Which php file was accessed

swatisonee

Hello.

a.I have a db set up using php 4 and mysql 3.23.53

b. I've have a bunch of users who login using their usernames and pw. Their ip address also gets logged and I save the info. in a mysql table.

c. I would like to take this a step further. Each time the user accesses an option, I would like for the appropriate file name to also get saved in the same table.

d.For example : my table will then have :

Fields: Userid | IP | Date | Time | Files
abc12 | aaa.aa.aa.aa |2006-01-18 | 09:23: 45 | xyz.php,ghi.php
          abc26   |    bbb.bb.bb.bb | 2005-12-20| 03:10: 00  |  abc.php

          abc26   |    bbb.bb.bb.bb | 2005-12-23| 23:12:25  |  abc.php,  xyz.php,def.php[/QUOTE]
e. Is this possible ? Whats the simplest way of going about it ? I'd appreciate any guidance in this direction.

f. I was googling and found there was a way to find out when a file was accessed using the foll. code. But how do I modify it to show who accessed it and when and then save that info. in a mysql table. I certainly dont want it getting echoed to the user/accessee.
<?php

// Add this line to your php page

echo "Last accessed: " . date("l, F jS, Y @ h:i:s a",
fileatime($PATH_TRANSLATED));

?>
Thanks. Swati

dalecosp

Set up your db and associated functions to deal with the new db field.
Write a function that reads the logged in user's name and the variable $_SERVER['PHP_SELF'], and writes them to the database along with the value of time() or a MySQL date/time stamp.

Voila....

swatisonee

Hi,

I created a new table in mysql db called Log and added the foll fields:
a. ID(Primary key, autoincrement)
b. Userid
c. IP
d. Date (DateTime type)
e. File

Now, all my php files have the foll. as the 1st line :
<? include (protect.php) ?>

protect.php is below. As you can see, once a user has logged in, the Sql statement has nothing more to do and it is of use only to the dbname and dbpwd. Where do I create another sql statement that gets queried each time a php file is requested. What do I add there so that the required info. gets filled into the Log Table as described above ?

Thanks in advance for your guidance


<?
// This is the page to show when the user has been logged out

$logout_page = "logout.php";

$dbname = "$$$";
$dbpasswd = "$$$";
$database = "$$$";


// Page with login form
$login_page = "login.php";

// Page to show if the user enters an invalid login name or password
$invalidlogin_page = "invalidlogin.php";


//DON'T EDIT ANYTHING BELOW THIS!!!

if ($action == "logout")
{
	Setcookie("logincookie[pwd]","",time() - 3600);
	Setcookie("logincookie[user]","",time() - 3600);
	include($logout_page);
	exit;
}
else if ($action == "login")
{
	if (($loginname == "") || ($password == ""))
	{
		include($invalidlogin_page);
		exit;
	}

mysql_connect("localhost", $dbname, $dbpasswd )
    	or die ("Unable to connect to server.");

mysql_select_db($database)
    	or die ("Unable to select database.");

$sql = "SELECT * FROM users WHERE username='$loginname' ";

$result = mysql_query($sql)
    	or die ("Unable to get results.");

$myrow = mysql_fetch_array($result);

if (strcmp($myrow["password"],$password) == 0)
{
	Setcookie("logincookie[pwd]",md5($password),time() + 3600);
	Setcookie("logincookie[user]",$loginname,time() + 3600);
}
else
{
	include($invalidlogin_page);
	exit;
}
}
else
{
	if (($logincookie[pwd] == "") || ($logincookie[user] == ""))
	{
		include($login_page);
		exit;
	}

mysql_connect("localhost",$dbname, $dbpasswd  )
    	or die ("Unable to connect to server.");

mysql_select_db($database)
    	or die ("Unable to select database.");

$sql = "SELECT * FROM users WHERE username='$logincookie[user]' ";

$result = mysql_query($sql)
    	or die ("Unable to get results.");

$myrow = mysql_fetch_array($result);

if (strcmp(md5($myrow["password"]),$logincookie[pwd]) == 0)
{
	Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 3600);
	Setcookie("logincookie[user]",$logincookie[user],time() + 3600);
}
else
{
	include($invalidlogin_page);
	exit;
}
}
?>

<?php
function calculatedate($inputdate)
{
$inputdate_parts = explode('-', $inputdate);

if ($inputdate_parts[1]==00 && $inputdate_parts[2]==00 && $inputdate_parts[0]==0000)
return ' ';

// Calculating the UNIX Timestamp for both dates
$x = mktime(0, 0, 0, $inputdate_parts[1], $inputdate_parts[2], $inputdate_parts[0]);

$outputdate = date('d.m.y', $x);

return $outputdate;
}
?>

dalecosp

Well, generally speaking, I include() a "header file" on every page, unless there's some strange reason not to. Besides actually creating the top of the page, it performs little chores like these prior to outputting any HTML:

identifies the user (I use $_SESSION)
determines the user's authorization level
starts a page generation "timer"
determines the browser type and stylesheet to be used....
.... various other stuff as required.

Of course, that's pretty highly dependent on the actual architecture of your site. But I'd think it safe to assume that lots of people use PHP and include or require to set up repetitive elements, unless they are into OOP, in which case it's probably done in a similar method none the less...

swatisonee

hi,

since <? include (protect.php) ?> is my first line, any headers below it gives an error and if I put the headers above it, they dont run.

Also, I dont know how to use sessions, so I cannot understand what to do.

Someone suggested I put in this code in protect.php, but it uses sessions and how would i run the sql query to save it in the db ?

$username = $_POST['username'];
$page = $_SERVER['PHP_SELF'];
$time = date("l, F jS, Y @ h:i:s a");
$output = $username . " last accessed: " . $page . " at " . $time;

Some guidance pl?

Thanks.

swatisonee

Closing the barn door after the horse has bolted...kind of question !

All my php files and the forms which link from one to another have as under. Do this mean I am already using sessions ?

<form method="post" action="view__plan.php?userid=<? echo $userid ?>">

or

<form method="post" action="update_order.php?orderid=<? echo $orderid ?>&userid=<? echo $userid ?>"onclick="highlight(event)">


or 


<?php
echo "<p><a href=\"travel_form.php?id=$id&enqid=$enqid&userid=$userid\"><b>Click here to enter a travel claim </b></a><p>";
?>

dalecosp

swatisonee wrote:
Someone suggested I put in this code in protect.php, but it uses sessions and how would i run the sql query to save it in the db ?
$username = $_POST['username'];
$page = $_SERVER['PHP_SELF'];
$time = date("l, F jS, Y @ h:i:s a");
$output = $username . " last accessed: " . $page . " at " . $time;  
Some guidance pl?

Thanks.

There's nothing in the code you've posted to indicate that a session is active.

dalecosp

swatisonee wrote:
Closing the barn door after the horse has bolted...kind of question !

All my php files and the forms which link from one to another have as under. Do this mean I am already using sessions ?
<form method="post" action="view__plan.php?userid=<? echo $userid ?>">

or

<form method="post" action="update_order.php?orderid=<? echo $orderid ?>&userid=<? echo $userid ?>"onclick="highlight(event)">


or 


<?php
echo "<p><a href=\"travel_form.php?id=$id&enqid=$enqid&userid=$userid\"><b>Click here to enter a travel claim </b></a><p>";
?>

There is nothing in either of these to indicate that you are using sessions, either.

A call to [man]session_start/man might indicate that you were using sessions --- nothing else.

swatisonee

Dalecosp,

My problem is I dont use sessions at all - therefore I dont know if the suggested code will work. Basically, if there is a way I could modify protect.php file (without using sessions) which I posted earlier such that it would get the required information when each php script was called and then post that info. into a mysql table, then my problem would be solved.

Thanks.