Login log - Log successful login attempts
 

Hi,

This plugin will allow you to log all successful login attempts of all users.
This can be useful to see if users share their account or if the account of someone got hijacked. Usernames and IP addresses can be clicked.

It will log the following
- Userid
- Username
- IP
- ISP (Internet Service Provider)
- Country
- HTTP user agent

Settings:
- Enable/disable the product.
- Exclude usergroups from being logged.
- Purge the logs.

Picture
https://vborg.vbsupport.ru/attachmen...1&d=1401289428

Installation
1. Download the .zip file specified.
2. Upload the contents of the upload folder to the root of your forum.
3. Import the product with the .xml file in the import folder.

Note
The script will log using the current time on the server, in case there's a difference between the server time and your local computer time, you can change the offset in the loginlog.php script on line 12.

Also keep in mind that the country and/or ISP resolving might not be 100% accurate and that it might show no value in the logs.

Credits
Telize.com its API is being used to get the ISP and country off the IP address.

Let me know if it works well. :)


Changelog
11 June 2014 V4: Added the table_prefix global to the login hook.
5 June 2014 V3: Fixed searching only showing the last 25 entries. Pagination will now work as intended.
30 May 2014 V2: Changed hook location, added enable/disable setting and a setting to exclude usergroups.
28 May 2014 V1: Fixed a little mistake with the filter.

Thanks for sharing. :)

Looks good but you may want to fix the double user sessions being logged. Mobile/Tapatalk seem to cause a lot of trouble and tripple actions.

Hmm weird, I looked at the PHP code of Tapatalk but I'm unsure what's causing it.
I use the login_process hook, which is defined as "creates new session once $vbulletin->userinfo has been set to the newly logged in user".

Could you change the hook at the plugin manager to login_verify_success instead of login_process, see if that works? I can't test that myself as I don't have Tapatalk installed.

Can you target this for specific usergroups?

Will add this feature, keep an eye on this thread.

I updated the plugin.
Changed hook location, added enable/disable setting and a setting to exclude usergroups.

thank you

Could you also get it to log all actions for admins in a more advanced way? Also thanks for the update.

Could you elaborate this?

When you 'filter' someone (eg, a userID or username) it only shows a single page of results and hiding the rest with no next page, etc. Might be a slight bug/issue.

Working on this! Can expect an update soon.

5 June 2014: Fixed searching only showing the last 25 entries. Pagination will now work as intended.

In case you have this product installed already, you only have to replace the loginlog.php file in the admincp folder.

I've installed on 2 different test servers both which have a prefix for all the vbulletin tables of "vb_"

When importing the product it creates the loginlog table with the correct "vb_loginlog" name
but when trying to login afterwards using the "login.php" - it gets an error because it's not adding the prefix of "vb_"
ie:
Table 'mydbname.loginlog' doesn't exist

It should be using mydbname.vb_loginlog

Hope this makes sense :)

Oops forgot about that. Fixed in V4, now available to download.

With the v4 update can now login without error and view the log
but when purging the log it shows error

also when viewing log and filter on "userid" but leave the search term blank
it shows error

Could you give me the errors? It's kind of a guess game now? :P

When purging the log it doesn't show much even with debugging enabled
=========================================

Database error in vBulletin 4.2.0:

Invalid SQL:
;

MySQL Error :
Error Number : 0
Script : http://.../admincp/loginlog.php?do=purgenow
Referrer : http://.../admincp/loginlog.php?do=purge

Classname : vB_Database
MySQL Version :

Stack Trace:
#0 vB_Database->halt() called in [path]/includes/class_core.php on line 426
#1 vB_Database->execute_query() called in [path]/admincp/loginlog.php on line 41

=========================================
=========================================

Though when filtering on the blank userid it does give this for an error:

Database error in vBulletin 4.2.0:

Invalid SQL:
SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user b ON a.userid = b.userid WHERE a.userid = ORDER BY a.id DESC LIMIT 0,25;

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY a.id DESC LIMIT 0,25' at line 1
Error Number : 1064

Script : http://.../admincp/loginlog.php?do=&value=&type=1
Referrer : http://.../admincp/loginlog.php?do=&value=192&type=1

Classname : vB_Database
MySQL Version : 5.0.95-log

Stack Trace:
#0 vB_Database->halt() called in [path]/includes/class_core.php on line 426
#1 vB_Database->execute_query() called in [path]/includes/class_core.php on line 459
#2 vB_Database->query_read() called in [path]/admincp/loginlog.php on line 83

============================================

EDIT:
noticed all the other blank queries work but they use "LIKE" instead of "=":

SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user b ON a.userid = b.userid WHERE b.username LIKE '%%' ORDER BY a.id DESC LIMIT 0,25

SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user b ON a.userid = b.userid WHERE a.ip LIKE '%%' ORDER BY a.id DESC LIMIT 0,25

SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user
b ON a.userid = b.userid WHERE a.loginstamp LIKE '%%' ORDER BY a.id DESC LIMIT 0,25

SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user
b ON a.userid = b.userid WHERE a.isp LIKE '%%' ORDER BY a.id DESC LIMIT 0,25

SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user
b ON a.userid = b.userid WHERE a.country LIKE '%%' ORDER BY a.id DESC LIMIT 0,25

SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user
b ON a.userid = b.userid WHERE a.browser LIKE '%%' ORDER BY a.id DESC LIMIT 0,25

=====================
EDIT2:
When filling in the userid filter with a number it does work though :
SELECT a.userid, b.username, a.loginstamp, a.ip, a.isp, a.country, a.browser FROM vb_loginlog a INNER JOIN vb_user
b ON a.userid = b.userid WHERE a.userid = 1 ORDER BY a.id DESC LIMIT 0,25

Hello, Cloudflare... Is a problem. If i use cloudflare it will display cloudflare IP's. Can you fix this?

Does your MySQL user have access to the TRUNCATE function?
The query itself is correct to truncate the table.

I will fix the other error if you search for nothing, although it doesn't have any priority.

Please refer to https://support.cloudflare.com/hc/en...ith-vBulletin-

hmm ... not sure exactly how to check access to the truncate function
but running 'show grants' from the mysql command line for the user says:
GRANT ALL PRIVILEGES ON ...WITH GRANT OPTION

===============================
EDIT
running this manually from command line worked :
TRUNCATE vb_loginlog;

but using the loginlog control panel purge function just gives the first error above - like it's not getting any input

I changed loginlog.php to use "query_write" vs. "execute_query" and it seems to work now
not sure if this is proper way to use it though ...i'm only a former sysadmin and not much of a programmer:)

$db->query_write("TRUNCATE TABLE " . TABLE_PREFIX . "loginlog");

Already did that sir, Still shows cloudflare IP's.

I've altered the loginlog plugin so it logs in mostly all places on the forums (forumhome/forumdisplay), but after a while the loginlog.php is taking ages to load. Is there a way that this system logs on all pages, and "only" logs new information of a user when either the browser OR ip of that user has changed?

Yea that is possible. A matter of selecting the latest record of the user and compare the IP/browser with the current one, then if there's a mismatch you just log the entry.

Very nice I will be installing :)

Got some ideas :)
It would be great if it could detect ip & create a thread.
Auto prune ips would be nice with option how many days it prunes.

I do not trust any external content, can you make a version without it please? Thank you.

It makes a call to a third party API to get certain information about the IP address such as the ISP/country, etc. I'm not going to make it dependent of nginx/Apache modules so sorry, it will remain as it is. But really, it's no big deal.

Most of the time, it may not be big deal indeed, but it's a different story on privacy aware websites. That would violate our current privacy policy.

The API I use is open-source so you could simply integrate it on your own server and change the API URL I call in the script to your own local URL. https://github.com/fcambus/telize

How do i give full access to this product to a s-mod?

Unfortunately it's only accessible in the admincp.

thanks! good to know :-)

Looks like telize.com no longer exists so this is now preventing logins to my site and my administrative area. Anyone know how to disable it from the database level directly?

Update: I went into the file that throws the error/warning about cookies and commented out the line that contains the eval() (line 204 of my functions_login.php). Logged into the administrative panel. Disabled the mod. Re-added the code I commented out. Hope that helps someone else.

Thanks!

That's weird, the site still seems online to me. Maybe it was down for a little bit?

good for the security

Getting this database error after a login from a certain member:

It's the same member, and a database error happens for each login attempt. Is it the case that if a member fails in trying to login that this database error happens?

I uploaded a new version which should fix that.

Hi, im getting this error after i installed php 5.5:

in /home/********/public_html/includes/functions_login.php(204) : eval()'d code on line 102
[13-Jan-2016 05:37:04 UTC] PHP Warning: file_get_contents(http://www.telize.com/geoip/***.4.219.***): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found

What could be the problem? greetings.

Telize have a notice on the front page of their site that they have shut down the public API, that is probably the cause.