vb.org Archive
Page 1 of 4 1 23 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Administrative and Maintenance Tools - Log Logins Hack (https://vborg.vbsupport.ru/showthread.php?t=124907)

Abe1 08-24-2006 10:00 PM
Log Logins Hack
 
Log Logins Hack 2.0


About this hack:
This hack will log the userid, username, ipaddress, where the login is, and time all your users log onto your forum.

Installation information on hack:
  • Files edited: 0
  • Templates edited: 0
  • Files to upload via FTP: 2
  • Time to install: 1 minute max

Updates:

Version 2.0 (08/25/06):
  • First release of this hack for vb3.6.
Please post your comments or suggestions for this hack. I read ALL posts.

MAKE SURE YOU CLICK INSTALL!
You will get an email when a new version is released.


This hack is created for your use free of charge. No payment is requested. However, if you would like to donate money for the work I put in to this hack, a donation would show your appreciation.
https://vborg.vbsupport.ru/external/2010/02/12.gif

darkdrowelf 08-25-2006 04:09 PM
cool thank you :-)

Lord Zedd 08-25-2006 04:16 PM
Can this hack be used for the following situation? At the mainsite I would like members be able to log in to the forum and be directed to the forum.

Abe1 08-25-2006 04:24 PM
Quote:
Originally Posted by Lord Zedd
Can this hack be used for the following situation? At the mainsite I would like members be able to log in to the forum and be directed to the forum.
Not sure your question.

eclectica 08-25-2006 04:44 PM
Thanks for the update. I recommend this hack for your site's security so you can see if anyone's account gets hijacked, and also to catch people who have clone accounts.

Where is the log located with this new version? It used to be located in admincp->Statistics & Logs with the older version for vBulletin 3.5.

Abe1 08-25-2006 04:47 PM
Quote:
Originally Posted by eclectica
Thanks for the update. I recommend this hack for your site's security so you can see if anyone's account gets hijacked, and also to catch people who have clone accounts.

Where is the log located with this new version? It used to be located in admincp->Statistics & Logs with the older version for vBulletin 3.5.
There also now.

eclectica 08-25-2006 04:51 PM
I see it now. It didn't show up right away after installing. Maybe you have to refresh your browser window or log out and then back in in order to see it in the admincp.

bashy 08-25-2006 04:57 PM
Although i was using your other 1 for 3.5 i have upgraded it to this 1 now, thanks abe...

Abe1 08-25-2006 05:29 PM
Quote:
Originally Posted by bashy
Although i was using your other 1 for 3.5 i have upgraded it to this 1 now, thanks abe...
The only diff now is that there is version check and a link to this page.

Snake 08-25-2006 05:41 PM
Excellent. Seems to be useful. :)

serg472 08-26-2006 01:08 AM
Is it supposed to log cookie logins as well? I don't see them.

Ajavas 08-26-2006 06:34 AM
I installed this hack as told, but i can't see it . Emptyed the cache and refreshed the page severall times, but it didn't help. :squareeyed:

haddockman 08-26-2006 12:22 PM
Any way of logging guest ips?

eclectica 08-26-2006 01:03 PM
It doesn't log cookie logins.

serg472 08-26-2006 02:32 PM
99% of all logins are cookie logins and they are not logged...

NoKz 08-26-2006 05:28 PM
Awesome, thanks!

Onkel_Tom 08-26-2006 10:28 PM
Great Hack!
Many thanks.
Is it possible to add a function to the hack which allows to search only for logins of a specific IP Address or part of IP?
Also a sort by IP Address would be very nice ;)

Black Tiger 08-26-2006 11:50 PM
I have installed this one and will test it to consider if I will keep it installed. Thanks!

Abe1 08-27-2006 12:13 AM
This hack only logs when someone uses a username and password. Every time a user goes from one page to another they use a cookie.

Abe1 08-27-2006 12:15 AM
Quote:
Originally Posted by Onkel_Tom
Great Hack!
Many thanks.
Is it possible to add a function to the hack which allows to search only for logins of a specific IP Address or part of IP?
Also a sort by IP Address would be very nice ;)
I'll see what I can do.

serg472 08-27-2006 03:46 AM
Quote:
Originally Posted by Abe1
This hack only logs when someone uses a username and password. Every time a user goes from one page to another they use a cookie.
I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:

PHP Code:
// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
    
    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 0) + (defined('AVATAR_ON_NAVBAR') ? 0);
    $userinfo fetch_userinfo($userid$useroptions$languageid);

    if (md5($userinfo['password'] . COOKIE_SALT) == $password)
    {
        $gotsession true;

        // combination is valid 
I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.

Abe1 08-27-2006 12:10 PM
Quote:
Originally Posted by serg472
I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:

PHP Code:
// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
    
    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 0) + (defined('AVATAR_ON_NAVBAR') ? 0);
    $userinfo fetch_userinfo($userid$useroptions$languageid);

    if (md5($userinfo['password'] . COOKIE_SALT) == $password)
    {
        $gotsession true;

        // combination is valid 
I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.
Session if you have the session in the url becuase you are a guest or have cookies disabled. Other wise you would use cookies.

serg472 08-27-2006 04:26 PM
When you go from page to page they try to read a session (from url or cookies), if it exists then they associate user with this session. Only if it doesnt exist they try to authenticate user from the cookie as you can see in that part of the code. This is the place where log function can be placed and it will log cookie authorizations (it is not reading sessions).

Anyway, I think I will just go ahead and make the required changes.

serg472 08-27-2006 07:46 PM
Quick solution for those who want this mod to log cookie logins as well (UNOFFICIAL, UNSUPPORTED, USE AT YOUR OWN RISK etc.).

The only minor issue after the following modification is that when user logs in using a standart login form it will log this twice - as a standart login and a cookie login. I don't want to modify this hack too much, so I left it as it is.

1. Open product-log_logins.xml and find:
PHP Code:
<phrase name="reg_login" date="0" username="" version=""><![CDATA[Standard]]></phrase
add below:
PHP Code:
<phrase name="cookie_login" date="0" username="" version=""><![CDATA[Cookie]]></phrase
2. Open loginlog.php and find:
PHP Code:
else if ($log['logintype'] == 'modcplogin')
{
    $log['logintype'] = $vbphrase['mod_login'];

add below:
PHP Code:
else if ($log['logintype'] == 'cookie')
{
    $log['logintype'] = $vbphrase['cookie_login'];

3. Open includes/class_core.php and find:
PHP Code:
// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
    
    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 0) + (defined('AVATAR_ON_NAVBAR') ? 0);
    $userinfo fetch_userinfo($userid$useroptions$languageid);

    if (md5($userinfo['password'] . COOKIE_SALT) == $password)
    {
        $gotsession true;
        
        

        // combination is valid
        if (!empty($session['sessionhash']))
        {
            // old session still exists; kill it
            $db->shutdown_query("
                DELETE FROM " TABLE_PREFIX "session
                WHERE sessionhash = '" $this->registry->db->escape_string($session['sessionhash']). "'
            ");
        }

        $this->vars $this->fetch_session($userinfo['userid']);
        $this->created true;

        $this->userinfo =& $userinfo
add below:
PHP Code:
//LOGINS HACK - START
$db->query_write("INSERT INTO " TABLE_PREFIX "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" $this->userinfo['userid'] . ", '" $db->escape_string($this->userinfo['username']) . "', '" $db->escape_string(IPADDRESS) . "', " TIMENOW ", 'cookie')");
//LOGINS HACK - END 
4. Reinstall product.

mIRCnet 09-03-2006 03:09 PM
Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.

Abe1 09-05-2006 11:12 PM
Quote:
Originally Posted by mIRCnet
Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.
An error login is not a login.

mIRCnet 09-06-2006 07:33 AM
Quote:
Originally Posted by Abe1
An error login is not a login.
Yep,
I remember before there was a hack which sends an e-mail to the admin if some one try to access the AdminCP this e-mail have the user name, password and also the ip address which was used to access it.
So if the admin was able to track error login tries he will be able to warn the user and so on to reduce the ability of stolen user names.

eclectica 09-06-2006 09:14 PM
vBulletin has a way to log all failed logins to a log file. It is in admincp->vBulletin Options->Error Handling & Logging->Log Failed Admin Control Panel Logins to a File

davelacey 09-06-2006 10:23 PM
Useful hack.
Thankyou. :)

Lord Zedd 09-07-2006 12:19 PM
Quote:
Originally Posted by Abe1
Not sure your question.
Ill try to explain it better.

At my website www.myurl.com/forum I have a vbulletin forum. Members can log in from there. But they visit the website www.myurl.com itself a lot. So on the mainpage www.myurl.com/index.html I would like to have the option that members of the forum be able to log in from the mainpage the www.myurl.com/index.htm :)

Now I got it to work that people who are a member of the forum can log in on the mainpage www.myurl.com/index.html but only one problem there that I don't know how to fix. So the problem is this :


When a member visits the mainpage, he wants to log in to the forums. He logs in ( you get the vbulletin message that you are logged in) but you stay at the mainpage. So you log in on the www.myurl.com/index.html, the logging in part works, but it doesn't bring you to the www.myurl.com/forum. You just stay at the www.myurl.com/index.html

What I want :

mainpage (index.html) > log in > leads to forum

What the problem is :

mainpage (index.html) > log in > mainpage (index.html)

adwade 09-08-2006 01:26 AM
Quote:
Originally Posted by mIRCnet
Yep,
I remember before there was a hack which sends an e-mail to the admin if some one try to access the AdminCP this e-mail have the user name, password and also the ip address which was used to access it.
So if the admin was able to track error login tries he will be able to warn the user and so on to reduce the ability of stolen user names.
S-w-e-e-t! Although the current Admincp will log failed attempts on itself, getting an email is MUCH better. Any idea who did the hack before you're referring to?

AngusMacGyver 09-09-2006 06:38 PM
Quote:
Originally Posted by adwade
S-w-e-e-t! Although the current Admincp will log failed attempts on itself, getting an email is MUCH better. Any idea who did the hack before you're referring to?
I think you are looking for this:
https://vborg.vbsupport.ru/showthread.php?t=96921

cyvok 09-10-2006 01:42 AM
Very, Very useful!! I love it. Thank you!

-CYVOK-

Jamie1 09-10-2006 01:48 PM
Thanks for this dude. Fantastic hack and wll help secruity :)

Abe1 09-13-2006 09:52 PM
Quote:
Originally Posted by Lord Zedd
Ill try to explain it better.

At my website www.myurl.com/forum I have a vbulletin forum. Members can log in from there. But they visit the website www.myurl.com itself a lot. So on the mainpage www.myurl.com/index.html I would like to have the option that members of the forum be able to log in from the mainpage the www.myurl.com/index.htm :)

Now I got it to work that people who are a member of the forum can log in on the mainpage www.myurl.com/index.html but only one problem there that I don't know how to fix. So the problem is this :


When a member visits the mainpage, he wants to log in to the forums. He logs in ( you get the vbulletin message that you are logged in) but you stay at the mainpage. So you log in on the www.myurl.com/index.html, the logging in part works, but it doesn't bring you to the www.myurl.com/forum. You just stay at the www.myurl.com/index.html

What I want :

mainpage (index.html) > log in > leads to forum

What the problem is :

mainpage (index.html) > log in > mainpage (index.html)
i'm dont think this problem is because of this hack.

chet 10-15-2006 08:12 AM
Quote:
Originally Posted by mIRCnet
Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins


.
I also would like to see Error Logins and who tried to log in as who, this way we can see who is trying to hack into accounts

mrkhm 10-18-2006 05:50 AM
nice

dragula_31 11-16-2006 06:02 AM
is it possible to know that 1 username was log by several IP at the same time?

Limerick 11-19-2006 10:52 AM
I feel ashame but I've done everything explained and I don't know where to find the log and/or where to manage this hack. :alien:

Could someone just tell me where to find it ? :confused:

Abe1 11-19-2006 11:48 AM
Quote:
Originally Posted by Limerick (Post 1120695)
I feel ashame but I've done everything explained and I don't know where to find the log and/or where to manage this hack. :alien:

Could someone just tell me where to find it ? :confused:
Look in the screenshots.


All times are GMT. The time now is 06:27 PM.
Page 1 of 4 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01727 seconds
  • Memory Usage 1,872KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (8)bbcode_php_printable
  • (14)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete