Dotnetnuke URL tracking - sql

I have a DNN (5) internal website that I need track URL's. I am unable to use any external analytics (Google or otherwise), so I have to rely on the internal installation as-is. I have also tried a tracking tool, but it does not give me what I need, which is really just raw page and user info. I have also tried to look at the [UrlLog], [Urls] and [UrlTracking] tables, but even though I am navigating pages, nothing is listed. The [eventlog] is logging events, so I know I am on the right site. I don't necessarily want to create new tables and log event separately if DNN does log it anyway. I would prefer to just be able to query it directly via SQL (or via the reports module).
Any guidance will be appreciated.

You can enable the SITE LOG in host settings, that will start to track a lot of information in DNN, by default it is set to 0 days, which won't store any history.
For existing portals, you will need to go into the individual portals settings and update the SITE log to also reflect the correct number of days. HOST is only used for new sites created.

Related

How to log requests and user info like username automatically into log file to track user activity in liferay?

In Liferay 7 Enterprise Edition,
I want to log user info like user_name in external log files automatically in each request to track user activities, how to do that?
without using auditing plugin
when I tried to log post request for example (login), it doesn't contain any info about user ?!
This kind of thing is much harder than you might think...
Getting access to the current user is really easy. As Victor pointed out, you can use the ThemeDisplay object to get current user. If you don't have the request around, you can use the PrincipalThreadLocal to find the current user id.
That gives you the who, but certainly not the "what is user doing" aspects. Since the portal aggregates the HTML fragments of many portlets, from a servlet filter perspective it would be hard to gleam which one of the available portlets on an incoming URL is actually being interacted with. You could try a portlet filter to narrow the field, but this will just tell you what portlet is being accessed but not what they are doing with it.
Although you rejected the built in audit functionality available in DXP, it really is the answer for tracking who did what in the portal because it has the necessary touch points to get those two pieces and put them together.
Now if you rejected the built in audit functionality because you want a file and not a database entry, that is easy to solve. Go to the System Settings control panel and find the Logging Audit Message Processor and enable it. It will write the audit events out to a file in CSV format, but you should have the source for modules/apps/foundation/portal-security-audit/portal-security-audit-router/src/main/java/com/liferay/portal/security/audit/router/internal/LoggingAuditMessageProcessor.java so you can use this as a basis to write your own format.
Look at this code:
https://github.com/amusarra/liferay-portal-security-audit
in particular the portal-security-audit-capture-events module that catch the login events.
This seems a job for a filter, the user information is normally extracted from the themeDysplay, like in:
ThemeDisplay themeDisplay = ( ThemeDisplay ) request.getAttribute( THEME_DISPLAY );
long userId = themeDisplay.getRealUserId();
If you want to track specific portlets, an OSGi portlet filter would do the job.

Alfresco permissions depending on whether document is currently part of workflow or not

Out-of-the-box, an Alfresco user can read a document based on:
The document's permissions
The user's role
The user's groups
Whether the user owns the document or not
Maybe some other factors I forgot?
Now, I want to add a new factor: Whether the document is currently part of a workflow.
Alfresco's permissionDefinitions.xml allows me to define permissions based on authorities such as ROLE_LOCK_OWNER etc, but it does not seem to be the right place to add permission conditions.
I guess I will have to write some Java source code, but I am not sure what classes are responsible for this, and whether there is an Alfresco way to customize them?
So, I assume you want to somehow have nodes that are attached to a workflow have different access rights? You need to think about the behavior you want in all of the UIs and protocols you are exposing (e.g. share, WebDAV, CIFS, FTP, etc.).
If you want to set a permission on a node, you can do that via JavaScript as well as Java (See http://docs.alfresco.com/5.2/references/API-JS-setPermission.html and http://docs.alfresco.com/5.2/references/dev-services-permission.html). As was mentioned in one of the comments, you can also get the number of active workflows on a node by referencing the activeWorkflows property in JavaScript (http://docs.alfresco.com/5.2/references/API-JS-ScriptNode.html) or in Java
Depending on the specifics, I might implement this in different ways, but if all you want to do is have the permission change, you could just update it at the beginning and end of your workflow with a simple javascript call. The only thing bad about that is that it doesn't take into consideration the workflow getting canceled. You could also create a policy/behavior on an aspect you attach or even have a rule or job run that updates content based on the activeWorkflows values.

Sitecore: Statistics on sitecore domain users

I'm working with Sitecore 8 Update 2.
I'm looking for a way to get some statistics on how many sitecore users are logged in ( over time, not just right now).
Mainly i would like to see if the actual amount of people working on the system is close to the maximum amount of users allowed by the license. Otherwise a company might be seriously overpaying.
Is there already an out of the box solution or a module available for this ?
If you visit this page:
<your-domain>/sitecore/client/Applications/LicenseOptions/KickUser
It will give you a list of all the currently logged in CMS users. That page is a SPEAK application and has a datasource called ActiveUsersDataSource. In the code, this datasource uses the DomainAccessGuard.Sessions property to get a list of all the sessions.
So if you just want a list, the KickUser page should be enough. If you want to run a report you can use the DomainAccessGuard.Sessions property as a start. You could use that to write a report with Sitecore Powershell Extensions pretty simply.
Log files usually contain audit information about login / logout. E.g.:
6140 13:57:33 INFO AUDIT (sitecore\djanjicek): Login
...
7512 14:02:57 INFO AUDIT (sitecore\djanjicek): Logout
With Sitecore Log Analyzer you should be able to filter your log files on the audit trails.
https://marketplace.sitecore.net/Modules/S/Sitecore_Log_Analyzer.aspx
If you need a web based solution then you could write an admin page that reads all log files and outputs the required lines in a timely fashion.
Also, you can try this:
var x = Membership.Providers["sql"].GetNumberOfUsersOnline();
where "sql" is you membership provider name defined in configuration.

prevent duplicate site / page / layouts / templates / webparts, possible

We have a sharepoint environment with many sites (and sometimes many site collections). Each site (or site collection) has the same default page with some custom webparts that use sitecolumn values (for example a projectcode or clientcode) to show information from external systems. (for each project we have to create a separate site (or site collection) because of other reasons)
What is the best approach to minimize duplication? The dynamic parts of the page are stored in site columns. When we add a new webpart, ideally the default page every site/page should show the new webpart without spreading the update to the individual pages
Thanks
One approach you may want to take is to use the web part as a wrapper for a user control. The user control does the heavy lifting on the site. Once the web part is included on your pages, the user control should be able to tell which site it is being executed on and pull the necessary dynamic data from your site columns.
When you need to make updates, you update the user control and then redeploy the solution package to the farm. Each site will pick up the change as soon as the solution is deployed.
Here is a little information about this approach:
http://msdn.microsoft.com/en-us/library/ff649867.aspx.
The above article relates to WSS 3.0, but that should give you a starting point.
An approach you may want to look at for SharePoint 2010 is a visual web part. More info can be found here: http://msdn.microsoft.com/en-us/library/ff597539.aspx.

How do I implement a secure upload/download area?

I've been asked to create a solution where people log in and are able to upload and download off of our work server. So John uploads a photo, and Jen can download it, for example. They also have to authenticate themselves.
Can someone give me a rough overview of how to implement this? I'm familiar enough with MySQL, C#, and JavaScript.
The rough overview
This should just be a matter of planning out the pieces.
at the very top of the page, put some code that checks if a user is logged in. If not, show a login form (or redirect to...). If they are logged in, show the rest of the page. If not, you'll need some logic to show a form, and then check it once it's submitted for authentication, and set a SESSION cookie or something similar.
Once the user is logged in, on the homepage, you might have an file-upload form and a listing of existing files. How you would style would depend on how many files you might expect to have. To keep things extremely simple, you could simple iterate through whatever files are in the upload directory. If you expect many more files than that, you may consider using a db.
Handle a file upload by sanitizing filenames (checking for filetype/filesize if you want to limit those) and putting the file into the directory.
Force the users to download the files (instead of having the browser decide what to do with them) for security purposes. Implementing this on certain filetypes may also be acceptable.
Other thoughts
You probably would not want the users to be able to excecute any files, so keeping the file directory hidden would be a good idea.
Keeping track of who uploaded and downloaded what is also doable, but would add another layer of complication to the script.