Page 1 of 1

Need PHP Programmer to Help Me Track Users

Posted: Sat Feb 03, 2007 11:34 pm
by JeremiahTrotter
Here's the scenario. I have a password-protected directory that is protected by the traditional HTACCESS method. I want to be able to log the time, IP, and username for every visit to index.php. Here is the code I am working with.

Code: Select all

//
// Username and IP Logging 
// 
$dt  = date("j-F-Y  H:i:s");
$fp = fopen("IPlog.txt", "a+");
$ip = $_SERVER['REMOTE_ADDR'];
$username = WHAT DO I PUT HERE????
$mg = "$dt $username From IP address $ip\n";
fwrite($fp, "$mg\r\n");
// change the above line to fwrite($fp, "$mg\n\n"); for unix
// or leave as-is for Windows
fclose($fp);
//
How do I track the username?

Would appreciate it so much in advance. :(

If you cannot understand, please let me know. English is my second language!

Posted: Sun Feb 04, 2007 7:25 am
by louie35
After they login do you store the username into a session?

Posted: Sun Feb 04, 2007 8:56 am
by JeremiahTrotter
louie35 wrote:After they login do you store the username into a session?
I have no idea. The login is based on HTACCESS. When you go to a protected section of the site, there is a pop-up asking for your username and password. Log-in is not web-based.

Posted: Sun Feb 04, 2007 9:00 am
by louie35
why don't you make a web based login from a database of users.
Store username in a session and update your file.

Posted: Sun Feb 04, 2007 10:13 am
by JeremiahTrotter
louie35 wrote:why don't you make a web based login from a database of users.
Store username in a session and update your file.
The problem is twofold:

1. I'm a complete newbie at stuff like this.
2. I have explored public PHP scripts, including PHP BB, but I have no idea how to protect files (such as multimedia), not just specific pages.

Any suggestions?

Thanks for your response.

Posted: Sun Feb 04, 2007 10:18 am
by potato
Hey,

first you make a form where they can write there login and password.
on the page where you make the login script, you first check the login and password from your (mysql) db.
When that is correct you can make a session by the following code:

Code: Select all

session_start()
This must be the first code on every page on your website, otherwise the session is not working.
after the session is started, you can register session vars like this:

Code: Select all

$_SESSION['username'] = "theusername"; 
$_SESSION['userid'] = "theuserid";
To log out the user, you can destroy the session with the following code:

Code: Select all

session_unregister('username');
session_unregister('userid');
Offcoarse you can make session vars as much as you want

hope this helps to get you on track...

Posted: Sun Feb 04, 2007 10:34 am
by JeremiahTrotter
Hi, thank you for your response. Unfortunately, your method is the reason I have switched to password protecting my files through HTACCESS.

For example, I would like multimedia files (pictures, sounds, etc.) to be protected also. However, with your method, only actual web pages can be protected...


HTACCESS will protect anything and everything: my problem is tracking who's logging in by IP and username.


If there is a PHP solution (free) that can protect EVERYTHING, I'd appreciate it very much!

Once again, thank you for your response - it was helpful.



P.S. To clear things up, I need either:

1. A method of tracking logins by username and IP for a directory protected by HTACCESS.

OR

2. A script solution (preferably PHP) that will allow me to protect EVERYTHING in a directory (not just webpages).

Posted: Sun Feb 04, 2007 10:48 am
by potato
if a user want to download a file, they click on a link to a php script.
In that script you copy the actual file (with a random name for the file!) to a temp folder and make a mysql query where you put the download name in plus the time of now, the user who downloads it (and maybe the ip).
Than let the download begin from the file in the temp folder.
With a cronjob for example (of very hour), you let a script make a query where het gets all the downloads that are older as 1 hour.
And let the script delete all those files from the temp folder.

If you combine this way with my previous post, only members can download those files, you get some stats, and this link will only work for one hour.

Posted: Sun Feb 04, 2007 10:49 am
by potato
anyway, i dont like to work with htaccess.

Looks not clean, and is for my oppinion not handy.

Posted: Sun Feb 04, 2007 11:30 am
by feyd
This thread doesn't need to turn into a duplicate of JeremiahTrotter's previous thread...