Difference between revisions of "Protecting access log"

Latest revision as of 15:52, 5 October 2023

This article was extracted from the following TNG Thread on protecting your Access Log.

Allow Admin access

Modify the access for log to be only shown if the user has admin privileges.

See Template 4 index.php and topmenu.php for an example of how this is done for a specific template.
Modify the genlib.php to add the Access Log to the Info pull down for users with Admin privilege

Template 4 Logic

    if( $allow_admin ) {
        echo "<li><a href=\"showlog.php\" class=\"lightlink\">$text[mnushowlog]</a></li>\n";
        echo "<li><a href=\"admin/index.php\" class=\"lightlink\">$text[mnuadmin]</a></li>\n";
    }

Pull Down Menu Mod

TNG version:

≤ 8.1.3

The pull down menus generated by genlib.php do not show the Access Log. So if you want to show the Access Log on the Info pull down menu, you can make the following mod to genlib.php after the following line

if( $allow_admin_db ) $menu .= "<li><a href=\"$admin_url\"><img src=\"$cms[tngpath]tng_admin.gif\" class=\"tnggif\" align=\"left\" alt=\"\" />$text[administration]</a></li>\n";

by adding

if( $allow_admin_db ) $menu .= "<li><a href=\"$cms[tngpath]" . "showlog.php\"><img src=\"$cms[tngpath]tng_log.gif\" class=\"tnggif\" align=\"left\" alt=\"\" />$text[mnushowlog]</a></li>\n"; // added by Ken Roy

Check Login

After the login check in the showlog.php

include($cms['tngpath'] . "checklogin.php");

TNG version:

≥ 9.0

For TNG v9 and later, the code should be added after the

include("tng_begin.php");

Add the following logic

if( $assignedtree || !$allow_edit ) {
        $message = $admtext[norights];
        header( "Location: login.php?message=" . urlencode($message) );
        exit;
    }

Protect the File

Add an .htaccess entry to protect the genlog.txt file from access directly by going to your www.yoursite.org/genlog.txt

<Files "genlog.txt">
order deny,allow
deny from all
</Files>

To protect all .txt-files from access directly by going to your www.yoursite.org/***.txt you have to add .htaccess entry:

<Files *.txt>
order deny,allow
deny from all
</Files>

Controlling Site Access

Protecting Resources

Overlaid Subroot how to recover from subroot.php overlay
Prevent Directory Listing
Protecting access log

Turn off global register and other PHP overrides

Checking your site for Malware

Sucuri SiteCheck

@@ Line 22: / Line 22: @@
 === Pull Down Menu Mod ===
+{{TNG 8.1.3|and before}}
 The pull down menus generated by genlib.php do not show the Access Log.  So if you want to show the Access Log on the Info pull down menu, you can make the following mod to genlib.php after the following line
@@ Line 33: / Line 34: @@
 				$menu .= "<li><a href=\"$cms[tngpath]" . "showlog.php\"><img src=\"$cms[tngpath]tng_log.gif\" class=\"tnggif\" align=\"left\" alt=\"\" />$text[mnushowlog]</a></li>\n"; // added by Ken Roy
 </nowiki></code>
 == Check Login ==
@@ Line 39: / Line 39: @@
 After the login check in the showlog.php
-<syntaxhighlight lang="php" enclose="div">
+<syntaxhighlight lang="php">
 include($cms['tngpath'] . "checklogin.php");
 </syntaxhighlight>
@@ Line 47: / Line 47: @@
 For TNG v9 and later, the code should be added after the
-<syntaxhighlight lang="php" enclose="div">
+<syntaxhighlight lang="php">
 include("tng_begin.php");
@@ Line 54: / Line 54: @@
 Add the following logic
-<syntaxhighlight lang="php" enclose="div">
+<syntaxhighlight lang="php">
 if( $assignedtree || !$allow_edit ) {
          $message = $admtext[norights];

Difference between revisions of "Protecting access log"

Latest revision as of 15:52, 5 October 2023

Contents

Allow Admin access

Template 4 Logic

Pull Down Menu Mod

Check Login

Protect the File

Related links

Controlling Site Access

Protecting Resources

Checking your site for Malware

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Language

Translate

TNG Guides

Items of Interest

Categories

External links

Translators

Tools