User Administration

Configuring User Authentication in Logaholic (SPE)

Logaholic (SPE) Service Provider Edition includes a User Administration feature that allows you to restrict access to profiles for specific users. This feature allows you to provide your users with access to their own statistics, while blocking others.

Enabling user authentication

When viewing your website statistics, you can access the User Administrationn Configuration feature by clicking on the "Manage Profiles" link in the upper horizontal menu.

Next, select the "User Administration" tab.

Here, you can change the authentication method used to control user access to your website statistics. Click the "Change" link to show all possible authentication types, and select "Use Logaholic login dialog," then click the "Submit" button.

You will be asked to enter a username and password. The default is:

Username: admin
Password: logaholic

After logging in as "admin," you can create new users with rights to specific profiles and features.

We strongly recommend that you change the default password for the "admin" user. Click on the "Edit" link next to the "admin" user, then enter a new password in the space provided.

Creating additional users

The default "admin" user has rights to see all profiles, to create new profiles, and to edit users. You probably want to create some users that have rights to only specific profiles.

To add a new user, select "Add a new user" and fill in the user information. The Login/username is required, but all other fields are optional. You should, however, enter a password and a list of Profiles to which this user has access. Profile names should be separated by commas, as shown in the instructions on the user admin form.

An email address is optional. However, if users forget their passwords, current passwords can be emailed to them, but only if their email address has been entered here.

A couple of other options come in handy. You can specify that a user is an administrator, which gives them rights to create users, edit and add profiles, and execute all other configuration options (including editing your global mySQL login information).

The "Can update logs" option shows or hides the "Update" link in the Logaholic header. If you use a scheduled update mechanism, you can turn this option off. Keep in mind that someone needs to update Logaholic from the logs - either manually or automatically using a cron job or similar.

Non-admin users do not have rights to create new profiles, but they do have the rights to edit select fields in existing profiles that you've given them rights to see. They won't be able to change their log file location, mysql table name, profile name, and a couple of other similar settings. They will be able to change the options that make sense, though, like which IPs to skip, which pages to skip, target pages, and similar.

The login system does use a cookie (and server sessions) to hold the login information. Your users will need to have cookies enabled in their browser to use Logaholic when you turn on user authentication.

Advanced authentication methods

The most straightforward authentication method to use is "Use Logaholic login dialog". It's possible, though, that you're using Logaholic within some other framework, and your user may have already logged in. If this is the case, then you may not want to have Logaholic prompt your user to log in *again*. We offer two other methods that may work for you. Using your web server's authentication method.

If you use your web server's authentication system to prompt for usernames and passwords (like Apache's .htaccess basic authentication or IIS's basic authentication) then you can have Logaholic just pull the logged in user from the environment variables. You still need to configure your users in Logaholic, and the username in Logaholic must match the authenticated username as configured in your web server. Your user will the be able to access Logaholic seamlessly without having to worry about logging in at all.

Make sure that you set up your own username with administrative rights before enabling this option! If you're not set up, then you'll lock yourself out of Logaholic and you'll need to go to the database manually and change the authentication method to be able to make any changes! Using another server variable to specify the user name.

This method allows you to use custom server variables to tell Logaholic what user is logged in. You'll still need to have your users configured in Logaholic (including yourself - make sure you add yourself as a user before turning this on!) but the logged-in user data can come from a variety of places, including variable contained in:

$_SERVER
$_ENV
$_COOKIE
$_SESSION
$_REQUEST

Let's say you have an environment variable that specifies the user name when using your framework. The environment variable is called "loggedinuser". If that's the case, you can use $_ENV["loggedinuser"] in the field for "Use this server variable". An easy way to see what variables are available is to create a phpinfo.php file in your Logaholic directory, then access it from your browser. That will list all of the Server, Env, Cookie, Session and Request variables that are available to use.

Appendix A: Create a phpinfo.php file

If you're using one of the "Advanced" user authentication methods, create a phpinfo file can be a great way to see what variables are available to you and what method you should use. Remember to delete this file when you're done with it, as it can tell any unscrupulous individuals a lot about your system. Don't leave it around!

STEP 1: Open your favorite text editor (like notepad in Windows, or vi/joe/emacs in Unix).

STEP 2: Copy and paste the following code into a blank editor:

Code: <?php

phpinfo();

?> STEP 3: Save this file as phpinfo.php

STEP 4: Upload file to the Logaholic directory of your website using your favorite FTP Client.

STEP 5: Once you have uploaded the phpinfo.php file. Pull the file with your browser to the location of your site where you uploaded the phpinfo.php file (Example: example.com/logaholic/phpinfo.php)