Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Seeking applications ...
Author Message
RickJ
Hangin' Around


Joined: Jul 14, 2006
Posts: 27

PostPosted: Wed Jul 26, 2006 2:10 am Reply with quote

Good Morning,

I looking for a Administrator Accounting module that will track all changes made by any admins to the site.

The reason for this module is that we are going to have quite a few admins for the site and we need to know who to blame if things go wrong Wink

The module would also be pretty good for picking up what changes were made to a hacked system.

Any takers?
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Jul 26, 2006 11:11 am Reply with quote

That is not a simple task! There are no provisions within PHP-Nuke to log administrative updates. Lots of changes would need to be made... LOTS. NukeSentinel Tracked IPs can possibly help if the edits are made with regular logins, but that doesn't help you I think.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
RickJ
PostPosted: Wed Jul 26, 2006 4:28 pm Reply with quote

I don't much about programming but what about adding a section to the save button whereby all changes to the page are also saved to the database?
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Wed Jul 26, 2006 4:35 pm Reply with quote

Just an FYI, I'm also looking into this, it maybe outta my league though...ever though of keyloggin your admins? Laughing j/k

You have a few minds working on this so dont worry, people are thinking.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Wed Jul 26, 2006 5:51 pm Reply with quote

yes this is indead a huge job,it was my idea a year ago.
but as we were brainstorming about this we realised it came close to developing the statistics again....,well i saw almost.
but my idea went a bit far...
cause you have to determin if a file was actualy opend,and check the file sizes to....
yeah that story was very long.....
 
View user's profile Send private message
montego
PostPosted: Wed Jul 26, 2006 7:44 pm Reply with quote

Quote:

ever though of keyloggin your admins?


"D", I don't understand what you mean by this. Sorry... might be having a "dense day".

RickJ, I may have misunderstood your requirement. I took it to mean whenever an admin modifies some of your content (data). However, I think Darklord may be referring to the script files themselves?

Are you talking about both of these?
 
gregexp
PostPosted: Wed Jul 26, 2006 8:19 pm Reply with quote

Keyloggin is when you upload a program(av declare as a trojan virus) that records all keystrokes made. Just a cheesy joke.
 
hitwalker
PostPosted: Thu Jul 27, 2006 6:07 am Reply with quote

well "D" sounds like a nice chalenge for you,will keep you busy for a while.. Laughing
but...RickJ is still hoping for a serious reply here..
 
gregexp
PostPosted: Thu Jul 27, 2006 6:49 am Reply with quote

I know, I just responding to Montego, Is it possible to make it so that when a mysql query is made that a logg of the query is sent to a file?

Adding the is_admin function into it should be easily done to prevent user queries from getting logged, Fwrite date, time, user, and Admin.

Since nukeSentinel already filters queries, Could something be added to do just that?

But only certain query functions should be logged, like insert, update and such.
but it shouldnt logg select.
 
RickJ
PostPosted: Thu Jul 27, 2006 7:30 am Reply with quote

My apologies Hitwalker, I think Darklord and myself are on the same page. We are both looking for a hack/module/addon which will all us to see exactly what changes were made in the admin module and by who.
 
hitwalker
PostPosted: Thu Jul 27, 2006 7:34 am Reply with quote

Mmm a bit confused...
First you said......
Quote:
that will track all changes made by any admins to the site


and now its...
Quote:
what changes were made in the admin module and by who.


so it changed from site changes to changes in admin module?
 
gregexp
PostPosted: Thu Jul 27, 2006 7:42 am Reply with quote

He wants to track changes made from the admin panel(which only changes the database), when, and who made those changes.
 
gregexp
PostPosted: Thu Jul 27, 2006 8:23 am Reply with quote

Well in the process of trying to develope this, Once broke down its simple as hell.
I just cant seem to grab a way to define if its an admin and who the admin is.
Perhaps others will jump in here and drop me a hint or 2.

In mysql.php

I made it look like this:

function sql_query($query = "", $transaction = FALSE)
{
// Remove any pre-existing queries
unset($this->query_result);
if($query != "")
{

$fp = fopen ("logg.txt", "a+");
fwrite ($fp, "$query |");
fclose ($fp);

$this->query_result = @mysql_query($query, $this->db_connect_id);

This is a usefull tip for developers I think, It will write EVERY sql call made to the database upon page load and seperate them with a |,
Now 3 things I want to do here, First I want to make $query doesnt have select in it, but I think its best to only make sure it has update, insert and other sql commands. I want to make sure itll only run if is and admin, Then I want to make sure it writes the TIME in it to.

Then you should be able to view the log.
 
montego
PostPosted: Thu Jul 27, 2006 8:32 am Reply with quote

Quote:

This is a usefull tip for developers I think, It will write EVERY sql call made to the database upon page load and seperate them with a |,


Might be better to have one line per call and have the admin username or aid at the front followed by pipe followed by the query.

Quote:

First I want to make $query doesnt have select in it, but I think its best to only make sure it has update, insert and other sql commands


I am sure you can find a function that will do that. So many different ways to do it. Just need to pick one...

Quote:

I want to make sure itll only run if is and admin


The admin must have a cookie that you could inspect. You might also be able to make the $admin global and inspect it, but I cannot recall how early in the whole set of includes that this will get set, but it might be "good enough".

Quote:

Then I want to make sure it writes the TIME in it to


Again very easy to do with one or two functions at your disposal.
 
gregexp
PostPosted: Thu Jul 27, 2006 8:52 am Reply with quote

Just an update, I have it righting the name and the query, Just working on time and breaking the query down so it will only write the certain queries.

Montego, I had not seen your post, MY apologies, YES.

I have globalized the $aid variable.
I believe $aid is only for admins, Is this correct, If not Ill have to globalize admin like you stated. Problem I ran into was defining if it was an admin because the admin uses sql_fetchrow which seems to not be a php function but something written into nuke as a function and is in the same file I'm messing with, Trying not to make a conflict with functions.

One more thing, I'd love to break these down line by line, but not sure how I can do that.

I'd like it to display

$aid, Time
Query.
 
gregexp
PostPosted: Thu Jul 27, 2006 11:35 am Reply with quote

Before I post this script

I wanted to see what you thought of the results:

This will make a file called logg.txt in the main root of your directory

Heres the contents of my test site, which I have enabled a fix for the admin block which was beneficial in verifying that this worked.

Is this what you wanted:


ADMIN:darklord
TIME:Thursday 27th of July 2006 01:32:57 PM
CHANGE:UPDATE `nuke_blocks` SET `content` = '<strong><big>·</big></strong>
<a href=\'admin.php\'>Administration</a><br> <strong><big>·</big></strong>
<a href="admin.php?op=adminStory">NEW Story</a><br> <strong><big>·</big>
</strong> <a href="admin.php?op=create">Change Survey</a><br> <strong>
<big>·</big></strong> <a href="admin.php?op=content">Content</a><br>
<strong><big>·</big></strong> <a href="admin.php?op=logout">Logout</a>'
WHERE `bid` =2 LIMIT 1 ; (This is in sql and maybe a bit confuding for you. I will write an update to help explain these a bit later.)



ADMIN:darklord
TIME:Thursday 27th of July 2006 01:33:08 PM
CHANGE:UPDATE `nuke_blocks` SET `content` = '<strong><big>·</big></strong>
<a href=\'admin.php\'>Administration</a><br> <strong><big>·</big></strong>
<a href="admin.php?op=adminStory">NEW Story</a><br> <strong><big>·</big>
</strong> <a href="admin.php?op=create">Change Survey</a><br> <strong>
<big>·</big></strong> <a href="admin.php?op=content">Content</a><br>
<strong><big>·</big></strong> <a href="admin.php?op=logout">Logout</a>'
WHERE `bid` =2 LIMIT 1 ; (This is in sql and maybe a bit confuding for you. I will write an update to help explain these a bit later.)


Now this is just me reloading the page, the inquiry runs everytime Im logged in as admin and that shows, I have made it so that it doesnt show any cookie updates or things that are updated as the page loads except for that one, I'm not positve you have that fixed so I didnt include it.

But if youd like, ill make it so it doesnt show that either.

Ok one more thing
Admins, people with a lot more knowledge then I,
Are there any other BASIC sql commands that can change a table or anything else other then update and insert?

I couldnt think of any off hand.
 
gregexp
PostPosted: Thu Jul 27, 2006 1:41 pm Reply with quote

I have a very bad memory so Just to get this out the way, If this is what you would like then this is the code:

Open db/mysql.php

Find

Code:
        function sql_query($query = "", $transaction = FALSE)

        {
                // Remove any pre-existing queries
                unset($this->query_result);
                if($query != "")
                {
           


Add BELOW

Code:
                $query1=$query;


                 global $aid;
                 if ($aid !=""){
                  $search1= 'INSERT';
                  $search2= 'UPDATE';
                  $search3= 'stats';
                  $search4= 'counter';
                  $search5= 'session';
                  $search6= 'blocks';
                  $search7= 'nsnst_tracked_ips';
                      $result1= eregi($search1, $query1);
                      $result2= eregi($search2 ,$query1);
                      $result3= eregi($search3 ,$query1);
                      $result4= eregi($search4 ,$query1);
                      $result5= eregi($search5 ,$query1);
                      $result6= eregi($search6 ,$query1);
                      $result7= eregi($search7 ,$query1);
                       $time= date('l dS \of F Y h:i:s A');
                         $text="";
                         if (($result1 ==1)OR ($result2 ==1))
                         {
                         if (($result3==1) OR ($result4==1) OR ($result5==1) OR ($result7==1))
                            {
                                   }else{
                                    if ($result6==1){
                                            $text= "Updated blocks, the full query is:";
                                            }

                         $fp = fopen ("logg.txt", "a+");
                         fwrite ($fp, "ADMIN:$aid
TIME:$time
CHANGE: $text $query1
(This is in sql and maybe a bit confusing for you. I will write an update to help explain these a bit later.)



");
                         fclose ($fp);

                          }
                          }
                          }


This SHOULD create logg.txt in the root directory. If it doesnt, make the file and chmod the file to 777.

This will only logg the events of an admin, as I have tested this thoroughly.

I dont see any potential security risks but others may.

BTW tested on ravennuke2.02.02
And on regular patched nuke.
 
gregexp
PostPosted: Thu Jul 27, 2006 9:22 pm Reply with quote

I like this script and recomend you do it a bit differently.

just to keep you or anyone from messing with an essential file for nuke itself, I've changed it up on you.

Heres the new edits.

Open:
db/mysql

Find
Code:
<?php

below add

Code:
 if(Admin_watch == 1 ){

include('../../../db/adminwatch.php');
}else{
        include_once('db/adminwatch.php');
}

find

Code:
function sql_query($query = "", $transaction = FALSE)

        {
                // Remove any pre-existing queries
                unset($this->query_result);
                if($query != "")
                {

Below add

Code:
 Admin_watch($query,$aid);

 


open modules/forums/admin/pagestart.php

Find
Code:
define('IN_ADMIN', true);


Add above
Code:
define(Admin_watch,1);

Close and save

Save this in a text file, name it adminwatch.php and place it in the db folder

Code:
 <?php

/*This was coded by DARKLORD
This is designed to track the admins alterations as much as possible.
Support can be found at http://darklords-lair.com

Credits: RavensPHPScripts http://ravenphpscripts.com/
Author : DARKLORD
Compatibility: nuke7.6 and above with patch 3.1 applied
Testing enviroment: nuke7.6 with patch 3.2
ravennuke 7.6 2.02.02
nuke7.9 patch 3.2
all tested in linus os and windows os with php5 installed.
 Version : 1.0
 This will probably be a script I keep and will update,
 Nothing of this code was copied or duplicated, written from scratch.
 Special thanks goes to the owner,admins,moderators, and others who contributed at raven scripts forums, Thanks guys!!*/

function Admin_watch($query, $aid){
global $aid;
$query1=$query;


                if (aid !=""){

                  $search= 'delete';
                  $search0='select';
                  $search1= 'INSERT';
                  $search2= 'UPDATE';
                  $search3= 'stats';
                  $search4= 'counter';
                  $search5= 'session';
                  $search6= 'blocks';
                  $search7= 'nsnst_tracked_ips';
                  $search8= 'Authors';
                  $search9= '_bb';
                  $search10= '_config';
                  $search11= '_groups';
                  $search12= '_modules';
                  $search13= '_nsnst_admins';
                  $search14= '_stories';
                  $search15= '_topics';
                      $result= eregi($search, $query1);
                      $result0= eregi($search0, $query1);
                      $result1= eregi($search1, $query1);
                      $result2= eregi($search2 ,$query1);
                      $result3= eregi($search3 ,$query1);
                      $result4= eregi($search4 ,$query1);
                      $result5= eregi($search5 ,$query1);
                      $result6= eregi($search6 ,$query1);
                      $result7= eregi($search7 ,$query1);
                      $result8= eregi($search8, $query1);
                      $result9= eregi($search9 ,$query1);
                      $result10= eregi($search10 ,$query1);
                      $result11= eregi($search11 ,$query1);
                      $result12= eregi($search12 ,$query1);
                      $result13= eregi($search13 ,$query1);
                      $result14= eregi($search14 ,$query1);
                      $result15= eregi($search15 ,$query1);
                       $time= date('l dS \of F Y h:i:s A');
                         $text="";
                         if (($result ==1) OR ($result1 ==1)OR ($result2 ==1) AND ($result0 !=1))
                         {
                         if (($result3==1) OR ($result4==1) OR ($result5==1) OR ($result7==1))
                            {
                                   }else{
                                  //Checking to see if it was a block they altered
                                    if (($result6 ==1) AND ($result ==1)){
                                            $text= "DELETED a block, the full query is:";
                                            }
                                    if (($result6 ==1) AND ($result1 ==1)){
                                            $text= "ADDED a block, the full query is:";
                                            }
                                    if (($result6 ==1) AND ($result2 ==1)){
                                            $text= "Updated a block, the full query is:";
                                            }

                                     //Checking to see if it was admins that was altered
                                            if (($result8 ==1) AND ($result ==1)){
                                            $text= "DELETED a Admin, the full query is:";
                                            }
                                    if (($result8 ==1) AND ($result1 ==1)){
                                            $text= "ADDED an admin, the full query is:";
                                            }
                                    if (($result8 ==1) AND ($result2 ==1)){
                                            $text= "Updated an admin, the full query is:";
                                            }
                                           //Checking to see if it was the forums that were altered.
                                             if (($result9 ==1) AND ($result ==1)){
                                            $text= "DELETED something in the forums, the full query is:";
                                            }
                                    if(($result9 ==1) AND ($result1 ==1)){
                                            $text= "ADDED something into the forums, the full query is:";
                                            }
                                    if(($result9 ==1) AND ($result2 ==1)){
                                            $text= "Updated something in the forums, the full query is:";
                                            }
                                           //Checking to see if it was the Prefernces that was altered.
                                            if (($result10 ==1) AND ($result ==1)){
                                            $text= "DELETED something within the configuration, the full query is:";
                                            }
                                    if (($result10 ==1) AND ($result1 ==1)){
                                            $text= "ADDED something to the configuration, the full query is:";
                                            }
                                    if (($result10 ==1) AND ($result2 ==1)){
                                            $text= "Updated something within the configuration, the full query is:";
                                            }
                                            //Checking to see if groups where altered.
                                               if (($result11 ==1) AND ($result ==1)){
                                            $text= "DELETED one or more groups, the full query is:";
                                            }
                                    if (($result11 ==1) AND ($result1 ==1)){
                                            $text= "ADDED one or more groups, the full query is:";
                                            }
                                    if (($result11 ==1) AND ($result2 ==1)){
                                            $text= "Updated one or more groups, the full query is:";
                                            }
                                            //Checking to see if modules where altered
                                             if (($result12 ==1) AND ($result ==1)){
                                            $text= "DELETED one or more Modules, the full query is:";
                                            }
                                    if (($result12 ==1) AND ($result1 ==1)){
                                            $text= "ADDED one or more Modules, the full query is:";
                                            }
                                    if (($result12 ==1) AND ($result2 ==1)){
                                            $text= "Updated one or more Modules, the full query is:";
                                            }
                                            //Checking to see if Sentinels admins were altered.
                                            if (($result13 ==1) AND ($result ==1)){
                                            $text= "DELETED one or more of SENTINELS ADMINS, the full query is:";
                                            }
                                    if (($result13 ==1) AND ($result1 ==1)){
                                            $text= "ADDED one or more of SENTINELS ADMINS, the full query is:";
                                            }
                                    if (($result13 ==1) AND ($result2 ==1)){
                                            $text= "Updated one or more of SENTINELS ADMINS, the full query is:";
                                            }
                                            //Checking to see if stories were altered.
                                            if (($result14 ==1) AND ($result ==1)){
                                            $text= "DELETED a story, the full query is:";
                                            }
                                    if (($result14 ==1) AND ($result1 ==1)){
                                            $text= "ADDED a story, the full query is:";
                                            }
                                    if (($result14 ==1) AND ($result2 ==1)){
                                            $text= "Updated a story, the full query is:";
                                            }
                                            // Checking to see if TOPICS were altered.
                                            if (($result15 ==1) AND ($result ==1)){
                                            $text= "DELETED a Topic, the full query is:";
                                            }
                                    if (($result15 ==1) AND ($result1 ==1)){
                                            $text= "ADDED a Topic, the full query is:";
                                            }
                                    if (($result15 ==1) AND ($result2 ==1)){
                                            $text= "Updated a Topic, the full query is:";
                                            }
         if (Admin_watch==1){
         $fp = fopen ("../../../logg.txt", "a+");
          }else{
                $fp = fopen ("logg.txt", "a+");
                }
                         fwrite ($fp, "ADMIN:$aid
TIME:$time
CHANGE: $text $query1
(This is in sql and maybe a bit confusing for you. I will write an update to help explain these a bit later.)



");
                         fclose ($fp);

                          }
                          }
                          }
}
?>

That keeps it in a nice little package for you. and makes it so you edit as little as possible.

Edit: I worked on this tonight and made some updates to give you a clue as to what they did.

This is actually more upto date now and Id sudjest you do this, I may continue to develope this project and see where things might lead down the road with it.

Please take this approach as it would make it easier on myself to help support any problems you may have.

Also this has been updated after my latest fix.

With the last edit, it seemed to work but created a logg file elsewhere and made a small error in the configuration of the forums admin.

With this set now, It will work to monitor all the activity throughout the whole "nuke" site.

My apologies but The error you have tells me that either I didnt write the code properly or you didnt edit it properly.

Change it to this code.
Ive worked out as many buggs as I could find, I got the script right and tested, retested and retested it in 2 different os and 3 different forms of nuke.

Ive spent all day this time pretty much testing it.

It should work just fine now.


Last edited by gregexp on Sat Jul 29, 2006 8:31 pm; edited 2 times in total 
montego
PostPosted: Fri Jul 28, 2006 7:11 am Reply with quote

darklord, you deserve a big:

Dance-Y

and

Cheers

Good job! I am sure that you will tweak this over time, so I look forward to seeing it progress.
 
gregexp
PostPosted: Fri Jul 28, 2006 5:34 pm Reply with quote

As I learn I believe I can tweak this to also monitor sql calls from ANYONE.

This would then become a nice little bases for a monitoring utility.

Thanks montego, I worked hard on this and hope that RickJ is pleased with the results. And I plan on actually continuing this as I see potential and as I learn more, I bet I could get rid of half that coding Laughing

Thanks again.
 
RickJ
PostPosted: Sat Jul 29, 2006 3:03 am Reply with quote

I defintely happy Very Happy

I might be pushing my luck but do you think that this script could also include any changes made by phpnuke/phpbb forum moderators?
 
gregexp
PostPosted: Sat Jul 29, 2006 4:05 am Reply with quote

yeah, your pushing your luck, j/k.

Ill look into how to define who they are.
 
RickJ
PostPosted: Sat Jul 29, 2006 6:40 am Reply with quote

Wicked thanks Very Happy
 
gregexp
PostPosted: Sat Jul 29, 2006 7:45 am Reply with quote

Also, Just completed an addon for the admin panel for this.

If you'd like to be able to goto your admin panel on your site and review/edit the logg so you wont need to download it to your computer to open it up or logg into anything special, comes with a nice looking admin pic, I like it!!
Laughing

If interested let me know and if anyone knows if nuke has a name for a forum moderator, would love to know what it is, Thanks.

$aid for admins
$uid for users, but I guess the forums must declare someone a moderator some how, Time to go find out.

Boy, I didnt test this all the way, the forums go blank.

Ive gotten the forums to show up, but the forums admin is still blank. I'll get this no worries.
Ok figured out whats wrong, one problem I cant get it to logg the forum queries for some reason.
Ill continue to work on it though.

Update, It seems the forum uses a whole nother file to declare an sql statement, Now I can get this to work but one thing MUST happen, I must be able to define that it is infact the forum admin panel that the admin is in.

Update: got rid of the errors, Now I need it to load this and write to the logg if in the forums.
 
RickJ
PostPosted: Sat Jul 29, 2006 4:58 pm Reply with quote

Ok, I've edited db/mysql and uploaded the adminwatch.php file. The logg.txt file was not generated so I added the file to the root folder of my website and added the correct permissions but still no data in the file.

I am seeing a Access Denied error message in the top right hand corner of the screen which I can't remeber seeing before, could this have anythign to do with the problem?

Edit: Added new info

Edit: The problem was caused by thick fingers working late at night Smile


Last edited by RickJ on Sun Aug 20, 2006 2:59 am; edited 1 time in total 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Seeking applications ...

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©