Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 2.x > vBulletin 2.x Full Releases
Reload this Page Failed Login Logging
FAQ Community Calendar Today's Posts Search

Reply
Page 4 of 9 « First 23 4 56 Last »
 
Thread Tools
Details »»

Version: , by Scott MacVicar Scott MacVicar is offline
Developer Last Online: Mar 2016 Show Printable Version Email this Page
Version: 2.2.x Rating:
Released: 11-23-2001 Last Update: Never Installs: 41
 
No support by the author.

This is a hack that was suggested by paulomt1, all it does is log failed logins and stores them in a table. An admin can then look at the failed logins in the admin panel, searching based on ip, username, password or date. They can also prune the old logs to save space.

You will be required to create a table this can be done via phpmyAdmin or the hack by Firefly which allows you to run queries via the admin panel. You then have to edit member.php to add the query to insert the failed login information and /admin/index.php to add the links to the loginlog.php file.

Updated 25th November 2001 @ 22:15

Added additions suggested by Mike to the file. Instructions on how to upgrade from the pervious version of this hack is included within install.txt, you will need to run 2 sql queries to adjust the table, adjust the line in member.php and upload loginlog.php again to complete the upgrade.

Scott

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #32  
Old 11-30-2001, 05:55 PM
Scott MacVicar Scott MacVicar is offline
 
Join Date: Oct 2001
Location: Glasgow, Scotland
Posts: 1,199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
just move

PHP Code:
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."')"); 
to below

PHP Code:
    } else { // invalid username entered
      eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
      exit;
    } 
but why would you want to log successful logins instead of failed ones?
Reply With Quote
  #33  
Old 12-01-2001, 02:20 AM
Axel Foley's Avatar
Axel Foley Axel Foley is offline
 
Join Date: Nov 2001
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hi PPN, first of all, great hack.

I needed a hack to log ALL the logins of my users, failed and successful ones. A few of my users have reported stolen passwords and I couldn't tell them WHEN during the week they logged on, but just the LAST login. So I was looking for a logging hack.

I took yours and I made some modifications:

PHP Code:
      if ($user['password']!=md5($password)) {  // check password

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGPW')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGUSER')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
        exit;
    }

    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login) 
In this way I can log TWO TYPES of FAILED LOGINS, and all the successful logins too. I added two fields to the database.

It works, now I only have to modify your control panel for the hack to query all the fields etc.

The only thing that I don't like is that if users have set automatic login via cookies their successful logins aren't logged (haven't tried with unsuccessful logins via cookie). So I was thinking about DISABLING automatic login via cookies, just to have complete control over the logins. We have had a supermoderator whose pw was stolen by an admin of a 2.0.3 vB forum. I'm very angry so I want to extend the logging features of vB in order to prevent this from happening.

I hope you like these ideas, you could also make it an option WHAT TO LOG (failure, successful and both).

Could you also give me a hint on the BEST way to disable the automatic login via cookie for ALL my users, prevent them from changing that option and to delete the cookie?

Thanks man, you've made a great job and if you make these modifications your hack will be GREAT. Like an OS event logging system.
Reply With Quote
  #34  
Old 12-01-2001, 03:22 AM
Ruth Ruth is offline
 
Join Date: Oct 2001
Posts: 171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
[QUOTE]Originally posted by PPN
but why would you want to log successful logins instead of failed ones?
Reply With Quote
  #35  
Old 12-01-2001, 01:49 PM
the_sisko's Avatar
the_sisko the_sisko is offline
 
Join Date: Oct 2001
Location: Hamburg,Germany
Posts: 132
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Installed it and works well, thanks for it!
Reply With Quote
  #36  
Old 12-27-2001, 06:42 PM
cyrus's Avatar
cyrus cyrus is offline
 
Join Date: Oct 2001
Posts: 159
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I installed it works fine but doesnt work fine for usernames with characters of /\

I have a user who has username /\

It gives a server error when the person logs in without the right password ... Ive tried other usernames, they all work fine !

do u know whats wrong ?

thanks
Reply With Quote
  #37  
Old 12-28-2001, 09:22 AM
Scott MacVicar Scott MacVicar is offline
 
Join Date: Oct 2001
Location: Glasgow, Scotland
Posts: 1,199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
that would be my bad

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."')");

should be

$DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime) VALUES ('','$ipaddress', '".addslashes($username)."', '$password', '$user[userid]', '".time()."')");
Reply With Quote
  #38  
Old 12-28-2001, 11:45 PM
trainer trainer is offline
 
Join Date: Nov 2001
Posts: 160
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
good idea for a hack i would have never thought of it
Reply With Quote
  #39  
Old 01-03-2002, 11:27 AM
Wolfgang Wolfgang is offline
 
Join Date: Oct 2001
Location: Earth
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
@ PPN, first of all, THX for the hack !

when I search only for a ip address I get this error:

Invalid SQL: SELECT loginid,username,password,ip,userid,FROM_UNIXTIME( atime) as atime
FROM loginlog WHERE 1=1 AND INSTR(LCASE(ipaddress),'212.186.39.196')>0
ORDER BY username LIMIT 0,300 mysql error: Unbekanntes Tabellenfeld 'ipaddress' in where clause.

mysql error number: 1054


I cange in loginlog.php line 170-171 from:

if ($aipaddress!="") {
$condition.=" AND INSTR(LCASE(ipaddress),'".addslashes(strtolower($a ipaddress))."')>0";

to this:

if ($aipaddress!="") {
$condition.=" AND INSTR(LCASE(ip),'".addslashes(strtolower($aipaddre ss))."')>0";

You think that OK ?? because im not a SQL expert !

Wolfgang
Reply With Quote
  #40  
Old 01-04-2002, 12:07 AM
Scott MacVicar Scott MacVicar is offline
 
Join Date: Oct 2001
Location: Glasgow, Scotland
Posts: 1,199
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
ok will update it again now thanks for pointing that out Wolfgang
Reply With Quote
  #41  
Old 01-04-2002, 09:31 AM
veedee veedee is offline
 
Join Date: Oct 2001
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Where is the latest version of this hack ?

cheers !
Reply With Quote
Reply
Page 4 of 9 « First 23 4 56 Last »

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:10 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05642 seconds
  • Memory Usage 2,326KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete