PDA

View Full Version : Administrative and Maintenance Tools - Log Logins Hack


Abe1
25 Aug 2006, 16:35
Log Logins Hack 2.0

Click here to Nominate this Mod for Mod the Month (http://www.vbulletin.org/forum/vborg_miscactions.php?do=nominatehotm&t=124907)

About this hack:
This hack will log the userid, username, ipaddress, where the login is, and time all your users log onto your forum.

Installation information on hack:

Files edited: 0
Templates edited: 0
Files to upload via FTP: 2
Time to install: 1 minute max

Updates:

Version 2.0 (08/25/06):

First release of this hack for vb3.6.
Please post your comments or suggestions for this hack. I read ALL posts.

MAKE SURE YOU CLICK INSTALL (http://www.vbulletin.org/forum/vborg_miscactions.php?do=installhack&threadid=124907)!
You will get an email when a new version is released.


This hack is created for your use free of charge. No payment is requested. However, if you would like to donate money for the work I put in to this hack, a donation would show your appreciation.
https://www.vbulletin.org/forum/external/2010/02/12.gif (https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=bigware%40gmail%2ecom&item_name=Donation%20for%20Log%20Logins%20Hack&no_shipping=0&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8)

darkdrowelf
25 Aug 2006, 17:09
cool thank you :-)

Lord Zedd
25 Aug 2006, 17:16
Can this hack be used for the following situation? At the mainsite I would like members be able to log in to the forum and be directed to the forum.

Abe1
25 Aug 2006, 17:24
Can this hack be used for the following situation? At the mainsite I would like members be able to log in to the forum and be directed to the forum.
Not sure your question.

eclectica
25 Aug 2006, 17:44
Thanks for the update. I recommend this hack for your site's security so you can see if anyone's account gets hijacked, and also to catch people who have clone accounts.

Where is the log located with this new version? It used to be located in admincp->Statistics & Logs with the older version for vBulletin 3.5.

Abe1
25 Aug 2006, 17:47
Thanks for the update. I recommend this hack for your site's security so you can see if anyone's account gets hijacked, and also to catch people who have clone accounts.

Where is the log located with this new version? It used to be located in admincp->Statistics & Logs with the older version for vBulletin 3.5.
There also now.

eclectica
25 Aug 2006, 17:51
I see it now. It didn't show up right away after installing. Maybe you have to refresh your browser window or log out and then back in in order to see it in the admincp.

bashy
25 Aug 2006, 17:57
Although i was using your other 1 for 3.5 i have upgraded it to this 1 now, thanks abe...

Abe1
25 Aug 2006, 18:29
Although i was using your other 1 for 3.5 i have upgraded it to this 1 now, thanks abe...
The only diff now is that there is version check and a link to this page.

Snake
25 Aug 2006, 18:41
Excellent. Seems to be useful. :)

serg472
26 Aug 2006, 02:08
Is it supposed to log cookie logins as well? I don't see them.

Ajavas
26 Aug 2006, 07:34
I installed this hack as told, but i can't see it . Emptyed the cache and refreshed the page severall times, but it didn't help. :squareeyed:

haddockman
26 Aug 2006, 13:22
Any way of logging guest ips?

eclectica
26 Aug 2006, 14:03
It doesn't log cookie logins.

serg472
26 Aug 2006, 15:32
99% of all logins are cookie logins and they are not logged...

NoKz
26 Aug 2006, 18:28
Awesome, thanks!

Onkel_Tom
26 Aug 2006, 23:28
Great Hack!
Many thanks.
Is it possible to add a function to the hack which allows to search only for logins of a specific IP Address or part of IP?
Also a sort by IP Address would be very nice ;)

Black Tiger
27 Aug 2006, 00:50
I have installed this one and will test it to consider if I will keep it installed. Thanks!

Abe1
27 Aug 2006, 01:13
This hack only logs when someone uses a username and password. Every time a user goes from one page to another they use a cookie.

Abe1
27 Aug 2006, 01:15
Great Hack!
Many thanks.
Is it possible to add a function to the hack which allows to search only for logins of a specific IP Address or part of IP?
Also a sort by IP Address would be very nice ;)
I'll see what I can do.

serg472
27 Aug 2006, 04:46
This hack only logs when someone uses a username and password. Every time a user goes from one page to another they use a cookie.
I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:


// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{

$useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
$userinfo = fetch_userinfo($userid, $useroptions, $languageid);

if (md5($userinfo['password'] . COOKIE_SALT) == $password)
{
$gotsession = true;

// combination is valid


I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.

Abe1
27 Aug 2006, 13:10
I can be wrong, but they use sessions between pages and cookies only for logins.

If you take a look at includes/class_core.php, function vB_Session(), there is such piece of code:


// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{

$useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
$userinfo = fetch_userinfo($userid, $useroptions, $languageid);

if (md5($userinfo['password'] . COOKIE_SALT) == $password)
{
$gotsession = true;

// combination is valid


I think if you insert your log function after this line it should log cookie logins. I tested it a bit and it seems like a right place.
Session if you have the session in the url becuase you are a guest or have cookies disabled. Other wise you would use cookies.

serg472
27 Aug 2006, 17:26
When you go from page to page they try to read a session (from url or cookies), if it exists then they associate user with this session. Only if it doesnt exist they try to authenticate user from the cookie as you can see in that part of the code. This is the place where log function can be placed and it will log cookie authorizations (it is not reading sessions).

Anyway, I think I will just go ahead and make the required changes.

serg472
27 Aug 2006, 20:46
Quick solution for those who want this mod to log cookie logins as well (UNOFFICIAL, UNSUPPORTED, USE AT YOUR OWN RISK etc.).

The only minor issue after the following modification is that when user logs in using a standart login form it will log this twice - as a standart login and a cookie login. I don't want to modify this hack too much, so I left it as it is.

1. Open product-log_logins.xml and find:
<phrase name="reg_login" date="0" username="" version=""><![CDATA[Standard]]></phrase>
add below:
<phrase name="cookie_login" date="0" username="" version=""><![CDATA[Cookie]]></phrase>


2. Open loginlog.php and find:
else if ($log['logintype'] == 'modcplogin')
{
$log['logintype'] = $vbphrase['mod_login'];
}
add below:
else if ($log['logintype'] == 'cookie')
{
$log['logintype'] = $vbphrase['cookie_login'];
}

3. Open includes/class_core.php and find:
// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{

$useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
$userinfo = fetch_userinfo($userid, $useroptions, $languageid);

if (md5($userinfo['password'] . COOKIE_SALT) == $password)
{
$gotsession = true;



// combination is valid
if (!empty($session['sessionhash']))
{
// old session still exists; kill it
$db->shutdown_query("
DELETE FROM " . TABLE_PREFIX . "session
WHERE sessionhash = '" . $this->registry->db->escape_string($session['sessionhash']). "'
");
}

$this->vars = $this->fetch_session($userinfo['userid']);
$this->created = true;

$this->userinfo =& $userinfo;

add below:
//LOGINS HACK - START
$db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . $this->userinfo['userid'] . ", '" . $db->escape_string($this->userinfo['username']) . "', '" . $db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'cookie')");
//LOGINS HACK - END

4. Reinstall product.

mIRCnet
03 Sep 2006, 16:09
Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.

Abe1
06 Sep 2006, 00:12
Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins

Beacuse for me I dont find it usefull to log the successed logs, but error logins would be help full for me to track, more over to make it show in the AdminCP under the waiting moderation list in the main page of AdminCP with the Total No. of login logs, so the admin will know whats going on with the users.
An error login is not a login.

mIRCnet
06 Sep 2006, 08:33
An error login is not a login.

Yep,
I remember before there was a hack which sends an e-mail to the admin if some one try to access the AdminCP this e-mail have the user name, password and also the ip address which was used to access it.
So if the admin was able to track error login tries he will be able to warn the user and so on to reduce the ability of stolen user names.

eclectica
06 Sep 2006, 22:14
vBulletin has a way to log all failed logins to a log file. It is in admincp->vBulletin Options->Error Handling & Logging->Log Failed Admin Control Panel Logins to a File

davelacey
06 Sep 2006, 23:23
Useful hack.
Thankyou. :)

Lord Zedd
07 Sep 2006, 13:19
Not sure your question.
Ill try to explain it better.

At my website www.myurl.com/forum I have a vbulletin forum. Members can log in from there. But they visit the website www.myurl.com itself a lot. So on the mainpage www.myurl.com/index.html I would like to have the option that members of the forum be able to log in from the mainpage the www.myurl.com/index.htm :)

Now I got it to work that people who are a member of the forum can log in on the mainpage www.myurl.com/index.html but only one problem there that I don't know how to fix. So the problem is this :


When a member visits the mainpage, he wants to log in to the forums. He logs in ( you get the vbulletin message that you are logged in) but you stay at the mainpage. So you log in on the www.myurl.com/index.html, the logging in part works, but it doesn't bring you to the www.myurl.com/forum. You just stay at the www.myurl.com/index.html

What I want :

mainpage (index.html) > log in > leads to forum

What the problem is :

mainpage (index.html) > log in > mainpage (index.html)

adwade
08 Sep 2006, 02:26
Yep,
I remember before there was a hack which sends an e-mail to the admin if some one try to access the AdminCP this e-mail have the user name, password and also the ip address which was used to access it.
So if the admin was able to track error login tries he will be able to warn the user and so on to reduce the ability of stolen user names.
S-w-e-e-t! Although the current Admincp will log failed attempts on itself, getting an email is MUCH better. Any idea who did the hack before you're referring to?

AngusMacGyver
09 Sep 2006, 19:38
S-w-e-e-t! Although the current Admincp will log failed attempts on itself, getting an email is MUCH better. Any idea who did the hack before you're referring to?

I think you are looking for this:
http://www.vbulletin.org/forum/showthread.php?t=96921

cyvok
10 Sep 2006, 02:42
Very, Very useful!! I love it. Thank you!

-CYVOK-

Jamie1
10 Sep 2006, 14:48
Thanks for this dude. Fantastic hack and wll help secruity :)

Abe1
13 Sep 2006, 22:52
Ill try to explain it better.

At my website www.myurl.com/forum I have a vbulletin forum. Members can log in from there. But they visit the website www.myurl.com itself a lot. So on the mainpage www.myurl.com/index.html I would like to have the option that members of the forum be able to log in from the mainpage the www.myurl.com/index.htm :)

Now I got it to work that people who are a member of the forum can log in on the mainpage www.myurl.com/index.html but only one problem there that I don't know how to fix. So the problem is this :


When a member visits the mainpage, he wants to log in to the forums. He logs in ( you get the vbulletin message that you are logged in) but you stay at the mainpage. So you log in on the www.myurl.com/index.html, the logging in part works, but it doesn't bring you to the www.myurl.com/forum. You just stay at the www.myurl.com/index.html

What I want :

mainpage (index.html) > log in > leads to forum

What the problem is :

mainpage (index.html) > log in > mainpage (index.html)
i'm dont think this problem is because of this hack.

chet
15 Oct 2006, 09:12
Great hack,
Why not to make the admin have options
* Log Success Logins
* Log Error Logins
* Log All Logins


.

I also would like to see Error Logins and who tried to log in as who, this way we can see who is trying to hack into accounts

mrkhm
18 Oct 2006, 06:50
nice

dragula_31
16 Nov 2006, 07:02
is it possible to know that 1 username was log by several IP at the same time?

Limerick
19 Nov 2006, 11:52
I feel ashame but I've done everything explained and I don't know where to find the log and/or where to manage this hack. :alien:

Could someone just tell me where to find it ? :confused:

Abe1
19 Nov 2006, 12:48
I feel ashame but I've done everything explained and I don't know where to find the log and/or where to manage this hack. :alien:

Could someone just tell me where to find it ? :confused:
Look in the screenshots.

Limerick
19 Nov 2006, 12:54
Look in the screenshots.

Just forgot to refresh the page :o

steve71
23 Jan 2007, 03:12
When I type in to search for just one username, all usernames still come up.


???

GiaNNi
27 Jan 2007, 00:04
This hack... logs user passwords too? thnks

eclectica
27 Jan 2007, 21:06
This hack... logs user passwords too? thnks

no, it doesn't

GiaNNi
27 Jan 2007, 23:22
Oh :(, does any hack do that? (log users´passwords)

GeekDrew
28 Jan 2007, 08:07
Oh :(, does any hack do that? (log users´passwords)

Not that I know of, and it would *really* surprise me if anyone would ever write such a modification. I can think of *no* valid reason to want your user's passwords. Why do you want to log your users passwords?

Abe1
29 Jan 2007, 13:37
When I type in to search for just one username, all usernames still come up.


???
What do you mean? In the log page?

Abe1
29 Jan 2007, 13:38
This hack... logs user passwords too? thnks
Sorry, I wouldn't do it. It's definitely possible but please let me know what site you have so I know NOT to go there. just in case you found out how.

GiaNNi
29 Jan 2007, 14:02
Sorry, I wouldn't do it. It's definitely possible but please let me know what site you have so I know NOT to go there. just in case you found out how.


I want to know if any of my moderators change his password, because they cant do it, (internal forum team rules).

GeekDrew
29 Jan 2007, 20:05
I want to know if any of my moderators change his password, because they cant do it, (internal forum team rules).

.. what's the logic behind that?

GiaNNi
29 Jan 2007, 20:47
There are some users, which are not used to write, only moderate; and this users are shared by some people. And some months ago someone changed a password, and i couldnt know who.
When logging passwords, if this occures again, i can see which IP loged first with a changed (new) pass.

Sorry for my bad enlgish.

Abe1
29 Jan 2007, 23:02
I want to know if any of my moderators change his password, because they cant do it, (internal forum team rules).
There is a usergroup option to log old passwords in vb. Maybe this can help you. It logs it encrypted but maybe keeps a date.

Lovinmysailor
06 Feb 2007, 20:08
When I click on the Log Manager it tells me "No log file defined in vBulletin Options" What do I do? TIA

Abe1
12 Feb 2007, 13:09
When I click on the Log Manager it tells me "No log file defined in vBulletin Options" What do I do? TIA
Not sure what you mean.

PinkDaisy
14 Feb 2007, 16:04
Installed... we will see how it goes. So far I've tried to look into 2 accounts that I know have shared at least 1 from before, but it doesn't show anything ??

GeekDrew
14 Feb 2007, 16:31
Installed... we will see how it goes. So far I've tried to look into 2 accounts that I know have shared at least 1 from before, but it doesn't show anything ??

... what? All this modification does is write a log entry when someone logs in.

PinkDaisy
14 Feb 2007, 16:53
Oh. I thought i would show when they log into each others accounts..lol. Sory!!

GeekDrew
14 Feb 2007, 17:02
Oh. I thought i would show when they log into each others accounts..lol. Sory!!

For that, check here (http://www.vbulletin.org/forum/showthread.php?t=125871&page=8).

PinkDaisy
14 Feb 2007, 17:13
For that, check here (http://www.vbulletin.org/forum/showthread.php?t=125871&page=8).

Yeah I have that... lol I dunno what I was thinking!! Thanks.. :D

lazytown
02 Mar 2007, 00:40
Has anyone else tried this edit below to the mod with 3.6.4? Does it work well?

-vissa

Quick solution for those who want this mod to log cookie logins as well (UNOFFICIAL, UNSUPPORTED, USE AT YOUR OWN RISK etc.).

The only minor issue after the following modification is that when user logs in using a standart login form it will log this twice - as a standart login and a cookie login. I don't want to modify this hack too much, so I left it as it is.

1. Open product-log_logins.xml and find:
<phrase name="reg_login" date="0" username="" version=""><![CDATA[Standard]]></phrase>
add below:
<phrase name="cookie_login" date="0" username="" version=""><![CDATA[Cookie]]></phrase>


2. Open loginlog.php and find:
else if ($log['logintype'] == 'modcplogin')
{
$log['logintype'] = $vbphrase['mod_login'];
}
add below:
else if ($log['logintype'] == 'cookie')
{
$log['logintype'] = $vbphrase['cookie_login'];
}

3. Open includes/class_core.php and find:
// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{

$useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
$userinfo = fetch_userinfo($userid, $useroptions, $languageid);

if (md5($userinfo['password'] . COOKIE_SALT) == $password)
{
$gotsession = true;



// combination is valid
if (!empty($session['sessionhash']))
{
// old session still exists; kill it
$db->shutdown_query("
DELETE FROM " . TABLE_PREFIX . "session
WHERE sessionhash = '" . $this->registry->db->escape_string($session['sessionhash']). "'
");
}

$this->vars = $this->fetch_session($userinfo['userid']);
$this->created = true;

$this->userinfo =& $userinfo;

add below:
//LOGINS HACK - START
$db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . $this->userinfo['userid'] . ", '" . $db->escape_string($this->userinfo['username']) . "', '" . $db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'cookie')");
//LOGINS HACK - END

4. Reinstall product.

GeekDrew
02 Mar 2007, 00:41
Has anyone else tried this mod below to the mod with 3.6.4? Does it work well?

-vissa

Yes, it works perfectly on 3.6.4 for me.

lazytown
02 Mar 2007, 02:13
Has anyone else tried this edit below to the mod with 3.6.4? Does it work well?

-vissa


The edit to include cookies (not part of the original mod) does not work properly for me. Or perhaps it works but not as it should. For example, I'm seeing 20 entries for the same user in 5 minutes (apparently as they go from page to page). Those are not cookie logins, they are just cookie sessions. I was hoping it would take into account when they were last inactive (for the cookie timeout) and not create so many duplicates. Essentially this is now logging every page access by every user, which on a huge forum like mine will fill up super fast and take up resources.

-vissa

GeekDrew
02 Mar 2007, 03:13
I just double checked my installation, and it is definitely *not* doing that. I then checked the code... and it should *definitely* not be doing that, if your session management is working right -- I don't think that it should authenticate against the cookie unless the session does not already exist (which is the ($gotsession == false or {blahblahblah}) parameter surrounding where this is placed). Are you sure that you put it in exactly the right spot, and you didn't by chance put it below the two closing curly brackets (})?

lazytown
02 Mar 2007, 03:25
Thanks for the reply -- I'll double check, but I'm pretty sure it's in the right spots. I do have vbseo installed which may change things up a bit.

-vissa

lazytown
02 Mar 2007, 03:30
By the way, I'm noticing this happening mostly on accounts that are using AOL (proxy/cache) and the IP address changes almost every minute (I do have IP info and proxy to real IP installed).

-vissa

GeekDrew
04 Mar 2007, 18:53
In that case (just brainstorming), the AOL accounts might be not maintaining the session, and are instead authenticating against the cookie on every page load... which sounds like it would be a nightmare. I've not experienced that on my forum, and I also have quite a few AOL users.

lazytown
05 Mar 2007, 06:47
In that case (just brainstorming), the AOL accounts might be not maintaining the session, and are instead authenticating against the cookie on every page load... which sounds like it would be a nightmare. I've not experienced that on my forum, and I also have quite a few AOL users.

Do you use any of the mods I've mentioned (proxy to ip, vbseo, etc)?

-vissa

GeekDrew
05 Mar 2007, 23:06
Do you use any of the mods I've mentioned (proxy to ip, vbseo, etc)?

-vissa

No.

BigJimTheLug
06 Mar 2007, 00:59
This is great!

Installed.

Greek76
24 Mar 2007, 19:14
Downloaded it installed but I still dont see it. All I see at the statistics and log manager are the sameones that where their before. I dont log logins hack anywhere. Unless Im missing something lol.

Abe1
25 Mar 2007, 00:37
Downloaded it installed but I still dont see it. All I see at the statistics and log manager are the sameones that where their before. I dont log logins hack anywhere. Unless Im missing something lol.
Did you upload the xml file? You should see a link to log-logins. Also, check your database.

004
25 Mar 2007, 20:12
Downloaded it installed but I still dont see it. All I see at the statistics and log manager are the sameones that where their before. I dont log logins hack anywhere. Unless Im missing something lol.

Be sure you are uploading the files correctly.
I did the same thing :o

Greek76
26 Mar 2007, 08:54
Oops working now thanks.

Black Hole
12 Apr 2007, 01:24
Saturday - I got everything loaded and after closing AdminCP and logging back in, I could see a very short login list. - The hack worked.

Monday - I attempted to view the list and received a 404 error.
Tuesday - I attempted again.
Today - Same 404 error. I completely reinstalled the hack, logged out and back in and now it works and I see logs dating back to Saturday. I'm at a loss.

Abe1
12 Apr 2007, 03:18
Saturday - I got everything loaded and after closing AdminCP and logging back in, I could see a very short login list. - The hack worked.

Monday - I attempted to view the list and received a 404 error.
Tuesday - I attempted again.
Today - Same 404 error. I completely reinstalled the hack, logged out and back in and now it works and I see logs dating back to Saturday. I'm at a loss.
Maybe you had deleted the file?

Black Hole
12 Apr 2007, 12:41
Maybe you had deleted the file?
Nope....nothing deleted.

It happened again.

Last night I did a full uninstall and then a reinstall and everything worked as it's supposed to. I had a log dating back until Saturday when the hack was first installed.

This morning I log in and attempt to check the log, and I get the standard "HTTP 404 - File not found" error screen.

Everything else works and I don't see any other changes. I checked the control panel log and there are no entries after that install. :confused:

adwade
12 Apr 2007, 12:51
This morning I log in and attempt to check the log, and I get the standard "HTTP 404 - File not found" error screen.


Knowing oh so little of all this, could it be an Access Rights on your Server somehow?

Meanwhile, Abe1 I just wanted to say THIS MOD is working perfectly on my vB3.6.4 Many Thanxx!

Black Hole
16 Apr 2007, 14:54
Knowing oh so little of all this, could it be an Access Rights on your Server somehow?

Meanwhile, Abe1 I just wanted to say THIS MOD is working perfectly on my vB3.6.4 Many Thanxx!
If that was the case, why would it work the first time, but not the next day?

khris7199
17 Apr 2007, 23:55
Database error in vBulletin 3.6.5:

Invalid SQL:
ALTER TABLE `logins` ADD `logintype` TINYTEXT NOT NULL;

MySQL Error : Duplicate column name 'logintype'
Error Number : 1060
Date : Tuesday, April 17th 2007 @ 04:52:32 PM
Script : http://www.*******.com/admincp/plugin.php?do=productimport
Referrer : http://www.*******.com/admincp/plugin.php?do=productadd
IP Address : XX.XXX.XX.XX
Username : forumadmin
Classname : vb_database


I had this installed on my site before. Had a db crash. Got everything back up went to install the product again and get this.

Any ideas. Thanks.

Abe1
17 Apr 2007, 23:58
Database error in vBulletin 3.6.5:

Invalid SQL:
ALTER TABLE `logins` ADD `logintype` TINYTEXT NOT NULL;

MySQL Error : Duplicate column name 'logintype'
Error Number : 1060
Date : Tuesday, April 17th 2007 @ 04:52:32 PM
Script : http://www.*******.com/admincp/plugin.php?do=productimport
Referrer : http://www.*******.com/admincp/plugin.php?do=productadd
IP Address : XX.XXX.XX.XX
Username : forumadmin
Classname : vb_database


I had this installed on my site before. Had a db crash. Got everything back up went to install the product again and get this.

Any ideas. Thanks.
Can you uninstall then re-install?

khris7199
18 Apr 2007, 10:47
Can you uninstall then re-install?


Doest show installed. That is the problem.

Had a DB crash. Was able to get a partial restore. And just have building on that.

Abe1
18 Apr 2007, 12:09
Doest show installed. That is the problem.

Had a DB crash. Was able to get a partial restore. And just have building on that.
Can you uninstall it?

khris7199
18 Apr 2007, 23:33
Can you uninstall it?

It does not show installed.

It was previously installed.

Had a DB crash.(this is where it was installed)

Restored most of the Database.

Ending up having to complete start a new forum. Use Impex to get my users and forums. (lost all post,pm,plugins.)

Rebuilt from there.

Now when I attempt to install I get the error above.

Abe1
19 Apr 2007, 00:07
It does not show installed.

It was previously installed.

Had a DB crash.(this is where it was installed)

Restored most of the Database.

Ending up having to complete start a new forum. Use Impex to get my users and forums. (lost all post,pm,plugins.)

Rebuilt from there.

Now when I attempt to install I get the error above.
Remove the code in the install part from the XML and then upload again.

khris7199
19 Apr 2007, 01:10
Worked You all are the greatest.

miki21
20 May 2007, 18:00
Bonjour

Merci beaucoup pour ce hack

@++

mpasternak
05 Jul 2007, 13:12
Works great!

however I'm having security issues with users trying to log in to other peoples accounts. Failing, But trying. I've had several email complaints from the users who had emails sent to them stating someone tried logging into their account.

Actually, I just wrote it myself. using your code as a base. Here are the mods I did.


My hack for Logging Failed attempts


Two files now need to be modified to enable it. (Backup everything first)

First
./includes/function_login.php

Now look for the section for "Exec_strike_User". there will be a query inserting a strike into the system. Right before or after the code "$strikes++;" add the following code.

$vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . $vbulletin->userinfo['userid'] . ", '" . $vbulletin->db->escape_string($vbulletin->userinfo['username']) . "', '" . $vbulletin->db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'FAILED ATTEMPT')");

Save and update the file.


Now modify the following file
./adminCP/loginlog.php

Find the while loop while ($log = $db->fetch_array($logs)) and add
else if ($log['logintype'] == 'FAILED ATTEMPT')
{
$log['logintype'] = "FAILED LOGIN";
}


now when you view the page, all failed logins will appear.

cmwg
20 Jul 2007, 07:06
Is it possible to modify the options of this hack to create a log file of all failed logins?
Would be good to be able to see the amount of attempts (reoccuring) on a single account.

SuperTaz
20 Jul 2007, 09:00
Great hack. Installed. :D

Abe1
20 Jul 2007, 12:21
Is it possible to modify the options of this hack to create a log file of all failed logins?
Would be good to be able to see the amount of attempts (reoccuring) on a single account.
Would be a seperate hack. I'll see if I can creat something. I don't know if I would use a file though.

agilent
22 Jul 2007, 18:23
Thanks for this mod. I have a question. Can this mod back track logins prior to installation of the mod, or can it only see logins after it was installed?

eclectica
23 Jul 2007, 08:18
Can this mod back track logins prior to installation of the mod, or can it only see logins after it was installed?

It only works for those logins which occur after the installation of the mod. And it doesn't record automatic cookie logins.

mastertek2000
30 Nov 2007, 22:12
i tried everything can not see it in admin panel
thanks but did not work

redlabour
29 Jan 2008, 18:02
Does it still work in 3.7?

eclectica
30 Jan 2008, 02:14
It's working fine for me on vBulletin 3.7.

jpbryan
24 Feb 2008, 17:15
You done good... Thanks

pantec
25 Feb 2008, 18:00
GO TO STATISTICS & LOGS!

i tried everything can not see it in admin panel
thanks but did not work

kenc
01 Mar 2008, 16:29
looks good ... like an earlier poster said it wont show up automatically after installing, just hit F5/refresh after installing and now it'll show up as "Log Logins Hack" under "Statistics and Logs" section of the admin cp ...

Thanks for the hack - nice work!

-kenc

BigDog56
02 Mar 2008, 00:41
Looks like it's working fine on 3.6.8 Thank you very much!

rnixon
05 Mar 2008, 10:26
Essential info, many thanks.

AdrianH
28 Mar 2008, 19:29
Uninstalled today as it does not record all the log ins . Half those members logging in are missing from the log.

zween
30 Mar 2008, 15:19
Excellent. Big thanks. :up:

Abe1
06 Apr 2008, 10:24
Uninstalled today as it does not record all the log ins . Half those members logging in are missing from the log.
Does not record if they do not log-in. eg. If they are logged in already.

jazde86
08 May 2008, 12:10
I get a error at the user profile of a new user, that registered after upgrading the forum to vB 3.7.0

Datenbankfehler in vBulletin 3.7.0:
Invalid SQL:
INSERT INTO prefix_logins (userid, username, ipaddress, phpdate, logintype) VALUES (, 'eNrib', '??.75.??.220', 1210??8??2, '');
MySQL-Fehler : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 'eNrib', '??.75.??.220', 1210??8??2, '')' at line 1
Fehler-Nr. : 1064
Fehler-Zeit : Thursday, 08.05.2008 @ 11:22:12
Datum : Thursday, 08.05.2008 @ 11:22:14
Skript : register.php?do=addmember
Referrer : register.php?do=register
IP-Adresse : ??.75.??.220
Benutzername : eNrib
Klassenname : vB_Database
MySQL-Version :

I'vo to do Maintenance at PhotoPost vBGallery to get it working. But everytime, after a new user has added.

AdrianH
08 May 2008, 15:02
Does not record if they do not log-in. eg. If they are logged in already.


Your quote from the description of this hack :

About this hack:
This hack will log the userid, username, ipaddress, where the login is, and time all your users log onto your forum.

It simply did not do this,people log in to the forum and at least 50% were NOT recorded , I could see members log in,check the times etc in member list but they were not recorded in this hack.

Abe1
11 May 2008, 04:00
Your quote from the description of this hack :



It simply did not do this,people log in to the forum and at least 50% were NOT recorded , I could see members log in,check the times etc in member list but they were not recorded in this hack.
You are thinking as log in, to go to your site.

Log is is used here strictly to use the log-in form.

deLi_kurT
23 May 2008, 10:33
Thanks - installed

MattLuria
26 Jun 2008, 23:22
Got it installed and it works wonderfully!

vithorius
21 Jul 2008, 16:59
Very nice hack, but its time to upgrade my board... :p :rolleyes: :eek:

Nyone know if this hack works with vB 3.7.x? :confused:


Thank you so very much! :up: :up: :up:

Ingress
22 Jul 2008, 15:16
If you browse a bit through this thread, you will find 1432160.

And of course mine does work, too ;-)

Ingress

eclectica
28 Jul 2008, 14:08
It works on 3.7.2

AWS3
20 Aug 2008, 22:26
I've just installed it - works great on vb 3.7.2 PL2
but I don't want to log all of my users. How to log users who belong to individual groups, for example I want to log user belong to groups: 5,6,7?

IrPr
25 Oct 2008, 13:42
Such a usefull mo, Thanks Abe

Suggestion/Request:
Every time im lookin for specified IP address i've to query logins table using ssh/phpmyadmin/admincp queries
it would be great if you add some more searching tips in admincp interface such as ipaddress

ewelin
06 May 2009, 14:34
Hello,

I really like this MOD but I felt as though it left a lot of room for improvement. I've added some features to it and I'd be happy to share them with you if you plan on releasing an update. Main changes are that I've allowed for the tracking of the user agent, searching by username or userid. Also I updated the code so that if a user decides to do core edits for cookie tracking they can and it'll display them.

IrPr, I really like your suggestion and may implement that if I've got time as I could find the helpful as well.

Stifmeister2
06 May 2009, 17:19
Hello,

I really like this MOD but I felt as though it left a lot of room for improvement. I've added some features to it and I'd be happy to share them with you if you plan on releasing an update. Main changes are that I've allowed for the tracking of the user agent, searching by username or userid. Also I updated the code so that if a user decides to do core edits for cookie tracking they can and it'll display them.

IrPr, I really like your suggestion and may implement that if I've got time as I could find the helpful as well.
Sounds good, I'm interested... :)

photofox
23 Dec 2009, 23:32
Any chance this will be converted for VB4.0?

iceman-x
21 Jan 2010, 12:17
Would love if you can convert this to VB4.X

Thanks for werry good mod.

quantquant
08 Feb 2010, 11:58
Thank you, seems to work fine also under VB3.8.4. Would love to have it for 4.0.

Dr House
15 Feb 2010, 07:18
Does it works on 4.0?

Abe1
03 May 2010, 12:42
New version here: http://www.vbulletin.org/forum/showthread.php?t=241780

Dr House
03 May 2010, 14:58
Thanks ;)

sinpin
06 Jul 2010, 05:42
thanks,
does work correctly on 3.8.2?

Meestor_X
20 Dec 2010, 19:31
Is it possible to modify the options of this hack to create a log file of all failed logins? Would be good to be able to see the amount of attempts (reoccuring) on a single account.
Would be a seperate hack. I'll see if I can creat something. I don't know if I would use a file though.
I too am looking for a way to log (and preferably notify me of) any failed login attempts. Spammers are trying to use brute-force methods of logging into my forum as another registered user, and I need to ban their IP addresses.

If you did not create a "failed login" notifier/logger, is there another mod that does this?

Hellmaster
31 Mar 2012, 21:10
Works ...almost... great at 3.8.4

But I can't find the link to the logins log... I had to add it manually at Statistics... How to modify the product.xml to add the link to a Menu or Section?

kh99
15 Dec 2012, 14:09
In answer to this question: http://www.vbulletin.org/forum/showthread.php?t=292986


I think it might solve the problem if you add an intval() call to make sure the userid is a number, like:

$vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . intval($vbulletin->userinfo['userid']) . ", '" . $vbulletin->db->escape_string($vbulletin->userinfo['username']) . "', '" . $vbulletin->db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'FAILED ATTEMPT')");

Chris8
17 Dec 2012, 19:01
In answer to this question: http://www.vbulletin.org/forum/showthread.php?t=292986


I think it might solve the problem if you add an intval() call to make sure the userid is a number, like:

$vbulletin->db->query_write("INSERT INTO " . TABLE_PREFIX . "logins (userid, username, ipaddress, phpdate, logintype) VALUES (" . intval($vbulletin->userinfo['userid']) . ", '" . $vbulletin->db->escape_string($vbulletin->userinfo['username']) . "', '" . $vbulletin->db->escape_string(IPADDRESS) . "', " . TIMENOW . ", 'FAILED ATTEMPT')");


Thank you Kevin. You're delivering good & useful advice as always. Let the good karma be with you. :)

LinksFreak
13 May 2014, 14:02
nice hack