Users access log

[duwil]

I need to extract for every user the login date/hour and the logout date/hour for every session, I think this is not possible out of the box but it shouldn't be diffucult to do, could someone please point me in the right direction to achieve it?

I suppose I'll have to create a new table in the DB and then I think I'll have to change a couple of file to insert a record in my new table every time a user login and logoff... The problem is that I'm not that good with php, so what are the files you think I must change?

tia

---

[atrol]

How will you ensure that users use logout link?
There are users who just close the browser, there are users who never logout, .....
IMO you will have nice statistics for management with questionable value.

[duwil]

I know it would be far from perfect but it is still good for me... so if someone could tell me where to look for the code that insert the last_visit date/hour in the DB (mantis_user_table) it would be a great starting point!

[atrol]

Have a look at function user_update_last_visit in file user_api.php

Huuh, I am starting to give support for questionable features

Do you want to be a big brother, want to know what users really do, want to get more impressive charts?
If yes, you should check the history table of MantisBT.

[cas]

simple question, simple answer:
look in the login & logout scripts.
If you make it, design as plugin so there is no need for adjustments to core.

[duwil]

Thanks for the replies, and yes I'm going to be a sort of big brother ... I've been asked to customize an installation that will run in a private intranet and will manage private data, a prerequisite is that the big chief could ask for a log with all user's sessions data (login/logout date).

[atrol]

a prerequisite is that the big chief could ask for a log with all user's sessions data (login/logout date).

I wish I could ask him how he wants to interprete the data, or maybe this is just to impress the bigger chief

[duwil]

maybe this is just to impress the bigger chief

Not really, I mean it's not my boss' choice to ask for that list, it's a requirement written in the company's policies: the logs must be kept for six months and maybe no one will ever ask for them but the web applications (e.g. mantis) must be able to provide them. It's not needed for every system, it depends on what type of data the system will manage. I think it's similar to what ISP (internet service providers) must do when asked by police authorities, they have to provide the user's access log, I think it's not unusual...

[atrol]

it's a requirement written in the company's policies:

As I wrote: A problem with the bigger chief

I think it's not unusual...

Ah Ok,so it's easy for the bigger chief to have this as a requirement in the company's policies, just because it's not unusual. IMO nonsens.
But now enough with my off topic smalltalk, I have to start writing the book "How to fake access logs"

[duwil]

I completely agree with you, it's a nonsense and I wish I could avoid it

[duwil]

At least I found out the need for an "audit log" is taken into account also elsewhere... so it must not be a completely nonsense

http://www.devshed.com/c/a/PHP/Logging- ... lications/


---

[atrol]

The sense of the user access logs we are talking about will not grow because there is a website who provides information about various loggings in PHP.
But yes, it's not completely nonsense, as I wrote: just nonsens.

Maybe with some changes in MantisBT the results would become better. There are such things like session expiry in PHP and unload events in browser which can be catched by Java Script to log the closing of the window.
But this will still not be a near 100% solution, because there are users with disabled Java Script, ....
Interesting things, maybe a real expert for this is reading and can give some comments.

Ooops, again giving support for questionable features.
I have to start writing the book "How to distinguish faked statistics from random statistics"