Git Product home page Git Product logo

activity-log's Issues

Doesn't work with Custom Posts

Great plugin - much lighter impact and with nicer UI than others I've used.

However, I have an issue whereby user activity is not being recorded in the logs. It's a fairly heavily customised site - using Custom Post Types, Advanced Custom Fields (ACF) and Capability Manager. The majority of my users are a custom capability with "Level 7" and have access only to two custom post types. All activity from an admin is logged properly but custom capability users only log their logged in / logged out activity. Bizarrely though, I've enabled an email notification and this works properly e.g. I get an email every time one of the custom capability users updates a post, creates a post, etc.

Any idea what's happening? Without being able to track exactly what editing is taking place I can't continue using this plugin for what I need.

Thanks very much.

Ben

Fatal error from undefined function _draft_or_post_title()

I'm getting a fatal error on two separate websites using ARYO. The errors only appear to be showing at random times - I can only attest to what is happening on one of the sites - I was creating a post using Gravity Forms + Custom Post Types. The other site doesn't even use the plugin so not sure what triggered it there. Here's the two errors.

Fatal error: Call to undefined function _draft_or_post_title() in /home/pastures/public_html/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-posts.php on line 38

[05-Mar-2014 15:44:56] PHP Fatal error: Call to undefined function _draft_or_post_title() in /home/otm/public_html/wp-content/plugins/aryo-activity-log/hooks/class-aal-hook-posts.php on line 60

Let me know if I can provide any more helpful information!

Activity log better for Plugins

Add track after: Updated | Deleted | Installed | Activated | Deactivated

Now it's track just for: Activated or Deactivated

Idea: When activating plugin, fill in previous activity

We oftentimes find that we have to install this on a clients' site after something has gone wrong. It would be great if there was an option to pre-populate ARYO logs with basic data (when posts were created, revisions, maybe a way to trace plugin installs?) to help trace issues.

This could be a button and not an automatic action so that it wouldn't kill large installs.

Thanks for all your great work on this plugin!

What's the best way to restrict logging?

Basically, we don't want to track all of the data that is being tracked by default because it's not all useful to us and we'd rather keep the logs as lightweight as possible.

I had a quick read-through of the plugin and I found a few different areas that seem like they're designed to allow developers to limit what is and isn't tracked, but I'm not 100% sure what the best way to approach this is.

Could you provide any example code or just point me in the right direction for what needs to be filtered within the plugin to accomplish this?

Feature Request

Would love to be able to SORT by the IP Address column. This would enable the following scenario:

  1. Filter by "wrong_password"
  2. Sort by IP Address
  3. See who the worst offenders of the wrong_password are so we can add them to a banned IP list.

Thanks!

Set notification for User A OR User B

Hi. Great plugin!

One request: I wish to be notified when unregistered users visit. Is there a way to set the notification to use an OR function, rather than just the AND? So I can be notified if the user is NOT Admin A OR Admin B.

Also, can I set this up to be notified if the user is GUEST? Thanks, ab

Setting access log per Roles and Capabilities

Setting:

New Tab: Permissions

Access log: (Checkbox)

  • Super Admin (MU)*
  • Administrator*
  • Editor
  • Author
  • Contributor
  • Subscriber

*Default


You can improve this feature with those options:

  • Allow access log for specific Users: (Select User + Repeater)
  • Disable access log for specific Users: (Select User + Repeater)

Authenticated Information Disclosure Vulnerability

The AJAX accessible function ajax_aal_get_properties(), in the file /classes/class-aal-settings.php, is accessible to any logged in user despite it looking like it is only intended to be accessed by Administrator level users. Through that certain non-public information on the users of the website can be disclosed.

Export data

Add button export data to CSV file. It's very useful for old data backup.

ManageWP requests are logged with wrong username

I'm using ManageWP to manage my sites and I just discovered that all requests from that system are logged with first admin account available. At first it was an account with ID 1, then I deleted it and now it's logging with user ID 2.

2.2.8 errors: Trying to get property of non-object

Hi,

My debug.log file is spammed from yesterday's update with following:

[23-Jan-2016 20:03:19 UTC] PHP Notice:  Trying to get property of non-object in /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php on line 161

[23-Jan-2016 20:03:19 UTC] PHP Notice:  Trying to get property of non-object in /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php on line 178

And

[23-Jan-2016 20:10:35 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/[...]/wordpress/wp-content/plugins/aryo-activity-log/classes/freemius/includes/class-fs-api.php:161) in /home/[...]/wordpress/wp-content/themes/zschocianow/header.php on line 62

I use in header.php only setcookie() before and after line 62. There were no such error before.

Greetings

Send notification in X hours?

I just think it's very spam for now to send email per log changes. The better way need to save queue in the cache (maybe in wp_options?), and send per X hours all the activity.

@maor What you think about this?

Best,
Yakir

Trashed & Deleted & Restore for Posts (Pages/CPT)

Post/Page/Another CPT - if i move post to Trash - in log write "Deleted" and if i permanently deleted from Trash also write "Deleted". it's not true.

You can need to change this to: Trashed (move to trash) | Deleted (permanently deleted) | Restore (from trash)

Logging to syslog for fail2ban integration

Hi,
First, I use your plugin a lot. thank you for it.
Second, I use fail2ban on my server and I made a small change on your plugin to log to syslog when a wrong password is entered. Than I created fail2ban filter and action to ban the IP accordingly.

If you guys could include this piece of code in your development, that would be great as I wouldn't be worried about updating the plugin and you could also advertise the feature of fail2ban integration.

I added a piece of code just before the: $this -> _delete_old_items(); in the function insert( $args ) in the class-aal-api.php file. You probably could do a better job as the plugin creator ;)

Here is the code I added:

if ($args['action'] == "wrong_password") {
                $siteUrl = explode("//", get_site_url());
                openlog($siteUrl[1], LOG_PID, LOG_AUTH);
                syslog(LOG_NOTICE,"Authentication failure for ". $args['object_name'] ." from ".$args['hist_ip']);
                closelog();
        }

The filter wordpress.conf:

# Fail2Ban configuration file
#
# Author: Igor Almeida
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = wordpress

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = Authentication failure for .* from <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

And the jail snippet to insert into jail.local:

[wordpress]
enabled  = true
filter   = wordpress
port     = http,https
logpath  = /var/log/auth.log
maxretry = 2
banaction = iptables-allports

Thank you,
Igor Almeida

Monitoring Pages

Looks like you have quite an interesting plugin! I was wondering if you had plans to add page tracking as well, or if you already include it and it just doesn't show in the documentation.

Thanks!

Feature Request: Identify User Agent

This is a really useful plugin! Thanks!

I had an issue recently where some users could not login, but others could. It turned out that all those who could not login were using Firefox; other users were unaffected.

Would it be possible to identify the user agent when someone tries to login (whether successfully or not)?

Thanks for considering this!

Plugin Updates

Which plugin changes are exactly being logged? I was under the impression it would log plugin updates, but it does not. Please advise!

aal_insert_log not showing data

Hi, i am trying to implement log into my plugins, but not see the entry in the activity log table. I insert using the function aal_insert_log, i check the database and the data is there. I missing something, with the args in the aal_insert_log function is enough to go? Thank in advantage of your help.

Excluding specific users from appearing in the log

Great plugin! It's very handy, no hassle, easy to use.

I don't know whether this would be at all possible, but I am currently clogging the activity log with my own log-ins, so I often have to scroll down several pages in order to see other users who have logged into the website. Would it be possible to exclude a user, in this case myself, from the list?

Notification type: HTTP hook

Hello,

Instead of only an email notification, I would like to request an HTTP hook notification. This would be superb.

For example I would set up a notification to that would make an HTTP Post request to http://example.com/updated when a update is made in WordPress.

Thank you
Ross

Activity log better for Themes

Add track after: Updated | Deleted | Installed | Activated | Deactivated

Now it's track just for: Activated or Deactivated

Could someone please provide a quick example how to record this action?

This is the third time over the past year I have come back to this plugin, primarily due to its slick visual organization while meeting nearly 98% of my requirements. The problem I am having here is that I simply can't figure out the proper method to create a custom action trigger entry for my specific situation.

Let me point out in advance that I am well aware that what I aim to track would likely be incapable of scaling properly to more than a few concurrent users at a time and this is perfectly fine for my situation... I simply need a basic example of how it can be done.

The nature of my situation involves a custom wordpress website which is only accessible to about 50 individuals each of which need an existing pre approved wp user account to access the site. What I need to be able to do here is simply record every single page view on this domain for each of these users. Ideally I would like the information which gets recorded to include very basic information including date/timestamp, page title, post type name, any associated categories, tags, taxonomies and potentially some specific custom field value. The purpose of these logged pageviews simply need to allow the user to view his own activity and filter/sort it and allow an admin to do the same for all or a single user.

Could someone who has some basic experience with this plugin please provide a basic example of how to achieve this basic functionality?

Thanks in advance!

Lots of "guest logged out" in a row

On one site in particular, I'm getting a bunch of the following records in a row and I can't figure out where they would be coming from since guests can't be logged in and there's usually about 10 in a row? Have you guys seen this before? If not, feel free to ignore but was hoping someone else had hit this previously.

Guest 173.230.132.230 User Logged Out

Support Add, Edit & Delete of Taxonomy Terms.

This is a feature request to support logging of the addition, edits and deletion of native WordPress Tags & Categories as well as any custom taxonomies.

Great, simple plug-in. Thank you.

Using Varnish or ngnix as a proxy will always return ip as 127.0.0.1

Hi guys,
I have a few sites that the IP recorded for each activity is always 127.0.0.1 instead of the real user/guest IP.

It took me a while but I found that the one thing they have in common is that they were all served using a proxy either ngnix or varnish.

which makes sense because the server (apache or ngnix) gets the request from the proxy (varnish or ngnix) which is on the same machine and that is why i get the local host IP (127.0.0.1) as user IP which is actually wrong.

looking at the code this line in specific is the problematic one
https://github.com/KingYes/wordpress-aryo-activity-log/blob/master/classes/class-aal-api.php#L55

A better way to get the real IP even in the case of a proxy you should first look in the
$_SERVER['HTTP_CLIENT_IP'] var then in the $_SERVER['HTTP_X_FORWARDED_FOR']
and only then in the $_SERVER['REMOTE_ADDR']

for example:

function get_real_ip(){
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
        return $_SERVER['HTTP_CLIENT_IP'];
    }else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
        return $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    return $_SERVER['REMOTE_ADDR'];
}

thanks.
Happy Yom haatzmaut;

Extend to support plugins

Great plugin!
With a little work I think this plugin could be a base plugin / alternative for many developer that hack their own notification and logging system.

It would be really nice if you can extend your api / hooks to allow plugins to use the logger.

I create a plugin that e.g. run cron-jobs and i want to save different custom events and enable to select them for notification. At the moment that is not possible.

The notification need some attributes like: notify when this event occured 10 times, or notfiy once per day / week / month....

Export is missing in classes/class-aal-notifications.php::get_object_types

Control access to view the activity log

It would be helpful to choose the roles allowed to view the activity log. Even if it's just a select form element and the selected role and higher are allowed to view the activity log.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.