 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/admin_includes/ |
<?php
require_once __DIR__ . '/../config/database.php';
require_once __DIR__ . '/../includes/security_tracking.php';
// Skip admin validation if already done in admin.php
// Admin validation is handled by admin.php
// Get detailed security data
function getDetailedSecurityData() {
try {
$pdo = getDBConnection();
// Get all recent security events with full details
$stmt = $pdo->prepare("
SELECT
se.*,
u.name as user_name,
u.email as user_email,
u.created_at as user_created_at
FROM security_events se
LEFT JOIN users u ON se.user_id = u.id
ORDER BY se.created_at DESC
LIMIT 100
");
$stmt->execute();
$securityEvents = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get all recent login attempts
$stmt = $pdo->prepare("
SELECT
ulh.*,
u.name as user_name,
u.email as user_email
FROM user_login_history ulh
LEFT JOIN users u ON ulh.user_id = u.id
ORDER BY ulh.login_time DESC
LIMIT 100
");
$stmt->execute();
$loginAttempts = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get all recent registration attempts
$stmt = $pdo->prepare("
SELECT *
FROM registration_events
ORDER BY created_at DESC
LIMIT 100
");
$stmt->execute();
$registrationAttempts = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get all recent page visits
$stmt = $pdo->prepare("
SELECT
pv.*,
u.name as user_name,
u.email as user_email
FROM page_visits pv
LEFT JOIN users u ON pv.user_id = u.id
ORDER BY pv.visit_time DESC
LIMIT 100
");
$stmt->execute();
$pageVisits = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get suspicious activity
$stmt = $pdo->prepare("
SELECT
sa.*,
u.name as user_name,
u.email as user_email
FROM suspicious_activity sa
LEFT JOIN users u ON sa.user_id = u.id
ORDER BY sa.created_at DESC
LIMIT 50
");
$stmt->execute();
$suspiciousActivity = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get IP blacklist
$stmt = $pdo->prepare("
SELECT
ib.*,
u.name as blocked_by_name
FROM ip_blacklist ib
LEFT JOIN users u ON ib.blocked_by = u.id
ORDER BY ib.blocked_at DESC
LIMIT 50
");
$stmt->execute();
$ipBlacklist = $stmt->fetchAll(PDO::FETCH_ASSOC);
return [
'security_events' => $securityEvents,
'login_attempts' => $loginAttempts,
'registration_attempts' => $registrationAttempts,
'page_visits' => $pageVisits,
'suspicious_activity' => $suspiciousActivity,
'ip_blacklist' => $ipBlacklist
];
} catch (Exception $e) {
error_log("Error getting detailed security data: " . $e->getMessage());
return [];
}
}
$data = getDetailedSecurityData();
?>
<div class="security-detailed">
<div class="section-header">
<h2><i class="fas fa-search"></i> Detailed Security Intelligence</h2>
<p>Comprehensive tracking of all user activity, security events, and suspicious behavior</p>
</div>
<!-- Detailed Tabs -->
<div class="detailed-tabs">
<div class="tab-buttons">
<button class="tab-btn active" data-tab="all-events">All Security Events</button>
<button class="tab-btn" data-tab="login-details">Login Attempts</button>
<button class="tab-btn" data-tab="registration-details">Registration Attempts</button>
<button class="tab-btn" data-tab="page-visits">Page Visits</button>
<button class="tab-btn" data-tab="suspicious">Suspicious Activity</button>
<button class="tab-btn" data-tab="blacklist">IP Blacklist</button>
</div>
<!-- All Security Events Tab -->
<div class="tab-content active" id="all-events">
<div class="table-container">
<table class="data-table">
<thead>
<tr>
<th>Time</th>
<th>Event Type</th>
<th>User</th>
<th>IP Address</th>
<th>Location</th>
<th>Device Info</th>
<th>Request URL</th>
<th>Details</th>
</tr>
</thead>
<tbody>
<?php foreach ($data['security_events'] as $event): ?>
<tr class="event-<?= $event['event_type'] ?>">
<td><?= date('M j, H:i:s', strtotime($event['created_at'])) ?></td>
<td>
<span class="event-badge event-<?= $event['event_type'] ?>">
<?= ucwords(str_replace('_', ' ', $event['event_type'])) ?>
</span>
</td>
<td>
<?php if ($event['user_name']): ?>
<strong><?= htmlspecialchars($event['user_name']) ?></strong><br>
<small><?= htmlspecialchars($event['user_email']) ?></small><br>
<small class="text-muted">User since: <?= date('M j, Y', strtotime($event['user_created_at'])) ?></small>
<?php else: ?>
<span class="text-muted">Guest</span>
<?php endif; ?>
</td>
<td>
<code><?= htmlspecialchars($event['ip_address']) ?></code>
</td>
<td>
<?= htmlspecialchars($event['city']) ?>, <?= htmlspecialchars($event['country']) ?><br>
<small class="text-muted"><?= htmlspecialchars($event['timezone']) ?></small>
</td>
<td>
<strong><?= htmlspecialchars($event['browser']) ?></strong> on <?= htmlspecialchars($event['os']) ?><br>
<small class="text-muted"><?= htmlspecialchars($event['device_type']) ?></small><br>
<small class="text-muted"><?= htmlspecialchars(substr($event['user_agent'], 0, 50)) ?>...</small>
</td>
<td>
<code><?= htmlspecialchars($event['request_url']) ?></code><br>
<small class="text-muted"><?= htmlspecialchars($event['request_method']) ?></small>
</td>
<td>
<?php if ($event['error_message']): ?>
<span class="error-detail"><?= htmlspecialchars($event['error_message']) ?></span>
<?php endif; ?>
<?php if ($event['request_data']): ?>
<details>
<summary>Request Data</summary>
<pre class="request-data"><?= htmlspecialchars($event['request_data']) ?></pre>
</details>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Login Attempts Tab -->
<div class="tab-content" id="login-details">
<div class="table-container">
<table class="data-table">
<thead>
<tr>
<th>Time</th>
<th>Email</th>
<th>User</th>
<th>Status</th>
<th>IP Address</th>
<th>Location</th>
<th>Device Info</th>
<th>Session Duration</th>
<th>Failure Reason</th>
</tr>
</thead>
<tbody>
<?php foreach ($data['login_attempts'] as $login): ?>
<tr class="login-<?= $login['success'] ? 'success' : 'failed' ?>">
<td><?= date('M j, H:i:s', strtotime($login['login_time'])) ?></td>
<td><?= htmlspecialchars($login['email']) ?></td>
<td>
<?php if ($login['user_name']): ?>
<strong><?= htmlspecialchars($login['user_name']) ?></strong><br>
<small><?= htmlspecialchars($login['user_email']) ?></small>
<?php else: ?>
<span class="text-muted">Unknown User</span>
<?php endif; ?>
</td>
<td>
<span class="status-badge <?= $login['success'] ? 'success' : 'failed' ?>">
<?= $login['success'] ? 'Success' : 'Failed' ?>
</span>
</td>
<td>
<code><?= htmlspecialchars($login['ip_address']) ?></code>
</td>
<td>
<?= htmlspecialchars($login['city']) ?>, <?= htmlspecialchars($login['country']) ?>
</td>
<td>
<?php
$deviceInfo = json_decode($login['device_info'], true);
echo '<strong>' . htmlspecialchars($deviceInfo['browser'] ?? 'Unknown') . '</strong> on ' . htmlspecialchars($deviceInfo['os'] ?? 'Unknown') . '<br>';
echo '<small class="text-muted">' . htmlspecialchars($deviceInfo['device_type'] ?? 'Unknown') . '</small>';
?>
</td>
<td>
<?php if ($login['session_duration']): ?>
<?= gmdate('H:i:s', $login['session_duration']) ?>
<?php else: ?>
<span class="text-muted">-</span>
<?php endif; ?>
</td>
<td>
<?php if (!$login['success'] && $login['failure_reason']): ?>
<span class="error-detail"><?= htmlspecialchars($login['failure_reason']) ?></span>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Registration Attempts Tab -->
<div class="tab-content" id="registration-details">
<div class="table-container">
<table class="data-table">
<thead>
<tr>
<th>Time</th>
<th>Name</th>
<th>Email</th>
<th>Status</th>
<th>IP Address</th>
<th>Location</th>
<th>Device Info</th>
<th>Validation Errors</th>
<th>Failure Reason</th>
</tr>
</thead>
<tbody>
<?php foreach ($data['registration_attempts'] as $reg): ?>
<tr class="registration-<?= $reg['success'] ? 'success' : 'failed' ?>">
<td><?= date('M j, H:i:s', strtotime($reg['created_at'])) ?></td>
<td><?= htmlspecialchars($reg['name']) ?></td>
<td><?= htmlspecialchars($reg['email']) ?></td>
<td>
<span class="status-badge <?= $reg['success'] ? 'success' : 'failed' ?>">
<?= $reg['success'] ? 'Success' : 'Failed' ?>
</span>
</td>
<td>
<code><?= htmlspecialchars($reg['ip_address']) ?></code>
</td>
<td>
<?= htmlspecialchars($reg['city']) ?>, <?= htmlspecialchars($reg['country']) ?>
</td>
<td>
<?php
$deviceInfo = json_decode($reg['device_info'], true);
echo '<strong>' . htmlspecialchars($deviceInfo['browser'] ?? 'Unknown') . '</strong> on ' . htmlspecialchars($deviceInfo['os'] ?? 'Unknown') . '<br>';
echo '<small class="text-muted">' . htmlspecialchars($deviceInfo['device_type'] ?? 'Unknown') . '</small>';
?>
</td>
<td>
<?php if ($reg['validation_errors']): ?>
<?php
$errors = json_decode($reg['validation_errors'], true);
if (is_array($errors)): ?>
<ul class="error-list">
<?php foreach ($errors as $error): ?>
<li><?= htmlspecialchars($error) ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<?php endif; ?>
</td>
<td>
<?php if (!$reg['success'] && $reg['failure_reason']): ?>
<span class="error-detail"><?= htmlspecialchars($reg['failure_reason']) ?></span>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Page Visits Tab -->
<div class="tab-content" id="page-visits">
<div class="table-container">
<table class="data-table">
<thead>
<tr>
<th>Time</th>
<th>User</th>
<th>Page URL</th>
<th>IP Address</th>
<th>Location</th>
<th>Device Info</th>
<th>Referrer</th>
<th>Time on Page</th>
</tr>
</thead>
<tbody>
<?php foreach ($data['page_visits'] as $visit): ?>
<tr>
<td><?= date('M j, H:i:s', strtotime($visit['visit_time'])) ?></td>
<td>
<?php if ($visit['user_name']): ?>
<strong><?= htmlspecialchars($visit['user_name']) ?></strong><br>
<small><?= htmlspecialchars($visit['user_email']) ?></small>
<?php else: ?>
<span class="text-muted">Guest</span>
<?php endif; ?>
</td>
<td>
<code><?= htmlspecialchars($visit['page_url']) ?></code>
</td>
<td>
<code><?= htmlspecialchars($visit['ip_address']) ?></code>
</td>
<td>
<?= htmlspecialchars($visit['city']) ?>, <?= htmlspecialchars($visit['country']) ?><br>
<small class="text-muted"><?= htmlspecialchars($visit['timezone']) ?></small>
</td>
<td>
<strong><?= htmlspecialchars($visit['browser']) ?></strong> on <?= htmlspecialchars($visit['os']) ?><br>
<small class="text-muted"><?= htmlspecialchars($visit['device_type']) ?></small><br>
<small class="text-muted"><?= htmlspecialchars($visit['language']) ?></small>
</td>
<td>
<?php if ($visit['referrer_url']): ?>
<code><?= htmlspecialchars($visit['referrer_url']) ?></code>
<?php else: ?>
<span class="text-muted">Direct</span>
<?php endif; ?>
</td>
<td>
<?php if ($visit['time_on_page']): ?>
<?= gmdate('H:i:s', $visit['time_on_page']) ?>
<?php else: ?>
<span class="text-muted">-</span>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Suspicious Activity Tab -->
<div class="tab-content" id="suspicious">
<div class="table-container">
<table class="data-table">
<thead>
<tr>
<th>Time</th>
<th>Activity Type</th>
<th>IP Address</th>
<th>User</th>
<th>Threat Level</th>
<th>Action Taken</th>
<th>Request URL</th>
<th>Details</th>
</tr>
</thead>
<tbody>
<?php foreach ($data['suspicious_activity'] as $activity): ?>
<tr class="threat-<?= $activity['threat_level'] ?>">
<td><?= date('M j, H:i:s', strtotime($activity['created_at'])) ?></td>
<td>
<span class="activity-badge activity-<?= $activity['activity_type'] ?>">
<?= ucwords(str_replace('_', ' ', $activity['activity_type'])) ?>
</span>
</td>
<td>
<code><?= htmlspecialchars($activity['ip_address']) ?></code>
</td>
<td>
<?php if ($activity['user_name']): ?>
<strong><?= htmlspecialchars($activity['user_name']) ?></strong><br>
<small><?= htmlspecialchars($activity['user_email']) ?></small>
<?php else: ?>
<span class="text-muted">Unknown</span>
<?php endif; ?>
</td>
<td>
<span class="threat-badge threat-<?= $activity['threat_level'] ?>">
<?= ucfirst($activity['threat_level']) ?>
</span>
</td>
<td>
<span class="action-badge action-<?= $activity['action_taken'] ?>">
<?= ucfirst($activity['action_taken']) ?>
</span>
</td>
<td>
<code><?= htmlspecialchars($activity['request_url']) ?></code>
</td>
<td>
<?php if ($activity['details']): ?>
<details>
<summary>Activity Details</summary>
<pre class="activity-details"><?= htmlspecialchars($activity['details']) ?></pre>
</details>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- IP Blacklist Tab -->
<div class="tab-content" id="blacklist">
<div class="table-container">
<table class="data-table">
<thead>
<tr>
<th>IP Address</th>
<th>Reason</th>
<th>Threat Level</th>
<th>Blocked By</th>
<th>Blocked At</th>
<th>Expires At</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php foreach ($data['ip_blacklist'] as $block): ?>
<tr class="block-<?= $block['is_active'] ? 'active' : 'expired' ?>">
<td>
<code><?= htmlspecialchars($block['ip_address']) ?></code>
</td>
<td><?= htmlspecialchars($block['reason']) ?></td>
<td>
<span class="threat-badge threat-<?= $block['threat_level'] ?>">
<?= ucfirst($block['threat_level']) ?>
</span>
</td>
<td>
<?php if ($block['blocked_by_name']): ?>
<?= htmlspecialchars($block['blocked_by_name']) ?>
<?php else: ?>
<span class="text-muted">System</span>
<?php endif; ?>
</td>
<td><?= date('M j, H:i:s', strtotime($block['blocked_at'])) ?></td>
<td>
<?php if ($block['expires_at']): ?>
<?= date('M j, H:i:s', strtotime($block['expires_at'])) ?>
<?php else: ?>
<span class="text-muted">Permanent</span>
<?php endif; ?>
</td>
<td>
<span class="status-badge <?= $block['is_active'] ? 'active' : 'expired' ?>">
<?= $block['is_active'] ? 'Active' : 'Expired' ?>
</span>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<style>
.security-detailed {
padding: 2rem;
}
.detailed-tabs {
background: var(--bg-card);
border: 1px solid var(--border-light);
border-radius: 12px;
overflow: hidden;
}
.tab-buttons {
display: flex;
background: rgba(255, 255, 255, 0.05);
border-bottom: 1px solid var(--border-light);
flex-wrap: wrap;
}
.tab-btn {
background: none;
border: none;
color: var(--text-secondary);
padding: 1rem 1.5rem;
cursor: pointer;
transition: all 0.3s ease;
font-weight: 500;
font-size: 0.9rem;
flex: 1;
min-width: 150px;
}
.tab-btn:hover {
color: var(--text-primary);
background: rgba(255, 255, 255, 0.05);
}
.tab-btn.active {
color: var(--accent);
background: var(--bg-card);
border-bottom: 2px solid var(--accent);
}
.tab-content {
display: none;
padding: 2rem;
max-height: 600px;
overflow-y: auto;
}
.tab-content.active {
display: block;
}
.table-container {
overflow-x: auto;
}
.data-table {
width: 100%;
border-collapse: collapse;
font-size: 0.85rem;
}
.data-table th,
.data-table td {
padding: 0.8rem;
text-align: left;
border-bottom: 1px solid var(--border-light);
vertical-align: top;
}
.data-table th {
background: rgba(255, 255, 255, 0.05);
font-weight: 600;
color: var(--text-primary);
position: sticky;
top: 0;
z-index: 10;
}
.data-table td {
color: var(--text-secondary);
}
.event-badge, .status-badge, .activity-badge, .threat-badge, .action-badge {
padding: 0.3rem 0.8rem;
border-radius: 20px;
font-size: 0.75rem;
font-weight: 500;
display: inline-block;
}
.event-login_success { background: rgba(72, 187, 120, 0.2); color: #48bb78; }
.event-login_failed { background: rgba(245, 101, 101, 0.2); color: #f56565; }
.event-registration_success { background: rgba(102, 126, 234, 0.2); color: #667eea; }
.event-registration_failed { background: rgba(237, 137, 54, 0.2); color: #ed8936; }
.event-suspicious_activity { background: rgba(245, 101, 101, 0.2); color: #f56565; }
.status-badge.success { background: rgba(72, 187, 120, 0.2); color: #48bb78; }
.status-badge.failed { background: rgba(245, 101, 101, 0.2); color: #f56565; }
.status-badge.active { background: rgba(102, 126, 234, 0.2); color: #667eea; }
.status-badge.expired { background: rgba(156, 163, 175, 0.2); color: #9ca3af; }
.threat-badge.threat-low { background: rgba(72, 187, 120, 0.2); color: #48bb78; }
.threat-badge.threat-medium { background: rgba(237, 137, 54, 0.2); color: #ed8936; }
.threat-badge.threat-high { background: rgba(245, 101, 101, 0.2); color: #f56565; }
.threat-badge.threat-critical { background: rgba(128, 0, 0, 0.2); color: #ff0000; }
.action-badge.action-none { background: rgba(156, 163, 175, 0.2); color: #9ca3af; }
.action-badge.action-blocked { background: rgba(245, 101, 101, 0.2); color: #f56565; }
.action-badge.action-flagged { background: rgba(237, 137, 54, 0.2); color: #ed8936; }
.action-badge.action-notified { background: rgba(102, 126, 234, 0.2); color: #667eea; }
.error-detail {
color: #f56565;
font-size: 0.8rem;
}
.text-muted {
color: var(--text-secondary);
font-style: italic;
}
code {
background: rgba(255, 255, 255, 0.1);
padding: 0.2rem 0.4rem;
border-radius: 4px;
font-family: 'Courier New', monospace;
font-size: 0.8rem;
}
.request-data, .activity-details {
background: rgba(0, 0, 0, 0.3);
padding: 0.5rem;
border-radius: 4px;
font-size: 0.75rem;
max-height: 100px;
overflow-y: auto;
white-space: pre-wrap;
}
.error-list {
margin: 0;
padding-left: 1rem;
font-size: 0.8rem;
}
.error-list li {
color: #f56565;
margin-bottom: 0.2rem;
}
@media (max-width: 768px) {
.tab-buttons {
flex-direction: column;
}
.tab-btn {
min-width: auto;
}
.data-table {
font-size: 0.75rem;
}
.data-table th,
.data-table td {
padding: 0.5rem;
}
}
</style>
<script>
document.addEventListener('DOMContentLoaded', function() {
// Tab functionality
const tabButtons = document.querySelectorAll('.tab-btn');
const tabContents = document.querySelectorAll('.tab-content');
tabButtons.forEach(button => {
button.addEventListener('click', () => {
const targetTab = button.getAttribute('data-tab');
// Remove active class from all buttons and contents
tabButtons.forEach(btn => btn.classList.remove('active'));
tabContents.forEach(content => content.classList.remove('active'));
// Add active class to clicked button and target content
button.classList.add('active');
document.getElementById(targetTab).classList.add('active');
});
});
// Auto-refresh data every 60 seconds
setInterval(() => {
location.reload();
}, 60000);
});
</script>