Ralph2
11-22-2009, 02:41 AM
I have cobbled together a small family website to share old pictures and memorabilia. This is a members only site and I use a PHP login script that compares the username and password to a list.
I would like to know
a) if anyone is trying to guess their way in.
b) if a member is having trouble logging in.. we have some not so computer savvy family members who possibly get frustrated and give up.
c) which members are logging in.. this is a new endeavor, to run one year on a trial basis.. and is it worth it.
To accomplish this, I would like to add some code to take the results of any submit (on my login form) and append the results of that to some sort of log file that I can periodically review. Given that the basics are in place this would seem (to me) not that difficult a task. But, I have no idea on how to accomplish this and hope someone can show me.
Thank you for your time and help:)
Ralph
If it helps, this is the PHP code that I am assuming does the login process.
/* No user serviceable parts below this point. */
$php_self = $_SERVER['PHP_SELF'];
/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
$user = $_GET['user'];
$password = $_GET['password'];
}
if ($_POST['user']) {
$user = $_POST['user'];
$password = $_POST['password'];
}
session_start();
/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;
foreach ($authorization as $loginpair) {
if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
$loginsuccessful = TRUE;
}
if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
$loginsuccessful = TRUE;
}
}
if ($loginsuccessful === TRUE) {
/* User is logged in, go about our merry way. */
echo $loginmsg;
} else {
/* User didn't match any of our valid logins, kick them back to the form. */
$loginmsg = "Invalid username or password.";
require($indexphp);
exit;
}
I would like to know
a) if anyone is trying to guess their way in.
b) if a member is having trouble logging in.. we have some not so computer savvy family members who possibly get frustrated and give up.
c) which members are logging in.. this is a new endeavor, to run one year on a trial basis.. and is it worth it.
To accomplish this, I would like to add some code to take the results of any submit (on my login form) and append the results of that to some sort of log file that I can periodically review. Given that the basics are in place this would seem (to me) not that difficult a task. But, I have no idea on how to accomplish this and hope someone can show me.
Thank you for your time and help:)
Ralph
If it helps, this is the PHP code that I am assuming does the login process.
/* No user serviceable parts below this point. */
$php_self = $_SERVER['PHP_SELF'];
/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
$user = $_GET['user'];
$password = $_GET['password'];
}
if ($_POST['user']) {
$user = $_POST['user'];
$password = $_POST['password'];
}
session_start();
/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;
foreach ($authorization as $loginpair) {
if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
$loginsuccessful = TRUE;
}
if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
$loginsuccessful = TRUE;
}
}
if ($loginsuccessful === TRUE) {
/* User is logged in, go about our merry way. */
echo $loginmsg;
} else {
/* User didn't match any of our valid logins, kick them back to the form. */
$loginmsg = "Invalid username or password.";
require($indexphp);
exit;
}