[CDB] Failed logins

tas2580 · Post by **tas2580** » Sun Jan 04, 2015 1:53 am

Extension Name: Failed logins
Author: tas2580

Extension Description:
If a user try to login and the login fails, this extension creates an entry in the user log. Also on the next login the user will see how much logins failed since his last login.

Extension Version: 1.1.0 RC1

Extension Download: https://tas2580.net/downloads/phpbb-failed-logins/

Github Repository: https://github.com/failedlogins

Wolfsblvt · Post by **Wolfsblvt** » Sun Jan 04, 2015 2:12 am

A suggestion that would be cool:
If you successfully login, you will get displayed how much failed logins there were between your last successfull login and now.
That's what I get from several other sites, and that would be cool, cause you can see if someone other is trying to get access to your account.

draky · Post by **draky** » Sun Jan 04, 2015 8:18 am

And what about sending an e-mail to an user if someone tried to login with his account ident ?
Can be enabled in UCP, and boardwide in ACP

Walther · Post by **Walther** » Sun Jan 04, 2015 10:13 am

Make it optional to create an entry on succesfull login's too, and you have the much requested yet to be made Log Connections mod/extension.

Webwatcher_eu · Post by **Webwatcher_eu** » Sun Jan 04, 2015 10:16 am

draky wrote:And what about sending an e-mail to an user if someone tried to login with his account ident ?
Can be enabled in UCP, and boardwide in ACP

not a good idea -if i like to spam i can try it 1000 times and always the user gets mail....

draky · Post by **draky** » Sun Jan 04, 2015 10:26 am

Maybe a daily mail only.

Webwatcher_eu · Post by **Webwatcher_eu** » Sun Jan 04, 2015 10:53 am

hmm mailing is alwasy not the best way (spam) a list in ACP can help - so the suer can check self

also there is no control/check about logins with correct usernames and names where are not stored in database

Webwatcher_eu · Post by **Webwatcher_eu** » Sun Jan 04, 2015 10:56 am

better german translation:

'TRY_TO_LOGIN_FAIL' => 'Die Anmeldung des Benutzers: %s ist fehlgeschlagen.',

Post by **Raul [ThE KuKa]** » Sun Jan 04, 2015 11:05 am

Hi tas2580, nice work but I see a small error.

You use: "tas2580/failed_logins"

You can't use underscore, dot, comma, etc. in extension name.

Use this please: "tas2580/failedlogins"

Best regards.

Webwatcher_eu · Post by **Webwatcher_eu** » Sun Jan 04, 2015 7:53 pm

can you also log the used password?

so it looks like

'TRY_TO_LOGIN_FAIL' => 'Die Anmeldung des Benutzers: %s ist fehlgeschlagen - Passwort: %s',

John P · Post by **John P** » Sun Jan 04, 2015 8:32 pm

It would be much easier if the event was before the LOGIN_SUCCESS switch as asked at area 51 some time ago. Put also the result in the event and we can really do something with this event.

tas2580 · Post by **tas2580** » Sun Jan 04, 2015 9:47 pm

I have made a small update.
Like the suggestion from Wolfsblvt now the number of failed logins will be displayed to the user. Also I have renamed the extension folder thanks Raul [ThE KuKa].

I dont think that password loging is a good idea because if a user type in the wrong username you can see his password. and so or so never safe passwords without hashing.

With the events its a little weird at now because there is no event for failed logins in 3.1.2, but in 3.1.3 there will be one and when 3.1.3 is out i will change this.

Webwatcher_eu · Post by **Webwatcher_eu** » Sun Jan 04, 2015 9:51 pm

tas2580 wrote:
I dont think that password loging is a good idea because if a user type in the wrong username you can see his password. and so or so never safe passwords without hashing.

admin can allways login as user... but ok if you think that is a security issue

tas2580 · Post by **tas2580** » Sun Jan 04, 2015 9:58 pm

Yes as admin you can login as a user, but you can't see his password. Maybe some users use the same password on different websites and then it would be not good if you see there password in the log.

david63 · Post by **david63** » Sun Jan 04, 2015 10:01 pm

How can an admin log in as a user?