cancel
Showing results for 
Search instead for 
Did you mean: 

Writing to the authorize-net.log file

I don't know if it is important, because things seem to be working OK with integration using the SIM method.  However, I was wondering how to write logging information to the authorize-net.log file ?  It is configured it my phphunit_config.php file:

 

define( "AUTHORIZENET_LOG_FILE",  "authorize-net.log");

 

and it looks like it uses authorize-net.log by default if you don't define it.  However, I am not seeing any data in the log file.  Is that something that you have to turn on or is it suppose to do it by default?

 

I only see that in code in HttpClient.php, AuthorizeNetRequest.php and in the test suite.  Just curious about what gets written there by default, if anything and how to enable it.

sscotti
Member
1 ACCEPTED SOLUTION

Accepted Solutions

 

Hi sscotti,

 

If defined, the PHP SDK logfile should have information primarily from the httpclient class. This logging should not be enabled for production use because it logs full post data.

 

Thanks,

Joy

View solution in original post

Joy
Administrator Administrator
Administrator
3 REPLIES 3

 

Hi sscotti,

 

If defined, the PHP SDK logfile should have information primarily from the httpclient class. This logging should not be enabled for production use because it logs full post data.

 

Thanks,

Joy

Joy
Administrator Administrator
Administrator

I'd like to add a couple comments here related to the security of the PHP version of the log file.

1)  change the name of the log file - clearly it shouldn't be anything similar, add a date

2)  add some security to the log file:
     a)  add a unique subfolder to the LOG pathname,
     b)  change the LOG extention to .PHP, then
     c)  find the Log.php file in \authnet\lib\net\authorize\util and change line #269

               file_put_contents($this->logFile, $logMessage, $flags);
          to
               file_put_contents($this->logFile, "\n<?php\n".$logMessage."\n?>", $flags);

          so that the contents of the log file are wrapped in PHP delimiters, and will hide all the contents of the file in case someone guesses the log file name and tries to download it. 

all the above at least adds some layers of obfuscation that make things harder to crack.

jnewman67
Member

update - missed something - the replacement code should be

               file_put_contents($this->logFile, "\n<?php /*\n".$logMessage." */\n?>", $flags);

this will wrap comment markers around the code, preventing the log files from throwing errors in your site's log file 

jnewman67
Member