CreaCaptcha

Analytics

in package

• Creationell
• Captcha

Records security events into per-day and per-hour aggregate counters and, when the detailed event log is enabled, into a dedicated database table.

Table of Contents

Constants

COUNTER_RETENTION_DAYS  = 90

Aggregate daily-counter retention, in days.

HOURLY_RETENTION_HOURS  = 48

Aggregate hourly-counter retention, in hours.

OPTION  = 'creationell_captcha_analytics'

The option holding the aggregate daily counters.

OPTION_HOURLY  = 'creationell_captcha_analytics_hourly'

The option holding the aggregate hourly counters (24-hour view).

TYPES  = ['verified', 'failed', 'firewall', 'ratelimit', 'underattack', 'underattack_passed', 'challenge']

The seven recognised event types.

Properties

$daily_deltas  : array<string, array<string, int>>

Pending daily counter deltas: { bucket => { type => count } }. Flushed on `shutdown` so a request that triggers N events incurs at most one get_option/update_option round-trip per counter table, regardless of N.

$flush_hooked  : bool

Whether the shutdown flush has already been hooked for this request.

$hourly_deltas  : array<string, array<string, int>>

Pending hourly counter deltas: { bucket => { type => count } }.

Methods

clear_events()  : int

Deletes every row from the event-log table.

count_events()  : int

Counts the event-log rows matching the given filter.

ensure_table()  : void

Creates or updates the event-log table. Idempotent — safe to call repeatedly.

flush_pending_deltas()  : void

Flushes the accumulated daily and hourly counter deltas back to the options table. Reads the current value first and adds the deltas, so concurrent updates from parallel requests are not lost (the underlying get+update is still non-atomic, but only one round-trip per request narrows the race window considerably compared to one round-trip per event).

get_daily_counts()  : array<string, array<string, int>>

Returns the aggregate daily counters, keyed by date.

get_hourly_counts()  : array<string, array<string, int>>

Returns the aggregate hourly counters, keyed by 'Y-m-d H' (UTC).

prune_events()  : int

Deletes event-log rows older than the configured retention period.

query_events()  : array<int, array<string, string>>

Returns event-log rows matching the given filter, newest first.

record()  : void

Records one security event: bumps the daily and hourly counters and — when the detailed event log is enabled and the per-type toggle is on — writes a table row. Never fatals.

table_exists()  : bool

Whether the event-log table currently exists.

apply_deltas()  : void

Merges the given { bucket => { type => count } } deltas into the option value and prunes buckets older than the retention window.

build_event_filter()  : array{0: string, 1: array}

Builds the WHERE clause and bound parameters for an event-log filter.

bump_counter()  : void

Accumulates today's counter delta in the request-local cache.

bump_hourly_counter()  : void

Accumulates the current hour's counter delta in the request-local cache.

current_path()  : string

The current request path for the event log.

ensure_event_type_index()  : void

Idempotently adds the composite (event_type, created_at) index to the events table. Dashboard queries that filter by event_type benefit from a covering composite, whereas the standalone created_at index alone forces a filesort over a typed slice.

ensure_flush_hook()  : void

Idempotently registers the shutdown flush. Called the first time a delta is recorded in this request.

log_row()  : void

Writes one row into the event-log table and occasionally prunes it.

server_value()  : string

Reads a $_SERVER header value, sanitised and length-capped.

table_name()  : string

The fully-qualified event-log table name.

verification_data()  : string

The submitted ALTCHA solution payload for the current request, capped.