Version 1.71 RC1
Here are some frequently asked questions about CrazyStat.
Tip: Using the search function of your browser might be useful to find what you're looking for (usually via [Ctrl] + [F])
Please check that the file in which you inserted the code has the file extension ".php". The
file extensions ".htm" or ".html" work on some servers, but if it does not work, you must
rename the file to ".php" (all files in which the code is included / which should be counted).
If you do not want this (e.g. because many links had to be changed) you can also use an
alternative code that works for ".htm" or ".html" files. There are two
variants of the alternative code, one for HTML pages and one for XHTML
pages that can be found in the FAQ.
If the file extension is ".php", check that all steps of the installation instructions have
been followed correctly (please read the detailed explanation).
The easiest way is using the following page: http://graphic2png.christosoft.de/?lang=en
Alternatively, you can download the free program IrfanView ( http://www.irfanview.com/). Just open the image and click "File" /
"Save As" and select PNG as the file type.
You can do this in your FTP program. Just right-click the file and choose "chmod (Unix)" (WS_FTP95),
"Change file attributes / Commands / FTP-Commands/CHMOD (Unix)" (WS_FTP Pro), "File Attributes"
(FileZilla) or similar. 777 corresponds to full rights, so check all boxes.
If you work directly on the server running Linux/Unix, you can change the rights in your file manager
such as Konqueror. Just right click the file and select Properties and then
Permissions. Alternatively, you can use the chmod command in the shell (e.g. via ssh).
Example: "chmod-R 777 stat/usr stat/src/log-tool". See "man chmod" for details.
CrazyStat 1.6x and 1.5x were not available in English and therefore the update instructions will not be translated into English as there should be no CrazyStat 1.5x or 1.6x user who does not understand German. You can find the German instructions in the German FAQ.
Replace the folders "stat/src" and "stat/doc" with the new ones. Make sure
"stat/src/log-tool" still has CHMOD 777. To get the newest presets, copy all files from
"stat/usr/presets" from the new version into the "stat/usr/presets" folder of your installation.
To get the newest detection files for browsers, operating systems, search engines and robots,
copy all files from "stat/usr/keywords" from the new version into the "stat/usr/keywords" folder of
your installation.
Clean the cache after updating.
The user-data is stored in the file "usr/config_pass.php" in the array
$config_stat_user.
The file has the following structure:
<?php $config_salt_str = 'SomeRand0m_strlng'; $config_stat_user = array (
'admin' => '1a1dc91c907325c69271ddf0c944bc72',
); ?>
The first line contains the "salt" string,
which is set to a random value on the first call
of the login form automatically after the installation. This value should then not be
changed. The first and last line of the file are therefore fix and should not be changed.
In between, a line for each user is created. First comes the user name in quotes, then =>
and then the password in
quotation marks. The password can be stored as an MD5 hash for security reasons (if
$config_stat_password_md5 = true).
This is followed by a comma. So to create a new user, just add another line. Example:
<?php $config_salt_str = 'SomeRand0m_strlng'; $config_stat_user = array (
'user1' => '1a1dc91c907325c69271ddf0c944bc72',
'user2' => md5('password'.$config_salt_str),
);?>
If $config_stat_password_md5
= true, all passwords must be stored as their MD5 hash. Nevertheless, you can add a new user
simply by passing the password to the md5 function so that the hash is created
(see example). However, this way the password is stored in the file in plain text and the encryption
is useless. To increase security, you can now call show_stat.php and "change password" to
assign the same (or another) password. This is then automatically stored encrypted.
CrazyStat >= 1.70 is using salted hashes to increase security even further, so you
need to attach $config_salt_str to the password
before the MD5 hash is calculated (see example).
This way, you can regain access to your statistics even if $config_salt_str has been changed manually
or you forgot your password.
Attention! After a change of config_pass.php ensure that the file is chmod 777.
Just delete the log files. Log in to the statistics, click on the "Logs" (next to the logout
button upper right). Select all the files and click the Delete icon.
Alternatively, you can delete the files via FTP / SSH. They are located by default in
"usr/logs" (the folder can be changed via $config_logfile_folder).
Delete all files in that folder except the .htaccess file, which protects your log files from being accessed by strangers.
If "Preset-File-Cache" is used, click the icon "Delete Cache" in statistics (flash
icon at the top right) to empty the cache.
CrazyStat stores three values in this file (one per line): position in the last log file from where
blocked IPs may still start, total hits blocked by IP (visitors), total hits not blocked by IP
(page views). $config_counter_add is not yet
added to these values. This
information is used by CrazyStat to implement a fast counter, but is required even if the
counter is disabled. You can read this data from your own scripts, for a simple text counter
the built-in is recommended.
This file is automatically created. If the value is incorrect, it will be adjusted when
evaluating the statistics by show_stat.php. There is no need to have a backup of this
file, since it can be generated automatically from the log files. This file is always created in the same
directory as the log files. The directory has to be writable to create this file (CHMOD 777).
If loading the statistics in the Internet Explorer takes a long time, that is probably because Internet Explorer does not display the table with the results before it is completely loaded. If loads of referers or files must be loaded, this can be extremely time-consuming. Especially when using the plugin "mktree" for the display of the referers, a lot of data has to be loaded before Internet Explorer can display the results. In this case, it is advisable to use the AjaxTree plugin. To enforce AjaxTree just set $config_stat_tree = "ajax". Alternatively set $config_stat_referer_tree = false to disable tree view by default.
If this setting is true, CrazyStat will not use the document.write javascript-command for
integration because it is no longer allowed in XHTML. Instead,
"document.getElementById" or "document.all" is used to include the statistics. Please note that this type
of integration is allowed in XHTML, but (really) old browsers might have problems with this
and might not be counted. So that a visitor is recorded, its browser must be capable of:
- document.getElementById("id") or document.all("id")
- The JavaScript event handler window.onload = function;
Both CrazyStat 1.6x and 1.7x use the log-format 1.6. It is more compact than the format 1.5 which in CrazyStat 1.5x was used, although it does not store less data. E.g. date and time are not stored anymore but are calculated from the timestamp when CrazStat is analyzing the logs. Thus, the log file will is smaller by up to 20%. The evaluation of the new log files can take a little longer. Log files can be converted using the CrazyStat log-tool (only in German yet). CrazyStat >= 1.70 no longer supports the "compression" from version 1.6x, but real gz compression (see next question).
"Compression" was a simple procedure that was used in CrazyStat 1.6x to make logs of
the 1.6 format by up to 50% smaller. This was achieved by not storing data which is
identical with the line above. CrazyStat 1.7x now (only) supports
real compression in gz format ("gz-compression" or "zlib-compression"), which allows
much higher compression ratios. The gz compression is enabled by $config_log_zlib (default). It will
always compress a logfile when a new log file is created (the last log file is not
compressed for performance reasons). You should always use splitting (see
$config_logfile_maxsize
) when using gzip-compression.
You can use CrazyStat log-tool (only German yet) to compress or decompress log files.
Note: Up to the release of CrazStat 1.70, the log-tool has not yet been translated into English so it is only available in German yet. This is because the log-tool is mostly needed when upgrading from older versions. Maybe a translated version of the logtool has been released by now and is available online.
The log tool allows you to convert CrazyStat log files of different formats, compress or decompress, split or join them and subsequently make IPs anonymous. The log tool does not analyze the log files (CrazyStat is responsible for that).
It is located in "src/log-tool". If you have already uploaded CrazyStat 1.7x to a web server, set the CHMOD of the folder "log-tool" to 777, if you have not already (see FAQ). Call it then (http://example.com/stat/src/log-tool/) and enter user and password. If you only want to run the logtool, you can use the standalone version, which is available online http://en.christosoft.de/Download.
If you log in and select this box, a cookie is placed on your computer. This is a small file that is automatically deleted if you do not log in 30 days with this option. When you visit your page, it is checked whether this file exists. If it does, your call is not written in the log file. Moreover, the text "cookie" (or what you set in $config_counter_cookie_text) appears in the counter. The properties of the "cookie" text match those of the reload-text, they can be adjusted in "config.php". To hide the text, simply set $config_counter_cookie_text false.
--- Option 1: ---
You put the following setting into "config.php":
$config_different_rel_paths = true;
Suppose that the statistic is in the folder "stat". You now want to include it in the file
"picture1.php" in the "pictures" folder and in the file "index.php" in the root directory. Then
the codes to include the statistics are as follows:
pictures/picture1.php: <?php $set_rel_path="../stat/"; @include_once("../stat/src/include.php"); ?>
index.php: <?php $set_rel_path="stat/"; @include_once ("stat/src/include.php"); ?>
So in $set_rel_path the relative path to the statistics is specified. A final
slash is required. The function include_once has to be provided with the relative path to the file "include.php"
in the statistics folder. When using this feature, it is recommended to specify $set_rel_path in all files
(especially if register_globals is turned on).
--- Option 2: ---
You set $config_rel_path to the absolute path without the domain, starting with a slash. Example:
"http://www.example.com/stat/" -> $config_rel_path = "/stat/".
This option is not recommended and does not always work. (Not if $config_xhtml=true and $config_counter_enabled=true).
--- Option 3: ---
You set $config_rel_path to the absolute path (URI) of the statistics including the domain, e.g.
"http://www.example.com/stat/". This option is not recommended and does not always
work (not if $config_xhtml=true and $config_counter_enabled=true).
By using the following code on the page where the counter should appear:
<?php $set_counter_enabled = true; @include_once("stat/src/include.php"); ?>
And the following code on the page where is should not appear:
<?php $set_counter_enabled = false; @include_once("stat/src/include.php"); ?>
You can set the counter graphic for each page by using the following code to include:
<?php $set_counter_file_name = 'ch_arial_blue.png';
@include_once("stat/src/include.php"); ?>
The counters styles should all be in the same folder and the file name must be adjusted in the
code above of course.
Whether CrazyStat is included in HTML or XHTML mode can be controlled by $config_xhtml.
If not all pages are of the same kine, $set_xhtml can be used.
Example: <?php $set_xhtml = true; @include_once("stat/src/include.php"); ?>
Also $config_xhtml_noscript can be changed using $set_xhtml_noscript.
The counter was extremely accelerated, but with a few minor bugs, so it sometimes counts when it shouldn't (very rarely). When you call the statistics, the counter is corrected since the statistics evaluates the entire logfile in contrast to the fast counter.
Since version 1.60 RC3, robots are not counted anymore (see "How do I block Robot XY?"). In new versions, the list of robots is extended, which might result in a small decrease of the counter-value. You can use $config_counter_add to compensate this if you like.
When caching is enabled, the results are cached. Thus, the evaluation time is reduced. However,
the data are therefore not completely up to date. To see the current data, click the "Update
All" icon or turn off caching entirely by setting $config_stat_cache to false (not recommended).
After logging in, the data is always up-to-date. Using the "Delete Cache" icon is not necessary to see the current
visitor, "Update All" is sufficient.
This will delete the temporarily stored results which speed up CrazyStat. This data is created each time the statistics is opened and then used until you log out. If no password protection is used, this data is also erased after a short time (session data).
This will delete the "Preset-File-Cache". This cache speeds up the evaluation of statistics with the settings for most presets considerably. If you delete the cache, statistics are evaluated from scratch, which can take a while. Any errors might be corrected by clearing the cache. You also need to clear the cache after changing some settings (see next question). Using "Manage Presets", you can specify for each individual preset whether it should be cached or not.
Click "Clear Cache" (lightning icon). The old results are still in the cache, the statistics has to be evaluated again with the new settings (all changes of settings that affect the evaluation).
No, simply set $config_counter_link = false, and the link disappears.
The files in the folder "extensions" are JavaScript extensions to increase the convenience of CrazyStat. However, they are not necessary, i.e. you can delete them. "calendarpopup.js" is responsible for the calendar to set a time. "md5.js" is responsible for transmitting the passwords encrypted. The files "lytebox.css" and "lytebox.js" are for "Lytebox" (modal window for calendar, etc.). "sortabletable.js" sort the tables by clicking on their column. The other files are needed for the tree view of the referer. There is no plug-in interface or the like which would enable you to easily write extensions.
This is because CrazyStat is optimized for speed. E.g. if you block by IP, most lines in the logfile can be skipped and do not have to be analyzed in detail which makes the analyzing a lot faster. Moreover, if you use caching and you change some setting (e.g. the time-span using the calendar), only the module which has been changed will be analyzed again. Thus, CrazyStat need is faster, the less settings have been changed and the more modules use IP blocking. Furthermore, thanks to CrazyStats "Preset-File-Cache", the statistics is a lot faster when a preset is active and caching is enabled for it.
Because one file is located in a different folder than the other one. To figure out which
file is in which folder,
move your mouse over the file name and wait a moment. The full path of the file
appears.
You can also set $config_stat_files_hide_dir = false, so that always the full path is
displayed.
Move your mouse over one of the bars of the bar graph or a piece of the pie chart and wait a moment for the exact percentages to appear.
You can easily add, change or remove browsers known by CrazyStat.
The file usr/keywords/browser.txt contains CrazyStat's information about browsers.
In every line there is the "identification string" for which CrazyStat searches in
the "User Agent String" which the browser sends (e.g. "MSIE 6").
If the browser should not be listed under its identification string,
but under a different name, you can add these names with an equal sign
("identification string=browser name"). The file "browser.txt" should have
CHMOD 777 or at least 644 (see FAQ).
You can add, remove, or change robots that CrazyStat knows easily. The file "usr/keywords/robots.txt"
contains all the identifiers of blocked robots. In every line there is the
"identification string" of the robot which the robot sends in the "user agent". All requests that
have a user agent which contain one of the identification strings will not be counted.
This also applies for the browser-module where robots listed in robots.txt will not show up.
To count all robots, simply empty the robots.txt file. You could then add robots to browser.txt
to detect them as browsers.
Robots listed in robots.txt will also not be counted by the counter. If you change the robots.txt file,
the next time you open show_stat.php, the counter value is adjusted (clear the cache).
The robots.txt file should be CHMOD 777 (or at least 644).
In the file "usr/keywords/queryregex.txt", regular expressions can be defined that influence
the evaluation of search terms. For each regular expression a row is created. The line begins
with the regex (PCRE, separators (usually /) included). After a tab followed by a number
indicating the clips, which enclose the search term. CrazyStat first checks whether the
regular expression matches, if so, the contents of the specified clips are interpreted as the search
term.
Example:
/q=([^&]*)&.*/ 1
Note that there must be a tab between */ and 1.
This expression evaluates the contents of the parameter q as the search term (for all pages).
The file "queryregex.txt" should have CHMOD 777 (or 644).
CrazyStat can also be in HTML files with the extension ".html" or ".htm". This has the advantage that not the entire link structure of the site needs to be changed, if all your files do not have the ending ".php" yet. This can be useful for large pages. Nevertheless, this method is not recommended as this code might change from one CrazyStat-version to the next, and thus you would need to change the code in every file after updating. If you want to use this method anyway, use the following code and replace PATH with the path to "stat.php" (usually "stat"). FILE must also be replaced by the file name in which you insert the code.
<!-- BEGIN CrazyStat 1.71, Copyright (C) 2004-2012 Christopher Kramer http://en.christosoft.de
/-->
<script type="text/javascript" language="javascript">
var jetzt=new Date();
document.write ('<img
src=\"PATH/src/stat.php?breite='+screen.width+'&hoehe='+screen.height+'&colors='+screen.colorDepth+'&datei=FILE&referer='+encodeURIComponent(document.referrer)+'&t='+jetzt.getTime()+'\"
alt=\" - - - By CrazyStat - - - \" title=\" - - - By CrazyStat - - - \" border="0"
/>');
</script>
<noscript><img src="PATH/src/stat.php?datei=FILE&referer=noJS" alt=" - - - By
CrazyStat - - - " title="- - - By CrazyStat - - - " border="0" /></noscript>
<!-- END CrazyStat /-->
CrazyStat can also be in XHTML files with the extensions ".html", ".htm" or ".xhtml". This has the advantage that not the entire link structure of the site needs to be changed, if not all files have the ending ".php" yet. This can be useful for large pages. Nevertheless, this method is not recommended as this code might change from one CrazyStat version to the next and you would have to change the code in every page after updating. If you want to use this method anyway, use the following code and replace PATH with the path to "stat.php" (usually "stat"). FILE must also be replaced by the file name.
If you want to embed CrazyStat in XHTML documents, you can use the following (valid) code
(see "What does $config_xhtml change?").
<!-- BEGIN CrazyStat 1.71, Copyright (C) 2004-2012 Christopher Kramer http://en.christosoft.de
/-->
<script type="text/javascript" language="javascript">
/* <![CDATA[ */
function CrazyStat()
{
if (typeof(crazystat_oldOnLoad)=='function') crazystat_oldOnLoad();
var jetzt=new Date();
var
CrazyStatUrl='PATH/src/stat.php?breite='+screen.width+'&hoehe='+screen.height+'&colors='+screen.colorDepth+'&datei=FILE&referer='+encodeURIComponent(document.referrer)+'&t='+jetzt.getTime();
if(document.getElementById) obj=document.getElementById('CrazyStatImage'); else
if(document.all) obj=document.all('CrazyStatImage');
obj.src=CrazyStatUrl;
}
var crazystat_oldOnLoad=window.onload;
window.onload=CrazyStat;
/* ]]> */
</script>
<img id="CrazyStatImage" src="PATH/src/img/blind.gif" alt=" - - - By CrazyStat - - - " title=" -
- - By CrazyStat - - - " style="border:0px" />
<noscript><img src="PATH/src/stat.php?datei=FILE&referer=noJS" alt=" - - - By
CrazyStat - - - " title=" - - - By CrazyStat - - - " style="border:0px"
/></noscript>
<!-- END CrazyStat /-->
If you use XHTML files with the correct mime type ("application/xhtml+xml") this can cause the following problems: First, Internet Explorer will not be able to show your page (regardless of CrazyStat). Second, hits of Gecko browsers like Firefox (and possibly others) are counted twice by CrazyStat because these browsers load the graphics in the <noscript> area even though they have JavaScript enabled. To avoid this, set $config_xhtml_noscript = false. However, only browsers that support JavaScript will then be counted. Mime-type text/html causes no problems when used with XHTML.
This is technically possible but not recommended. Please ensure that you always log out before logging into another installation! Different installations and versions certainly give different results, which is due to the settings. Thus, in different versions a different number of robots is ignores. Moreover, the results can be heavily influenced by config settings, especially the IP blocking settings.
Using $config_stat_files_preg_replace one can perform regular expressions on the entries of the
files-module. This can also remove parameters from the entries. The following setting
removes all parameters:
$config_stat_files_preg_replace=array('/\?.*/'=>'');
One particular parameter can be removed like this:
$config_stat_files_preg_replace=array('/[&?]PHPSESSID=[^&]*/'=>'');
This ensures that all PHPSESSID-parameters are removed (and their value).
Information about regular expressions can be found online.
If you want to inform yourself further about this topic, I recommend the following book:
Mastering Regular Expressions by Jeffrey Friedl ISBN: 978-0596528126
CrazyStat can anonymize the IPs of your visitors before writing them to the logfile. This allows you to respect your user's privacy.
In some countries, IP addresses are considered personal data and thefore, data privacy constraints must be obeyed to. In case
the law of your country requires that you anonymize IPs, or in case you simply want to respect your user's privacy, turn this feature on.
You will not notice any difference in CrazyStat, therefore I recommend you to turn it on in any case.
In CrazyStat before 1.71, this setting made CrazyStat calculate a salted hash of the IP and store it instead of the actual IP.
Salted hashs cannot be (easily) reverted into cleartext which made this an easy but efficient approach.
But salted hashs do not look like IPs at all and you cannot even guess the country out of these anonymized
IPs. Therefore, CrazyStat 1.71 comes with a new approach: It generates an anonymized IP for each visitor
that looks like a normal IP and cannot be reverted to the real IP. In most cases the country can still be deteted with some accuracy, but this can also be completly wrong.
Country detection will be introduced before IP anonymization in upcoming versions.
This is how anonymization is done in 1.71: The first two octets are kept unchanged (example: 111.122.133.144 -> 111.122.x.x) to make it possible
to detect the country with at least some accuracy. The last two octets are completely removed
and not kept. Then two virtual octets are calculated based on user characteristics: The third octet is calculated based on the salted hash of the
complete IP and the user's color depth. The fourth octet is calculated based on the salted hash of the users complete ip, the user agent
(browser and operating system) and the screen resolution. All this data is included to make anonymized IPs rather unique for individual visitors although
the two last octets are removed.
So can the real IP be calculated from an anonymized IP? Well, you'd have to brute-force 65.536 possible IPs using the same anonymization algorithm with the data of the log entry.
You'd need to include your secret random salt string (this means reading usr/config_pass.php - so even if you disable password protection or use a weak password, an attacker would not be able to revert IPs).
So unless you have some real security problem, you are the only one who could try to revert IPs using brute force.
This is not that complicated
and could be done within seconds on a normal modern computer (for one IP). But the result won't help you much: You will get about 200-300 possible IPs that have the same anonymized IP. Unless you
have further knowledge about the visitor, it is impossible to decide which of those IPs is the real IP of the user. Please contact me if you think you found a way to work around this.
Please also note that this is rather ridiculous: You first activate ip-anonymization and later on, you use much effort including brute force to revert anonymization. You could have
stored the real IP straight away if you did not respect your user's privacy.
Anonymized IPs are marked with an asterisk at the end to distinguish them from real IPs.
Note: Of course, if you turn this feature on, this means you will not be able to revert IPs to their real value as discussed above.
Also see configuration documentation.
This is explained on the Christosoft blog.
Using the search feature (Ctrl + F) will help in dealing with this document.
On http://en.christosoft.de/CrazyStat/FAQ or documentation.crazystat.de there
is always the current FAQ. More information can be found in the README file. If you can not find anything in both files,
just ask in the forum.