[CDB] Failed logins

[tas2580]

Extension Name: Failed logins
Author: tas2580

Extension Description:
If a user try to login and the login fails, this extension creates an entry in the user log. Also on the next login the user will see how much logins failed since his last login.

Extension Version: 1.1.0 RC1

Extension Download: https://tas2580.net/downloads/phpbb-failed-logins/

Github Repository: https://github.com/failedlogins

[Wolfsblvt]

A suggestion that would be cool:
If you successfully login, you will get displayed how much failed logins there were between your last successfull login and now.
That's what I get from several other sites, and that would be cool, cause you can see if someone other is trying to get access to your account.

[draky]

And what about sending an e-mail to an user if someone tried to login with his account ident ?
Can be enabled in UCP, and boardwide in ACP

[Walther]

Make it optional to create an entry on succesfull login's too, and you have the much requested yet to be made Log Connections mod/extension.

[Webwatcher_eu]

And what about sending an e-mail to an user if someone tried to login with his account ident ?
Can be enabled in UCP, and boardwide in ACP

not a good idea -if i like to spam i can try it 1000 times and always the user gets mail....

[draky]

Maybe a daily mail only.

[Webwatcher_eu]

hmm mailing is alwasy not the best way (spam) a list in ACP can help - so the suer can check self

also there is no control/check about logins with correct usernames and names where are not stored in database

[Webwatcher_eu]

better german translation:

'TRY_TO_LOGIN_FAIL' => 'Die Anmeldung des Benutzers: <b>%s</b> ist fehlgeschlagen.',

[Raul [ThE KuKa]]

Hi tas2580, nice work but I see a small error.

You use: "tas2580/failed_logins"

You can't use underscore, dot, comma, etc. in extension name.

Use this please: "tas2580/failedlogins"

Best regards.

[Webwatcher_eu]

can you also log the used password?

so it looks like

'TRY_TO_LOGIN_FAIL' => 'Die Anmeldung des Benutzers: <b>%s</b> ist fehlgeschlagen - Passwort: <b>%s</b>',

[John P]

It would be much easier if the event was before the LOGIN_SUCCESS switch as asked at area 51 some time ago. Put also the result in the event and we can really do something with this event.

[tas2580]

I have made a small update.
Like the suggestion from Wolfsblvt now the number of failed logins will be displayed to the user. Also I have renamed the extension folder thanks Raul [ThE KuKa].

I dont think that password loging is a good idea because if a user type in the wrong username you can see his password. and so or so never safe passwords without hashing.

With the events its a little weird at now because there is no event for failed logins in 3.1.2, but in 3.1.3 there will be one and when 3.1.3 is out i will change this.

[Webwatcher_eu]

I dont think that password loging is a good idea because if a user type in the wrong username you can see his password. and so or so never safe passwords without hashing.

admin can allways login as user... but ok if you think that is a security issue

[tas2580]

Yes as admin you can login as a user, but you can't see his password. Maybe some users use the same password on different websites and then it would be not good if you see there password in the log.

[david63]

How can an admin log in as a user?