PDA

View Full Version : Resolved Want to write results of submit on form to log file



Ralph2
11-22-2009, 02:41 AM
I have cobbled together a small family website to share old pictures and memorabilia. This is a members only site and I use a PHP login script that compares the username and password to a list.

I would like to know
a) if anyone is trying to guess their way in.
b) if a member is having trouble logging in.. we have some not so computer savvy family members who possibly get frustrated and give up.
c) which members are logging in.. this is a new endeavor, to run one year on a trial basis.. and is it worth it.

To accomplish this, I would like to add some code to take the results of any submit (on my login form) and append the results of that to some sort of log file that I can periodically review. Given that the basics are in place this would seem (to me) not that difficult a task. But, I have no idea on how to accomplish this and hope someone can show me.

Thank you for your time and help:)

Ralph

If it helps, this is the PHP code that I am assuming does the login process.


/* No user serviceable parts below this point. */

$php_self = $_SERVER['PHP_SELF'];

/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
$user = $_GET['user'];
$password = $_GET['password'];
}
if ($_POST['user']) {
$user = $_POST['user'];
$password = $_POST['password'];
}

session_start();

/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;

foreach ($authorization as $loginpair) {
if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
$loginsuccessful = TRUE;
}
if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
$loginsuccessful = TRUE;
}
}

if ($loginsuccessful === TRUE) {
/* User is logged in, go about our merry way. */
echo $loginmsg;
} else {
/* User didn't match any of our valid logins, kick them back to the form. */
$loginmsg = "Invalid username or password.";
require($indexphp);
exit;
}

JShor
11-23-2009, 02:13 AM
OK, well, you have numerous ways to do this. The quickest is to write all of the login attempts to a text file called "attempts.txt", which you could view/periodically download and see all of the people who've made attempts at logging in.

The way I made it [of course, format can be changed] is the following:
User: {{username}}
Password: {{password}}
Date/Time: {{date&&time}}

Here's the finished code:



/* No user serviceable parts below this point. */

$php_self = $_SERVER['PHP_SELF'];

/* Sanitize variables: we should only be getting $user and $password from the form. */
$submit = $_POST['submit'];
$user = '';
$password = '';
if ($_GET['user']) {
$user = $_GET['user'];
$password = $_GET['password'];
}
if ($_POST['user']) {
$user = $_POST['user'];
$password = $_POST['password'];
}

session_start();

/* Check login/password pairs until we find one that is correct, or show login form again. */
$loginsuccessful = FALSE;

foreach ($authorization as $loginpair) {
if (($user == $loginpair[0]) && ($password == $loginpair[1])) {
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
$loginsuccessful = TRUE;
}
if (($_SESSION['user'] == $loginpair[0]) && ($_SESSION['password'] == $loginpair[1])) {
$loginsuccessful = TRUE;
}
}

if ($loginsuccessful === TRUE) {
/* User is logged in, go about our merry way. */
echo $loginmsg;
} else {

$timestamp = date();

/* User didn't match any of our valid logins, kick them back to the form. */
$loginmsg = "Invalid username or password.";
$stringData = "
Username: ".$user."
Password: ".$password."
Date/Time: ".$timestamp.";

$myFile = "attempts.txt"; // name of file
$fh = fopen($myFile, 'a') or die("can't open file"); // open file
fwrite($fh, $stringData); // append to file
fclose($fh); // close file

require($indexphp);
exit;
}


Please note that you need to make sure that attempts.txt already exists on the same path of this php script.

HTH:)

Ralph2
11-26-2009, 05:37 AM
Thank you for your time JShor

A quick cut and paste of your sample code gives me an error message... Parse error: syntax error, unexpected T_STRING.........

Is it possible that my host server has some security features that prevent writing to files in my root folder? :confused: http://hostpapa.com/

I will try again later... up to my ears in other stuff at the moment... and see if I can make your approach work

Ralph

traq
11-26-2009, 05:53 PM
There's a typo in JShor's script.


//use single-quotes instead of double-quotes:
$stringData = '
Username: '.$user.'
Password: '.$password.'
Date/Time: '.$timestamp;
// or, remove double-quotes *inside* the string:
$stringData = "
Username: $user
Password: $password
Date/Time: $timestamp";
}

Ralph2
11-27-2009, 04:14 AM
Thanks..
Is there a problem with this part.. the second line now gives an error message?

$myFile = "attempts.txt"; // name of file
$fh = fopen($myFile, 'a') or die("cant open file"); // open file
fwrite($fh, $stringData); // append to file
fclose($fh); // close file

traq
11-27-2009, 05:21 AM
does the file "attempts.txt" exist in the same directory as this script?

This script does not create a new file, which is why JShor pointed out that the file needs to exist beforehand. Make sure you have upload a blank text file, and that it is in the same directory as this script.