how to see who is viewing what

lordrich · 2006-04-03 16:58:56

The following file, who.php should be placed in the root of your Textpattern install. When called in a manner such as http://www.example.com/who.php?host=example.org it will list the most recent 30 views from the domain example.org. I found this very useful for finding out if that certain somebody has seen my blog recently.

<code>
<html>
<head>
<link href=”/textpattern/textpattern.css” rel=“Stylesheet” type=“text/css” />
</head>
<body>
<?php
require_once(“textpattern/config.php”);
mysql_connect($txpcfg[‘host’], $txpcfg[‘user’], $txpcfg[‘pass’]) or die(mysql_error()); mysql_select_db($txpcfg[‘db’]) or die(mysql_error());
$sql = “SELECT * FROM “ .$txpcfg[‘table_prefix’] .“txp_log WHERE host LIKE ‘“ .$_GET[‘host’] .”’ ORDER BY ‘time’ DESC LIMIT 0, 30 “; $result = mysql_query($sql) or die(mysql_error());
echo “<table cellpadding=\“0\” cellspacing=\“0\” border=\“0\” id=\“list\” align=\“center\”>”;
echo “<tr><td><b>Time</b></td><td><b>host</b></td><td><b>page</b></td></tr>”;
while($row = mysql_fetch_array($result))
{ echo “<tr><td>” .$row[‘time’] .”</td><td>” .$row[‘host’] .”</td><td>” .$row[‘page’].”</td></tr>”;
}
echo “</table>”;
?>
</body></html>
</code>

Mary · 2006-04-03 18:41:19

That’s a good idea, thanks for sharing.

There is one problem though: your example is vulnerable to SQL injection attacks. It can also be simplified by using Textpattern’s database hooks. :)

<?php

require_once('textpattern/config.php');
require_once('textpattern/lib/txplib_db.php');

$host = doSlash(gps('host'));

$rs = safe_rows_start('time, host, page', 'txp_log', "host like %$host% order by time desc limit 0, 30");

if ($rs)
{
	echo <<<end

<table id="list" cellpadding="0" cellspacing="0" align="center" border="0">

<tr>
	<th>Time</th>
	<td>Host</th>
	<th>Page</th>
</tr>

end;

	while ($row = nextRow($rs))
	{
		extract($row);

		echo "\n\n".'<tr>'.
			"\n\t".'<td>'.$time.'</td>'.
			"\n\t".'<td>'.$host.'</td>'.
			"\n\t".'<td>'.$page.'</td>'.
			"\n".'</tr>';
	}

	echo "\n\n".'</table>';
}

?>

Last edited by Mary (2006-04-04 02:43:41)

soulship · 2006-04-03 19:06:51

Mary said:

There is one problem though: your example is vulnerable to SQL injection attacks.

I am assuming that your example resoves that potential problem? I like this idea a lot, so thanks you two!

Mary · 2006-04-03 19:36:33

I am assuming that your example resoves that potential problem?

Yes, that’s this part: <del><notextile><code>$host = gps(‘host’);</code></notextile></del> $host = doSlash(gps('host'));

Last edited by Mary (2006-04-04 02:44:56)

soulship · 2006-04-03 22:50:22

Thanks! That’s a really useful snippet.

Last edited by soulship (2006-04-03 22:51:07)

zem · 2006-04-04 00:57:47

You should use doSlash() on $host before inserting it in a sql query. gps() removes slashes, it doesn’t add them.

Mary · 2006-04-04 02:43:00

Whoopsie. Nice catch. Don’t know where my mind was (or is…)

skoggy · 2006-04-05 09:59:08

…and for non coders like me, could you post the full php-file (with fixes)? Would like to give it a try…

creativesplash · 2006-04-06 05:40:06

yeah me too!

Mary · 2006-04-07 01:18:14

The code above would be the full page (and it was corrected). Just copy and paste it into a new file, and save it with a .php extension.

Textpattern CMS

Textpattern CMS support forum

#1 2006-04-03 16:58:56

how to see who is viewing what

#2 2006-04-03 18:41:19

Re: how to see who is viewing what

#3 2006-04-03 19:06:51

Re: how to see who is viewing what

#4 2006-04-03 19:36:33

Re: how to see who is viewing what

#5 2006-04-03 22:50:22

Re: how to see who is viewing what

#6 2006-04-04 00:57:47

Re: how to see who is viewing what

#7 2006-04-04 02:43:00

Re: how to see who is viewing what

#8 2006-04-05 09:59:08

Re: how to see who is viewing what

#9 2006-04-06 05:40:06

Re: how to see who is viewing what

#10 2006-04-07 01:18:14

Re: how to see who is viewing what

Board footer