UBB.Developers Forums UBB.threads 6 V6 Modifications Archived Mods AdminLogger

Mod Name / Version AdminLogger 1.0alfa
Description A hack that logs all activity in the admin section that changes something.
Working under UBB.threads 6.0.1
Any pre-requisites None
Author(s) Gardener
Credits Dave_L, JustDave, BryanDS
Demo None
Files Altered ubbt.inc.php, admin/dbdocommand.php, admin/dbdooptimize.php, admin/doapproveposts.php, admin/doapproveusers.php, admin/doassignmod.php, admin/dobanuser.php, admin/dochangecatorder.php, admin/dochangeorder.php, admin/dochangeugroup.php, admin/dochangeuser.php, admin/doclosethreads.php, admin/docreate.php, admin/docreatecat.php, admin/docreategroup.php, admin/dodeleteuser.php, admin/dodeleteuserpost.php, admin/doeditboard.php, admin/doeditcat.php, admin/doeditconfig.php, admin/doeditffooter.php, admin/doeditfheader.php, admin/doeditfilter.php, admin/doeditgroup.php, admin/doeditinclude.php, admin/doedittemplate.php, admin/doedittheme.php, admin/doedittitles.php, admin/doexpirethreads.php, admin/dograntadmin.php, admin/dograntmod.php, admin/dokeepthreads.php, admin/domovepost.php, admin/domovethreads.php, admin/donewskin.php, admin/doopenthreads.php, admin/dopurgemessages.php, admin/dopurgeusers.php, admin/doremovemod.php, admin/dorevokeadmin.php, admin/dorevokemod.php, admin/dosendemail.php, admin/dounbanuser.php, admin/dounkeepthreads.php, admin/loginas.php
Database Altered No
New Files adminlog.log
Any other info This hack changes many of the files in the admin area, so it can be tedious to install, but when it is done you will have a log of all changes done through the admin area. I might add a page to read the content of the log file later, but until then you will have to download the log file to read it.


This was the most boring hack I've ever done, more or less just copy and paste in ~45 files. But it works for me and I hope the instructions are correct as well, I've tried to be careful when writing them. But it is a Good Thing (tm) to have this log file, I've got something like 10 admins and 10 moderators, and though I trust them all it's always good to know that you can check the log if something goes wrong.

If anyone installs this, I'd very much like to know how it goes and if I've missed anything.

I looked at this, but haven't had time to install it yet.

One minor simplification would be to pass the single parameter $user to function admin_log(), rather than the three separate parameters $user['U_Username'], $user['U_Number'] and $user['U_Status'].

Yeah, that thought came to me after I had done them all. =] But I thought I'd keep it that way, so that the function can be used without the user object as well. Someone might want to log things not from that for some reason maybe...

If I take the $user from the global scope I can get all the info I need without passing the user variables to the function. This makes the call to the function look a lot cleaner since it only includes what type it is and any extra information that should be saved with it. I think I'm going to go with this, but what do you others think of doing it this way?

Example:

code:

// ---------------
// Log this action
   admin_log("APPROVEPOSTS", "Approved: $totalapproved; Threads: $threadtotal");

---

Make sense to me. Since this hack affects so many files, you might want to run it by Rick to see if he anticipates making any changes that could impact it. (or maybe even convince him to incorporate it as a feature ).

Another thought:

error_log("$time,$IP,$Operation,$Username,$Number,$Status,$Description\n",

The Username and Description fields could potentially contain commas, so it might be a good idea to escape any commas that are present in those fields. The function addcslashes() looks like a convenient way of doing that, since it has a companion function stripcslashes(). I think it would be used like this:
$Username_escaped = addcslashes($Username, ',');
$Description_escaped = addcslashes($Description, ',');

Yeah, I've thought of bugging Scream to add this since I don't want to keep upgrading these many files.

Thanks, I'll add that.

I'm also thinking of changing to save the info in a db table, any thoughts on this?

Logging to a new database table, instead of a file, would probably be more convenient.

I can only think of one issue. If someone either accidentally or maliciously changes the database, then the admin log could get changed or deleted. Since one reason for having the log is to monitor such actions, that would defeat its purpose.

Of course, a text file on the server could also get clobbered.

I'm not sure which is safer.

That is true... Logs are quite often in plain text files so maybe it is a good idea to keep it as that. It would be nice to know who did the "drop w3t_Logs" command...

Changes

• Wrote a script to view the log files.
  
• Checked that it works with 6.0.2
  
• Added log file archiving.
  
• The log function takes the user info from the global scope.
  
• Comma is escaped in username and description.

Unzip the attached file and follow the install instructions in the text file.

Upgrade
If you are upgrading from the alfa version, you can do a search and replace of all the admin files instead of inserting the code by hand. After this you only need to follow steps 1-3 to upgrade.
The following code should be removed from all admin-files:

code:

$user['U_Username'], $user['U_Number'], $user['U_Status'],

---

Information
Mod Name / Version AdminLogger 1.0beta
Description A hack that logs all activity in the admin section that changes something.
Working under UBB.threads 6.0.2
Any pre-requisites None
Author(s) Gardener
Credits Dave_L, JustDave, BryanDS
Demo None
Files Altered ubbt.inc.php, admin/dbdocommand.php, admin/dbdooptimize.php, admin/doapproveposts.php, admin/doapproveusers.php, admin/doassignmod.php, admin/dobanuser.php, admin/dochangecatorder.php, admin/dochangeorder.php, admin/dochangeugroup.php, admin/dochangeuser.php, admin/doclosethreads.php, admin/docreate.php, admin/docreatecat.php, admin/docreategroup.php, admin/dodeleteuser.php, admin/dodeleteuserpost.php, admin/doeditboard.php, admin/doeditcat.php, admin/doeditconfig.php, admin/doeditffooter.php, admin/doeditfheader.php, admin/doeditfilter.php, admin/doeditgroup.php, admin/doeditinclude.php, admin/doedittemplate.php, admin/doedittheme.php, admin/doedittitles.php, admin/doexpirethreads.php, admin/dograntadmin.php, admin/dograntmod.php, admin/dokeepthreads.php, admin/domovepost.php, admin/domovethreads.php, admin/donewskin.php, admin/doopenthreads.php, admin/dopurgemessages.php, admin/dopurgeusers.php, admin/doremovemod.php, admin/dorevokeadmin.php, admin/dorevokemod.php, admin/dosendemail.php, admin/dounbanuser.php, admin/dounkeepthreads.php, admin/loginas.php, admin/menu.php
Database Altered No
New Files admin/showlog.php
Any other info This hack changes many of the files in the admin area, so it can be tedious to install, but when it is done you will have a log of all changes done through the admin area. The log files can be easily viewed from the admin area.

Yay, it works! I installed it a couple days ago but it wouldn't work, and I had to wait until I could go through all 5 million steps again. I figured it was my error, and it was. I'd forgotten to chmod the log.

It looks great!

Sounds great that you got it to work. I'll rephrase the bit about setting the permissions so that it won't be missed.

Honestly, the directions were fine. I kind of glossed over the relevent section because it wasn't labeled as an actual step, and it started with "Before you install you should . . . ." and I assumed that it was the standard "Before you install you should make a copy of your database . . . ." so I didn't really read it. {*shame on me!*}

As a tip to anyone looking at this to install, it's really not as difficult as I expected. It only took me about an hour (not counting looking over and over for my mistake ). I used Beyond Compare (version 2.0) and I think that is what was so helpful. If you are using Beyond Compare (and I strongly recommend you do!) here's how I did it and I think it worked quite well:

1. Start Beyond Compare with the downloaded hack folder in the left side. You can leave it zipped if you want, since Beyond Compare can view zipped files. Have your UBB.threads files in the right hand side. I use my live files via ftp, but only because I install to a test board first. You probably shouldn't install to live (on your server) files if you are installing to your main site board.

2. I know I probably shouldn't, but I started with steps 2 and 3 because they are the only files being changed that aren't in the admin folder. I made the changes to config.inc.php and ubbt.inc.php.

3. Next I right clicked on the "admin" file in the left hand side of Beyond Compare and chose "Set as Base Folder". This makes only the files in the admin folder visible.

4. At the top of BC I have it set to show "All files" since I'm not really comparing any files.

5. Remember to go back and do step 1 now (we skipped it earlier). It's the mod to the menu file.

6. Start where we left off, which is step 4. Now the steps should be in order with the admin files. You're basically making changes to almost all of the "do...." files (doeditforum, doeditconfig, etc.)

7. Right click on the instruction file in the left hand side and choose "compare to" and then in the right hand side choose the file from step 4 (dbdocommand.php). The compare window opens those two files. Read the instructions for the changes on the left hand side and make the changes to the right hand side. Save the changes, close the compare window.

8. (This is the part that I thought was most helpful.) You should be back in the main window of BC now, with all the admin files on the right hand side. Right click on the file you just changed (dbdocommand.php) and choose "Exclude". This will hide the file from your view. That let me know I had finished with that file. It made a world of difference to me because I wasn't so paranoid about losing my place in the instructions and not knowing where to start again.

9. Make sure you finish by creating the adminlog.log file and uploading it and chmod'ing it to 666. Also upload the showlog.php file into the admin folder.

Thanks again Gardener, it's a great hack and a VERY useful one.

[]Thanks again Gardener, it's a great hack and a VERY useful one.

---

No problem, it is a really useful mod so I thought I could spend a couple of hours to let everyone have it.

Thanks to you for the helpful hints on using Beyond Compare, I'm sure there are some who will find it useful.

But now that you mention Beyond Compare I remember that someone said it can handle diff files, which would be very convenient. It seems that UltraEdit can use diff files as well. I will post a diff file with all changes and include instructions on how to use it from the shell, if anyone could write the instructions on how to use diff on BC and UE that would be great. I don't use either myself so I can't help with that.

If you have shell access to your server you can probably run the patch command, which will make it a lot easier to install this mod. Below is the instructions on how to use the patch file from a shell account. It should be possible to use it in Beyond Compare or UltraEdit as well, but I don't know how, so check your documentation. If someone can give the instructions on how to do this it would be much appreciated.

Patch instructions for unix
<ol type="1">[*]Save the file attached to this post and upload it to your ubbthreads directory.
[*]Make a backup of your ubbthreads directory.
[*]Change directory to your ubbthreads directory and patch all the admin-files:
> patch -p1 < AdminLogger-diff_602-1_0beta.txt
</ol>

Extra changes
The following must be done after the the files have been patched. These instructions are the same no matter which patch program you have used.

Step 1
Create an empty file called adminlog.log and put it where your config file is, and change the permissions to be writeable by all:
> chmod 666 adminlog.log

Step 2
Add the following lines at the end of your config.inc.php file, and change path and filename to whereever you have put your log file.

$config['adminlog'] = "/var/www/data/ubbthreads/adminlog.log";
$config['adminlog_maxsize'] = "50000";
$config['adminlog_keep'] = "4";

Description of the options:
adminlog is the complete path to the log file.
adminlog_maxsize is the maximum allowed size for the log file before it is archived
adminlog_keep is how many old logfiles to keep (.1 will be appended to the newest arvhived log file, .2 to the second newest and so on)

Step 3
Add this function to the end of ubbt.inc.php, before "?>".

code:

function admin_log($Operation, $Description) {
   GLOBAL $config, $user;
   $time = date("Y/m/d:H:i:s O");
   $IP = find_environmental ("REMOTE_ADDR");
   $Status = substr($user['U_Status'],0,1);
   $User_esc = addcslashes($user['U_Username'], ',');
   $Description_esc = addcslashes($Description, ',');
   $logsize = filesize($config['adminlog']);
   $keepfiles = $config['adminlog_keep'];
   if (!is_numeric($keepfiles)) {
      print "Warning: The config option adminlog_keep is not a 
number! Using 4 as default.<br />";
      $keepfiles = 4;
   }
   if ($logsize > $config['adminlog_maxsize']) {
      for ($i=$keepfiles; $i>0; $i--) {
         if ($i == 1) {
            $oldfile = $config['adminlog'];
         } else {
            $oldfile = $config['adminlog'] . "." . ($i-1);
         }
         $newfile = $config['adminlog'] . "." . $i;
         if (file_exists($oldfile)) {
            rename($oldfile, $newfile);
         }
      }
   }
   error_log("$time,$IP,$Operation,$User_esc,{$user['U_Number']},"
."$Status,$Description_esc\n",
   3,
   $config['adminlog']
   );
}

---

Step 4
Find these lines in ubbt.inc.php (at line 1619):

code:

  // -----------------------------------------------------------------
  // We are automatically adding StyleSheet, Status, Privates and
  // FrontPage to each SQL call because this information is needed by
  // every script that makes a call to authenticate
      else {
        if ($Query) { $Query .=","; }
        $Query .= "U_Username,U_Password,U_SessionId, 
U_StyleSheet, U_Status, U_Privates, U_FrontPage";
      }

---

And CHANGE them into this:

code:

  // -----------------------------------------------------------------
  // We are automatically adding StyleSheet, Status, Privates and
  // FrontPage to each SQL call because this information is needed by
  // every script that makes a call to authenticate
      else {
        if ($Query) { $Query .=","; }
        $Query .= "U_Username,U_Password,U_SessionId, 
U_StyleSheet, U_Status, U_Privates, U_FrontPage, U_Number";
      }

---

Just a small update that adds logging of when posts are deleted from outside the admin area. The complete instructions are attached.

There is one added step, no need to download the attached file if you have already installed 1.0beta before.

Step 49
Find this line in deletepost.php (at 200):

code:

   $html -> send_header($ubbt_lang['POST_DEL_HEAD'],$Cat,
"<meta http-equiv="Refresh" content="5;url={$config['phpurl']}/postlist.php?
Cat=$Cat&Board=$Board&page=$page&view=$view&sb=$sb&o=$o" />",$user);

---

I've split it up into three lines so that the post won't be too wide, it is only one line in the code.

And add these lines BEFORE:

code:

// ---------------
// Log this action
   admin_log("DELETEPOST", "$Postedby;{$ubbt_lang['SUBJECT_TEXT']}");

---

I've updated this script to work with v6.1.0 of UBB.threads (I don't have access to the member area anymore, so I can't check if it works with 6.1.1).

I've changed the file in the first post of this thread to the latest version.

The changes in this version is mostly only slight changes in the instructions to apply better to 6.1.0. There are also some new steps at the end to add logging of the new admin functions added in 6.1.0.

Just a note. This will be in version 6.2

Congrats Gardener!

[]http://www.joshuapettit.com/beta/ubbthreads/images/graemlins/jump.gif[/]

Sounds great, it's really appreciated!

Yes, I really didn't want to have to deal with that as a hack. Too many files to deal with when doing version upgrades.

Yeah, I can understand that, it would have been a pain keeping it updated as well with that many files. Fixing it once for 6.1 was quite enough. =]

I did release one diff-file though, which could make installation easier if you could use the unix patch command.