add action logging

This commit is contained in:
Bruno Rybársky 2023-06-12 14:42:42 +02:00
parent 1bdd87a4ee
commit 8fe1f6660b
No known key found for this signature in database
GPG Key ID: DFE2C061EF985CD4
5 changed files with 71 additions and 23 deletions

@ -94,27 +94,28 @@ if (!empty($action) && $_SESSION["password"] == $config["admin_pwd"]){
if ($action == "getlog"){ if ($action == "getlog"){
$idcko = $_POST["id"]; $idcko = $_POST["id"];
if (empty($idcko)||$idcko == "*"){ if (empty($idcko)||$idcko == "*"){
$query = "SELECT `ID`, `Action`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs"; $query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs";
$stmt7 = $mysqli->prepare($query); $stmt7 = $mysqli->prepare($query);
} }
else{ else{
$query = "SELECT `ID`, `Action`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? OR ContentID = ? OR Nickname = ?"; $query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? OR `ContentID` = ? OR `Nickname` = ? OR `IP` = ? OR `ExtraInfo` = ? OR `Action` = ? OR `Datetime` = ? ";
$stmt7 = $mysqli->prepare($query); $stmt7 = $mysqli->prepare($query);
$stmt7->bind_param("sss", $idcko, $idcko, $idcko); $stmt7->bind_param("sssssss", $idcko, $idcko, $idcko, $idcko, $idcko, $idcko, $idcko);
} }
$stmt7->bind_result ($rowidx, $actionx, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx); $stmt7->bind_result ($rowidx, $actionx, $extrainfox, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx);
$stmt7->execute(); $stmt7->execute();
$stmt7->store_result(); $stmt7->store_result();
$out = "<table><tbody><tr><th>Action</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>"; $out = "<table><tbody><tr><th>Action</th><th>Extra info</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>";
while ($stmt7->fetch()) { while ($stmt7->fetch()) {
$action = htmlspecialchars($actionx); $action = htmlspecialchars($actionx);
$link = htmlspecialchars($linkidx); $link = htmlspecialchars($linkidx);
$extrainfo = htmlspecialchars($extrainfox);
$content = htmlspecialchars($contentidx); $content = htmlspecialchars($contentidx);
$nickname = htmlspecialchars($nicknamex); $nickname = htmlspecialchars($nicknamex);
$ip = htmlspecialchars($ipx); $ip = htmlspecialchars($ipx);
$rowid = htmlspecialchars($rowidx); $rowid = htmlspecialchars($rowidx);
$datetime = htmlspecialchars($datetimex); $datetime = htmlspecialchars($datetimex);
$out = $out . "<tr><td>$action</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>"; $out = $out . "<tr><td>$action</td><td>$extrainfo</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>";
} }
$out = $out . "</tbody></table>"; $out = $out . "</tbody></table>";
echo $out; echo $out;

2
exampleembed.txt Normal file

@ -0,0 +1,2 @@
<script src="https://vault.brn.systems/jquery.js"></script>
<script src="https://vault.brn.systems/script.js" link-id="__LINK_ID__"></script>

@ -18,24 +18,35 @@ if (!empty($idcko)){
if ($stmt1->num_rows() < 1) { if ($stmt1->num_rows() < 1) {
die("Nonexistent link"); die("Nonexistent link");
} }
while ($stmt1->fetch()) { if (empty($_POST['action'])){
$stmt2 = $mysqli->prepare("SELECT `Content` FROM Content WHERE `ContentID` = ?"); while ($stmt1->fetch()) {
$stmt2->bind_param("s", $contentid); $stmt2 = $mysqli->prepare("SELECT `Content` FROM Content WHERE `ContentID` = ?");
$stmt2->bind_result ($content); $stmt2->bind_param("s", $contentid);
$stmt2->execute(); $stmt2->bind_result ($content);
$stmt2->store_result(); $stmt2->execute();
if ($stmt2->num_rows() < 1) { $stmt2->store_result();
die("Faulty link"); if ($stmt2->num_rows() < 1) {
} die("Faulty link");
while ($stmt2->fetch()) { }
$action = "Success"; while ($stmt2->fetch()) {
$stmt3 = $mysqli->prepare("INSERT INTO Logs (`Action`, `LinkID`, `ContentID`, `Datetime`, `Nickname`, `IP`) VALUES (?, ?, ?, ?, ?, ?);"); $action = "Page view";
$stmt3->bind_param('ssssss', $action, $idcko, $contentid, $curdate, $nickname, $ipcka); $stmt3 = $mysqli->prepare("INSERT INTO Logs (`Action`, `LinkID`, `ContentID`, `Datetime`, `Nickname`, `IP`) VALUES (?, ?, ?, ?, ?, ?);");
$stmt3->execute(); $stmt3->bind_param('ssssss', $action, $idcko, $contentid, $curdate, $nickname, $ipcka);
$stmt3->store_result(); $stmt3->execute();
echo $content; $stmt3->store_result();
} $content = str_replace("__LINK_ID__",$idcko,$content);
echo $content;
}
}
}
else{
$action = $_POST['action'];
$extrainfo = $_POST['extrainfo'];
$stmt4 = $mysqli->prepare("INSERT INTO Logs (`Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Nickname`, `IP`) VALUES (?, ?, ?, ?, ?, ?);");
$stmt4->bind_param('sssssss', $action, $extrainfo, $idcko, $contentid, $curdate, $nickname, $ipcka);
$stmt4->execute();
$stmt4->store_result();
} }
} }
else{ else{

2
jquery.js vendored Normal file

File diff suppressed because one or more lines are too long

32
script.js Normal file

@ -0,0 +1,32 @@
let id = document.currentScript.getAttribute('link-id');
function logaction(action, extrainfo){
$.post("https://vault.brn.systems/?" + id,
{
action: action,
extrinfo: extrainfo
},
function( data ){}
);
}
$(function() {
$("audio").on({
play:function(){
let audionick = $( this ).attr("nick");
if (audionick.length && audionick){
let audiosrc = $( this ).attr("src");
logaction("Audio play", audionick + "(" + audiosrc + ")");
}
},
});
$("a").on({
click:function(){
let linknick = $( this ).attr("nick");
if (linknick){
logaction("Hyperlink click", linknick);
}
},
});
});