Failed Login Logging

This is a hack that was suggested by paulomt1, all it does is log failed logins and stores them in a table. An admin can then look at the failed logins in the admin panel, searching based on ip, username, password or date. They can also prune the old logs to save space.

You will be required to create a table this can be done via phpmyAdmin or the hack by Firefly which allows you to run queries via the admin panel. You then have to edit member.php to add the query to insert the failed login information and /admin/index.php to add the links to the loginlog.php file.

Updated 25th November 2001 @ 22:15

Added additions suggested by Mike to the file. Instructions on how to upgrade from the pervious version of this hack is included within install.txt, you will need to run 2 sql queries to adjust the table, adjust the line in member.php and upload loginlog.php again to complete the upgrade.

Scott

[wooolF[RM]]

][QUOTE]Originally posted by GOD-Dblade
edit

[James5mith]

To everyone who uses this hack:

This is the first time I've done anything like this, so I don't know the proper prodecure.

I have taken PPN's hack, and Axel Foley's modification, and installed them on my boards. Since I am inherently lazy, I wanted quicklinks to all the most common fields you would look at. The stock loginlog.php script only has three options, view all, view recent, and view last 24 hours.

I've modified the code to incorporate some additional features:



To be noted is that as the code stands now, all of my searches are returned by default as atime sorted descending (so that the most recent instances appear first in the list). This is something that can easily be remedied by removing the &direction=DESC modifiers on the quicklinks.

The stock loginlog.php script defines a blank sort field to default to username, I simply changed it to atime.

The search options down at the bottom have been modified from datefailed to atime (for the time sort function) since datefailed wasn't working for me.

I haven't tested the pruning functions, so if anyone would like to, please let me know if I have screwed up anything in the process of doing this.

Again, I would like to thank PPN and Axel for their hard work in getting this hack to not only function, but to be robustly featured as well. Thanks to both of you.

As a final note, Axel: I am thinking about testing inserting yet another one of your hack fields after the cookie login, to try and see if that will work for logging people returning with cookies.

[trainer]

[QUOTE]Originally posted by Axel Foley
Hi PPN, first of all, great hack.

I needed a hack to log ALL the logins of my users, failed and successful ones. A few of my users have reported stolen passwords and I couldn't tell them WHEN during the week they logged on, but just the LAST login. So I was looking for a logging hack.

I took yours and I made some modifications:

PHP Code:

      if ($user['password']!=md5($password)) {  // check password

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGPW')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered

        // HACK: Login Log (Failed login)
        $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
        $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '0', 'WRONGUSER')");
        // HACK: Login Log (Failed login)

        eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
        exit;
    }

    // HACK: Login Log (Successful login)
    $ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
    $DB_site->query("INSERT INTO loginlog (loginid, ip, username, password, userid, atime, success, reason) VALUES ('','$ipaddress', '$username', '$password', '$user[userid]', '".time()."', '1', 'LOGINOK')");
    // HACK: Login Log (Successful login) 


In this way I can log TWO TYPES of FAILED LOGINS, and all the successful logins too. I added two fields to the database.

It works, now I only have to modify your control panel for the hack to query all the fields etc.

The only thing that I don't like is that if users have set automatic login via cookies their successful logins aren't logged (haven't tried with unsuccessful logins via cookie). So I was thinking about DISABLING automatic login via cookies, just to have complete control over the logins. We have had a supermoderator whose pw was stolen by an admin of a 2.0.3 vB forum. I'm very angry so I want to extend the logging features of vB in order to prevent this from happening.

I hope you like these ideas, you could also make it an option WHAT TO LOG (failure, successful and both).

Could you also give me a hint on the BEST way to disable the automatic login via cookie for ALL my users, prevent them from changing that option and to delete the cookie?

Thanks man, you've made a great job and if you make these modifications your hack will be GREAT. Like an OS event logging system.

[James5mith]

[QUOTE]Originally posted by trainer


how do i add this? what do i have to change in the database?

[chazman]

Those instructions for adding the fields will work in MyPHPAdmin but they won't work of course if you wanted to add the fields via a MYSQL Query. I tried figuring out what the query command would be and couldn't figure it out. Probably an insert into command though.

To give credit where credit is due. This has become a great hack with the added modifications. The passwords are right out in the open now with this hack. Despite 2.2.5's encryption. This is because we are looking at what is entered as a password and logging it regardless the success of the login or not.

Needed addition is still the cookie logon modification. Once that is done you can pretty much build a query to find anything out about the logon sequence.

If anyone can post that mod I would appreciate it.

Chazman

Attched are the modifications by Axel, and James .. Thanks PPN

[wooolF[RM]]

]( https://vborg.vbsupport.ru/showthrea...604#post241604 ) = (my problem, this thread, post 44)

[Ayame]

lol, I feel mightily clueless at the moment. I followed the instructions in the zip to a T (several times, actually) and I keep coming up with a blank screen when I click either option under Failed Logins.

I'm running vb 2.2.5 with the .php3 extensions. (The extension doesn't matter, does it?)

Help would be much appreciated.

[chazman]

Actually I think it matters a great deal. PHP3 and PHP (4) don't mix. These pages and links were written in PHP4

Chazman

You might get them to work with some manual mods though. You would have to start by replacing every php with a php3. I am just guessing. I didn't write these so I couldn't tell you for sure.

[James5mith]

[QUOTE]Originally posted by chazman

Needed addition is still the cookie logon modification. Once that is done you can pretty much build a query to find anything out about the logon sequence.

Chazman

[chazman]

my last 24 hour login query from the quicklink is not working correctly. There might be something wrong with that quicklink in James' Mod.

Anyone else notice this.

Anyone else using this?

chazman