitely show right now. Assure to use the Top Administrator for instance, if it's still not there, this is certainly something I can't reproduce ...

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by adi_555 » Sun Jan 29, 2012 8:02 am

I have checked properly,

is it possible that i am using 1.4.x and in controller/home.php code is not compatible?

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by straightlight » Sun Jan 29, 2012 8:05 am

Well, what I can tell is that I do use v1.5.1.3.1 of OpenCart since the first release date and never encountered a single issue when adding my contributions into it. ;)

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by adi_555 » Sun Jan 29, 2012 8:06 am

mayb Qphoria can suggest something here?

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm

Post by Qphoria » Sun Jan 29, 2012 11:41 pm

straightlight wrote:
Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.
I agree, which is why it wasn't added in my code in the first place ..
eh? it is at the top of your code.
adi_555 wrote:mayb Qphoria can suggest something here?
The method I show would work for all versions of opencart the same since the user class hasn't changed.

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by straightlight » Sun Jan 29, 2012 11:44 pm

The top of my code doesn't contain any microtime function ...

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by adi_555 » Mon Jan 30, 2012 12:25 am

Qphoria wrote:
straightlight wrote:
Either way... $GLOBALS['_SESSION'] didn't contain both user_ids either. dont think you need microtime for user tracking.. the nearest second should be sufficient.
I agree, which is why it wasn't added in my code in the first place ..
eh? it is at the top of your code.
adi_555 wrote:mayb Qphoria can suggest something here?
The method I show would work for all versions of opencart the same since the user class hasn't changed.
Just one action generated 1mb of data!

@ straightlight is the controller code 1.4.x compatible? I have once again checked every thing and i still do not see permission checkbox! and there is no error logs on thismod

Active Member

Posts

Joined
Mon Nov 08, 2010 6:21 pm
Who is online

Users browsing this forum: No registered users and 137 guests