vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   Failed Login Logging (https://vborg.vbsupport.ru/showthread.php?t=32639)

haas 02-02-2002 10:50 PM
Seems to be a really good hack. Installing :)

GOD-Dblade 04-16-2002 09:51 PM
bad ass hack...works with 2.2.5 :)

GOD-Dblade 04-16-2002 09:55 PM
well maybe not.....i tried logging into a account with a fake pass and all says is Showing record of 1 to 0 of 0

wooolF[RM] 04-17-2002 09:37 AM
]Admin CP -> Login Failures -> View -> List all failed logins ->
Code:
Database error in vBulletin Control Panel 2.2.4:

Invalid SQL: SELECT loginid,username,password,ip,userid,FROM_UNIXTIME(atime) as atime FROM loginlog WHERE 1=1 ORDER BY username  LIMIT 0,99999999
mysql error: Table 'mpc.loginlog'  doesn't exist

mysql error number: 1146

Date: Wednesday 17th of April 2002 12:29:58 PM
Script: http://www.mysite.com/forum/forum/admin/loginlog.php?s=&action=find
Referer: http://www.mysite.com/forum/admin/lo...tion=modify&s=
1) Why does it look after 'mpc.loginlog' table and not loginlog table? my main database called mpc, table called loginlog. I can't understand why it mixes these two
2) Why does it point to "http://www.mysite.com/forum/forum"? Can u see it? Forum stays 2 times... :(

I have done everything after instruction and double checked it... :(

wooolF[RM] 04-17-2002 09:45 AM
]I have also tried to run this query:
Code:
CREATE TABLE mpc.loginlog  (
  loginid int(10) unsigned NOT NULL auto_increment,
  ip varchar(20) NOT NULL default '',
  username varchar(50) NOT NULL default '',
  password varchar(50) NOT NULL default '',
  userid int(10) unsigned NOT NULL default '0',
  atime int(10) unsigned NOT NULL default '0',
  KEY id (loginid)
);
but got next error:
Code:
Error

SQL-query : 

CREATE TABLE mpc.loginlog (
  loginid int(10) unsigned NOT NULL auto_increment,
  ip varchar(20) NOT NULL default '',
  username varchar(50) NOT NULL default '',
  password varchar(50) NOT NULL default '',
  userid int(10) unsigned NOT NULL default '0',
  atime int(10) unsigned NOT NULL default '0',
  KEY id (loginid)
)

MySQL said:


Table 'loginlog' already exists
This sounds weird... First it says it doesn't exist, then it exist... hmmm. Please help

James5mith 04-17-2002 06:57 PM
Btw....
Axel,

Couldn't you also include one additional field similar to the others below the next section of the member.php? The part where it says cookie login? I mean in order to log people returning to the boards who are browsing with cookies?

I'm installing PPN's hack now, and making your modifications, Axel. I will let you all know how it works out.

James5mith 04-17-2002 07:46 PM
[QUOTE]Originally posted by Axel Foley
In this way I can log TWO TYPES of FAILED LOGINS, and all the successful logins too. I added two fields to the database.

Scott MacVicar 04-17-2002 10:01 PM
thats an unusual error for the table, its there but its not there for vB? What version of php and mysql are you running?

wooolF[RM] 04-17-2002 10:27 PM
]Server Type
Linux / PHP v4.1.2-hostdemon Safe Mode

MySQL
v3.23.36

vBB
2.2.4

( https://vborg.vbsupport.ru/showthrea...604#post241604 ) = (my problem, this thread, post 44)

GOD-Dblade 04-17-2002 10:43 PM
edit

wooolF[RM] 04-17-2002 10:46 PM
][QUOTE]Originally posted by GOD-Dblade
edit

James5mith 04-18-2002 01:16 AM
To everyone who uses this hack:

This is the first time I've done anything like this, so I don't know the proper prodecure.

I have taken PPN's hack, and Axel Foley's modification, and installed them on my boards. Since I am inherently lazy, I wanted quicklinks to all the most common fields you would look at. The stock loginlog.php script only has three options, view all, view recent, and view last 24 hours.

I've modified the code to incorporate some additional features:

https://vborg.vbsupport.ru/external/2002/04/1.jpg

To be noted is that as the code stands now, all of my searches are returned by default as atime sorted descending (so that the most recent instances appear first in the list). This is something that can easily be remedied by removing the &direction=DESC modifiers on the quicklinks.

The stock loginlog.php script defines a blank sort field to default to username, I simply changed it to atime.

The search options down at the bottom have been modified from datefailed to atime (for the time sort function) since datefailed wasn't working for me.

I haven't tested the pruning functions, so if anyone would like to, please let me know if I have screwed up anything in the process of doing this.

Again, I would like to thank PPN and Axel for their hard work in getting this hack to not only function, but to be robustly featured as well. Thanks to both of you.

As a final note, Axel: I am thinking about testing inserting yet another one of your hack fields after the cookie login, to try and see if that will work for logging people returning with cookies.

trainer 04-18-2002 06:32 PM
[QUOTE]Originally posted by Axel Foley
Hi PPN, first of all, great hack.

I needed a hack to log ALL the logins of my users, failed and successful ones. A few of my users have reported stolen passwords and I couldn't tell them WHEN during the week they logged on, but just the LAST login. So I was looking for a logging hack.

I took yours and I made some modifications:

PHP Code:
      if ($user['password']!=md5($password)) {  // check password

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGPW')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGUSER')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
        exit;
    }

    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login) 
In this way I can log TWO TYPES of FAILED LOGINS, and all the successful logins too. I added two fields to the database.

It works, now I only have to modify your control panel for the hack to query all the fields etc.

The only thing that I don't like is that if users have set automatic login via cookies their successful logins aren't logged (haven't tried with unsuccessful logins via cookie). So I was thinking about DISABLING automatic login via cookies, just to have complete control over the logins. We have had a supermoderator whose pw was stolen by an admin of a 2.0.3 vB forum. I'm very angry so I want to extend the logging features of vB in order to prevent this from happening.

I hope you like these ideas, you could also make it an option WHAT TO LOG (failure, successful and both).

Could you also give me a hint on the BEST way to disable the automatic login via cookie for ALL my users, prevent them from changing that option and to delete the cookie?

Thanks man, you've made a great job and if you make these modifications your hack will be GREAT. Like an OS event logging system. ;)

James5mith 04-19-2002 09:43 PM
[QUOTE]Originally posted by trainer


how do i add this? what do i have to change in the database?

chazman 04-19-2002 11:00 PM
Those instructions for adding the fields will work in MyPHPAdmin but they won't work of course if you wanted to add the fields via a MYSQL Query. I tried figuring out what the query command would be and couldn't figure it out. Probably an insert into command though.

To give credit where credit is due. This has become a great hack with the added modifications. The passwords are right out in the open now with this hack. Despite 2.2.5's encryption. This is because we are looking at what is entered as a password and logging it regardless the success of the login or not.

Needed addition is still the cookie logon modification. Once that is done you can pretty much build a query to find anything out about the logon sequence.

If anyone can post that mod I would appreciate it.

Chazman

Attched are the modifications by Axel, and James .. Thanks PPN

wooolF[RM] 04-20-2002 08:46 PM
]( https://vborg.vbsupport.ru/showthrea...604#post241604 ) = (my problem, this thread, post 44) :(

Ayame 04-21-2002 07:33 PM
lol, I feel mightily clueless at the moment. I followed the instructions in the zip to a T (several times, actually) and I keep coming up with a blank screen when I click either option under Failed Logins.

I'm running vb 2.2.5 with the .php3 extensions. (The extension doesn't matter, does it?)

Help would be much appreciated.

chazman 04-22-2002 01:19 PM
Actually I think it matters a great deal. PHP3 and PHP (4) don't mix. These pages and links were written in PHP4

Chazman

You might get them to work with some manual mods though. You would have to start by replacing every php with a php3. I am just guessing. I didn't write these so I couldn't tell you for sure.

James5mith 04-22-2002 03:52 PM
[QUOTE]Originally posted by chazman

Needed addition is still the cookie logon modification. Once that is done you can pretty much build a query to find anything out about the logon sequence.

Chazman

chazman 04-23-2002 04:59 PM
my last 24 hour login query from the quicklink is not working correctly. There might be something wrong with that quicklink in James' Mod.

Anyone else notice this.

Anyone else using this?

chazman

Dixiemill 04-24-2002 02:58 AM
I'm trying to keep my database lean... I want to clear the failed attempts when the login is successful.. I keep getting "parse errors" any help here would be hot.

I've modified Axel Foley's code for successful logins to:

// HACK: Login Log (Successful login)
$DB_site->query("DELETE FROM loginlog WHERE userid='$user[userid]'");
// HACK: Login Log (Successful login)

Thanks in advance for the help.
[edit]: corrected spelling mistakes
[edit]: :ermm: I was missing the "$" in "$DB_site". Problem solved.

veedee 07-18-2002 11:38 AM
I'm runing 2.2.4, would this still work?

musicfreak12399 07-22-2002 04:33 PM
great hack.. Just installed on 2.2.6 and works great. Very easy to install... great instructions

Good hack!

Thanks

veedee 07-22-2002 05:38 PM
This works on 2.2.6 indeedy :D

ModshackUK 07-22-2002 11:05 PM
Parse error: parse error in /home/www/shack/html/forums/member.php on line 110

I keep getting this error when I try to log out of my forums.

Any ideas why

Running php4 vB2.2.6

HM

Night Owl 07-29-2002 04:20 AM
I am getting that error too.

dwh 09-05-2002 08:10 AM
[QUOTE]Originally posted by PPN
that would be my bad :D

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."')");

should be

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '".addslashes($username)."', '$password', '$user[userid]', '".time()."')");

Bison 10-07-2002 10:39 PM
Oops! (spoke too fast!)

"Houston, we have a problem!"

Getting parse errors by the second ...

I pasted this into the member.php:

PHP Code:
            if ($user['password']!=md5($password)) {  // check password
                  // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGPW')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGUSER')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
        exit;
    }

    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login)
        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      } 
Now getting parse errors on LINE#135 in member.php after loggin out AND checking a members profile:

PHP Code:
    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login)
        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered
      eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
      exit;
    }

    if ($user['cookieuser']==1) {
      vbsetcookie("bbuserid",$user['userid']);
      vbsetcookie("bbpassword",$user['password']);
    }

    $DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'");

    $session['sessionhash']=md5(uniqid(microtime()));
    $session['dbsessionhash']=$session['sessionhash'];
    $DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','".intval($userid)."','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')");
    vbsetcookie("sessionhash",$session['sessionhash'],0);
    $username $user['username'];
   } 
<--- Line# 135 is End Bracket ABOVE


Anyone know why?

Bison 10-08-2002 12:54 AM
[QUOTE]Originally posted by ModshackUK
Parse error: parse error in /home/www/shack/html/forums/member.php on line 110

I keep getting this error when I try to log out of my forums.

Any ideas why

Running php4 vB2.2.6

HM

Logician 12-05-2002 12:12 PM
just a quick note: The hack works flawlessly in 2.2.9..

Very useful expecially for boards with paid membership..

Thx for sharing..

Talisman 12-05-2002 03:12 PM
Installed. Thank you, Scott, this is a very nice hack..... works perfectly.

Raptor 12-30-2002 03:54 PM
how to include the users email address in the log listings ?

also is it possible to have the script NOT log if there is a duplicate entry (otherwise you tend to get hundreds of each user)

these two mods I'd really like on this great hack

Beams 01-06-2003 10:26 AM
After light of another forum using members/mods passwords to access our forum i wondered if a addition could be added to this hack.

When there is a fail login could a email automatically be sent to the members email address quoting the password, time and ip address and a request link to change there password??

If not would it be possible to automatically email the member a new random password?

This would give less chance to anyone trying to hack a members account and could resolve the issue we have at the moment.

thanks

Beams :D

MDS_Admin 01-09-2003 08:41 PM
The IP for everyone is coming up as my own site's domain name.

Ideas?

drews 01-10-2003 08:34 PM
This would be great if the user that tried was trying to login, if he/she got a PM saying someone was trying to login with his/her username. Just so they know that they should do something about it, or whatever.

GOD-Dblade 01-14-2003 10:21 PM
works perfect on 2.2.9 :P

sebastien69 01-16-2003 09:16 AM
I installed correctly and it works fine but a suggest....

I dislike the showing users password in the cp
Why ?? Look at the user table in db the password are encrypted in md5 but not in your hack your table show password

For an entire security you must delete all that repport to password in this hack before installing ...

Anjoy whith this great hack

ModshackUK 02-14-2003 10:56 AM
Quote:
After light of another forum using members/mods passwords to access our forum i wondered if a addition could be added to this hack.

When there is a fail login could a email automatically be sent to the members email address quoting the password, time and ip address and a request link to change there password??

If not would it be possible to automatically email the member a new random password?

This would give less chance to anyone trying to hack a members account and could resolve the issue we have at the moment.

thanks

Beams :)
LOL

Fkin hypocrite

STOP LOGGING YOUR MEMBERS PASSES BEAMER AND THEN BLAMING OTHER SITES WHEN YOU GET CAUGHT OUT.

Raptor 02-14-2003 11:03 AM
logging members for ellicit means eh beamer ?

tut tut tut ;)

Beams 02-16-2003 08:09 PM
oh what have we here then umm

never been caught logging passwords as we don't do that unlike yourself ;) Not to worry im sure there will proof one day and find its way on to here as well so all can see, then lets see who shouts then mahahaha

oh dear raptor u should know better then believe that sort of thing after all the crap they started with u i guess your forgetting the passed

Beams :D


All times are GMT. The time now is 03:04 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01493 seconds
  • Memory Usage 1,885KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (3)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete