Difference between revisions of "Protecting access log"

From TNG_Wiki
Jump to: navigation, search
(New page: {|align=right |__TOC__ |} This article was extracted from the following TNG Thread [http://www.tngforum.us/index.php?showtopic=5488&pid=26503&st=0&#entry26503 on protecting your Access Lo...)
 
(Protect the File)
Line 60: Line 60:
 
</Files></pre>
 
</Files></pre>
  
 +
To protect all .txt-files from access directly by going to your www.yoursite.org/***.txt you have to add .htaccess entry:
 +
 +
<pre><Files *.txt>
 +
order deny,allow
 +
deny from all
 +
</Files></pre>
  
 
== Related links ==
 
== Related links ==

Revision as of 18:04, 30 March 2014

This article was extracted from the following TNG Thread on protecting your Access Log.

Allow Admin access

Modify the access for log to be only shown if the user has admin privileges.

  • See Template 4 index.php and topmenu.php for an example of how this is done for a specific template.
  • Modify the genlib.php to add the Access Log to the Info pull down for users with Admin privilege

Template 4 Logic

    if( $allow_admin ) {
        echo "<li><a href=\"showlog.php\" class=\"lightlink\">$text[mnushowlog]</a></li>\n";
        echo "<li><a href=\"admin/index.php\" class=\"lightlink\">$text[mnuadmin]</a></li>\n";
    }

Pull Down Menu Mod

The pull down menus generated by genlib.php do not show the Access Log. So if you want to show the Access Log on the Info pull down menu, you can make the following mod to genlib.php after the following line

if( $allow_admin_db ) $menu .= "<li><a href=\"$admin_url\"><img src=\"$cms[tngpath]tng_admin.gif\" class=\"tnggif\" align=\"left\" alt=\"\" />$text[administration]</a></li>\n";

by adding

if( $allow_admin_db ) $menu .= "<li><a href=\"$cms[tngpath]" . "showlog.php\"><img src=\"$cms[tngpath]tng_log.gif\" class=\"tnggif\" align=\"left\" alt=\"\" />$text[mnushowlog]</a></li>\n"; // added by Ken Roy


Check Login

After the login check in the showlog.php

include($cms['tngpath'] . "checklogin.php");

Add the following logic


    if( $assignedtree || !$allow_edit ) {
        $message = $admtext[norights];
        header( "Location: login.php?message=" . urlencode($message) );
        exit;
    }


Protect the File

Add an .htaccess entry to protect the genlog.txt file from access directly by going to your www.yoursite.org/genlog.txt

<Files "genlog.txt">
order deny,allow
deny from all
</Files>

To protect all .txt-files from access directly by going to your www.yoursite.org/***.txt you have to add .htaccess entry:

<Files *.txt>
order deny,allow
deny from all
</Files>

Related links