just move

to below

but why would you want to log successful logins instead of failed ones?

Hi PPN, first of all, great hack.

I needed a hack to log ALL the logins of my users, failed and successful ones. A few of my users have reported stolen passwords and I couldn't tell them WHEN during the week they logged on, but just the LAST login. So I was looking for a logging hack.

I took yours and I made some modifications:

In this way I can log TWO TYPES of FAILED LOGINS, and all the successful logins too. I added two fields to the database.

It works, now I only have to modify your control panel for the hack to query all the fields etc.

The only thing that I don't like is that if users have set automatic login via cookies their successful logins aren't logged (haven't tried with unsuccessful logins via cookie). So I was thinking about DISABLING automatic login via cookies, just to have complete control over the logins. We have had a supermoderator whose pw was stolen by an admin of a 2.0.3 vB forum. I'm very angry so I want to extend the logging features of vB in order to prevent this from happening.

I hope you like these ideas, you could also make it an option WHAT TO LOG (failure, successful and both).

Could you also give me a hint on the BEST way to disable the automatic login via cookie for ALL my users, prevent them from changing that option and to delete the cookie?

Thanks man, you've made a great job and if you make these modifications your hack will be GREAT. Like an OS event logging system. ;)

[QUOTE]Originally posted by PPN
but why would you want to log successful logins instead of failed ones?

Installed it and works well, thanks for it!

I installed it works fine but doesnt work fine for usernames with characters of /\

I have a user who has username /\

It gives a server error when the person logs in without the right password ... Ive tried other usernames, they all work fine !

do u know whats wrong ?

thanks ;)

that would be my bad :D

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."')");

should be

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '".addslashes($username)."', '$password', '$user[userid]', '".time()."')");

good idea for a hack i would have never thought of it

@ PPN, first of all, THX for the hack ! :)

when I search only for a ip address I get this error:

Invalid SQL: SELECT loginid,username,password,ip,userid,FROM_UNIXTIME( atime) as atime
FROM loginlog WHERE 1=1 AND INSTR(LCASE(ipaddress),'212.186.39.196')>0
ORDER BY username LIMIT 0,300 mysql error: Unbekanntes Tabellenfeld 'ipaddress' in where clause.

mysql error number: 1054


I cange in loginlog.php line 170-171 from:

if ($aipaddress!="") {
$condition.=" AND INSTR(LCASE(ipaddress),'".addslashes(strtolower($a ipaddress))."')>0";

to this:

if ($aipaddress!="") {
$condition.=" AND INSTR(LCASE(ip),'".addslashes(strtolower($aipaddre ss))."')>0";

You think that OK ?? because im not a SQL expert ! :rolleyes:

Wolfgang :)

ok will update it again now thanks for pointing that out Wolfgang

Where is the latest version of this hack ?

cheers !