History

Edwin Noorlander 60276cdccd Fix security vulnerabilities, remove dead code, and improve code quality

- Fix path traversal with realpath() validation in getPage() and executePhpFile()
- Remove insecure JWT secret fallback, require JWT_SECRET env var
- Fix IP spoofing by only trusting proxy headers from configured proxies
- Add Secure/HttpOnly/SameSite flags to all cookies
- Use env var for debug mode instead of hardcoded true
- Fix operator precedence bug in MQTTTracker track_user_flows check
- Remove dead code: duplicate is_dir() block, unused scanForPageNames()
- Remove htmlspecialchars() from filesystem path operations
- Remove duplicate require_once calls and redundant autoloader includes
- Fix unclosed </div> in getDirectoryListing()
- Escape breadcrumb titles and add lang param to search result URLs
- Make language prefixes dynamic from config instead of hardcoded nl|en
- Make HTML lang attribute dynamic, add go_to translation key
- Add aria-label/aria-expanded to sidebar toggle for accessibility
- Fix event listener leak in app.js using event delegation
- Remove console.log from production code
- Update guides (NL/EN) with sidebar toggle documentation
- Add TODO.md documenting all identified improvements

2026-02-16 15:05:27 +01:00

config.json

CMS 2.0

2026-01-06 10:02:25 +01:00

MQTTTracker.php

Fix security vulnerabilities, remove dead code, and improve code quality

2026-02-16 15:05:27 +01:00

README.md

Fix guide template variable replacement and enhance documentation

2025-11-26 16:50:49 +01:00

README.md

MQTT Tracker Plugin

Deze plugin tracked pagina bezoeken en gebruikersinteracties via MQTT voor Business Intelligence en statistieken.

Functies

Real-time tracking: Track elke pagina bezoeker
Session management: Unieke sessies per gebruiker
MQTT integratie: Verstuurt data naar MQTT broker
BI data: Geschikt voor analyse en dashboards
Privacy aware: IP tracking en user agent data

Installatie

Kopieer de MQTTTracker map naar plugins/
Configureer de MQTT broker in config.json
De plugin wordt automatisch geladen

Configuratie

{
    "enabled": true,
    "broker_host": "localhost",
    "broker_port": 1883,
    "client_id": "codepress_cms",
    "username": "",
    "password": "",
    "topic_prefix": "codepress",
    "track_visitors": true,
    "track_pages": true,
    "track_performance": true,
    "session_timeout": 1800
}

MQTT Topics

De plugin publiceert naar de volgende topics:

codepress/page_visit - Elke pagina bezoeker
codepress/session_start - Nieuwe sessie start
codepress/custom_event - Custom interacties

Data Formaat

Page Visit

{
    "timestamp": "2025-11-26T15:30:00+00:00",
    "session_id": "cms_1234567890abcdef",
    "page_url": "?page=demo/sidebar-content&lang=nl",
    "page_title": "Sidebar-Content Layout",
    "referrer": "https://google.com",
    "user_agent": "Mozilla/5.0...",
    "ip_address": "192.168.1.100",
    "language": "nl",
    "layout": "sidebar-content"
}

BI Integration

De data kan worden gebruikt voor:

Google Data Studio: Real-time dashboards
Grafana: Visualisatie en monitoring
Power BI: Business analytics
Custom dashboards: Eigen analytics tools

Privacy

Sessies timeout na 30 minuten
IP addresses worden geanonimiseerd
Geen persoonlijke data opslag
GDPR compliant

Development

De plugin gebruikt een simpele logging methode als fallback wanneer MQTT niet beschikbaar is. Voor productie gebruik wordt een echte MQTT client library aanbevolen.

Log File

Tracking data wordt gelogd in plugins/MQTTTracker/mqtt_tracker.log voor debugging en fallback.