Skip to main content
R
Ralph3616
Known Participant
November 22, 2009
Answered

Want to write results of submit on login form to log file on server

  • November 22, 2009
  • 2 replies
  • 5826 views

I have cobbled together a small family website to share old pictures and memorabilia. This is a members only site and I use a PHP login script that compares the username and password to a list.

I would like to know
a) if anyone is trying to guess their way in.
b) if a member is having trouble logging in.. we have some not so computer savvy family members who possibly get frustrated and give up.
c) which members are logging in.. this is a new endeavor, to run one year on a trial basis.. and is it worth it.

To accomplish this, I would like to add some code to take the results of any submit (on my login form) and append the results of that to some sort of log file that I can periodically review. Given that the basics are in place this would seem (to me) not that difficult a task. But, I have no idea on how to accomplish this and hope someone can show me.

Thank you for your time and help

Ralph

If it helps, this is the PHP code that I am assuming does the login process.

/* No user serviceable parts below this point. */

$php_self = $_SERVER['PHP_SELF'];

/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
    $user = $_GET['user'];
    $password = $_GET['password'];
}
if ($_POST['user']) {
    $user = $_POST['user'];
    $password = $_POST['password'];
}

session_start();

/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;

foreach ($authorization as $loginpair) {
    if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
      $_SESSION['user'] = $user;
      $_SESSION['password'] = $password;
        $loginsuccessful = TRUE;
    }
    if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
        $loginsuccessful = TRUE;
    }
}

if ($loginsuccessful === TRUE) {
  /* User is logged in, go about our merry way. */
    echo $loginmsg;
} else {
  /* User didn't match any of our valid logins, kick them back to the form. */
    $loginmsg = "Invalid username or password.";
    require($indexphp);
    exit;
}

This topic has been closed for replies.
Correct answer David_Powers

No, it's not particularly difficult. You're obviously using a login script that you have obtained from somewhere else, because the code is very different from that generated by Dreamweaver. Judging from the code, you're not using a database to store the usernames and passwords. So, you'll probably want to save the details to an external text file.

Add the following code in the place indicated:

if ($_POST['user']) {
    $user = $_POST['user'];
    $password = $_POST['password'];
}

// New code goes here

$logfile = 'log.txt';
$date = date('j M Y H:i:s');
$address = 'Unknown';
if (isset($_SERVER['REMOTE_ADDR'])) {
     $address = $_SERVER['REMOTE_ADDR'];
}
if ($file = fopen($logfile, 'a')) {
  fwrite($file, "\r\n$date $address $user $password");
  fclose($file);
}

// end of new code
session_start();

This will create a text file called log.txt in the same folder as the login script. Since it's a text file, it should ideally be outside the web server root, so you should change the value of $logfile to point to a file outside the server root, but in a folder where the script has permission to write.

Each time someone tries to log in, it will record the date and time, the IP address, if known, and the username and password submitted.

Once you have got this working, I suggest that you amend the following line:

if ($file = fopen($logfile, 'a')) {

Change it to this:

if ($file = @fopen($logfile, 'a')) {

This will suppress any error message if the script fails to open the log file. However, you shouldn't make that change until you have got things working, because suppressing an error message will prevent you from finding out what the problem is if it doesn't work.

2 replies

R
Ralph3616Author
Known Participant
February 13, 2011

Hello all

I would like to re visit this issue. With a lot of help my original question was resolved and is working very well.

Now.. I have added cookies to my site to remember users. Unfortunately this bypasses the code developed  that shows me when a user logs in. While learning about cookies there are lots of references about tracking users.. but never quite the way I would like to.

So.. my new question? (and perhaps it should be in a new thread)

How can I get the users name and time when the site is accessed logged to a file from cookies set on my home page? I do not yet use MySQL on my site

Thank you for any help or tutorials on this.

David_Powers
David_PowersCorrect answer
Inspiring
November 23, 2009

No, it's not particularly difficult. You're obviously using a login script that you have obtained from somewhere else, because the code is very different from that generated by Dreamweaver. Judging from the code, you're not using a database to store the usernames and passwords. So, you'll probably want to save the details to an external text file.

Add the following code in the place indicated:

if ($_POST['user']) {
    $user = $_POST['user'];
    $password = $_POST['password'];
}

// New code goes here

$logfile = 'log.txt';
$date = date('j M Y H:i:s');
$address = 'Unknown';
if (isset($_SERVER['REMOTE_ADDR'])) {
     $address = $_SERVER['REMOTE_ADDR'];
}
if ($file = fopen($logfile, 'a')) {
  fwrite($file, "\r\n$date $address $user $password");
  fclose($file);
}

// end of new code
session_start();

This will create a text file called log.txt in the same folder as the login script. Since it's a text file, it should ideally be outside the web server root, so you should change the value of $logfile to point to a file outside the server root, but in a folder where the script has permission to write.

Each time someone tries to log in, it will record the date and time, the IP address, if known, and the username and password submitted.

Once you have got this working, I suggest that you amend the following line:

if ($file = fopen($logfile, 'a')) {

Change it to this:

if ($file = @fopen($logfile, 'a')) {

This will suppress any error message if the script fails to open the log file. However, you shouldn't make that change until you have got things working, because suppressing an error message will prevent you from finding out what the problem is if it doesn't work.

R
Ralph3616Author
Known Participant
November 24, 2009

Thanks again David P for your time.

Your script works perfectly... with the script I sent as a sample.

Unfortunately I sent the script of login version1 that I use on my test site. It only checks for one username and password. Version 2, on my main site has 40 odd names and version 1 was modified to suit. Unfortunately your script does nothing when placed as / where you instructed.

My sincere apologies for supplying you the wrong script to work with and wasting your time, if there is not an easy fix.. please ignore / cancel this whole mess.

Version 2 script is this

/* No user serviceable parts below this point. */

$php_self = $_SERVER['PHP_SELF'];

/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
    $user = $_GET['user'];
    $password = $_GET['password'];
}
if ($_POST['user']) {
    $user = $_POST['user'];
    $password = $_POST['password'];
}

session_start();

/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;

foreach ($authorization as $loginpair) {
    if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
      $_SESSION['user'] = $user;
      $_SESSION['password'] = $password;
        $loginsuccessful = TRUE;
    }
    if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
        $loginsuccessful = TRUE;
    }
}

if ($loginsuccessful === TRUE) {
  /* User is logged in, go about our merry way. */
    echo $loginmsg;
} else {
  /* User didn't match any of our valid logins, kick them back to the form. */
    $loginmsg = "Invalid username or password.";
    require($indexphp);
    exit;
}

?>

David_Powers
David_Powers
Inspiring
November 25, 2009

I have found out the problem... all to do with my server I guess. I changed the login.php of my test site to reflect what I have on my main and included your script... Works great.

So.. I am guessing that there is some sort of security check to prevent writting to the root of my site. I will email my host and see if that is in fact the case... In the meantime... if you are not totally fed up with me.... you did mention in your original post that I should move the log.txt to some other folder (one that I have permission to write to). Given that this (your code) seems to work when in the /public_html/test folder could your script write to it there.. how could I do that.. if you thought it would work?

Thanks again for you time


Ralph3616 wrote:

Given that this (your code) seems to work when in the /public_html/test folder could your script write to it there.. how could I do that.. if you thought it would work?

It's just a question of changing this line:

$logfile = 'log.txt';

Assuming that your login script is in the main public_html folder, change it to this:

$logfile = 'test/log.txt';
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices