I made this so I can see the Domain and User's IP of all the people that install my script.

Not sure why I'm posting it, guess I'm just that bored. (:
On your script installer page add:



$domain = $_SERVER['HTTP_HOST'];
$ip = $_SERVER['REMOTE_ADDR'];
echo("<iframe src=\"http://URL OF THE SITE THEY DOWNLOADED IT FROM/install_logger.php?d=$domain&i=$ip\" height=\"1\" width=\"1\" frameborder=\"0\">");
All that does is sends the domain name and the users IP of the person who installed the script.

Now create a file called install_logger.php:


<?php
$d = $_GET['d'];
$i = $_GET['i'];
$conn = mysql_connect("localhost","root","");
mysql_select_db(test) or die(mysql_error());
mysql_query("INSERT INTO `logs` (`ip` ,`domain`) VALUES ('$i', '$d');");
?>
This page sends the Users IP and Domain to the database, edit this file appropriatley.

Now, I'm happy enough viewing the logs in my phpMyAdmin, but if you don't have phpMyAdmin or don't know how to use it;

Create a file called logs_view.php:



<?php
$conn = mysql_connect("localhost","root","");
mysql_select_db(test) or die(mysql_error());
$get = mysql_query("SELECT * FROM `logs` order by id asc");
while ($logs = mysql_fetch_array($get))
{
echo ("Installed on: $logs[domain]. By (IP Address): $logs[ip].<br />");
}
?>
Edit the database connection info here aswell. Also, you may want to password protect that file and edit it to add a Clear Logs, but I can't be bothered posting one as I do it through phpMyAdmin.

Rate my code please?

NOTE: The viewer is edited TechTuts code as I couldn't be bothered doing it myself.

You need to make sure that you add % into the allowed users to access the mysql database :)

$domain = $_SERVER['HTTP_HOST'];
$ip = $_SERVER['REMOTE_ADDR'];
echo("<iframe src=\"http://URL OF THE SITE THEY DOWNLOADED IT FROM/install_logger.php?d=$domain&i=$ip\" height=\"1\" width=\"1\" frameborder=\"0\">");
>



$domain = $_SERVER['HTTP_HOST'];
$ip = $_SERVER['REMOTE_ADDR'];
$report = file_get_contents("http://URL OF THE SITE THEY DOWNLOADED IT FROM/install_logger.php?d=".$domain."&i=".$ip."");
---



<?php
$d = $_GET['d'];
$i = $_GET['i'];
$conn = mysql_connect("localhost","root","");
mysql_select_db(test) or die(mysql_error());
mysql_query("INSERT INTO `logs` (`ip` ,`domain`) VALUES ('$i', '$d');");
?>
>



<?php

function clean($var)
{

$var = htmlspecialchars( $var, ENT_QUOTES );

if( get_magic_quotes_gpc( ) ) {

$var = stripslashes( $var );

}

$var = str_replace( "\"", "", $var );
$var = htmlentities( $var );
$var = mysql_real_escape_string( $var );

return $var;

}

$d = $_GET['d'];
$d = clean($d);

$i = $_GET['i'];
$i = clean($d);

$conn = mysql_connect("localhost","root","") or die("Error on connecting to server, error msg: ".mysql_error());

$select_db = mysql_select_db("test") or die("Error on selecting database, error msg: ".mysql_error());

mysql_query("INSERT INTO `logs` (`ip` ,`domain`) VALUES ('".$i."', '".$d."')") or die("Error on SQL Query, error msg: ".mysql_error());

?>


--



<?php
$conn = mysql_connect("localhost","root","");
mysql_select_db(test) or die(mysql_error());
$get = mysql_query("SELECT * FROM `logs` order by id asc");
while ($logs = mysql_fetch_array($get))
{
echo ("Installed on: $logs[domain]. By (IP Address): $logs[ip].<br />");
}
?>


>



<?php
$conn = mysql_connect("localhost","root","") or die("Error on connecting to server, error msg: ".mysql_error());

$select_db = mysql_select_db("test") or die("Error on connecting to server, error msg: ".mysql_error());

$get = mysql_query("SELECT * FROM `logs` ORDER BY `id` ASC");

while ( $logs = mysql_fetch_array( $get ) )
{

echo ("Installed on: ".$logs["domain"].". By (IP Address): ".$logs["ip"].".<br />");

}
?>

looks ok but would it not work using an include instead of an iframe?


EDIT: simon's way is even better lol

Simon stop owning me at everything. :'(
I only made this so I can log installs, aslong as it works, I'm fine.

I only made this so I can log installs, aslong as it works, I'm fine.

As long as you don't clean the GET vars you're not fine.

As long as you don't clean the GET vars you're not fine.
As you found out...

As you found out...

Wth? On my script I cleaned my vars...I don't think you know what cleaning your vars means, lol.

Uhh remember when your logging script got owned with iframes, redirects, e.t.c.

POWERpanel

<?php

function clean($var)
{

$var = htmlspecialchars( $var, ENT_QUOTES );

if( get_magic_quotes_gpc( ) ) {

$var = stripslashes( $var );

}

$var = str_replace( "\"", "", $var );
$var = htmlentities( $var );
$var = mysql_real_escape_string( $var );

return $var;

}

$d = $_GET['d'];
$d = clean($d);

$i = $_GET['i'];
$i = clean($d);

$conn = mysql_connect("localhost","root","") or die("Error on connecting to server, error msg: ".mysql_error());

$select_db = mysql_select_db("test") or die("Error on selecting database, error msg: ".mysql_error());

mysql_query("INSERT INTO `logs` (`ip` ,`domain`) VALUES ('".$i."', '".$d."')") or die("Error on SQL Query, error msg: ".mysql_error());

?>



<?php
$conn = mysql_connect("localhost","root","") or die("Error on connecting to server, error msg: ".mysql_error());

$select_db = mysql_select_db("test") or die("Error on selecting database, error msg: ".mysql_error());

function clean($var)
{

$var = htmlspecialchars( $var, ENT_QUOTES );

if( get_magic_quotes_gpc( ) ) {

$var = stripslashes( $var );

}

$var = str_replace( "\"", "", $var );
$var = htmlentities( $var );
$var = mysql_real_escape_string( $var );

return $var;

}

$d = $_GET['d'];
$d = clean($d);

$i = $_GET['i'];
$i = clean($i);

mysql_query("INSERT INTO `logs` (`ip` ,`domain`) VALUES ('".$i."', '".$d."')") or die("Error on SQL Query, error msg: ".mysql_error());

?>


Two errors, need to define db first also,

$i = $_GET['i'];
$i = clean($d);

also cleaning wrong var?

You don't have to define the db first -.- And yes, it should be clean($i)

Anyway,



Uhh remember when your logging script got owned with iframes, redirects, e.t.c.

POWERpanel
I cleaned mine out for SQL Injections, I didn't care about iframes.

Simon wouldn't the use of htmlspecialchars(); do basically exacly what your clean(); function did?

Simon wouldn't the use of htmlspecialchars(); do basically exacly what your clean(); function did?

no it wouldn't

Oh, think I'm confused about how to use the clean(); thing.