I have a jQuery console that I’m writing and I’d like to keep a log of what people type in there at what time with their IP address, for security reasons. I don’t want to make the log public, but the console itself is supposed to be a fun sort of thing and isn’t in a protected folder.
I want to put the log into my protected admin folder, but can I send Ajax data to a PHP file inside the protected folder or it will still prompt for the username/password?
I’ve already tried outright making the log itself in the folder from an external PHP file, but it doesn’t work, hence why I’m wondering if it will work if the PHP file is inside the protected folder.
On a similar note, do I even need to bother with keeping a log? Like I said, it’s for security purposes, but I don’t know if it’s necessary. As far as I know, with the way I’ve coded the console, it doesn’t accept any input outside of the commands I’ve written. I’m still worried about things like SQL injection and the like.
Sorry for the long-winded question, and thanks in advance.
Why not create a database to store this sort of data? That way the data is not accessible to the users, and it is also stored nicely for anything you want to do with it. With this approach you could have you PHP page in a publicly accessible place too.
I would suggest PHP Data Objects for security if you choose to take this approach.