Failed Login Logging

This is a hack that was suggested by paulomt1, all it does is log failed logins and stores them in a table. An admin can then look at the failed logins in the admin panel, searching based on ip, username, password or date. They can also prune the old logs to save space.

You will be required to create a table this can be done via phpmyAdmin or the hack by Firefly which allows you to run queries via the admin panel. You then have to edit member.php to add the query to insert the failed login information and /admin/index.php to add the links to the loginlog.php file.

Updated 25th November 2001 @ 22:15

Added additions suggested by Mike to the file. Instructions on how to upgrade from the pervious version of this hack is included within install.txt, you will need to run 2 sql queries to adjust the table, adjust the line in member.php and upload loginlog.php again to complete the upgrade.

Scott

[Dixiemill]

I'm trying to keep my database lean... I want to clear the failed attempts when the login is successful.. I keep getting "parse errors" any help here would be hot.

I've modified Axel Foley's code for successful logins to:

// HACK: Login Log (Successful login)
$DB_site->query("DELETE FROM loginlog WHERE userid='$user[userid]'");
// HACK: Login Log (Successful login)

Thanks in advance for the help.
[edit]: corrected spelling mistakes
[edit]: :ermm: I was missing the "$" in "$DB_site". Problem solved.

[veedee]

I'm runing 2.2.4, would this still work?

[musicfreak12399]

great hack.. Just installed on 2.2.6 and works great. Very easy to install... great instructions

Good hack!

Thanks

[veedee]

This works on 2.2.6 indeedy

[ModshackUK]

Parse error: parse error in /home/www/shack/html/forums/member.php on line 110

I keep getting this error when I try to log out of my forums.

Any ideas why

Running php4 vB2.2.6

HM

[Night Owl]

I am getting that error too.

[dwh]

[QUOTE]Originally posted by PPN
that would be my bad

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."')");

should be

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '".addslashes($username)."', '$password', '$user[userid]', '".time()."')");

[Bison]

Oops! (spoke too fast!)

"Houston, we have a problem!"

Getting parse errors by the second ...

I pasted this into the member.php:

PHP Code:

            if ($user['password']!=md5($password)) {  // check password
                  // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGPW')");
        // HACK: Login Log (Failed login)

        eval("standarderror("".gettemplate("error_wrongpassword")."");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGUSER')");
        // HACK: Login Log (Failed login)

        eval("standarderror("".gettemplate("error_wrongusername")."");");
        exit;
    }

    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login)
        eval("standarderror("".gettemplate("error_wrongpassword")."");");
        exit;
      } 


Now getting parse errors on LINE#135 in member.php after loggin out AND checking a members profile:

PHP Code:

    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login)
        eval("standarderror("".gettemplate("error_wrongpassword")."");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered
      eval("standarderror("".gettemplate("error_wrongusername")."");");
      exit;
    }

    if ($user['cookieuser']==1) {
      vbsetcookie("bbuserid",$user['userid']);
      vbsetcookie("bbpassword",$user['password']);
    }

    $DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'");

    $session['sessionhash']=md5(uniqid(microtime()));
    $session['dbsessionhash']=$session['sessionhash'];
    $DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','".intval($userid)."','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')");
    vbsetcookie("sessionhash",$session['sessionhash'],0);
    $username = $user['username'];
   } 


<--- Line# 135 is End Bracket ABOVE


Anyone know why?

[Bison]

[QUOTE]Originally posted by ModshackUK
Parse error: parse error in /home/www/shack/html/forums/member.php on line 110

I keep getting this error when I try to log out of my forums.

Any ideas why

Running php4 vB2.2.6

HM

[Logician]

just a quick note: The hack works flawlessly in 2.2.9..

Very useful expecially for boards with paid membership..

Thx for sharing..