Jump to content

Lumberjack - Simple IP / User Agent logger

GuruMeditation

By GuruMeditation
in Modules/Plugins

 Share

Recommended Posts

GuruMeditation Sr. Member

GuruMeditation

Posted
Posted

Hi all, here's my first official module. I created it for a project I'm working on, so I thought I'd release it in case anyone else finds it useful. If you have any suggestions or find any issues with it etc, please post them here.

NOTE: I have only tested it on PW 3.0.3, so you might want to try it on a test installation first if you decide to use it.

​Lumberjack Logger Module

A simple module for ProcessWire CMS that logs the IP / User Agent details of the user when the page is saved.
 
Installation

Copy the Lumberjack folder to /site/modules and then refresh the modules from Admin->Modules. Lumberjack can then be installed.

Usage

Two new fields will be created when Lumberjack is installed.

  • lumb_ip_log - This field is used to store the IP
  • lumb_ua_log - This field is used to store the User Agent String

You can add both fields or just one to the required templates. Pages using those templates will then automatically store the IP and User Agent of the user when the page is saved.
 
Settings

Lumberjack can be disabled by unchecking the Enabled option on the settings page.

Screenshot


post-2170-0-86028400-1460738418_thumb.jp

Download

Link https://github.com/GuruMeditation02/Lumberjack

Updates

Version 0.1.1 - Added User Agent String santization

  • Like 8
netcarver Hero Member

netcarver

Posted
Posted

Perhaps sanitise the user-agent string you pull from the $_SERVER variable? I don't know how much of a risk it really represents in this case, but it is possible to overwrite these headers with certain browser extensions, meaning they can be crafted by cunning minds, to supply certain strings to applications. At the very least I'd think about stripping tags from that value before you store it.

  • Like 3
GuruMeditation Sr. Member

GuruMeditation

Posted
  • Author
Posted

I did think about it but didn't have a clue where to start. Having a look through Ryan's code he seems to use something like the following:

$ua_string = $_SERVER['HTTP_USER_AGENT'];
$ua_string = str_replace(array("\r", "\n", "\t"), ' ', substr(strip_tags($ua_string), 0, 255));

Do you think that would be enough?

Cheers

netcarver Hero Member

netcarver

Posted
Posted

I'd probably just use the built-in text sanitiser;

$ua_string = wire('sanitizer')->text($ua_string);

Your code looks good enough though. It strips tags, limits length and culls newlines and tabs.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...