User tracking mod

[mc12345678]

Thank you for your response. I think the main issue is dealing with special characters like apostrophe which can actually happen in several places. Like I said, Zen Cart handles the situation just fine. For now, I am leaving the mod installed because the value outweighs the inconvenience of deleting the log entries. I will also consider fixing the special characters where I can to minimize my issue. The only problem is when I have used html entities in the titles before, it resulted in other problems.

As usual, continued to consider this issue. Will need to look at how the variable is used downstream, what was it page_key?, but I'm thinking that it would be okay to truncate it by one character if the last character is \. See ZC is properly formatting the string to prevent a problem, but if remember correctly the field is set to a specific length upon construction of the table. I'm not sure why it is the length that it is, but, also thinking that it's okay to be as short as it is. I will have to assess that before making a change to the table length, but if there is no effect on the program by truncating that and other fields that could potentially have an escaped character, then the fix will be to check the last character in the string if it is \ then delete it. So, generally speaking there is no reason for you to modify the content as you have described, this plug-in should be modified to support standard ZC functionality.

I do think that part of the reason that it is as "short" as it is, is because UT is collecting additional data and storing it without using reference to the rest of the database as the goal is to report exactly what was attempted instead of what the ZC database contains. So, this increases the amount of information in the database and increasing the field length may gain little in functionality/information, but will increase database size.

[twi]

will this mod help in tracking who is doing what at my zc 1.5.1 site? Reason I am asking this is because I notice some really strange behaviors on my site. I can see some ip's in my "Whos Online" page in admin, that some ip's are able to put ridiculous quantities of an item in their shopping cart such as 5000000000 units will I have less than a 100 units in stock in the quantity of that one item.

Does zencart prevent a larger then inventory quantity be added to the shopping cart? it seems like some of these ips' are trying to block my traffic. I want to find out who they are, what exactly are they doing, and be able to block them.

any help is appreciated.

[mc12345678]

will this mod help in tracking who is doing what at my zc 1.5.1 site? Reason I am asking this is because I notice some really strange behaviors on my site. I can see some ip's in my "Whos Online" page in admin, that some ip's are able to put ridiculous quantities of an item in their shopping cart such as 5000000000 units will I have less than a 100 units in stock in the quantity of that one item.

Does zencart prevent a larger then inventory quantity be added to the shopping cart? it seems like some of these ips' are trying to block my traffic. I want to find out who they are, what exactly are they doing, and be able to block them.

any help is appreciated.

So to try to answer, it will let you know what pages have successfully (and completely) loaded (I.e., the footer must be processed), therefore it will show you to what page(s) a session has successfully reached.

Regarding the tracking of what entity is doing this, well, there is a small caveat still at this time. The coding for identifying which records to add to the database already does some filtering as written; however, there were some types of records that were not filtered (hence the added hide spiders functionality). It is planned to overhaul that process so that the show spiders option would show all visitor traffic regardless of being a spider or not (which is more than likely what you have/had going on).

ZC does offer the capability of preventing the more than current quantity from being added to cart capability (or at least from checkout); however, that issue is something I would recommend to bring up in a separate forum/thread. There are multiple settings/ways to "notify" the user/visitor of attempting to add to the cart more quantity than in stock or to prevent that from happening. This plugin though will more than likely provide the information (IP address) of the individual(s) attempting to perform that action. All-in-all it seems to be an attempt to locate security weaknesses that could potentially be exploited. Afterall, if they actually pay for that quantity of product, worst case is that they get a refund for the product not in stock and you make a lot of money otherwise. :)

[twi]

So to try to answer, it will let you know what pages have successfully (and completely) loaded (I.e., the footer must be processed), therefore it will show you to what page(s) a session has successfully reached.

Regarding the tracking of what entity is doing this, well, there is a small caveat still at this time. The coding for identifying which records to add to the database already does some filtering as written; however, there were some types of records that were not filtered (hence the added hide spiders functionality). It is planned to overhaul that process so that the show spiders option would show all visitor traffic regardless of being a spider or not (which is more than likely what you have/had going on).

ZC does offer the capability of preventing the more than current quantity from being added to cart capability (or at least from checkout); however, that issue is something I would recommend to bring up in a separate forum/thread. There are multiple settings/ways to "notify" the user/visitor of attempting to add to the cart more quantity than in stock or to prevent that from happening. This plugin though will more than likely provide the information (IP address) of the individual(s) attempting to perform that action. All-in-all it seems to be an attempt to locate security weaknesses that could potentially be exploited. Afterall, if they actually pay for that quantity of product, worst case is that they get a refund for the product not in stock and you make a lot of money otherwise. :)

Thanks for the prompt reply. I would be ecstatic I they actually want to buy that amount added to the cart. It is in the ten of millions of dollars when they attempt to do that. they would add ridiculous quantities to a handful of products. Of course they are not able to checkout since I have initiated the prevent checkout if quantity is greater than inventory setting in admin. But it really bothers me that they are actually able to put the quantities in the cart. I though that zc prevent it from doing so even though an insufficient quantity warning in read is displayed.

To make thing simple. Is there a way to block certain/specific IP's? I have read something about htaccess but don't understand a thing how to do it. any suggestions?

[mc12345678]

Thanks for the prompt reply. I would be ecstatic I they actually want to buy that amount added to the cart. It is in the ten of millions of dollars when they attempt to do that. they would add ridiculous quantities to a handful of products. Of course they are not able to checkout since I have initiated the prevent checkout if quantity is greater than inventory setting in admin. But it really bothers me that they are actually able to put the quantities in the cart. I though that zc prevent it from doing so even though an insufficient quantity warning in read is displayed.

To make thing simple. Is there a way to block certain/specific IP's? I have read something about htaccess but don't understand a thing how to do it. any suggestions?

It's not difficult; however, I am not on a device that would allow me to look up my current htaccess file (easily). I've done that after I received one after another contact us inquiries, and other obnoxious actions on my site. Ultimately I didn't need anything from that group of servers as there is no way that their business could be gained for our organization. Anyways, it's not difficult;however, if you go for the onsey twosy, you may find that they will try from a different direction. Unfortunately it's a part of being able to be accessed by anyone in the world. Bound to have a few people/computers trying to do something obnoxious.

We had one day over 10000 hits from a single ip. Want to talk about somebody trying to shut down someone. It didn't take us offline but wholly cow!

[twi]

It's not difficult; however, I am not on a device that would allow me to look up my current htaccess file (easily). I've done that after I received one after another contact us inquiries, and other obnoxious actions on my site. Ultimately I didn't need anything from that group of servers as there is no way that their business could be gained for our organization. Anyways, it's not difficult;however, if you go for the onsey twosy, you may find that they will try from a different direction. Unfortunately it's a part of being able to be accessed by anyone in the world. Bound to have a few people/computers trying to do something obnoxious.

We had one day over 10000 hits from a single ip. Want to talk about somebody trying to shut down someone. It didn't take us offline but wholly cow!

Thank you again for the thorough help and insight in this situation. If you do have time later or a few days later, maybe you can send me some links of shoot me some pm concerning how to do it in the htaccess file would be great. Thanks in advance.

[BlessIsaacola]

Here is the latest error message:

[22-Nov-2013 03:11:00 America/New_York] PHP Warning: reset() expects parameter 1 to be array, null given in /adminfolder/user_tracking.php on line 301

I think I am going to disabled this mod temporarily until after Christmas season. I want to make sure I can focus on any error that's genuine in the log and this mod is just filling it up. I will definitely continue to monitor the progress on this though. Thanks!