Automatically auditing User Actions with CodeIgniter

One important action you might want to carry out is auditing what actions users have taken in your application. Having this knowledge is useful for working out which functions are being used and in what order. Sometimes users reach functionality in a way you might not have imagined when writing your code. Of course this is also very useful for carrying out support too.

MY_Controller

Fortunately it is very easy to record actions without too much coding and even better you don’t need to add the call to audit into everyone of your functions making a retrofit of user auditing really easy.

This is all possible because of the MY_Controller functionally available in CodeIgniter. We looked at how to use MY_Controller in a previous post so I won’t cover that again here but we are using it to record every action.

To do this we are making use of two CodeIgniter functions called fetch_class and fetch_method, neither of which I can find in the documentation. These are very simple functions that simply return, as the names suggest, the class and the method that is currently being called. This could be, for example, User and View if you had a page to display user details.

Using the following snippet of code I am calling a function that writes to a database table the user ID of the user making the call along with the class and the method. The table also has a date time column with a default of the current time stamp so that I know when the action was taken.

// audit the request 
if (isset($_SESSION['user'])) $this->Audit_model->audit($_SESSION['user']->id, $this->router->fetch_class(), $this->router->fetch_method());

When the user logs in a session variable is created holding basic user information. Because I am only interested in the actions a user takes once they are logged in I first check for this and then only call the audit function if I know they are logged in.

Conclusion

Having this information available really helps me understand what users are doing on my application and also helps with carrying out support as I can trace where they had been prior to any error.

If you are already using MY_Controller then adding this auditing functionality is really quick and easy.