We Keep Coding

Create server log

I am working on a rather large website and i need to log errors that users may face while using the website.
Here is how it will work:
>if operation passed
#operation success
>else
#Log the failure
log()
>email admin
>create log
What i need to know is the best practice for creating this log, because there are several methods for doing this.
text based
database
There is possibly a better method for doing this as well, which is why i'm asking stack overflow.
Just tell me how you would go about doing this, and i will do the rest of the research and coding on my own.

I find using a 3rd party service like airbrake.io or pagerduty.com is best. Basically, they handle creating a ticket and logging everything as well as notifying the proper people about the incident. Yes, you can write up your own system the way you mention via emailing an admin and creating your own logs... but then you will also have to worry about updating the email list and emailing the right people at the right time... What if you're on vacation? Who is to get the email at that point? 3rd party services manage all that for you.

You can use (and probably should use) open source logging frameworks for the language you are working in. They will provide you with nice wrappers for all your logging needs, most have the option to email logs to you (and even upload files to remote directories).
If you wish to create your own logging system, this is how I would personally do it:
Make a log directory
Create a log file (plain text) each hour (or day or X units of time) using a naming scheme
Write 1 line to the file with the time, then some delimiter, then the error (including error codes/messages etc)
Every time an hour or day passes, you would make a new file and email the previous file to yourself (or admin). You can also send an immediate email for fatal errors/issues. I wouldn't really use a database personally.
I implemented such a logging system for a online script that talks to a gaming server. The end result is a directory of files filled with logs for each hour of each day. Files older than 30 days are also deleted. It allows me to check on how things are going easily and pinpoint certain events/issues that players on the game server experience. However, I only wrote my own logger as there was no script that did this for my game.

First of all, since it was mentioned in the comments, we should differntiate the php error log from a custom application log:
The php error log logs errors of a certain level (notices, errors, warnings depending on your error_reporting() settings) while interpreting your php files. That means when you are trying to use an array key which was not set before a warning would be generated and either printed to the screen or logged to your php error log file.
A custom application logger on the other side logs custom messages which might contain warnings and errors regarding the application logic and which are able to be handled by the application.
When we compare the following two code examples:
<?php
error_reporting(E_ALL|E_STRICT);
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', sys_get_temp_dir() . '/php_error.log');
updateUser($_POST['user_id']);
// Assuming $_POST['user_id'] was not set the above lines would produce a notice in your php_error.log stating the use of an undefined index 'user_id'
?>
Against:
// Instantiate your own logger or a 3rd party logger
$myLogger = new Logger(sys_get_temp_dir() . '/application.log');
if (!array_key_exists('user_id', $_POST)) {
$myLogger->error('Cannot update user since user_id was not set');
// Handle the error in the UI accordingly
header('Location: 404.php');
die();
}
updateUser($_POST['user_id']);
?>
For me personally it makes sense to separate these two types of errors in different log files: The php errors are usually a result of code which does not handle all imaginable cases (i.e. a user removes the hidden user_id field from a form manually) and are a hint for yourself that you should change your code to avoid the same error next time.
The second piece of code handles the exactly same use case but you considered this case while writing the code and the application is able to react somehow.
No matter if you decide pick a 3rd party logger or write your own: Think about using one which fulfils the PRS-3 logging standard to be able to make it exchangable when you i.e. decide to switch from file based logging to a database based logging mechanism. By doing so you won't have to change a lot of code when you decide to switch your loggers since the methods and general usage is standardised.
When writing your own logger, consider the following points:
Locking and unlocking your log file while writing to it
Log rotation (daily, weekly, monthly)
Deletion of old log files
Like stated above think about implementing PSR-3

How to differentiate between error exceptions and fatal exceptions in CodeIgniter?

I want to use two different kind of exceptions in my project:
Fatal exceptions. If something goes unexpectedly wrong, like a mysql query fails, I want to throw this kind of exception, without necessarily having to catch it. This exception means that I need to take some action, like logging a message, then showing an error, using CodeIgniter's show_error() function. The script should exit without continuing.
Error exception. If a user does something not allowed, such as enters letters into a numbers field or accesses a page he doesn't have permissions for, this exception should be thrown and caught.
I want to use both kinds of exceptions throughout the project. Number 2 is clear enough, but how do I go about doing exception 1? It would be great to not have to have two catch blocks for every try block, as the 1st type is global and should always be the same: log message, show error, exit. And lastly, in codeigniter, where would be the correct place to extend the Exception class?
Thanks.

Fatal Exceptions
The link posted by Sunil above is great for globally handling Fatal Exceptions. You want to be very careful about throwing these exceptions, and be sure that to the end user, the site doesn't look scary and broken - humoring the user is always a good idea.
Error Exceptions
I think you would be better off not treating errors like text in a numeric field as exceptions, because they do not disrupt the normal flow of the program's instructions.
If a user enters an alpha into a numeric field and submits the form, your application should expect that a user may provide junk data, and you repeat the input process, which is the normal flow.
Here is how I handle scenario 2 in code igniter:
Extend CI_Log with /application/libraries/MY_Log
Add MY_Log::$logs to store messages in array if log level permits
The template hook gets the logs MY_Log::get_logs() then passes them on to the view that displays the appropriate message boxes for the log levels
I also implement a custom log level called error_log. This is for anything that I want to send to the log file without showing the user.

Are detailed exception/error messages a security risk?

I currently check every GET and POST variable with isset() and throw exceptions when isset() returns false.
Example 1:
if(!isset($_GET['some_var']))
throw new Exception('GET variable [some_var] is not set.');
$someVar = $_GET['some_var'];
Example 2:
if(!isset($_GET['some_num']))
throw new Exception('GET variable [some_num] is not set.');
if(!ctype_digit($_GET['some_num']))
throw new Exception('GET variable [some_num] is not a number.');
$someNum = $_GET['some_num'];
In my production application I have a global exception handler that posts exceptions and errors to a log file and then redirects to a generic apology page.
Is this an okay practice? Are descriptive exception and error messages such as the ones above security risks (is it possible that a hacker would be able to read the exception notice and then use that information to manipulate my scripts)?
Thanks!

Logging errors and suppressing output is exactly what you should be doing. Error reporting can be nasty..
In OWASP top 10 for 2007 there is Information Leakage and Improper Error Handling, however this was removed in 2010. By setting dispaly_errors=On in your php.ini you become vulnerable to CWE-200. The full path of your web application will be divulged to the attacker. To make matters worse, by having error reporting enabled it makes it easier to find SQL injection by looking for sql error messages.
When combining this on a PHP/MySQL application you can perform a very serious attack
$vuln_query="select name from user where id=".$_GET[id];
If
http://localhost/vuln_query.php?id=1 union select "<?php eval($_GET[e])?>" into outfile "/path/to/web/root/backdoor.php"
Which makes this full query:
select name from user where id=1 union select "<?php eval($_GET[e])?>" into outfile "/path/to/web/root/backdoor.php"
I would make sure display_errors=Off and that file FILE privileges have been revoked to your web application's MySQL user account.

Displaying detailed errors to a user can be a security risk. Since in this case, they're only being written to a log file and the only data the user gets is a generic page which reveals nothing, you can be as descriptive as you like and you reveal nothing unless the log is compromised.

"is it possible that a hacker would be able to read the exception notice and then use that information to manipulate my scripts?"
Maybe.
Typically, you want to give the least amount of information possible to the end user in an error condition. In this case, if you tell someone a particular get variable doesn't exist, then they might try supplying random values to that variable to see how the app behaves.
Of course, you also have to balance this against the needs of your real users. If the variable is one that they would normally have control over, then giving the response about a problem with the value is perfectly acceptable.
UPDATE
Having recently run into a spate of web API's that seem to think throwing generic error messages is the way to go I want to update this slightly.
It is critical that web API's give an appropriate amount of information back to the consuming system so that they can figure out what's wrong and fix it.
In one recent case for a payment processing API their documentation was simply wrong. The test transaction data that they showed consistently returned with "Server Error 500" and we had no recourse but to get one of their developers on the phone and painstakingly step through each and every element in their XML. Out of 50 elements, only one had the same name as what was in their "developer documents"
In another integration we were given "Server Error 402". -- This one was NOT a payment gateway. Although never referenced in their doc's, apparently that message meant that a JSON parameter was missing. Incidentally, it was a parameter not referenced in their docs and again required time with their developer to identify it.
In both of the above cases it would have been incredibly helpful if the error message had responded with an example of a valid document post. Similar to how the old Unix/DOS commands would come back with the help info when you passed bad parameters. I really don't want to talk to other programmers. I know their time is expensive and they would much rather do something other than answer a support call; but more to the point, if I'm working at 10:00PM and need an answer RFN then waiting until a programmer can get on the phone the next day is rarely an option.

Usually it is considered insecure to print out PHP system error messages on a production server instead of silently logging it.
Though I can't find anything dangerous in the generic apologies page.

Send email when any error occurs in CakePHP

I am using CakePHP in PHP development. I have set my debug mode to 0 in core.php file.
Configure::write('debug', 1);
This setting will not show any error on site. So the user/developer will not be able to see errors. Thant's why I want to make something that will send me an email with error title and error code like Warning message, notice(8): like error messages. So that if error occurs, it wouldn't be ignored.
Thanks.

If you get an email every time an error occurs, you will be flooded until the error is fixed which is probably not very efficient or productive.
You could write an error emailing system with throttle control, where as soon as each error is raised from CakePHP it is placed in a database (perhaps keyed on md5(errortext)) and emailed immediately to whoever is interested. Then, next time the exact same error is encountered, the system will see that it's already in the database (same md5) and not email it again.
Also, can't CakePHP be configured to log the errors to a log file? Then you can check that for errors, either manually or via something like logcheck, which will run in a frequent schedule, check the CakePHP logfile for specific errors, and email out a summary if any new ones are found.

I think you could achieve this goal by overriding PHP's default error handler. The relevant PHP manual page: http://php.net/manual/en/function.set-error-handler.php
Basically, you'd just define a function (and tell your script to call that function on an error). Your definition needs to appropriately return false or die() on an error (otherwise the script will continue to execute). However, in that function you would be able to make a call to send emails.
Note that if you're doing it within CakePHP you may need to pass the current object as a parameter, otherwise it's likely that error handler you define won't tie in nicely with the other cake object stuff.

I'm just about to release an open source project that does this, and more. It collects errors, sends them to an issue tracker, detects duplicates, turns them into issues and emails staff.
Details are at https://sourceforge.net/news/?group_id=317819&id=293422 and the version 0.1.7 it mentions is due out in a couple of days.
The open source tracker is at http://elastik.sourceforge.net/
Any feedback welcome, Thanks

Error Handling in Model (MVC)

I was wondering what the excepted standard is for handling errors in the Model.
Currently I have 'setError' and 'getError' methods that's in use by all my Models.
This means I'm only concerned with whether a call to a method in my Model is true or false. If it's false then I would use $this->model->getError() in my Controller.
Additionally I'm contemplating setting up a separate file that contains all my errors. One file per model, also wanted to have thoughts on this.

A simpler solution would be to use exceptions.
When an error occurs that would be something you display to a user, throw a special kind of an exception - perhaps named UserError. The exception should contain the text of the error message when you throw it. These kinds of errors are features which provide users with useful information (i.e. they attempted to delete something that did not exist - which can happen when they have multiple browsers open, etc.)
e.g.:
throw new UserError("That object no longer exists.");
When an error occurs that you want to hide from the user, throw a different kind of exception, perhaps named InternalError. You would want to log this and allow the program to continue, so the specific error is hidden from the user. If it prevents something from happening, you might want to throw up a generic error message. These would be bugs and you want to fix them as soon as possible.
e.g.:
throw new InternalError("Failed to connect to remote service");
All of the error messages can be stored (hard-coded) in the source where the exception is thrown. This is not necessarily a bad design practice - if you use a tool like gettext, you can easily translate all of these messages.

I've been using log4j and log4cxx and logging to a syslogd. Kiwi is a simple Win32 syslogger that will track your log messages and save them to a file. Log4j / Log4cxx have configuration files that you can use to setup all your log levels or log message destinations (you can log to multiple places).
It takes so little effort to setup and use, and it works like a charm.
I haven't tried out log4php myself.
Exceptions are good when you no longer want your program to continue executing. Catch exceptions at a high level where you can accept the fall-out of failed executions.

Review the NerdDinner tutorial on how to create validation routines before making a final decision:
http://nerddinnerbook.s3.amazonaws.com/Part3.htm
The Validation part is about 2/3 of the way down the page.