Jump to content
TNG Community
genfan

How do I move the Access Log Link to the Admin Screen

Recommended Posts

genfan

I would like to move the access log link that currently resides on the index page to the admin page.

The purpose for this move is that I do not feel it is appropriate that anyone, including a Guest, could view this log and see exactly how individual people view my site. I believe that this should be resticted to admin use only. If it resides on the admin page then only the admin will have access.

Thanks

GENFAN :shock:

Share this post


Link to post
Share on other sites
Scotty

I would like to move the access log link that currently resides on the index page to the admin page.

The purpose for this move is that I do not feel it is appropriate that anyone, including a Guest, could view this log and see exactly how individual people view my site. I believe that this should be resticted to admin use only. If it resides on the admin page then only the admin will have access.

Thanks

GENFAN :shock:

You don't need to MOVE anything... Here's what I did for Template 2. You'll need to figure it out for your code.

Template 2 INDEX.PHP

<td valign="top" height="21"><a href="showlog.php" class="sidelink"><strong><?php if( $allow_admin ) echo $text[mnushowlog]; ?></strong></a></td><td></td>

<td valign="top" height="21"><a href="admin/index.php" class="sidelink"><strong><?php if( $allow_admin ) echo $text[mnuadmin]; ?></strong></a></td><td></td>

<?php if( $allow_admin ) echo $text[mnushowlog]; ?></strong></a></td><td></td>

Checks to see if you are logged in as Admin and then displays text otherwise not. I'm not a genius, I just stole the code used for the administration link after it. Took some trial and error as I'm a noob on PHP but it works.

Hope this is clear enough.

Scotty

Share this post


Link to post
Share on other sites
genfan

Wow that was easy...

I feel like I should have had an easy button, oh I did it's the TNG Forum.

Once again thanks for your help.

GENFAN :cool:

Share this post


Link to post
Share on other sites
Scotty

Wow that was easy...

I feel like I should have had an easy button, oh I did it's the TNG Forum.

Once again thanks for your help.

GENFAN :cool:

Mind you this does not password protect the file... it just hides the button which will probably apply 99% of the time. As you can still run showlog.php, but then you have to know the file name.

To password protect that file, you would need to do the admin user check like in /admin/index.php does. It goes to checklogin.php. I've never attempted to do this so I may be way off base on how to do it.

I know enuff to be dangerous as the saying goes.

Scotty

Share this post


Link to post
Share on other sites
arnold

GENFAN,

The purpose for this move is that I do not feel it is appropriate that anyone, including a Guest, could view this log and see exactly how individual people view my site. I believe that this should be restricted to admin use only. If it resides on the admin page then only the admin will have access.

I would like more information as to why you feel it is inappropriate for the log file to be seen by all. I have no problem with that. If I am missing something obvious, I would certainly like to know what it is.

Ours is wide open for all to see. I have the number of "most recent actions" cranked up so that I can keep an eye on anyone hammering our website. Several years ago a CD with a great deal of our genealogical information was for sale on e-bay. Now, when I see one person hitting us too hard, I deny that ISP access to our website until I learn what is going on.

Share this post


Link to post
Share on other sites
genfan

GENFAN,

I would like more information as to why you feel it is inappropriate for the log file to be seen by all. I have no problem with that. If I am missing something obvious, I would certainly like to know what it is.

This is, I am sure, purely an individual call but since you asked...

The persons first and last name is listed in the log along with every link they have ever traveled on the site. Someone with malicious intent could garner enough personal information about that individual to create a phishing scam or worse...

Like I said this is just one more way I can ensure I am protecting the privacy of those who are using my site.

Certainly you have the right to leave yours open and hopefully nothing will ever happen.

Chalk it all up to being paranoid after having my own identity stolen and knowing how difficult it is to clean up once it has happend...

GEFAN :shock:

Share this post


Link to post
Share on other sites
B McFadyen

Chalk it all up to being paranoid after having my own identity stolen and knowing how difficult it is to clean up once it has happend...

GEFAN

I second the motion Gefan. That's the same bit of code I added to my home page almost day 1, for the same reason. (Also having had an identify theft issue). I can't really think of a good reason to have people viewing it anyway.

Brian

Share this post


Link to post
Share on other sites
Rush

I just had to chime in on the identity theft...this is number 3 for me.

Triwest Health Care - hard drives stolen

Bank of America - Data tapes 'lost' in snail mail

VA database - yup, got notified last week that I was on that too...

Gotta love technology...Ahhh, looks like fraud alert on Equifax and Transunion forever :evil:

Rush

Share this post


Link to post
Share on other sites
beun.net

You don't need to MOVE anything... Here's what I did for Template 2. You'll need to figure it out for your code.

Template 2 INDEX.PHP

<td valign="top" height="21"><a href="showlog.php" class="sidelink"><strong><?php if( $allow_admin ) echo $text[mnushowlog]; ?></strong></a></td><td></td>

<td valign="top" height="21"><a href="admin/index.php" class="sidelink"><strong><?php if( $allow_admin ) echo $text[mnuadmin]; ?></strong></a></td><td></td>

<?php if( $allow_admin ) echo $text[mnushowlog]; ?></strong></a></td><td></td>

Checks to see if you are logged in as Admin and then displays text otherwise not. I'm not a genius, I just stole the code used for the administration link after it. Took some trial and error as I'm a noob on PHP but it works.

Hope this is clear enough.

Scotty

Just now added this one on my site as well.

Thanks :)

//EDIT: What the above code (when not logged in as admin) does, is not DISPLAY the link. The link itself though, is still clearly visible in the source-code of the concerning web-page.

So don't think no one will be able to find the pages "protected" by these PHP-lines ;)

Share this post


Link to post
Share on other sites
Brad Gaugler

I would like to do this ... but I dont know where to put the line of code you all are talking about!

I have Macromedia Studio8 (Dreamweaver) and have used it successfully to edit small bits of infomation... But I am really a novice.

The first time I tried this... it hung up...and I had to copy the file back onto the web domain in order to make my site work again. The only thing I could think of ... is that I put the line of code in the wrong spot.

I ment to put in that I use Template 5 on my site

NEVERMIND!!! I figured it out !

Thanks for all your help!

I must say... I am VERY impressed with this forum and how helpful everyone is!

THANKS AGAIN

Share this post


Link to post
Share on other sites
B McFadyen

...

| <a href="bookmarks.php" class="lightlink2"><?php echo $text[bookmarks]; ?></a>

| <a href="showlog.php" class="lightlink2"><?php echo $text[mnushowlog]; ?></a>

| <a href="suggest.php" class="lightlink2"><?php echo $text[contactus]; ?></a>

Change the above lines to look like the following,

| <a href="bookmarks.php" class="lightlink2"><?php echo $text[bookmarks]; ?></a>

<?php
if( $allow_admin )
echo "| <a href=\"showlog.php\" class=\"lightlink2\">$text[mnushowlog]</a>";
?>

| <a href="suggest.php" class="lightlink2"><?php echo $text[contactus]; ?></a>

Despite the comments in a previous post, the link to the access log will not be displayed in the actual web page. It will not be visible to someone viewing the source of the page if they are not logged in.

However, as also mentioned in another post, it will not prevent a TNG aware user such as one of us, requesting the showlog.php generated page and viewing the nicely formatted log.

One of the suggestions was to include the "checklogin.php" include in the header of the showlog.php script. This will certainly prevent one of us TNG aware users from running the showlog.php script, but it does not protext the actual log file.

Most of us TNG users (self included) leave the log file name as is. That means you can simply browse to the file name ../tngfoldername/genlog.txt and it will display. Of course it is not very nicely formatted text, but if you are really intent on viewing it, there you go.

I think by the time we get to this point, the only one we are really concerned about is a malicous TNG user, and I can't say I've come across any. Of course, I won't comment on some of the posters here :lol:

If you really want to protect that file, and I'm not of that desire, you could rename it, move it, or protect it with your .htaccess. (I really think that is a little over the top).

IMHO

Brian

Share this post


Link to post
Share on other sites
Reginald Vaughn Finley Sr

Yeah.. I didn't even know this forum existed until today. Great bunch of folks you all are. I did many of these mods from day one as well. I was concerned about the log as well and now, only registered users can see it, as well as an "Add A Relative" Link I added. Makes things pretty easy.

Now, I'm just waiting for google to finally index my page. Thousands of google bots but no indexing yet. Heh. :)

I'll be patient.

Share this post


Link to post
Share on other sites
arnold

Yeah.. I didn't even know this forum existed until today.

Make sure you are also on the tngusers2 listserve. It is every bit as helpful as this forum. Instructions as to how to get on the tngusers2 listserve are included in the e-mail Darrin sends everyone after they pay for TNG.

Share this post


Link to post
Share on other sites
mcentyre501

You don't need to MOVE anything... Here's what I did for Template 2. You'll need to figure it out for your code.

Template 2 INDEX.PHP

<td valign="top" height="21"><a href="showlog.php" class="sidelink"><strong><?php if( $allow_admin ) echo $text[mnushowlog]; ?></strong></a></td><td></td>

<td valign="top" height="21"><a href="admin/index.php" class="sidelink"><strong><?php if( $allow_admin ) echo $text[mnuadmin]; ?></strong></a></td><td></td>

<?php if( $allow_admin ) echo $text[mnushowlog]; ?></strong></a></td><td></td>

Checks to see if you are logged in as Admin and then displays text otherwise not. I'm not a genius, I just stole the code used for the administration link after it. Took some trial and error as I'm a noob on PHP but it works.

Hope this is clear enough.

Scotty

Scotty....you've replied to a question I had about using template 3 on another forum. I don't care much either for the Access Log to be visible to all users. Can I use any of this code you created to block visitors from the Access Log? If so, what part of this code would I use and where would it go in the index.php file?

I'm such a novice at all of this so I appreciate all the help.

Carol

Share this post


Link to post
Share on other sites
mcentyre501

Scotty....you've replied to a question I had about using template 3 on another forum. I don't care much either for the Access Log to be visible to all users. Can I use any of this code you created to block visitors from the Access Log? If so, what part of this code would I use and where would it go in the index.php file?

I'm such a novice at all of this so I appreciate all the help.

Carol

Here's what Darrin wrote. I'm using Template 3. This removes the Access Log tab from the Main Page. Now I have showlog.php bookmarked if I want to take a look at who's accessing.

"The easiest thing to do is to just delete the link from the index.php page. It's the one that goes to showlog.php. You can then just bookmark that page for yourself if you want to see it anyway.

Carol

Share this post


Link to post
Share on other sites
D-B

Now, if you truly are paranoid (I know I am, just check my server logs!), then you also need to include the check admin code in the showlog.php file. Use it to restrict the display of the data. Since some hackers out there seem to be quite familiar with the inner workings of TNG, all that needs to be done is type the showlog url in and you're there.

Share this post


Link to post
Share on other sites
mcentyre501

Now, if you truly are paranoid (I know I am, just check my server logs!), then you also need to include the check admin code in the showlog.php file. Use it to restrict the display of the data. Since some hackers out there seem to be quite familiar with the inner workings of TNG, all that needs to be done is type the showlog url in and you're there.

I'm not sure what you mean by "check admin code". Is that something I would copy and paste into showlog.php? I know this is probably something really basic I should know but I'm not familiar with PHP at all.

Thanks for your reply,

Carol

Now, if you truly are paranoid (I know I am, just check my server logs!), then you also need to include the check admin code in the showlog.php file. Use it to restrict the display of the data. Since some hackers out there seem to be quite familiar with the inner workings of TNG, all that needs to be done is type the showlog url in and you're there.

I just checked what you said about access.....you're absolutely right. I checked from another computer and my log file and everything else comes up without a login. Sure hope you can give me step by step directions on how to resolve this.

Carol

Share this post


Link to post
Share on other sites
D-B

Alright, let's see...

Where the first section of code that begins:

if( !$autorefresh) {
change to
if( $allow_admin ) { if( !$autorefresh) {
and just before the subsequent closing code snippet
?>
insert another right bracket so the that line looks like this:
} ?>

I think that should do it...

Share this post


Link to post
Share on other sites
mcentyre501

Alright, let's see...

Where the first section of code that begins:

if( !$autorefresh) {
change to
if( $allow_admin ) { if( !$autorefresh) {
and just before the subsequent closing code snippet
?>
insert another right bracket so the that line looks like this:
} ?>

I think that should do it...

I'll give it a try. Will let you know soon if it works!!!!

woo hoo....it worked....thank you so much. I really appreciate your help.

Carol

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×