Administrative and Maintenance Tools - Log Logins Hack

Log Logins Hack 2.0

Click here to Nominate this Mod for Mod the Month

About this hack:
This hack will log the userid, username, ipaddress, where the login is, and time all your users log onto your forum.

Installation information on hack:

• Files edited: 0
• Templates edited: 0
• Files to upload via FTP: 2
• Time to install: 1 minute max

Updates:

Version 2.0 (08/25/06):

• First release of this hack for vb3.6.

Please post your comments or suggestions for this hack. I read ALL posts.

MAKE SURE YOU CLICK INSTALL!
You will get an email when a new version is released.

This hack is created for your use free of charge. No payment is requested. However, if you would like to donate money for the work I put in to this hack, a donation would show your appreciation.

[serg472]

Quote:

Originally Posted by Abe1

This hack only logs when someone uses a username and password. Every time a user goes from one page to another they use a cookie.

I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:

PHP Code:

// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
    
    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
    $userinfo = fetch_userinfo($userid, $useroptions, $languageid);

    if (md5($userinfo['password'] . COOKIE_SALT) == $password)
    {
        $gotsession = true;

        // combination is valid 


I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.

[Abe1]

Quote:

Originally Posted by serg472

I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:

PHP Code:

// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
    
    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
    $userinfo = fetch_userinfo($userid, $useroptions, $languageid);

    if (md5($userinfo['password'] . COOKIE_SALT) == $password)
    {
        $gotsession = true;

        // combination is valid 


I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.

Session if you have the session in the url becuase you are a guest or have cookies disabled. Other wise you would use cookies.

[serg472]

When you go from page to page they try to read a session (from url or cookies), if it exists then they associate user with this session. Only if it doesnt exist they try to authenticate user from the cookie as you can see in that part of the code. This is the place where log function can be placed and it will log cookie authorizations (it is not reading sessions).

Anyway, I think I will just go ahead and make the required changes.

[serg472]

Quick solution for those who want this mod to log cookie logins as well (UNOFFICIAL, UNSUPPORTED, USE AT YOUR OWN RISK etc.).

The only minor issue after the following modification is that when user logs in using a standart login form it will log this twice - as a standart login and a cookie login. I don't want to modify this hack too much, so I left it as it is.

1. Open product-log_logins.xml and find:

PHP Code:

<phrase name="reg_login" date="0" username="" version=""><![CDATA[Standard]]></phrase> 


add below:

PHP Code:

<phrase name="cookie_login" date="0" username="" version=""><![CDATA[Cookie]]></phrase> 


2. Open loginlog.php and find:

PHP Code:

else if ($log['logintype'] == 'modcplogin')
{
    $log['logintype'] = $vbphrase['mod_login'];
} 


add below:

PHP Code:

else if ($log['logintype'] == 'cookie')
{
    $log['logintype'] = $vbphrase['cookie_login'];
} 


3. Open includes/class_core.php and find:

PHP Code:

// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
    
    $useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
    $userinfo = fetch_userinfo($userid, $useroptions, $languageid);

    if (md5($userinfo['password'] . COOKIE_SALT) == $password)
    {
        $gotsession = true;
        
        

        // combination is valid
        if (!empty($session['sessionhash']))
        {
            // old session still exists; kill it
            $db->shutdown_query("
                DELETE FROM " . TABLE_PREFIX . "session
                WHERE sessionhash = '" . $this->registry->db->escape_string($session['sessionhash']). "'
            ");
        }

        $this->vars = $this->fetch_session($userinfo['userid']);
        $this->created = true;

        $this->userinfo =& $userinfo; 


add below:

PHP Code:

//LOGINS HACK - START
$db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . $this->userinfo['userid'] . ", '" . $db->escape_string($this->userinfo['username']) . "', '" . $db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'cookie')");
//LOGINS HACK - END 


4. Reinstall product.

[mIRCnet]

Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.

[Abe1]

Quote:

Originally Posted by mIRCnet

Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.

An error login is not a login.

[mIRCnet]

Quote:

Originally Posted by Abe1

An error login is not a login.

Yep,
I remember before there was a hack which sends an e-mail to the admin if some one try to access the AdminCP this e-mail have the user name, password and also the ip address which was used to access it.
So if the admin was able to track error login tries he will be able to warn the user and so on to reduce the ability of stolen user names.

[eclectica]

vBulletin has a way to log all failed logins to a log file. It is in admincp->vBulletin Options->Error Handling & Logging->Log Failed Admin Control Panel Logins to a File

[davelacey]

Useful hack.
Thankyou.

[Lord Zedd]

Quote:

Originally Posted by Abe1

Not sure your question.

Ill try to explain it better.

At my website www.myurl.com/forum I have a vbulletin forum. Members can log in from there. But they visit the website www.myurl.com itself a lot. So on the mainpage www.myurl.com/index.html I would like to have the option that members of the forum be able to log in from the mainpage the www.myurl.com/index.htm

Now I got it to work that people who are a member of the forum can log in on the mainpage www.myurl.com/index.html but only one problem there that I don't know how to fix. So the problem is this :


When a member visits the mainpage, he wants to log in to the forums. He logs in ( you get the vbulletin message that you are logged in) but you stay at the mainpage. So you log in on the www.myurl.com/index.html, the logging in part works, but it doesn't bring you to the www.myurl.com/forum. You just stay at the www.myurl.com/index.html

What I want :

mainpage (index.html) > log in > leads to forum

What the problem is :

mainpage (index.html) > log in > mainpage (index.html)