-
Notifications
You must be signed in to change notification settings - Fork 26
/
save.php
103 lines (86 loc) · 3.52 KB
/
save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
//error_reporting(0); // Don't report errors
//ignore_user_abort(1); // Allow running script in the background
/*
* This is an example of how to handle TrackUI logs.
* We are going to create .csv (plus .xml files) inside the logs dir.
* Remember to assign write permissions to that dir.
*
* We will use PHP to store the log files, but any server-side technology is possible;
* you just need to write your custom data handling stuff.
*/
define('LOGDIR', "logs");
define('LOGEXT', ".csv");
define('INFSEP', "|||"); // Must match INFO_SEPARATOR in trackui.js
// Enable CORS
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: X-Requested-With');
header('Access-Control-Max-Age: 86400'); // Cache preflight request
// Exit early so that the page isn't fully loaded for OPTIONS requests
if (strtolower($_SERVER['REQUEST_METHOD']) == 'options') exit;
// If raw post data, this is most likely a beacon
$headers = getallheaders();
if (strpos($headers['Content-Type'], 'text/') !== FALSE) {
$input = file_get_contents('php://input');
$_POST = json_decode($input, TRUE);
foreach ($_POST as $key => $value) {
if (is_string($value)) {
$_POST[$key] = rawurldecode($value);
}
}
} elseif (isset($HTTP_RAW_POST_DATA)) {
$data = explode('&', $HTTP_RAW_POST_DATA);
foreach ($data as $val) {
if (!empty($val)) {
list($key, $value) = explode('=', $val);
$_POST[$key] = rawurldecode($value);
}
}
}
// NB: This function is deprecated and always returns FALSE as of PHP 5.4.0
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_GET = stripslashes_deep($_GET);
$_POST = stripslashes_deep($_POST);
}
// Some browsers might not send empty vars
if (!isset($_POST['action'])) exit;
$info_data = isset($_POST['info']) ? $_POST['info'] : '';
// Convert JS array to newline-delimited entries
$info_data = str_replace(INFSEP, PHP_EOL, $info_data) .PHP_EOL;
// Ensure that our dir exists
if (!is_dir(LOGDIR) && !mkdir(LOGDIR)) exit;
if ($_POST['action'] == "init") {
$fid = (int)date("YmdHis");
// Avoid duplicated file IDs
while (is_file(LOGDIR."/".$fid.LOGEXT)) $fid++;
// Save data for the first time.
// The column separator must match ARGS_SEPARATOR in trackui.js
$header = "cursor timestamp xpos ypos event xpath attrs extras" .PHP_EOL;
file_put_contents(LOGDIR."/".$fid.LOGEXT, $header.$info_data);
// Save metadata as XML. It could be any other format, actually
$xml = '<?xml version="1.0" encoding="UTF-8"?>' .PHP_EOL;
$xml .= '<data>' .PHP_EOL;
$xml .= ' <ip>'.$_SERVER['REMOTE_ADDR'].'</ip>' .PHP_EOL;
$xml .= ' <date>'.date("r").'</date>' .PHP_EOL;
$xml .= ' <url>'.htmlentities($_POST['url']).'</url>' .PHP_EOL;
$xml .= ' <ua>'.$_SERVER['HTTP_USER_AGENT'].'</ua>' .PHP_EOL;
$xml .= ' <screen>'.$_POST['screenw'] .'x'. $_POST['screenh'].'</screen>' .PHP_EOL;
$xml .= ' <window>'.$_POST['winw'] .'x'. $_POST['winh'].'</window>' .PHP_EOL;
$xml .= ' <document>'.$_POST['docw'] .'x'. $_POST['doch'].'</document>' .PHP_EOL;
$xml .= ' <task>'.$_POST['task'].'</task>' .PHP_EOL;
$xml .= '</data>' .PHP_EOL;
file_put_contents(LOGDIR."/".$fid.".xml", $xml);
// Notify recording script
echo $fid;
} else if ($_POST['action'] == "append") {
// Don't write blank lines
if (trim($info_data)) {
file_put_contents(LOGDIR."/".$_POST['uid'].LOGEXT, $info_data, FILE_APPEND);
}
}
?>