This topic is locked

How To Capture Custom Fields In Audit Log

4/15/2013 11:18:34 AM
PHPRunner Tips and Tricks
F
FunkDaddy author

Even though we are given the global event called "Before audit log" to help manipulate the audit capabilities of our app, it is very limited. It does not allow you to simply add information to custom fields you may have added to your audit log table.
If you have extra fields you want to capture follow these steps:
Using the new ability to add custom files in PHPR 6.1 or greater, add a custom file by first creating a new folder named "include" under "custom files" (when you are in PHPR "editor" design tab).
Now click on "import files..." and find the "audit.php" file that should already be in your applications output folder (ex: c:\wamp\www\my_app\include\audit.php).
When you import that folder this is now telling PHPR to always overwrite the default autit.php file in your output directory with the code displayed in your PHPR editor window. That's one of the great features of using "custom files" features, it lets you override any default files without, for example, overwriting the entire "include" folder. Instead, PHPR only overwrite the file based on what you explicitly added to your custom files. Of course, you can also add entirely new files using this feature to supplement you app.
Once you added this "audit.php" file you can now customize the code in PHPR to allow custom columns to be captured.
For example, I added a new column in my audit log table to track which "TeamID" a user beongs to when logging their audit activity (you define which table is used under the "Security" settings under "Locking and Audit"). This explanation assumes you are in fact logging data to a table and not a log file. By the way, I added this column directly in MySQL and not through PHPR (for those who may be new to PHPR environment).
Then, in the code displayed for audit.php which I imported into my project, I now add a line to the "class AuditTrailTable" as such: var $columnTeamID="TeamID";
This var's value was declared to match my column name verbatim to the column I added in my audit log table in MySQL.
Then, wherever you see this chunk of code (note that this appears in several functions in the audit.php file... you must update each one):



$this->TableObj->datetime=now();

$this->TableObj->ip=$this->params[0];

$this->TableObj->user=$this->params[1];

$this->TableObj->table=$table;

$this->TableObj->action=$this->strLogin;

$this->TableObj->description="";

$this->TableObj->Add();


Go ahead and add a line such as:



$this->TableObj->datetime=now();

$this->TableObj->ip=$this->params[0];

$this->TableObj->user=$this->params[1];

$this->TableObj->table=$table;

$this->TableObj->action=$this->strLogin;

$this->TableObj->description="";

$this->TableObj->TeamID=$_SESSION['TeamID']; //My newly added line to capture this column in audits

$this->TableObj->Add();


Note, that you will have had to set $_SESSION['TeamID'] (or whatever you are trying to track in audits) somewhere in your "After successful login" event (or wherever else is suitable for you).
There is one minor limitation, which only happens when you first login... the audit log in unable to capture my "TeamID" because the audit event is apparently triggered even before anything is ever set in "After Successful Login" event and hence my $_SESSION['TeamID'] event is not yet set. To solve this, add the following code (modified to match your tables and fields) directly after this line of code "$this->params=array($_SERVER["REMOTE_ADDR"],$_SESSION["UserID"]);" which is found inside the function LogLogin($pUsername).



//MBR - Added this because login audit takes place before "after successful login' event and hence $_SESSION['LinkHOAID'] is not yet set.

//Thus we set it here :-)

Global $conn;

$sql = "SELECT TeamID FROM users_active_qry WHERE Username ='".$_SESSION['UserID']."'";

$rs = db_query($sql,$conn);

$fetch = db_fetch_array($rs);

if($fetch){

$_SESSION['TeamID'] = $fetch['TeamID'];

}

//End MBR


This will allow your audit log to make use of the $_SESSION['TeamID'] immediately, even for initial login events.
By the way... all of what I have shown in this post does not require any coding inside the "Before Audit Log" event. Rather, we modify the audit.php file directly and take control over what is provided by default so we can side-step the limitation in PHPR of not letting us save audit values directly to new columns we define in whatever table we chose to log our audits.
If someone knows of a way to do this through the before audit event, please share it here. Perhaps, there is an easier way of doing this without the steps I described here (but I was unable to find such a solution in our forums... I tried a few, but none gave me control over capturing new columns in audits without writing my own insert or update queries).
The nice thing about modifying this audit.php file after importing into PHPR is that it works universally for all tables you select in the "Security" tab "Locking and Audit" settings... thus eliminating need to insert and update things manually for each tables events (as some posts in the forums suggest you do).
Hope this helps!

ruzgarajans 6/2/2019

Hi,

I'm sorry I didn't speak English.

my question related to "description field"
how do I write old and new values in separate columns.

thank you.
513

2.06.2019

127.0.0.1

admin

insan_kaynaklari

edit

---Keys

idinsan_kaynaklari : 10

---Fields

: 5

personel_sayisi [new]: 9[/b]