vb.org Archive - Administrative and Maintenance Tools

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)

- - Administrative and Maintenance Tools - Log Logins Hack (https://vborg.vbsupport.ru/showthread.php?t=124907)

Quote:

Originally Posted by Abe1

This hack only logs when someone uses a username and password. Every time a user goes from one page to another they use a cookie.

I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:

PHP Code:


		
			
// or maybe we can use a cookie..

if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))

{

    

    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);

    $userinfo = fetch_userinfo($userid, $useroptions, $languageid);



    if (md5($userinfo['password'] . COOKIE_SALT) == $password)

    {

        $gotsession = true;



        // combination is valid

I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.

Quote:

Originally Posted by serg472

I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:

PHP Code:


		
			
// or maybe we can use a cookie..

if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))

{

    

    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);

    $userinfo = fetch_userinfo($userid, $useroptions, $languageid);



    if (md5($userinfo['password'] . COOKIE_SALT) == $password)

    {

        $gotsession = true;



        // combination is valid

I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.

Session if you have the session in the url becuase you are a guest or have cookies disabled. Other wise you would use cookies.

When you go from page to page they try to read a session (from url or cookies), if it exists then they associate user with this session. Only if it doesnt exist they try to authenticate user from the cookie as you can see in that part of the code. This is the place where log function can be placed and it will log cookie authorizations (it is not reading sessions).

Anyway, I think I will just go ahead and make the required changes.

Quick solution for those who want this mod to log cookie logins as well (UNOFFICIAL, UNSUPPORTED, USE AT YOUR OWN RISK etc.).

The only minor issue after the following modification is that when user logs in using a standart login form it will log this twice - as a standart login and a cookie login. I don't want to modify this hack too much, so I left it as it is.

1. Open product-log_logins.xml and find:

PHP Code:


		
			
<phrase name="reg_login" date="0" username="" version=""><![CDATA[Standard]]></phrase>

add below:

PHP Code:


		
			
<phrase name="cookie_login" date="0" username="" version=""><![CDATA[Cookie]]></phrase>

2. Open loginlog.php and find:

PHP Code:


		
			
else if ($log['logintype'] == 'modcplogin')

{

    $log['logintype'] = $vbphrase['mod_login'];

}

add below:

PHP Code:


		
			
else if ($log['logintype'] == 'cookie')

{

    $log['logintype'] = $vbphrase['cookie_login'];

}

3. Open includes/class_core.php and find:

PHP Code:


		
			
// or maybe we can use a cookie..

if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))

{

    

    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);

    $userinfo = fetch_userinfo($userid, $useroptions, $languageid);



    if (md5($userinfo['password'] . COOKIE_SALT) == $password)

    {

        $gotsession = true;

        

        



        // combination is valid

        if (!empty($session['sessionhash']))

        {

            // old session still exists; kill it

            $db->shutdown_query("

                DELETE FROM " . TABLE_PREFIX . "session

                WHERE sessionhash = '" . $this->registry->db->escape_string($session['sessionhash']). "'

            ");

        }



        $this->vars = $this->fetch_session($userinfo['userid']);

        $this->created = true;



        $this->userinfo =& $userinfo;

add below:

PHP Code:


		
			
//LOGINS HACK - START

$db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . $this->userinfo['userid'] . ", '" . $db->escape_string($this->userinfo['username']) . "', '" . $db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'cookie')");

//LOGINS HACK - END

4. Reinstall product.

Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.

Quote:

Originally Posted by mIRCnet

An error login is not a login.

Quote:

Originally Posted by Abe1

An error login is not a login.

Yep,
I remember before there was a hack which sends an e-mail to the admin if some one try to access the AdminCP this e-mail have the user name, password and also the ip address which was used to access it.
So if the admin was able to track error login tries he will be able to warn the user and so on to reduce the ability of stolen user names.

vBulletin has a way to log all failed logins to a log file. It is in admincp->vBulletin Options->Error Handling & Logging->Log Failed Admin Control Panel Logins to a File

Useful hack.
Thankyou. :)

Quote:

Originally Posted by Abe1

Not sure your question.

Ill try to explain it better.

At my website www.myurl.com/forum I have a vbulletin forum. Members can log in from there. But they visit the website www.myurl.com itself a lot. So on the mainpage www.myurl.com/index.html I would like to have the option that members of the forum be able to log in from the mainpage the www.myurl.com/index.htm :)

Now I got it to work that people who are a member of the forum can log in on the mainpage www.myurl.com/index.html but only one problem there that I don't know how to fix. So the problem is this :

When a member visits the mainpage, he wants to log in to the forums. He logs in ( you get the vbulletin message that you are logged in) but you stay at the mainpage. So you log in on the www.myurl.com/index.html, the logging in part works, but it doesn't bring you to the www.myurl.com/forum. You just stay at the www.myurl.com/index.html

What I want :

mainpage (index.html) > log in > leads to forum

What the problem is :

mainpage (index.html) > log in > mainpage (index.html)

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (8)bbcode_php_printable (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02234 seconds Memory Usage 1,792KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (8)bbcode_php_printable (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: