A customer from me want to track ONLY registered users. Here is the code to include into tpl_footer.php:
CheersCode:<?php if (ZEN_CONFIG_USER_TRACKING == 'true' AND $_SESSION['customer_id'] != '') { zen_update_user_tracking(); } ?>
Printable View
A customer from me want to track ONLY registered users. Here is the code to include into tpl_footer.php:
CheersCode:<?php if (ZEN_CONFIG_USER_TRACKING == 'true' AND $_SESSION['customer_id'] != '') { zen_update_user_tracking(); } ?>
How do you know if they are a "registered user" if they haven't logged in?Quote:
Originally Posted by pititis
This means you would only start tracking most of them when they commence the checkout process.
You will miss all the clicks they used to get to that point.
To me thats the important bit, not the half dozen or so clicks to get thru the checkout.
Sure a small number login when they hit the website, but on my websites that is very small.
Checking the customer_id for the session. No customer_id means no login.Quote:
Originally Posted by gilby
Not exactly, this website shows prices only to registered and approved users (wholesale stuff).
Cheers!
For a wholesale only site, that would work!Quote:
Originally Posted by pititis
Hello,
I'm using this mod in v1.51. Superuser can use this mod without problems but no the rest of profiles (They get always:
Sorry, your security clearance does not allow you to access this resource.
Please contact your site administrator if you believe this to be incorrect.
Sorry for any inconvenience.)
The original sql code for the registration:
/MYADMIN/includes/extra_datafiles/user_tracking_database_tables.php:Code:INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
- sql code exist in the admin_pages tableCode:<?php
define('TABLE_USER_TRACKING', DB_PREFIX . 'user_tracking');
define('DIR_WS_FLAGS', 'images/flags/');
define('BOX_TOOLS_USER_TRACKING', 'User Tracking');
define('BOX_TOOLS_USER_TRACKING_CONFIG', 'User Tracking Config');
define('FILENAME_USER_TRACKING', 'user_tracking.php');
define('FILENAME_USER_TRACKING_CONFIG', 'user_tracking_config.php');
?>
- admin_page_to_profiles, profile_id to page_key is ok (profile_id =2, page_key = UserTracking and UserTrackingConfig)
- admin_profiles profile_id=2 is defined
I'm lost, I don't see nothing wrong here. I need your light.
Cheers!
Solved!
Just remove the .php extension in FILENAME_USER_TRACKING and FILENAME_USER_TRACKING_CONFIG
/MYADMIN/includes/extra_datafiles/user_tracking_database_tables.php
CheersPHP Code:<?php
define('TABLE_USER_TRACKING', DB_PREFIX . 'user_tracking');
define('DIR_WS_FLAGS', 'images/flags/');
define('BOX_TOOLS_USER_TRACKING', 'User Tracking');
define('BOX_TOOLS_USER_TRACKING_CONFIG', 'User Tracking Config');
define('FILENAME_USER_TRACKING', 'user_tracking.');
define('FILENAME_USER_TRACKING_CONFIG', 'user_tracking_config');
?>
Has anyone incorporated tracking restrictions using the spiders file? And to take it a step further, incorporated it so that the data is still logged with an option to hide spider views or show them when reviewing the log?
This last question is asked, because it seems that ip addresses to not log are specifically that, not logged versus not shown. Would think that would want to log all accesses (unless REALLY concerned about log space) and just ignore them when reviewing the logs.
I've gone ahead and made the modifications described above. Additionally added code that was obtained from this forum that addressed the presentation of the idle time. The following is taken from the update file.Quote:
Originally Posted by mc12345678
Added ability to hide/show spider visits using the spiders.txt file of Zen Cart. Default view is to hide spider visits.
Modified the information shown at the bottom of the view to show the number of users and number of bots/spiders that have visited. This spider/bot information will show whether the actual visit is or is not shown.
Also incorporated modifications published in this Thread/Forum related to display of the Idle time of a visitor. (Previous calculations lead to incorrect display depending on timezone.) Just added it in, so still needs to go through review and acceptance.
Fyi,
Submitted another change to the user tracking mod. The list of changes are as follows (by memory):
1. Identified that in some cases the OnChange event of clicking the new Hide/Show Spiders buttons didn't work on first click, so rewrote to use an OnClick event instead.
2. Removed some of the hard coded text that had recently been added and placed in the language files.
3. Added a Back to Today and Forward to Today option if the date chosen is two or more days away from the date when the date on which the selection was made.
4. When moving the text to the language file ensured that values of zero displayed for number of "events".
5. Incorporated the use of the notify system instead of calling a function into the footers. (The previous method still works); however, new installs are directed to use the notify method.
6. By request of the Zen Cart Team trimmed down the readme files so that there is only a new install and upgrade file by incorporating the history of the previous updates into the update readme.
It is likely/possible that this update will be available after this coming weekend; however, the Zen Cart Team as far as I know also is a volunteer support group, so please be patient while they make their reviews to publish.
I am hoping someone can help me. We upgraded to Zen Cart 1.5.1 and User Tracking 1.4.2 and I am getting these errors in the log file:
Code:[07-Aug-2013 01:26:56 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0=A&products_id=13493', 'Learning Resources Pretend and Play Food Snack Set', 'O' at line 1 :: insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, referer_url, page_desc, customers_host_address) values ('0', 'Guest', '931f031bebc22bab074f3e9f9dd60475', '198.100.145.182', '1375853216', '1375853216', '/index.php?main_page=\'0=A&products_id=13493', 'http://www.clevershoppers.com/index.php?main_page='0=A&products_id=13493', 'Learning Resources Pretend and Play Food Snack Set', 'OFFICE_IP_TO_HOST_ADDRESS') in /MASKED/includes/classes/db/mysql/query_factory.php on line 120
Code:[07-Aug-2013 01:26:57 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0=A', 'NAVBAR_TITLE', 'OFFICE_IP_TO_HOST_ADDRESS')' at line 1 :: insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, referer_url, page_desc, customers_host_address) values ('0', 'Guest', '42c15c5d5052c1bd8b9601e07c1c65ff', '198.100.145.182', '1375853217', '1375853217', '/index.php?main_page=product_info&products_id=\'0=A', 'http://www.clevershoppers.com/index.php?main_page=product_info&products_id='0=A', 'NAVBAR_TITLE', 'OFFICE_IP_TO_HOST_ADDRESS') in /MASKED/includes/classes/db/mysql/query_factory.php on line 120
These are just some examples, there are 100s of these errors in the log. On The Admin side, I see tracking and such but obvious something is wrong here.Code:[07-Aug-2013 01:26:58 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0=A+and+1=1&products_id=13493', 'Learning Resources Pretend and Play Food Snack ' at line 1 :: insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, referer_url, page_desc, customers_host_address) values ('0', 'Guest', '4fbeab1bb17a9a9ab8b444106ba60f2d', '198.100.145.182', '1375853218', '1375853218', '/index.php?main_page=\'0=A+and+1=1&products_id=13493', 'http://www.clevershoppers.com/index.php?main_page='0=A+and+1=1&products_id=13493', 'Learning Resources Pretend and Play Food Snack Set', 'OFFICE_IP_TO_HOST_ADDRESS') in /MASKED/includes/classes/db/mysql/query_factory.php on line 120
Thanks!
I'm curious from what version you upgraded.Quote:
Originally Posted by BlessIsaacola
Basically, what I have discovered from errors of that type, is that whomever or whatever is at the ip address shown in the error is/has been trying to abuse Zen Cart by sending a bad URL. You can reproduce/force the error by manually entering the same URL. The good thing? Now you know about it, and hopefully/probably now they can't use the same trick they used to to get what they were able to. (Sorry, I'm assuming that since the same IP address was in each of those error logs, that they have probably been sending that URL for a while.)
See, it is if someone is trying to submit what I think is called SQL injection, because if you notice that after main_page= there is a backwards slash followed by an apostrophein SQL that combination is like forcing an apostrophe to stay in the string which if improperly handled in the code could act like a break in a line with the following text to be executed if as actual code. For example, one of the entries evaluates to 0=A which results in an error because you can't assign the letter A to the number 0. If the code didn't catch this then there might be a problem. But basically, to log records, the user tracking mod is passing to the SQL interpreter the data that is shown, and it doesn't like some of the data.
That's my interpretation based on finding an occasional similar event in my log, tracking down the originator (same place each time), and a little research on the values attempted to inject.
I upgraded from Version: 1.3.6.2. If I understand you correctly, this is nothing to worry about other than the annoying 100s of entry in the log folder? If this continues I still may ditch this mod. It's interesting that this never show up before upgrading to Zen Cart 1.5.1. Thanks so much for looking into this.
Well, glad you upgraded from such an old version. My understanding is that likely it had security issues. My recommendation would be to use this previously unavailable information to take action on your site. Take a look at the errors and see what commonalities exist. Perhaps that (or those) ip addresses need to be reported to the respective host(s) about how they are trying to abuse your site, and then maybe also have the address(es) blocked from your site through your .htaccess file(s). Afterall, if they're not engaging with your site appropriately then either they shouldn't be able to or maybe they have an issue that needs to be corrected. Take a look at the product_id identified and review your database through your myPHPAdmin panel, do you have a product_id of 13493? (Or could look through your store to find the same.) My guess is that no, you don't have 13,493 items and therefore don't have a product_id that high, which further indicates that it's not actually your cart providing that URL, but someone/something providing that to your cart to attempt to abuse it.Quote:
Originally Posted by BlessIsaacola
Realize, ignoring the abusive behavior won't resolve anything, and it may even escalate.
Thank you again! I will definitely keep an eye on it and block the ips as they come through. The product ids that's included are valid on our site and work just fine. I still find it rather interesting that they are using User Tracking Mod to try and attack. Obviously, there's a reason for that best known to them. I will monitor the log for a while and add the offending ip to the block list. Thanks for troubleshooting with me.
Also, this may not have been observed before because the old version of your Zen Cart may have allowed that computer to do what it was doing before processing the user tracking code. Now that you are on the latest version of Zen Cart, Zen Cart is allowing that "request" to move forward. So, to further clarify (seeing a newer post), they may not be targeting the User Tracking, but "known" issues with the older Zen Cart systems that potentially have security issues, it's just now you have something reported as a result of having the plugin.Quote:
Originally Posted by BlessIsaacola
Again, I caution about just blocking the ip addresses, it "fixes" potential issues with them reaching to you, but doesn't notify anyone about the attempts they are making.
I will greatly appreciate if anyone have a uninstall instruction for the database changes and page registration that was made by this mod. I have uninstalled it from our site and would like to clean it up from the DB.
They (the instructions and or uninstall SQL) should be part of the installation instructions.Quote:
Originally Posted by BlessIsaacola
Other than the numerous error messages generated by one or more computers attempting to provide a bad string, was there anything else that you saw that could be improved? (I have some plans for additional mods, so I am interested in if I am planning the right ones.)
The keyword there is they should be but I don't see uninstall instruction. Inside the Readme I have HOW_TO_UPDATE-V1.5.0.txt and New_Install_Readme.txt and inside the sql folder I have new_install_user_tracking.sql and UPDATE_user_tracking.sql Now sure if my 1.4.2 package download is missing something but there's no uninstall instruction for the database or page registration stuff. I honestly cannot tell you what exactly is wrong but we have so many customization on our site and this is the only mod that's not playing well with the database (in the sense that it keeps triggering an error related to an insert and line 120 of query factory). Instead of chasing it around, I decided to remove it from our site for now. When there's another release I will try it again but it's not critical enough to our business to be messing with it. Our livehelp mod have a built functionality that collects the same data so I am not missing anything. Thanks!Quote:
Originally Posted by mc12345678
First, thank you for the detailed feedback, whether it be me or another Zenner, hopefully the trouble data that is causing the error can be evaluated and an appropriate action taken rather than forwarding on the information in it's entirety to force an additional error log.Quote:
Originally Posted by BlessIsaacola
As for uninstall, I seem to recall that it is addressed in the individual install documents. I also thought there was an uninstall.sql file provided with the package and that the instructions addressed how to apply that file to the cart.
I'll take a look to see if I'm wrong, and if so provide instructions. I was the last to modify the package, but there was not a separate uninstall instruction file when I made the changes I did.
Glad to hear that the problem(s) will still be captured/addressed by something else, allowing them to be resolved. Whatever the solution specifically for this mod, I think that solution should not use up a significant amount of space either on the server or the database to "flag" the issue. Probably will be as simple as adding a flag to a portion of the collected data and stripping out the offending information from the data before sending it down the path for ZC to process.
Thank you so much for taking the time to thorough engage with me on this. I really appreciate it! I downloaded the 1.4.2 again and there's no uninstall instruction. This is simply so you know. I can drop the table from the database manually (but others may not be comfortable with that). The page registration stuff is still new to me which is why I went looking for the uninstall instruction. Have a great weekend!
I did the same, and from reviewing the install sql (Fresh install) developed the following SQL statements to remove information related to this mod from the mySQL database:Quote:
Originally Posted by BlessIsaacola
I haven't tested the code and am only worried about the 2nd to last line, though it is the same line included in the install package. Concern is if the value 999 is unique enough (ie. not used by other packages) that other information in the configuration table with the configuration_group_id of 999 won't exist to be affected.Code:DELETE FROM admin_pages WHERE page_key = 'UserTracking';
DELETE FROM admin_pages WHERE page_key = 'UserTrackingConfig';
DROP TABLE IF EXISTS user_tracking;
DELETE FROM configuration WHERE configuration_group_id = '999';
DELETE FROM configuration_group WHERE `configuration_group_id` = 999 AND `configuration_group_title` = 'User Tracking Config' AND `configuration_group_description` = 'User Tracking' AND `sort_order` = 31 AND `visible` = 1;
But, I think that if you paste the above into your admin panel where you have the ability to perform SQL functions, then it will undo database actions previously performed. It is expected that by running this that you will lose all of the tracked data that might exist. Please report the success and I will incorporate into the my next changes (I have mods on another plugin that I have currently placed priority to implement before returning to this one). But it looks like those will work for an uninstall.
I forgot to mention, please backup your database before running that code. (Will not affect the files showing your site, but will affect the data that is shown.) Don't want something else to be affected, and if it is, want to be able to restore it.
I already took care of it manually via phpmyadmin. Sorry I wasn't able to test your code for you. Thanks!Quote:
Originally Posted by mc12345678
You're welcome. Technically you would be in the ideal situation now to test that code, by at least running the Sql to install, and then the above SQL to remove. :PQuote:
Originally Posted by BlessIsaacola
That said, a small description of what the above does is this,
The first line removes the admin menu option to see the list of tracked users.
The second line removes the admin menu option to see the admin settings for user tracking.
The third line removes the user tracking table from the database if it is present.
The fourth line removes all occurrences of the configuration_group_id that equal 999 from the configuration table and
the last line removes what is expected to be only the one entry from the configuration_group table that meets all of the criteria that were set in the install.
Hi, I have installed the latest version on 1.3.8 and have everyting installed where it should be but I do not see user tracking under tools in the admin. Can't figure out why? Anybody got any ideas?
Thanks.
A.
Forgive me for going back to the basics, but you also "ran" the install SQL?Quote:
Originally Posted by corseter
Does this version show correctly what is currently in a customers cart if they have a current session?
Sort of like is shown in who's online.
I had used this some years ago,
It seemed there was a bug in earlier versions that would show the same items for multiple current sessions.
I think that issue is currently still present. I hadn't yet made any changes to that part, and I think I have seen the effects of what you describe. I plan on making more changes, I'll definitely consider that as one of the factors to try to correct.Quote:
Originally Posted by gilby
Thank you for that.Quote:
Originally Posted by mc12345678
I remember the error came in about zen 138a and newer.
May have had something to do with session handling in the admin.
Prior to those versions of zen there was an admin\includes\classes\sessions.php that was removed in zen v138 and newer.
This file may have had an influence on it.
Welcome!Quote:
Originally Posted by gilby
The thing I saw was when I was looking at the user tracking log, someone/something added a large number of items, when I refreshed the logs every entry showed the same thing in the cart rather than just the entry that had something in their cart, but I think it was identical to what was shown on the who's online screen.
So, I'm not sure if that is the same that you observed years ago, but it did appear as the who's online shows (a single "window" with all cart information shown including which session had the item(s).)
I tried running the SQL patch via the "install sql patch" in my admin tools, and got this "WARNING: An Error occurred, please refresh the page and try again."
I then tried to manually install it by copypasta into PHPmyAdmin and got this:not sure where to go from here in the install of this mod....Quote:
Error
SQL query:
INSERT INTO admin_pages( page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order )
VALUES (
'UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000
);
MySQL said: Documentation
#1062 - Duplicate entry 'UserTracking' for key 'page_key'
OK i went back into myphpadmin and ran one line at a time, executed and everything seems to be working ok now
Good! Whew. :)Quote:
Originally Posted by petro
Btw, the error message was indicating that you already had the menu option in the table, so you were being notified that there was nothing further to be done for that line.
Ok here is my latest issue... it doesnt appear to be tracking anyone other than me in multiple instances... Ive even had someone today register as a new customer and place an order yet it doesnt show on the user tracking admin page... I have times when I have 20 users on and multiple members browsing yet this tracking only shows when Im on...
http://i530.photobucket.com/albums/d...ksal0t/3-2.jpg
http://i530.photobucket.com/albums/d...ksal0t/4-2.jpg
Can think of four reasons might be happening: 1) setting to track other users is not enabled in the User tracking configuration area, 2) footer file not updated to track users 3) footer file was updated, but is now overridden, and 4) all files not uploaded successfully.Quote:
Originally Posted by petro
A potential other cause I could see would be that somehow all other IP addresses are excluded from tracking except your own (seems unlikely at best, but could be). Any error logs generated during that time and do they reveal anything?
1:) is okQuote:
Originally Posted by mc12345678
2:)
http://i530.photobucket.com/albums/d...ksal0t/5-1.jpg
3:) snapshot above was from the live tpl_footer file
4:) I never got the database SQL file to function properly.... The very first time I tried the copypasta into the admin>tools>install sql patches of the "new_install_user_tracking" sql file and got an error. then I tried it in myphpadmin and got a "duplicate" error, then based on some info In here I changed "TYPE=MyISAM" to "ENGINE=MyISAM" still get "duplicate" error. then I tried to run it one line at a time and got a "duplicate" error when I did these two lines by themselves:
Quote:
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
After these two lines the remaining lines went off without a hitch...Code:INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
Code:DROP TABLE IF EXISTS user_tracking;
CREATE TABLE user_tracking (
`customer_id` int(11) default NULL,
`click_id` int(11) default NULL,
`full_name` varchar(64) NOT NULL default '',
`session_id` varchar(32) NOT NULL default '',
`ip_address` varchar(15) NOT NULL default '',
`time_entry` varchar(14) NOT NULL default '',
`time_last_click` varchar(14) NOT NULL default '',
`last_page_url` varchar(128) NOT NULL default '',
`referer_url` varchar(254) NOT NULL default '',
`page_desc` varchar(64) NOT NULL default '',
`customers_host_address` varchar(64) NOT NULL default ''
) ENGINE=MyISAM;
DELETE FROM configuration where configuration_group_id = '1084';
INSERT INTO configuration_group (`configuration_group_id`, `configuration_group_title`, `configuration_group_description`, `sort_order`, `visible`) VALUES (1084, 'User Tracking Config', 'User Tracking', 31, 1);
INSERT INTO configuration VALUES ('', 'User Tracking (ADMIN)', 'ADMIN_CONFIG_USER_TRACKING', 'true', 'Check the ADMINs behaviour ? (each click will be recorded)', 1084, 2, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES ('', 'User Tracking (exclude this IP-Address)', 'CONFIG_USER_TRACKING_EXCLUDED', 'your IP', 'Do NOT record this IP Address<br>(like webmaster/owners/Beta-testers)', 1084, 10, '2003-03-04 23:08:38', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration VALUES ('', 'User Tracking (Session Limit)', 'CONFIG_USER_TRACKING_SESSION_LIMIT', '50', 'Displaying the latest # sessions of this 24 hour period.<br>(SET to 999999 for unlimited per 24 hour period)<br>NOTE:<BR>Watch you space !', 1084, 15, '2003-03-03 11:19:13', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration VALUES ('', 'User Tracking (your favorite WHOIS URL)', 'USER_TRACKING_WHOIS_URL', 'http://www.dnsstuff.com/tools/whois.ch?ip=', 'Put here you favorite WHOIS tracking site<br>(the IP will follow automaticly after this url)', 1084, 50, '2003-03-03 11:19:13', '2003-03-11 11:40:01', NULL, NULL);
INSERT INTO configuration VALUES ('', 'User Tracking Visitors', 'ZEN_CONFIG_USER_TRACKING', 'true', 'Check the Customers/Guests behaviour ? (each click will be recorded)', 1084, 1, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES ('', 'User Tracking (Show Product Category when tracking product clicks)', 'ZEN_CONFIG_SHOW_USER_TRACKING_CATEGORY', 'true', 'Show Product Category when tracking product clicks', 1084, 60, '2006-12-05 11:19:26', '2006-12-05 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
can anyone explain this portion a little more thorough for me?Quote:
2:) Install sql patch file, preferably by phpMyAdmin then add sql patch to zen (as recommended in the forum).
4. Login into the admin area, upload via Admin/Tools --> Install SQL Patches the file in Sql --> new_install_user_tracking.sql
So, couple of things some related to your original problem, some not. I've looked through the SQL files and I do see that there is a potential to receive the error you had when either applying the SQL update file or the SQL new install file. The error message received though does not bear on the lack of data collection that you are experiencing; however, when I get back to updating this plug-in some more I will incorporate sufficient checks/direction. There really should be no reason to have run the SQL more than the first time it was installed or if upgrading from a version that is older than User Tracking Ver 1.4.0. If any of the times the problem was experienced with the SQL file, then something else was going on or an issue with the database.Quote:
Originally Posted by petro
To be sure I understood, the tpl_footer file you presented above. Let's assume that you have an active template called ZenCart, so the end of the file shown above is from /includes/templates/ZenCart/common/tpl_footer.php?
With that in mind, I suggest verifying that the two added files /includes/auto_loaders/config.user_tracking.php and includes/classes/observers/class.user_tracking.php be reuploaded. These two files "listen" for the footer code to activate tracking of the users visiting the site. Currently tracking is occurring; however, it is only on the admin side.
As I recall seeing in this forum, there was a SQL patch file for Zen Cart itself related to one of the older versions of Zen Cart and it needed to be installed prior to this plug-in. That said, seeing that you are running 1.5.1, well I don't know of any SQL patches, but... there may be/the instruction still applies in general: make sure ZenCart is up-to-date prior to use for the version that you use.Quote:
Originally Posted by petro
Item 4 is about uploading the SQL file to support this plug-in as a new user. (Yes, until this is done, there may be errors that appear in the error log(s), because the data storage location may not exist to accept the data collected in the uploaded files. Another change I think to be made in the instructions (SQL before datafiles), although also thinking that installation could be improved through the use of an autoinstaller as well.
Clear it up any?
mc, I want to thank you again for helping out here. Im pretty much a noob so I'm trying all this with pretty limited coding skills and knowledge. Yes the image of the code I added to the footer is that of the php file located in my customized template im using. I also verified /includes/auto_loaders/config.user_tracking.php and includes/classes/observers/class.user_tracking.php are both in there and reuploaded them on top of the ones already up there.Quote:
Originally Posted by mc12345678
ok for some reason after re-uploading those two files my site has gone blank lol OK I reuploaded both "admin" and "Included" folder back into their spots and its up again, but still no tracking.
Ok for some reason having this code in my template footer is not working... anyways I added the code to the bottom of my header and its tracking guests and such now....
May need to clear your cache, sessions, and/or cookies in order to see changes. (Or use a different browser, that sometimes works for me in a quick pinch.)Quote:
Originally Posted by petro
You may have a problem in your footer or before it that is preventing getting to that line of code... Should verify that all of your footer content is appearing as expected and that there are no error messages associated with it.Quote:
Originally Posted by petro
Also, there are multiple header type files, so you will "lose" some tracking as guests go to the header files that you haven't added the code to; however, there is only one footer file for them all, which is partially why the code is captured in the footer. In development of using the observers, I tried to use the code associated with the headers; however, on multiple occasions I received odd location information about the user, so gave up and went back to the footer file in hopes that one day the notifier for the footer might be added to the core code.
After messing around with the files in my template im not so sure its even using the footer in my template folder ugh.... Ive changed things around in it, deleted it etc and it doesnt change the footer on the site.... I clear cache and cookies before each refresh
Well, if not mistaken that could cause problems with various browsers, because I thought there was HTML code that closes out the view of the webpage in it.Quote:
Originally Posted by petro
I would suggest that you either seek out more help in a new thread or hire someone to help.
mc, ill take it to another thread. It looks like I have a tpl_top_html.php that looks just like the footer that my site is calling to not the footer.... wierd
A couple issues with the install sql
1. CREATE TABLE user_tracking... TYPE=MyISAM
should be ENGINE=MyISAM
That should fix mod related errors which show up in the logs
( includes/classes/db/mysql/query_factory.php on line 120).
2. And the sort value should be 999 (not 31) for
INSERT INTO configuration_group (`configuration_group_id`,.....
(and the uninstall sql posted to this thread adjusted accordingly).
3. Also the readme should say User Tracking Config now shows up in Tools menu (previously appeared in the Configuration menu)
Appreciate the updates to the mod to hide/show spider crawls.
- Item 1 is being corrected in an update.Quote:
Originally Posted by Woodymon
- Item 2 an the update is going to use the next number instead of forcing to 999 (suggestion posted ages ago by Dr. Byte, as such I have tried to go through the entire readme to pull in any suggestions/hints/tips to incorporate into the next update, these will be added as well.)
- Item 3 noted and will update that in the documents. Last couple of updates were to specifically target some changes and did not include any form of comprehensive review.
This leads to the last non-bulleted item. During the comprehensive review it was identified that the code already partially hid spider crawls, the addition made is supposed to effectively hide them now, but the resulting "show spider crawls" does not truly show all of the spider crawls. This is an area that I would like to expand on and add some additional administrative controls to allow a store "reviewer" to be only allowed to do as permitted by the store owner. (Ie., may not be able to delete records, Hide from the reviewer the admin's activity or the activity of a particular individual (again would be logged, but not visible until the config switch was flipped allowing it to be seen), perhaps some other similar controls.) In review of the forum, there was guidance provided about what to enter into the footer to track various types of information, but have now seen that those hints were not incorporated, so would like to offer an admin switch to change the logging "preferences" as well.
I possibly could push out an interim update; however, have been wanting to not cycle the users of it, though I guess at least the SQL for a new install should be updated to help those newly coming on-board.
Been thinking about this particular comment and trying to understand. I took a look through my cart's database and found that in some cases the sort_id followed the configuration_group_id; however, in some cases not. Where is there information associated with the way this should go as a "general programming" option? I've already modified the preliminary update to reflect the same sort_id as the configuration_group_id (whatever it may end up being based on the user's cart), but when I changed the setting in my own cart's database nothing changed in my admin panel.Quote:
Originally Posted by Woodymon
Further related to the config section, I am not sure why it was changed to be in the area of the Tools menu and was also "confused" about why. It would seem to me that it should fall into the configuration menu and that the User Tracking Log potentially stay where it is. Anyone have design input while moving forwards with additional updates either from a usage side or to meet ZC standards? (I realize this could be a can of worms, but if making changes, should consider the larger audience than my own "little world".)
Just submitted an update to this plugin, may not be "available" until next weekend:
1. Added settings to Admin Config:
1.1) User visiting the User tracking page ability to delete log entries.
1.2) Ability to modify how much history to keep when purging/deleting entries using standard units of measure (hours, days, weeks, months (determined using 30 days)
1.3) Added option of data to submit into log based on user forum input.
1.4) Added a version field to the configuration utility.
2. Modified English Language File to show the duration and units of the record(s) being kept/purged.
3. Updated the shop's class.user_tracking observer to support logging of visits based on entries of the Zen-Cart user forum.
4. Changed the Update SQL file to reflect only those changes applicable with this upgrade (I.e. old update SQL which was only really applicable to upgrading older versions of User Tracking to an earlier version.
5. Added the number of unique visitors and spiders to the beginning of the list of sessions, so that it is now at top and bottom.
6. Hid all options to delete information if the admin has set the delete option to false, which means not only does it not display, but also that should not be able to use a get statement to delete the old data. The ability to delete all of the items overrides the inability to delete any one item. (ie., if delete all is on and delete IP set to off then delete IP will still be possible.)
7. Added uninstall_user_tracking.sql file.
Have not modified the logging/tracking to show more of the spiders that have been worked out of the log data. There are a few other improvements yet considered (such as an auto-installer) that have not been incorporated; however, there have been issues in the installation process that have been addressed in the forum but not incorporated into the files. A majority of that has been done.
Thank you so much for the update. I tried to give this mod another try but failed with the SQL install. The following is the error message I received:Here are the two lines from the previous sql install:Quote:
[14-Nov-2013 05:03:35 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '. '.php', '', 'tools', 'Y', 10000)' at line 1 :: /* Tables need to be ensured to include the prefix if it exists. */ INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING' . '.php', '', 'tools', 'Y', 10000); in /includes/classes/db/mysql/query_factory.php on line 120
Here are the two lines from the current sql install:Code:INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
Not sure why the modification in the current install but definitely causing issue.Code:INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING' . '.php', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG' . '.php', '', 'tools', 'Y', 10001);
Thank you for the detailed feedback. The change was made, because the assignment of the filename in the associated define file was not standard to ZC. (It previously included the extension.) That said, I did not properly format the SQL statement to concatenate the two strings. I'll have to provide an update.Quote:
Originally Posted by BlessIsaacola
In the meantime, and because I have not tested this statement, try replacing 'FILENAME_USER_TRACKING_CONFIG' . '.php' with:
CONCAT('FILENAME_USER_TRACKING_CONFIG', '.php')
And report back the result.
And the same thing with the one without CONFIG on the end.
Yeah, it really pays to test all aspects of a change...Quote:
Originally Posted by mc12345678
So the SQL statement for adding the two menu options of tracking and user tracking config should not have been changed. I wrongly assumed that because I had changed the Define for the filename that I would have to append '.php' to the sql statement. So, yes an update will still be necessary to the install SQL to restore those two lines back to what they were:
Code:INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
Thank you for looking into this. Do you want me to test with the previously suggested modification or do you want me to test by replacing the two lines from the previous sql install so the new install sql looks like this:Quote:
Originally Posted by mc12345678
Code:/* Tables need to be ensured to include the prefix if it exists. */
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
DROP TABLE IF EXISTS user_tracking;
CREATE TABLE user_tracking (
`customer_id` int(11) default NULL,
`click_id` int(11) default NULL,
`full_name` varchar(64) NOT NULL default '',
`session_id` varchar(32) NOT NULL default '',
`ip_address` varchar(15) NOT NULL default '',
`time_entry` varchar(14) NOT NULL default '',
`time_last_click` varchar(14) NOT NULL default '',
`last_page_url` varchar(128) NOT NULL default '',
`referer_url` varchar(254) NOT NULL default '',
`page_desc` varchar(64) NOT NULL default '',
`customers_host_address` varchar(64) NOT NULL default ''
) ENGINE=MyISAM;
SELECT @UserTrackgID := configuration_group_id
FROM configuration_group where configuration_group_title LIKE '%User Tracking%';
DELETE FROM configuration where configuration_group_id = @UserTrackgID;
/* DELETE FROM configuration where configuration_group_id = '999'; Desire is to replace 999 with the next configuration_group_id; however, this may require revision to the base code to support*/
INSERT INTO configuration_group (`configuration_group_id`, `configuration_group_title`, `configuration_group_description`, `sort_order`, `visible`) VALUES ('', 'User Tracking Config', 'User Tracking', '', 1);
SELECT @UserTrackgID := configuration_group_id
FROM configuration_group where configuration_group_title LIKE '%User Tracking%';
UPDATE configuration_group SET 'sort_order' = @UserTrackgID WHERE 'configuration_group_id' = @UserTrackgID;
INSERT INTO configuration VALUES (0, 'User Tracking Visitors', 'ZEN_CONFIG_USER_TRACKING', 'true', 'Check the Customers/Guests behaviour ? (each click will be recorded)', @UserTrackgID, 1, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (ADMIN)', 'ADMIN_CONFIG_USER_TRACKING', 'true', 'Check the ADMINs behaviour ? (each click will be recorded)', @UserTrackgID, 2, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (exclude this IP-Address)', 'CONFIG_USER_TRACKING_EXCLUDED', 'your IP', 'Do NOT record this IP Address<br>(like webmaster/owners/Beta-testers)', @UserTrackgID, 10, '2003-03-04 23:08:38', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration VALUES (0, 'User Tracking (Session Limit)', 'CONFIG_USER_TRACKING_SESSION_LIMIT', '50', 'Displaying the latest # sessions of this 24 hour period.<br>(SET to 999999 for unlimited per 24 hour period)<br>NOTE:<BR>Watch you space !', @UserTrackgID, 15, '2003-03-03 11:19:13', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE', 'true', 'Allow Record Deletion to be Active?<br/>Setting this to true will override ENTRY and SESSION purges.<br/>Default <b>true</b><br/>', @UserTrackgID, 25, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete Historical Data)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_RECORDS', 'false', 'Allow Record Deletion of records older than now - the purge duration set below.<br/>This value is ignored if Admin User Can Delete is set to true. Otherwise set this to true to allow deletion of visits.<br/>Default <b>false</b>.<br/>', @UserTrackgID, 26, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete SESSIONS)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_SESSIONS', 'false', 'Allow SESSION Deletion to be Active?<br/>This setting is ignored if Admin User Can Delete is set to true.<br/>Default <b>false</b><br/>', @UserTrackgID, 27, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete IP)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_IP', 'false', 'Allow Deletion of records that match the identified IP address?<br/>This setting is ignored if Admin User Can Delete is set to true.<br/>Default <b>false</b><br/>', @UserTrackgID, 28, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Purge this Number)', 'CONFIG_USER_TRACKING_PURGE_NUMBER', '3', 'What is the number associated with purging before the current date/time?<br/><br/>An example would be to choose 3 here and units associated with days to delete data greater than 3 days before today.<br/>', @UserTrackgID, 30, '2013-11-09 23:08:38', '2013-11-09 23:08:38', NULL, NULL);
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Purge Units)', 'CONFIG_USER_TRACKING_PURGE_UNITS', '1440', 'Pick the units associate with the periodicity to allow purging data.<br/><br/>60) Hours<br/>1440) Days<br/>10080) Weeks<br/>43200) Months (Based on 30 days)<br/>', @UserTrackgID, 31, '2013-11-09 23:08:38', '2013-11-09 23:08:38', NULL, 'zen_cfg_select_option(array(''60'', ''1440'',''10080'',''43200''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Type of User Interaction to Record)', 'CONFIG_USER_TRACKING_TRACK_TYPE_RECORD', '1', 'Type of user tracking to record?<br/><br/>1 - All visitors.<br/>2 - Visitors views where sessions have been started.<br/>3 - All users except bots/spiders ( requires Configuration->Sessions->Prevent Spider Sessions->true) (Don\'t know if this works with Zen-Cart versions older than 1.2.6d)<br/><br/>Related to above: If you set Force Cookie Use->true, then at the first user entry, sessions do not start!!! And in variants 2 and 3, user-tracking will not have started. In this case you lose one click and do not log the refferal. But if this user is a returning user and has an old/previous zen cookie the session started and your tracking system will collect this info. So, the result beforehand is not logged or will not be known.<br/>', @UserTrackgID, 40, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''1'', ''2'',''3''),');
INSERT INTO configuration VALUES (0, 'User Tracking (your favorite WHOIS URL)', 'USER_TRACKING_WHOIS_URL', 'http://www.dnsstuff.com/tools/whois.ch?ip=', 'Put here you favorite WHOIS tracking site<br>(the IP will follow automaticly after this url)', @UserTrackgID, 50, '2003-03-03 11:19:13', '2003-03-11 11:40:01', NULL, NULL);
INSERT INTO configuration VALUES (0, 'User Tracking (Show Product Category when tracking product clicks)', 'ZEN_CONFIG_SHOW_USER_TRACKING_CATEGORY', 'true', 'Show Product Category when tracking product clicks', @UserTrackgID, 60, '2006-12-05 11:19:26', '2006-12-05 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (Version Installed)', 'CONFIG_USER_TRACKING_VERSION', '1.4.3', 'Shows the version number associated with user tracking and should be updated with each upgrade', @UserTrackgID, 1000, '2013-11-10 04:19:26', '2013-11-18 04:19:26', NULL, NULL);
Thanks for the mod updates.
The current UT mod package, which includes the country flag gif images images, is appx 675K. Is it possible to strip out and place the country flag images into a separate download archive? Having to download the large archive just to fetch simple code updates is an inefficient use of resources.
The contents of the flags directory has not changed for ages, and likely won't change in the near future, that is unless the Maldives sinks into the ocean or Antarctica becomes a new country.
I am not able to do a code comparison at the moment; however, if the only change between the above code and the original New_Install.sql is the removal of the . '.php' portion of the two SQL statements that have a page_key of UserTracking and UserTrackingConfig, then yes the original issue identified a few posts back will be resolved. (My statement about paying to test all changes was directly in relation to that issue.) No testing is required with the CONCAT feature/operation as it does not work. ZenCart code apparently is able to strip excess .php statements from the defined FILENAME variable if such is included. I state this because the previous version assigned the filename with .php included and I have removed that additional text from the define and the SQL that adds the menu item has not required any changes to work. So, again if the above only incorporates the change to the two lines, it would be what I would suggest using.Quote:
Originally Posted by BlessIsaacola
It is possible; however, there is the question of "easability?" of installation? Asking new users to download two products, while existing users only need the "one?" Where/What else uses those files so that this and perhaps another package could be "joined"?Quote:
Originally Posted by Woodymon
Primarily addressing the way that packages are handled here on ZenCart and providing them/ensuring that provided to the operators in a sensical, understandable way... It is also a reason I have ensured to provide indication of the changed files so that at least one does not have to upload all of the contents each time.
Suggestions welcome...
Uncompressed, the flag gifs account for 178K. I don't recall where the flags were sourced.
The bigger issue is the GeoIP.dat that accounts for 914KB uncompressed. And that data is dated, from 2006.
The geoip data comes from Maxmind
http://geolite.maxmind.com/download/...ountry.mmdb.gz
Have to pay for the GeoIP data, but GeoLite2 data is free. But then need to employ a Maxmind API to access/utilize the proprietary GeoLite2 mmdb data.
I don't know how often Maxmind updates their GeoLite2 country databases, but I suspect the current GeoLite2 mmdb data (1.5MB uncompressed) is much more up to date than the 2006 data provided in current User Tracking mod.
I don't know if the mmdb can be read or is compatible with the API code built into the current UT mod. Or the older GeoIP.dat was converted to a different format supported by the UT mod.
But if it is doable I suggest placing the geoip data and flags in a separate archive and explain in readme where to fetch and where to install. Or two separate mods, one with and one sans the geoip data and flags.
Just suggestions.
Don't mean to be a Dannie Downer...but I have to ask what are the security issues regards to installing a large proprietary binary file, sourced from who knows where, in ones admin/includes directory? Is that big DAT file screened for malware before packaged into the mod archive?
The flags we are using is from here: http://www.famfamfam.com/lab/icons/flags/ which are smaller files than the ones in this contribution. I simply replaced the ones from user tracking with these ones. Perhaps they can be incorporate into the mod to reduce file size.
This is what I ended up with. Please let me know when you get a chance if you see any problem. Thanks!Quote:
Originally Posted by mc12345678
Code:INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
DROP TABLE IF EXISTS user_tracking;
CREATE TABLE user_tracking (
`customer_id` int(11) default NULL,
`click_id` int(11) default NULL,
`full_name` varchar(64) NOT NULL default '',
`session_id` varchar(32) NOT NULL default '',
`ip_address` varchar(15) NOT NULL default '',
`time_entry` varchar(14) NOT NULL default '',
`time_last_click` varchar(14) NOT NULL default '',
`last_page_url` varchar(128) NOT NULL default '',
`referer_url` varchar(254) NOT NULL default '',
`page_desc` varchar(64) NOT NULL default '',
`customers_host_address` varchar(64) NOT NULL default ''
) ENGINE=MyISAM;
SELECT @UserTrackgID := configuration_group_id
FROM configuration_group where configuration_group_title LIKE '%User Tracking%';
DELETE FROM configuration where configuration_group_id = @UserTrackgID;
INSERT INTO configuration_group (`configuration_group_id`, `configuration_group_title`, `configuration_group_description`, `sort_order`, `visible`) VALUES ('', 'User Tracking Config', 'User Tracking', '', 1);
SELECT @UserTrackgID := configuration_group_id
FROM configuration_group where configuration_group_title LIKE '%User Tracking%';
UPDATE configuration_group SET 'sort_order' = @UserTrackgID WHERE 'configuration_group_id' = @UserTrackgID;
INSERT INTO configuration VALUES (0, 'User Tracking Visitors', 'ZEN_CONFIG_USER_TRACKING', 'true', 'Check the Customers/Guests behaviour ? (each click will be recorded)', @UserTrackgID, 1, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (ADMIN)', 'ADMIN_CONFIG_USER_TRACKING', 'true', 'Check the ADMINs behaviour ? (each click will be recorded)', @UserTrackgID, 2, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (exclude this IP-Address)', 'CONFIG_USER_TRACKING_EXCLUDED', 'your IP', 'Do NOT record this IP Address<br>(like webmaster/owners/Beta-testers)', @UserTrackgID, 10, '2003-03-04 23:08:38', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration VALUES (0, 'User Tracking (Session Limit)', 'CONFIG_USER_TRACKING_SESSION_LIMIT', '50', 'Displaying the latest # sessions of this 24 hour period.<br>(SET to 999999 for unlimited per 24 hour period)<br>NOTE:<BR>Watch you space !', @UserTrackgID, 15, '2003-03-03 11:19:13', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE', 'true', 'Allow Record Deletion to be Active?<br/>Setting this to true will override ENTRY and SESSION purges.<br/>Default <b>true</b><br/>', @UserTrackgID, 25, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete Historical Data)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_RECORDS', 'false', 'Allow Record Deletion of records older than now - the purge duration set below.<br/>This value is ignored if Admin User Can Delete is set to true. Otherwise set this to true to allow deletion of visits.<br/>Default <b>false</b>.<br/>', @UserTrackgID, 26, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete SESSIONS)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_SESSIONS', 'false', 'Allow SESSION Deletion to be Active?<br/>This setting is ignored if Admin User Can Delete is set to true.<br/>Default <b>false</b><br/>', @UserTrackgID, 27, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete IP)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_IP', 'false', 'Allow Deletion of records that match the identified IP address?<br/>This setting is ignored if Admin User Can Delete is set to true.<br/>Default <b>false</b><br/>', @UserTrackgID, 28, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Purge this Number)', 'CONFIG_USER_TRACKING_PURGE_NUMBER', '3', 'What is the number associated with purging before the current date/time?<br/><br/>An example would be to choose 3 here and units associated with days to delete data greater than 3 days before today.<br/>', @UserTrackgID, 30, '2013-11-09 23:08:38', '2013-11-09 23:08:38', NULL, NULL);
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Purge Units)', 'CONFIG_USER_TRACKING_PURGE_UNITS', '1440', 'Pick the units associate with the periodicity to allow purging data.<br/><br/>60) Hours<br/>1440) Days<br/>10080) Weeks<br/>43200) Months (Based on 30 days)<br/>', @UserTrackgID, 31, '2013-11-09 23:08:38', '2013-11-09 23:08:38', NULL, 'zen_cfg_select_option(array(''60'', ''1440'',''10080'',''43200''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Type of User Interaction to Record)', 'CONFIG_USER_TRACKING_TRACK_TYPE_RECORD', '1', 'Type of user tracking to record?<br/><br/>1 - All visitors.<br/>2 - Visitors views where sessions have been started.<br/>3 - All users except bots/spiders ( requires Configuration->Sessions->Prevent Spider Sessions->true) (Don\'t know if this works with Zen-Cart versions older than 1.2.6d)<br/><br/>Related to above: If you set Force Cookie Use->true, then at the first user entry, sessions do not start!!! And in variants 2 and 3, user-tracking will not have started. In this case you lose one click and do not log the refferal. But if this user is a returning user and has an old/previous zen cookie the session started and your tracking system will collect this info. So, the result beforehand is not logged or will not be known.<br/>', @UserTrackgID, 40, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''1'', ''2'',''3''),');
INSERT INTO configuration VALUES (0, 'User Tracking (your favorite WHOIS URL)', 'USER_TRACKING_WHOIS_URL', 'http://www.dnsstuff.com/tools/whois.ch?ip=', 'Put here you favorite WHOIS tracking site<br>(the IP will follow automaticly after this url)', @UserTrackgID, 50, '2003-03-03 11:19:13', '2003-03-11 11:40:01', NULL, NULL);
INSERT INTO configuration VALUES (0, 'User Tracking (Show Product Category when tracking product clicks)', 'ZEN_CONFIG_SHOW_USER_TRACKING_CATEGORY', 'true', 'Show Product Category when tracking product clicks', @UserTrackgID, 60, '2006-12-05 11:19:26', '2006-12-05 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (Version Installed)', 'CONFIG_USER_TRACKING_VERSION', '1.4.3', 'Shows the version number associated with user tracking and should be updated with each upgrade', @UserTrackgID, 1000, '2013-11-10 04:19:26', '2013-11-18 04:19:26', NULL, NULL);
Dannie Downer? Is that a locality statement or a gender thing? (Familiar with seeing Debbie Downer, regardless of gender)... :)Quote:
Originally Posted by Woodymon
Short answer is that I have not performed any screening on the DAT file.
Further, I have made no changes to the DAT file, nor have I seen any changes in it when comparing a "fresh" download with a newly packaged version. I have not done any additional investigation into the security of that file, nor had I seen any previous discussion expressing concern with it (not to say that there wasn't a previous concern expressed, but I hadn't seen any.) The concerns that I had seen were related to the mod's ability to handle improperly formatted URL requests, which the more recent version(s) of ZC appear to have been able to prevent. I did want to incorporate an added level of prevention by stripping potential escape codes from the URL so that they would not be provided to the SQL that stores/processes the visit; however, did not complete that modification prior to posting this recent update. Primarily this update was to correct errors that were known but "lived" with (install SQL) and to add what I thought was relatively quick and easy functionality. I did also realize that there is one condition that I did not fully address, if in the configure area the option to "not log spiders" was selected (identified in the forum as a method to prevent logging spiders), then on the user tracking screen, technically the option to show/hide spiders should not be present (assuming that the first selection truly and totally prevents spiders from being logged in the first place).
If there is an issue with this or another DAT file then it should be addressed sooner rather than later.
I just posted my thoughts as they just came to head. I've been using the UT mod for 6-7 years now, and hadn't even thought about some of this before.
Enjoying your new functionality/configuration.
Regards to the option to show spiders, how does the UT mod define a specific session/IP as a spider or not? Does the UT mod look up the UA in /includes/spider.txt to identify a spider? The file last updated May 2011.
I would say that it is/was a good question about the DAT file. I took up to modifying this like many have, I use it, would like to see more features and think that a majority of the features seem to be something discussed throughout the thread, so why not implement them even if they are not something I currently need.Quote:
Originally Posted by Woodymon
As for the added spider functionality, well, the evolution of it to this point is that initially (as many probably had seen) there was always one type of "browser" (visitor) that would show up in the list of tracked users; however, it was readily apparent that it was some sort of automated website checker because no person could hit 5+ pages in as few seconds. At the same time I would open the Who's Online option and see that no one was there, unless I turned the spider related view on. Then it was obvious that UT was not filtering out those type of views; however, at the same time I happened across another "visitor" that wasn't being logged by UT. A little review of the who's online functionality identified a few different things that work together to identify/hide spiders. Further review identified that the current method of capturing the visitor information only partially implemented the filtering used by who's online. The portion that appeared to be missing was the look at the session id to determine if it was or was not present. So, I added that check which predominantly resolved the original issue I was having/seeing. If I remember correctly a session is not assigned if the visitor matches criteria within the spiders.txt file, so it became evident that if I could do a check for the assignment (or lack) of a session (which who's online does with the function that was added) then it would be possible to show/obscure that information and indirectly use the spiders.txt file.
But, looking at the code for capturing the visitor information it is/was significantly different from what is used in Who's Online, so that is still something I want to modify/merge, but I also don't want to break it. :) Meaning, I want to actually focus on that area of the code and give it attention rather than just implementing this or that "small" feature. In my opinion the process will be a little complex because I'll be pullling from multiple areas of Who's Online to be consolidated and reorganized into UT to maintain the same available information.
As part of that resequencing/formatting, I was considering adding a notification flag (yes likely an additional table field and therefore use a few more bytes of data storage and communication) to indicate calls to a website with a mal-formed url... \'A=0... for example. If nothing else, that way would be able to identify sessions that are either of interest or to be ignored when reviewing data. (And yes could offer another choice box as a result to look at incorrect URLs versus correct URLs...)
I apologize for the two malformed SQL statements in the new_install.sql file. The thought process I used to modify it seemed sound; however, was wrong. When I tried to concatenate the two texts and then look at my database, I could tell it was wrong and then when I used a format like the original package it worked... I could have tested it before distributing, but didn't. I do know that also I felt like working on this particular plug-in (considering how long it had been since an update) would offer me some "simple" opportunities to learn more about how ZC works and how to work with some of the integration with various parts of it. It's been a tremendous learning experience...
So, hope that provides a little enlightment. :)
At the moment this update is unusable because the new_install_sql doesn't work and the problem goes beyond the lines discussed above. Here is the new error I am getting:
Hopefully, you will repackage with a working install sql or at least update the download section to let people know that they shouldn't use this download until there's an updated new_install sql.Quote:
[14-Nov-2013 21:04:28 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sort_order' = @UserTrackgID WHERE 'configuration_group_id' = @UserTrackgID' at line 1 :: UPDATE configuration_group SET 'sort_order' = @UserTrackgID WHERE 'configuration_group_id' = @UserTrackgID; in /includes/classes/db/mysql/query_factory.php on line 120
Thanks!
Yup, another SQL error, though I thought I had actually tested that line (Especially after the recent comment that the sort_order should be the same as the configuration_key_id). The problem is that there are unnecessary (error causing) single quotes around the field names.Quote:
Originally Posted by BlessIsaacola
Here is the corrected new_user_install.sql file which will be packaged shortly and provided for update. Thank you for your patience and understanding.
Code:/* Tables need to be ensured to include the prefix if it exists. */
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTracking', 'BOX_TOOLS_USER_TRACKING', 'FILENAME_USER_TRACKING', '', 'tools', 'Y', 10000);
INSERT INTO admin_pages (page_key, language_key, main_page, page_params, menu_key, display_on_menu, sort_order) VALUES ('UserTrackingConfig', 'BOX_TOOLS_USER_TRACKING_CONFIG', 'FILENAME_USER_TRACKING_CONFIG', '', 'tools', 'Y', 10001);
DROP TABLE IF EXISTS user_tracking;
CREATE TABLE user_tracking (
`customer_id` int(11) default NULL,
`click_id` int(11) default NULL,
`full_name` varchar(64) NOT NULL default '',
`session_id` varchar(32) NOT NULL default '',
`ip_address` varchar(15) NOT NULL default '',
`time_entry` varchar(14) NOT NULL default '',
`time_last_click` varchar(14) NOT NULL default '',
`last_page_url` varchar(128) NOT NULL default '',
`referer_url` varchar(254) NOT NULL default '',
`page_desc` varchar(64) NOT NULL default '',
`customers_host_address` varchar(64) NOT NULL default ''
) ENGINE=MyISAM;
SELECT @UserTrackgID := configuration_group_id
FROM configuration_group where configuration_group_title LIKE '%User Tracking%';
DELETE FROM configuration where configuration_group_id = @UserTrackgID;
/* DELETE FROM configuration where configuration_group_id = '999'; Desire is to replace 999 with the next configuration_group_id; however, this may require revision to the base code to support*/
INSERT INTO configuration_group (`configuration_group_id`, `configuration_group_title`, `configuration_group_description`, `sort_order`, `visible`) VALUES (0, 'User Tracking Config', 'User Tracking', '', 1);
SELECT @UserTrackgID := configuration_group_id
FROM configuration_group where configuration_group_title LIKE '%User Tracking%';
UPDATE configuration_group SET sort_order = @UserTrackgID WHERE configuration_group_id = @UserTrackgID;
INSERT INTO configuration VALUES (0, 'User Tracking Visitors', 'ZEN_CONFIG_USER_TRACKING', 'true', 'Check the Customers/Guests behaviour ? (each click will be recorded)', @UserTrackgID, 1, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (ADMIN)', 'ADMIN_CONFIG_USER_TRACKING', 'true', 'Check the ADMINs behaviour ? (each click will be recorded)', @UserTrackgID, 2, '2003-03-03 11:19:26', '2003-02-09 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (exclude this IP-Address)', 'CONFIG_USER_TRACKING_EXCLUDED', 'your IP', 'Do NOT record this IP Address<br>(like webmaster/owners/Beta-testers)', @UserTrackgID, 10, '2003-03-04 23:08:38', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration VALUES (0, 'User Tracking (Session Limit)', 'CONFIG_USER_TRACKING_SESSION_LIMIT', '50', 'Displaying the latest # sessions of this 24 hour period.<br>(SET to 999999 for unlimited per 24 hour period)<br>NOTE:<BR>Watch you space !', @UserTrackgID, 15, '2003-03-03 11:19:13', '2003-02-09 21:20:07', NULL, NULL);
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE', 'true', 'Allow Record Deletion to be Active?<br/>Setting this to true will override ENTRY and SESSION purges.<br/>Default <b>true</b><br/>', @UserTrackgID, 25, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete Historical Data)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_RECORDS', 'false', 'Allow Record Deletion of records older than now - the purge duration set below.<br/>This value is ignored if Admin User Can Delete is set to true. Otherwise set this to true to allow deletion of visits.<br/>Default <b>false</b>.<br/>', @UserTrackgID, 26, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete SESSIONS)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_SESSIONS', 'false', 'Allow SESSION Deletion to be Active?<br/>This setting is ignored if Admin User Can Delete is set to true.<br/>Default <b>false</b><br/>', @UserTrackgID, 27, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Admin User Can Delete IP)', 'CONFIG_USER_TRACKING_ADMIN_CAN_DELETE_IP', 'false', 'Allow Deletion of records that match the identified IP address?<br/>This setting is ignored if Admin User Can Delete is set to true.<br/>Default <b>false</b><br/>', @UserTrackgID, 28, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Purge this Number)', 'CONFIG_USER_TRACKING_PURGE_NUMBER', '3', 'What is the number associated with purging before the current date/time?<br/><br/>An example would be to choose 3 here and units associated with days to delete data greater than 3 days before today.<br/>', @UserTrackgID, 30, '2013-11-09 23:08:38', '2013-11-09 23:08:38', NULL, NULL);
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Purge Units)', 'CONFIG_USER_TRACKING_PURGE_UNITS', '1440', 'Pick the units associate with the periodicity to allow purging data.<br/><br/>60) Hours<br/>1440) Days<br/>10080) Weeks<br/>43200) Months (Based on 30 days)<br/>', @UserTrackgID, 31, '2013-11-09 23:08:38', '2013-11-09 23:08:38', NULL, 'zen_cfg_select_option(array(''60'', ''1440'',''10080'',''43200''),');
INSERT INTO configuration (configuration_id, configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, last_modified, date_added, use_function, set_function) VALUES (0, 'User Tracking (Type of User Interaction to Record)', 'CONFIG_USER_TRACKING_TRACK_TYPE_RECORD', '1', 'Type of user tracking to record?<br/><br/>1 - All visitors.<br/>2 - Visitors views where sessions have been started.<br/>3 - All users except bots/spiders ( requires Configuration->Sessions->Prevent Spider Sessions->true) (Don\'t know if this works with Zen-Cart versions older than 1.2.6d)<br/><br/>Related to above: If you set Force Cookie Use->true, then at the first user entry, sessions do not start!!! And in variants 2 and 3, user-tracking will not have started. In this case you lose one click and do not log the refferal. But if this user is a returning user and has an old/previous zen cookie the session started and your tracking system will collect this info. So, the result beforehand is not logged or will not be known.<br/>', @UserTrackgID, 40, '2013-11-09 11:19:26', '2013-11-09 11:19:26', NULL, 'zen_cfg_select_option(array(''1'', ''2'',''3''),');
INSERT INTO configuration VALUES (0, 'User Tracking (your favorite WHOIS URL)', 'USER_TRACKING_WHOIS_URL', 'http://www.dnsstuff.com/tools/whois.ch?ip=', 'Put here you favorite WHOIS tracking site<br>(the IP will follow automaticly after this url)', @UserTrackgID, 50, '2003-03-03 11:19:13', '2003-03-11 11:40:01', NULL, NULL);
INSERT INTO configuration VALUES (0, 'User Tracking (Show Product Category when tracking product clicks)', 'ZEN_CONFIG_SHOW_USER_TRACKING_CATEGORY', 'true', 'Show Product Category when tracking product clicks', @UserTrackgID, 60, '2006-12-05 11:19:26', '2006-12-05 21:20:07', NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
INSERT INTO configuration VALUES (0, 'User Tracking (Version Installed)', 'CONFIG_USER_TRACKING_VERSION', '1.4.3', 'Shows the version number associated with user tracking and should be updated with each upgrade', @UserTrackgID, 1000, '2013-11-10 04:19:26', '2013-11-18 04:19:26', NULL, NULL);
Version 1.4.3a has been submitted for review/posting by the Zen Cart staff.
The update only corrects the New_Install_User_Tracking.sql file; however, the readme's were updated to reflect that change. Those that have previously installed this or have worked through the SQL errors that I introduced when updating the new install to match the suggested method of installation do not need to "update" the file at this time.
In the mean time the posted install sql above should work and is basically what is provided in the newest version.
Thank you so much! The updated new install sql worked for me flawlessly. It's now active and I am going to observe and see if anything strange shows up in the log. Thanks again for the update.
Thank you mc12345678 for this great update. I have been following this thread from the beginning because I also received the new install sql error. It now works perfectly.
I have one question: what is the report button for under Admin>Tools>User Tracking? Is it a refresh or should an actual report appear?
Thanks again for this great update!
Can you please tell me if this update is suppose to fix the issue where User Shopping Cart (when viewing user tracking) is the same across multiple visitors? Thanks!
The problem here is the decoding of the various active shopping cart(s)Quote:
Originally Posted by BlessIsaacola
If you visit whosonline and click on a visitor with an active cart, then that cart is the one that is shown for all the user tracking visitors that haven't expired.
The "Report" button acts as a refresh to pull up the history associated with the selected date. I had kind of forgotten that the name of the button doesn't exactly match what happens.Quote:
Originally Posted by jghogue
Basically if you know you want to look at the history of November 1, then you can "dial" that in and press report and the time machine will take you back to the first of November. :) or one could click repetitively the back one day button.
Will consider what to do with that aspect (recode it/add instruction).
While aware and familiar with the results of an item being in the cart causing visual chaos, I have not tackled that one yet. I realize that there is some incorrect logic that predates my changes to the plug-in, but if I remember correctly that area of the code is integrated with the area that does the logging of the visit, which is why I have put a bit of a precedence on squaring away the logging/capturing of data first. I once had a bot add something like 4 million dollars of items to it's cart and while looking at UT you could imagine my surprise that a single "user" wanted to buy that much from our little organization. Looked into it, and ah well just some computer adding stuff to the cart that it wasn't going to buy.Quote:
Originally Posted by BlessIsaacola
Anyways, as much as I would like to straighten the cart issue out, I need to stick with the plan to address capture of the data first which may lead to an easy fix on the cart issue.
Haven't dropped this idea...Quote:
Originally Posted by Woodymon
Glad you provided the link to obtain additional ip data. Seeing some of the "visits" to my site and the fact that the country did not seem to line up with the provided flag, I did find that it is possible to download an updated GeoIP data file without going through a pay source. I am assuming and it is a big stretch, that UT is written to handle the free version of the GeoLite data file. I've tried to do some preliminary review of the GeoLite2 perspective; however, have not found what the difference/benefit between the two is. When able, I plan to try to incorporate the GeoIP data file and see if I have new/different results on my site then would provide direction/instruction on how others can obtain the updated file assuming it works.
The user readable version (CSV) certainly is large; however, it looks like the current compressed version (DAT) is actually smaller than the one that has been provided in this plug-in.
The source found reports to update every week, so yes the current DAT file is WAY out-of-date.
Will also continue to consider how better to provide the package and associated changes.
If you are updating the GeoIP.dat file, you have to also get the latest geoip.inc file to access it correctly.Quote:
Originally Posted by mc12345678
Thank you so much for the update. Completely understand your approach and appreciate all the work you're putting into this. I simply asked to make sure I didn't miss something.
Quote:
Originally Posted by mc12345678
No hardship here. :) wanted to make sure any that read this now or in the future understood the thought process brhind it. Now too, it looks like an update to handle the new geoip data is needed. I hope it won't be. Difficult, but reading the api instructions makes it seem it won't be too bad. (Though sounds like will need to consider the size aspect as recentky suggested.Quote:
Originally Posted by BlessIsaacola
Any idea what this error is?The ip address belongs to MSN searchbot. Thanks!Quote:
[16-Nov-2013 08:44:35 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OFFICE_IP_TO_HOST_ADDRESS')' at line 1 :: insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, referer_url, page_desc, customers_host_address) values ('0', 'Guest', '', '157.55.32.84', '1384609475', '1384609475', '/index.php?main_page=product_reviews&cPath=388_408&products_id=13478', '/index.php?main_page=product_reviews&cPath=388_408&products_id=13478', 'Discovery and Exploration - Educational Insights You\', 'OFFICE_IP_TO_HOST_ADDRESS') in /includes/classes/db/mysql/query_factory.php on line 120
Yeah, took a second tofigure out, but look at the last character of your page description field that is just before the host ip address. Looks like this: 'Discovery and Exploration - Educational Insights You\', well, the \ just before the single parenthesis is an escape code sequence, telling SQL to treat the ' as a character in the string rather than the end of a string. So the next ' becomes the end, the OFFICE_IP_TO_HOST_ADDRESS is becomes a misplaced statement and then finally the last ' is treated as the opening to a new string that is not properly finalized which causes the error you are seeing. I think that if you were to visit thatpage yourself, you would cause the same issue, it just happens that someone/something got there first.Quote:
Originally Posted by BlessIsaacola
Btw, that is an example also of what I was saying of identifying a malformed SQL statement, doing something about it, and letting the operator know it happened and hopefully in a way that would be unique to UT.
Basically the page description for that product should not end with a backwards slash. Not sure why it would, to begin with...
Thank you so much for looking into this. I think the problem is with the Zen Lightbox on our site. If you look at this page: http://www.clevershoppers.com//index...ducts_id=13478 you will notice the garbage on top of the product image. If I turn off Zen Lightbox the problem is not there. As you suggested I went to the actual product page: http://www.clevershoppers.com/index....ducts_id=13478 and I did not see any problem with the description when I view it normally as well as looking at the source. I will try to solve the Zen Lightbox issue first and then see if I see more errors in the log.Quote:
Originally Posted by mc12345678
Well, I resolved my original issue by using the fix provided via the Zen Lightbox thread. Now I am dealing with something else and perhaps it doesn't have anything to do with User Tracking but since it's the mod revealing the problem I am starting here. Here is the error message:Here is the link http://www.clevershoppers.com/index....ducts_id=79860 to the product in question. You will notice in the title (Theo (Teaching Children God's Word) God's Love DVD 2011) there are two apostrophes. I believe the ' in the title is what's causing the problem. It would appear User Tracking is not properly escaping the single quote (') in the title before trying to post it to the database. Zen Cart seems to handle this just fine on the site but not sure how to deal with this issue.Quote:
[17-Nov-2013 04:41:17 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OFFICE_IP_TO_HOST_ADDRESS')' at line 1 :: insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, referer_url, page_desc, customers_host_address) values ('0', 'Guest', '', '23.22.202.186', '1384681277', '1384681277', '/?main_page=product_info&cPath=12_170&products_id=79860', '/?main_page=product_info&cPath=12_170&products_id=79860', 'Animation - Theo (Teaching Children God\'s Word) God\', 'OFFICE_IP_TO_HOST_ADDRESS') in /includes/classes/db/mysql/query_factory.php on line 120
So the field that is currently causing the problem is the page description (which I thought would be different than the page title, but I can look further into that). You are correct that UT doesn't (yet) filter the data to remove the converted ' (made into \' ) prior to posting to the UT table database. Typically I have seen that only the last_page_url or refferer_page_url would throw that type of error because of attempts by malicious visitors to inject SQL code. It looks like the review/change will need to include the characters of other fields as well, to include some form of substitution of the last character in the string as applicable.Quote:
Originally Posted by BlessIsaacola
Quote:
Originally Posted by BlessIsaacola
So was thinking about the above thiss morning. I have a few ideas associated with it.Quote:
Originally Posted by mc12345678
1) Sessions have a limited life. As such, UT as currently constructed is only setup to reoprt carts that are active.
2) Storing information related to all carts created would utilize more database capability which could be an issue forfor some users having a limited capacity. Enabling this capability would require an additional table in the database (to maintain correct table form) and also a control to prevent populating the table. Considering the default would be not to populate the table and that the table would be created in the code of usage rather than the install/upgrade sql.
3) Current carts are available through SQL inspection. UT apparently uses the version of cart identification similar to who's online in that it presents all current carts whenever/wherever cart information is displayed. At the point of display, there is sufficient information available to pull only the cart associated with that session. This information is currently not being used to provide just that cart info. Adding in the code to pull the current cart content for an active cart should be available from who's online with modification to apply only to the current session of the record being displayed.
4) Logic/display of cart information would need to consider gathering "all" info from 2 and current information of 3, but also take into account that on each page load the contents of the cart for the session being tracked such that as long as the cart's session is active the tracked cart is updated to reflect the current contents in both thetable of 2 and the active display of 3. Once the cart's session is inactive/has expired, then the data displayed identifies that this is basically an abandoned cart. This is not to take the place of any abandoned cart plugin, though may duplicate effort. This method would increase traffic withthe database, more so if option 2 above is active.
5) This may be possible to partially implement without correcting the tracking method of spiders/users as described above as it would affect only the display of session/cart information associated with existing variables and data that is readily available. Subsequent mod to address the tracking/identification of spiders may affect this area; however, that would just be part of updating the code to address any other changes/ensure continuity.
Ideas?
Thank you for your response. I think the main issue is dealing with special characters like apostrophe which can actually happen in several places. Like I said, Zen Cart handles the situation just fine. For now, I am leaving the mod installed because the value outweighs the inconvenience of deleting the log entries. I will also consider fixing the special characters where I can to minimize my issue. The only problem is when I have used html entities in the titles before, it resulted in other problems.Quote:
Originally Posted by mc12345678
As usual, continued to consider this issue. Will need to look at how the variable is used downstream, what was it page_key?, but I'm thinking that it would be okay to truncate it by one character if the last character is \. See ZC is properly formatting the string to prevent a problem, but if remember correctly the field is set to a specific length upon construction of the table. I'm not sure why it is the length that it is, but, also thinking that it's okay to be as short as it is. I will have to assess that before making a change to the table length, but if there is no effect on the program by truncating that and other fields that could potentially have an escaped character, then the fix will be to check the last character in the string if it is \ then delete it. So, generally speaking there is no reason for you to modify the content as you have described, this plug-in should be modified to support standard ZC functionality.Quote:
Originally Posted by BlessIsaacola
I do think that part of the reason that it is as "short" as it is, is because UT is collecting additional data and storing it without using reference to the rest of the database as the goal is to report exactly what was attempted instead of what the ZC database contains. So, this increases the amount of information in the database and increasing the field length may gain little in functionality/information, but will increase database size.
will this mod help in tracking who is doing what at my zc 1.5.1 site? Reason I am asking this is because I notice some really strange behaviors on my site. I can see some ip's in my "Whos Online" page in admin, that some ip's are able to put ridiculous quantities of an item in their shopping cart such as 5000000000 units will I have less than a 100 units in stock in the quantity of that one item.
Does zencart prevent a larger then inventory quantity be added to the shopping cart? it seems like some of these ips' are trying to block my traffic. I want to find out who they are, what exactly are they doing, and be able to block them.
any help is appreciated.
So to try to answer, it will let you know what pages have successfully (and completely) loaded (I.e., the footer must be processed), therefore it will show you to what page(s) a session has successfully reached.Quote:
Originally Posted by twi
Regarding the tracking of what entity is doing this, well, there is a small caveat still at this time. The coding for identifying which records to add to the database already does some filtering as written; however, there were some types of records that were not filtered (hence the added hide spiders functionality). It is planned to overhaul that process so that the show spiders option would show all visitor traffic regardless of being a spider or not (which is more than likely what you have/had going on).
ZC does offer the capability of preventing the more than current quantity from being added to cart capability (or at least from checkout); however, that issue is something I would recommend to bring up in a separate forum/thread. There are multiple settings/ways to "notify" the user/visitor of attempting to add to the cart more quantity than in stock or to prevent that from happening. This plugin though will more than likely provide the information (IP address) of the individual(s) attempting to perform that action. All-in-all it seems to be an attempt to locate security weaknesses that could potentially be exploited. Afterall, if they actually pay for that quantity of product, worst case is that they get a refund for the product not in stock and you make a lot of money otherwise. :)
Thanks for the prompt reply. I would be ecstatic I they actually want to buy that amount added to the cart. It is in the ten of millions of dollars when they attempt to do that. they would add ridiculous quantities to a handful of products. Of course they are not able to checkout since I have initiated the prevent checkout if quantity is greater than inventory setting in admin. But it really bothers me that they are actually able to put the quantities in the cart. I though that zc prevent it from doing so even though an insufficient quantity warning in read is displayed.Quote:
Originally Posted by mc12345678
To make thing simple. Is there a way to block certain/specific IP's? I have read something about htaccess but don't understand a thing how to do it. any suggestions?
It's not difficult; however, I am not on a device that would allow me to look up my current htaccess file (easily). I've done that after I received one after another contact us inquiries, and other obnoxious actions on my site. Ultimately I didn't need anything from that group of servers as there is no way that their business could be gained for our organization. Anyways, it's not difficult;however, if you go for the onsey twosy, you may find that they will try from a different direction. Unfortunately it's a part of being able to be accessed by anyone in the world. Bound to have a few people/computers trying to do something obnoxious.Quote:
Originally Posted by twi
We had one day over 10000 hits from a single ip. Want to talk about somebody trying to shut down someone. It didn't take us offline but wholly cow!
Thank you again for the thorough help and insight in this situation. If you do have time later or a few days later, maybe you can send me some links of shoot me some pm concerning how to do it in the htaccess file would be great. Thanks in advance.Quote:
Originally Posted by mc12345678
Here is the latest error message:I think I am going to disabled this mod temporarily until after Christmas season. I want to make sure I can focus on any error that's genuine in the log and this mod is just filling it up. I will definitely continue to monitor the progress on this though. Thanks!Quote:
[22-Nov-2013 03:11:00 America/New_York] PHP Warning: reset() expects parameter 1 to be array, null given in /adminfolder/user_tracking.php on line 301
Please advise, at that point of using UT to look at the history, were there no records returned/shown?Quote:
Originally Posted by BlessIsaacola
(For those reviewing this thread, that error iappears from the newly added functionality of displaying the number of visits at the beginning of the display of visitors.)
Odd thing to say/think, but almost glad that there is a problem, that way any additional changes can be incorporated with a fix.looking at adding a check for the last character of strings before sending to SQL and other character sequences specifically in the URL info just to prevent additional errors/warnings can add a flag later, then also to address a zero "volume" return on the array of visitors. Hopefully can submit soon.
It is definitely possible that this happened after I disabled the Mod on the Admin side. I did not remove the tracking code in the footer just set it "User Tracking Visitor" to False. I guess I will disable on the Admin as well as remove the tracking code from the footer to avoid any potential issue.Quote:
Originally Posted by mc12345678
Thanks!
May have been before or after disabling tracking of visitors. I was able to reproduce the error by moving to tomorrow's date. (Obviously no data available for tomorrow.)Quote:
Originally Posted by BlessIsaacola
So no, it does not just randomly generate that reset warning. It is a missed check on my part. Should not have it try to cycle through the "array" if there is nothing in that array, thus I would not have to reset it. The result will still be zero, but the "array" will not be sent through an operation that could cause a warning. At this time removing the footer code will not prevent that warning from being logged. Not going to the admin/user_tracking.php page when there is no data or to a date that has no data will.
Thanks for the update and clarification. I appreciate all your support.
Quote:
[16-Nov-2013 08:44:35 America/New_York] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OFFICE_IP_TO_HOST_ADDRESS')' at line 1 :: insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, referer_url, page_desc, customers_host_address) values ('0', 'Guest', '', '157.55.32.84', '1384609475', '1384609475', '/index.php?main_page=product_reviews&cPath=388_408&products_id=13478', '/index.php?main_page=product_reviews&cPath=388_408&products_id=13478', 'Discovery and Exploration - Educational Insights You\', 'OFFICE_IP_TO_HOST_ADDRESS') in /includes/classes/db/mysql/query_factory.php on line 120
Wondering if you could add the following code to: yourstore/includes/functions/extra_functions/user_tracking.php ~line 69 (after the assignment of $page_desc = substr($page_desc, 0, 63); but before the $db->execute that inserts the record... Then test accessing the product (assuming that the record still has the same description) and see if still get the same issue... I'll see if I can't reproduce prevent reproduction of the error by forcing a comparison with that final result; however, some of the errors described seem to be "random" or at least it seems to take very specific conditions to cause a problem.Quote:
Originally Posted by BlessIsaacola
Code:while (strpos(right($page_desc, 1), '\\') !== false) {
$page_desc = substr($page_desc, 0, -1);
}
Yeah, need to code in the correct language. PHP doesn't have a "right(" function...Code should be:Quote:
Originally Posted by mc12345678
Code should be:
Code:while (strpos(substr($page_desc, -1), '\\') !== false) {
$page_desc = substr($page_desc, 0, -1);
}
Submitted version 1.4.3b with the following updates:
1. Corrected a PHP warning that appears if there are no visits tracked for the date being reviewed.
2. Corrected an issue that had the possibility of generating an error log: If a product's description included a character that would be translated by use of an escape character as part of a SQL command, (eg: he's would be changed to he\'s) then, if that escape character landed in just the right position, it would end up as the last character in the string prior to a single quote as part of the SQL statement. This would then cause an error in the execution of the SQL statement and an error log to be generated. Resolution was to remove the last character if that last character is a \. This issue has been resolved for: page description, last page URI, and referrer URI.
3. Updated the button display of spiders, such that if option 3 is chosen in system setup that a message appears.
UPDATING INSTRUCTIONS:
For SQL statemenst: same instructions as applicable from the 11/10/2013 update.
Files updated from 1.4.3 or 1.4.3a are:
YOUR_ADMIN\user_tracking.php
YOUR_ADMIN\includes\lanaguages\english\user_tracking.php
includes\functions\extra_functions\user_tracking.php
For those that would just want the code update, here are basically the changes (functional changes) (compared to version 1.4.3), I am leaving out the additional words portion of the update at this time.
In YOUR_ADMIN/user_tracking.php
find:
replace with (Change in red):Code:$listed = 0;
if ($results)
while (($ut = each($user_tracking)) && !$user_tracking->EOF /*($listed++ < CONFIG_USER_TRACKING_SESSION_LIMIT)*/)
Find:Code:$listed = 0;
if ($results && is_array($user_tracking) == true)
while (($ut = each($user_tracking)) && !$user_tracking->EOF /*($listed++ < CONFIG_USER_TRACKING_SESSION_LIMIT)*/)
replace with (Change in red):Code:reset($user_tracking);
//End of v1.4.3 14 of 15
if ($results)
while (($ut = each($user_tracking)) && ($listed++ < CONFIG_USER_TRACKING_SESSION_LIMIT))
andCode://End of v1.4.3 14 of 15
if ($results && is_array($user_tracking) == true) {
/* Begin v1.4.3b (Moved statement to within test) */
reset($user_tracking);
/* End v1.4.3b */
while (($ut = each($user_tracking)) && ($listed++ < CONFIG_USER_TRACKING_SESSION_LIMIT))
Find:
Replace with (Change in red):Code:// End User Tracking - Spider Mod 6 of 7
}
in \includes\functions\extra_functions\user_tracking.phpCode:// End User Tracking - Spider Mod 6 of 7
}}
at approximately line 70 (after $page_desc asssignment) but before $db->Execute add:
then after $wo_last_page_url assignment and before $db->Execute:Code:/* Start - User tracking v1.4.3b modification*/
while (strpos(substr($page_desc, -1), '\\') !== false) {
$page_desc = substr($page_desc, 0, -1);
}
/* End - User tracking v1.4.3b modification*/
These last two changes need to be before the $db->Execute command.Code:/* Start - User tracking v1.4.3b modification*/
while (strpos(right($wo_last_page_url, 1), '\\') !== false) {
$wo_last_page_url = substr($wo_last_page_url, 0, -1);
}
/* End - User tracking v1.4.3b modification*/
/* Start - User tracking v1.4.3b modification*/
while (strpos(right($referer_url, 1), '\\') !== false) {
$referer_url = substr($referer_url, 0, -1);
}
/* End - User tracking v1.4.3b modification*/
No indicators have been added. This all will simply clean up the data going to be processed via SQL so that it won't generate a warning when no data is present for the data reviewed, and also will prevent SQL injection of creating a \' unintentionally.
Tada done...
No, did not get to next set of features to be added.