Want to write results of submit on login form to log file on server

Question

I have cobbled together a small family website to share old pictures and memorabilia. This is a members only site and I use a PHP login script that compares the username and password to a list.

I would like to know
a) if anyone is trying to guess their way in.
b) if a member is having trouble logging in.. we have some not so computer savvy family members who possibly get frustrated and give up.
c) which members are logging in.. this is a new endeavor, to run one year on a trial basis.. and is it worth it.

To accomplish this, I would like to add some code to take the results of any submit (on my login form) and append the results of that to some sort of log file that I can periodically review. Given that the basics are in place this would seem (to me) not that difficult a task. But, I have no idea on how to accomplish this and hope someone can show me.

Thank you for your time and help

Ralph

If it helps, this is the PHP code that I am assuming does the login process.

/* No user serviceable parts below this point. */

$php_self = $_SERVER['PHP_SELF'];

/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
    $user = $_GET['user'];
    $password = $_GET['password'];
}
if ($_POST['user']) {
    $user = $_POST['user'];
    $password = $_POST['password'];
}

session_start();

/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;

foreach ($authorization as $loginpair) {
    if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
      $_SESSION['user'] = $user;
      $_SESSION['password'] = $password;
        $loginsuccessful = TRUE;
    }
    if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
        $loginsuccessful = TRUE;
    }
}

if ($loginsuccessful === TRUE) {
/* User is logged in, go about our merry way. */
    echo $loginmsg;
} else {
/* User didn't match any of our valid logins, kick them back to the form. */
    $loginmsg = "Invalid username or password.";
    require($indexphp);
    exit;
}

David_Powers · Accepted Answer

No, it's not particularly difficult. You're obviously using a login script that you have obtained from somewhere else, because the code is very different from that generated by Dreamweaver. Judging from the code, you're not using a database to store the usernames and passwords. So, you'll probably want to save the details to an external text file.Add the following code in the place indicated:if ($_POST['user']) { $user = $_POST['user']; $password = $_POST['password'];}// New code goes here$logfile = 'log.txt';$date = date('j M Y H:i:s');$address = 'Unknown';if (isset($_SERVER['REMOTE_ADDR'])) {     $address = $_SERVER['REMOTE_ADDR'];}if ($file = fopen($logfile, 'a')) { fwrite($file, "
$date $address $user $password"); fclose($file);}// end of new codesession_start();This will create a text file called log.txt in the same folder as the login script. Since it's a text file, it should ideally be outside the web server root, so you should change the value of $logfile to point to a file outside the server root, but in a folder where the script has permission to write.Each time someone tries to log in, it will record the date and time, the IP address, if known, and the username and password submitted.Once you have got this working, I suggest that you amend the following line:if ($file = fopen($logfile, 'a')) {Change it to this:if ($file = @fopen($logfile, 'a')) {This will suppress any error message if the script fails to open the log file. However, you shouldn't make that change until you have got things working, because suppressing an error message will prevent you from finding out what the problem is if it doesn't work.

Ralph3616 · Answer

Hello allI would like to re visit this issue. With a lot of help my original question was resolved and is working very well.Now.. I have added cookies to my site to remember users. Unfortunately this bypasses the code developed that shows me when a user logs in. While learning about cookies there are lots of references about tracking users.. but never quite the way I would like to.So.. my new question? (and perhaps it should be in a new thread)How can I get the users name and time when the site is accessed logged to a file from cookies set on my home page? I do not yet use MySQL on my siteThank you for any help or tutorials on this.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded