[PHP/MySQL] MySQL IP Logger

[lee101]

Hi,
This is the first script that I have released, it is a PHP/MySQL IP Logger, it records all visitor's IP, time, date, page accessed, additional queries (the ?var=1 stuff) and more. Also there is an Admin Panel for (basic) searching of the logged users, along with the ability to download the logs as csv, xml, or HTML

more info and download:
http://lee.conceptsublime.com/?content=ip_log

Hope this is useful to someone, and if you have any trouble, or feedback for it , please let me know

Thanks, Lee

 

[kleszcz]

Thanks a lot for the amazing script.

But install.php you are missing a semicolon on line 28. Here is a correction.

<?php
/*
Installation file, befure tunning this you MUST configure config.php
correctly, and create the database which you want to use, failure
to do so will result in a failure to be able to install correctly,
or in the worst case a corrupted installation.
*/
//open the function and configuration file
include('functions.php');
//connect to the database
connectdb();
//the query to create the table
$query="CREATE TABLE `{$cfg['dbprefix']}records` (
`id` INT NOT NULL AUTO_INCREMENT ,
`date_time` VARCHAR( 20 ) NOT NULL,
`remote_addr` TEXT NOT NULL ,
`http_referrer` TEXT NOT NULL ,
`http_user_agent` TEXT NOT NULL ,
`php_self` TEXT NOT NULL ,
`query_string` TEXT NOT NULL ,
`request_method` TEXT NOT NULL ,
`server_protocol` TEXT NOT NULL ,
`remote_port` TEXT NOT NULL ,
`server_port` TEXT NOT NULL ,
`server_addr` TEXT NOT NULL ,
`http_accept` TEXT NOT NULL ,
PRIMARY KEY ( `id` )
)";
//perform the query, and check that it is succesful
if(mysql_query($query)){
echo "Succesfully installed, you may now login to the admin panel";
} else{
echo "An unexpected error has occured, below is more information regarding this:<br>";
echo mysql_error();
}
//disconnect from the database
disconnectdb();
?>

 

[lee101]

ok, thank's very much for that, have you managed to install it succesfully? I must have forgotten to run the install script before I uploaded it! Also does the readme file make sense, i tend to babble on a lot when writing

 

[kleszcz]

No problem. Just enjoying functions.

I have changed your code a bit to include config.php.

iplog.php

<?php

include_once('ip-admin/config.php');

/*
page to be included on all pages that you want to be logged
user:
<?php
include_once('ip-admin/iplog.php');
?>
to log all visitors on one page
*/

//variables to be inserted into the database
$remote_addr=$_SERVER['REMOTE_ADDR'];
$http_referrer=$_SERVER['HTTP_REFERER'];
$http_user_agent=$_SERVER['HTTP_USER_AGENT'];
$php_self=$_SERVER['PHP_SELF'];
$query_string=$_SERVER['QUERY_STRING'];
$request_method=$_SERVER['REQUEST_METHOD'];
$server_protocol=$_SERVER['SERVER_PROTOCOL'];
$remote_port=$_SERVER['REMOTE_PORT'];
$server_port=$_SERVER['SERVER_PORT'];
$server_addr=$_SERVER['SERVER_ADDR'];
$http_accept=$_SERVER['HTTP_ACCEPT'];
$date=date("Y:m:d:H:i:s");
//connect to the db
mysql_connect($cfg['dbhost'],$cfg['dbuser'],$cfg['dbpass']);
//choose the correct database
@mysql_select_db($cfg['dbname']) or die("Unable To Open Database, Please Check Settings");
//perform query
$log_user="INSERT INTO {$cfg['dbprefix']}records VALUES ('','$date','$remote_addr','$http_referrer','$http_user_agent','$php_self','$query_string','$request_method','$server_protocol','$remote_port','$server_port','$server_addr','$http_accept')";
mysql_query($log_user);
mysql_close();

?>

 

[Eric]

Not a bad script

Here's a couple useful functions you can implement if you want, pulled from one of my scripts

Ip Address:

function get_ip()
{
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
        if (preg_match_all("#[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}#s", $_SERVER['HTTP_X_FORWARDED_FOR'], $ips))
        {
            while (list($key, $val) = @each($ips[0]))
            {
                if (!preg_match("#^(10|172\.16|192\.168)\.#", $val))
                {
                    $ip = $val;
                    break;
                }
            }
        }
    }
    else if (isset($_SERVER['HTTP_CLIENT_IP']))
    {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    else if (isset($_SERVER['HTTP_FROM']))
    {
        $ip = $_SERVER['HTTP_FROM'];
    }
    else
    {
        $ip = $_SERVER['REMOTE_ADDR'];
    }

    return preg_replace('#([^0-9\.]+)#', '', $ip);
}

And a function I use on database queries, before inserting anything:

function prep($value)
{
    $value = trim(stripslashes($value));

    if (function_exists('mysql_real_escape_string'))
    {
        return mysql_real_escape_string($value);
    }
    else
    {
        return mysql_escape_string($value);
    }
}