-
- 104 Posts
Hi all!
I have this client who would like to receive an email to alert them when one of they’re webuser has a to many failed login attempt and they’re blocked from the site. Or if it is possible for some or all web user to have unlimited failed attempt and keep the sites admin to 3?
I’ve been searching but did not find anything... anyone know’s how?
thanks.
-
- 2,877 Posts
I was looking in
http://svn.modxcms.com/svn/tattoo/tattoo/releases/1.0.2/assets/snippets/weblogin/weblogin.processor.inc.php
and tried using a Plugin:
if($blocked=="1") {
$Name = "User Blocked"; //senders name
$email = "[email protected]"; //senders e-mail adress
$recipient = "[email protected]"; //recipient
$mail_body = "Web user is blocked..."; //mail body
$subject = "Blocked!"; //subject
$header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields
mail($recipient, $subject, $mail_body, $header); //mail command
return;
}
But I didn’t get it to work...
Tried
OnBeforeWebLogin - no success
OnWebAuthentication - no success
OnWebLogin - no success
I probably need to change the if()
Neither did this work:
if($failedlogins>=$modx->config['failed_login_attempts'] && $blockeduntildate>time())
...
-
- 2,877 Posts
Hacking weblogin.processor.inc.php works at least...
if($failedlogins>=$modx->config['failed_login_attempts'] && $blockeduntildate>time()) { // blocked due to number of login errors.
session_destroy();
session_unset();
$output = webLoginAlert("Due to too many failed logins, you have been blocked!");
// mrhaw
$Name = $fullname; //senders name
$email = "[email protected]"; //senders e-mail adress
$recipient = "[email protected]"; //recipient
$mail_body = $fullname ." is blocked..."; //mail body
$subject = "Blocked!"; //subject
$header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields
mail($recipient, $subject, $mail_body, $header); //mail command
return;
}
-
- 372 Posts
Mr. Haw
This will do it without modifying the core.
Paste into a new plugin. Check system event - OnBeforeWebLogin
You can strip out the sendAlert message, I used it to test locally (I can’t use mail with MAMP)
// Get a reference to the event
$e = & $modx->Event;
$dbase = $modx->dbConfig['dbase'];
$table_prefix = $modx->dbConfig['table_prefix'];
$username = $modx->db->escape($_POST['username']);
$recipient = "[email protected]"; //recipient
$sql = "SELECT $dbase.`".$table_prefix."web_users`.*, $dbase.`".$table_prefix."web_user_attributes`.* FROM $dbase.`".$table_prefix."web_users`, $dbase.`".$table_prefix."web_user_attributes` WHERE BINARY $dbase.`".$table_prefix."web_users`.username = '".$username."' and $dbase.`".$table_prefix."web_user_attributes`.internalKey=$dbase.`".$table_prefix."web_users`.id;";
$ds = $modx->db->query($sql);
$limit = $modx->db->getRecordCount($ds);
$row = $modx->db->getRow($ds);
$failedlogins = $row['failedlogincount'];
//$blocked = $row['blocked'];
//$nrlogins = $row['logincount'];
$fullname = $row['fullname'];
$email = $row['email'];
switch ($e->name) {
case "OnBeforeWebLogin":
$ourFileName = "assets/userlog.txt";
$path = $modx->config['base_path'].$ourFileName;
$action = $failedlogins;
if($failedlogins >= $modx->config['failed_login_attempts'] ){
$message = $fullname ."with the username " . $username . ", has been blocked " . $failedlogins . " times"; //mail body
$subject = $fullname . " Blocked!"; //subject
$header = "From: ". $fullname . " <" . $email . ">\r\n"; //optional headerfields
mail($recipient, $subject, $message, $header); //mail command
$modx->sendAlert('alert',1,1,$subject,$message,1);
}
break;
default :
return; // stop here - this is very important.
break;
}
DropboxUploader -- Upload files to a Dropbox account.
DIG -- Dynamic Image Generator
gus -- Google URL Shortener
makeQR -- Uses google chart api to make QR codes.
MODxTweeter -- Update your twitter status on publish.
-
- 24,544 Posts
@bwente:
Nice!
BTW, since you are only processing one event, you don’t need the switch and, unless you are using the $e for something else, you don’t need
-
- 2,877 Posts
Sweeet!! Thank YOU!!
-
- 372 Posts
@BobRay
Thanks for the info. I cut and paste from previous scripts that I have used.
Still not sure how half of them work.
DropboxUploader -- Upload files to a Dropbox account.
DIG -- Dynamic Image Generator
gus -- Google URL Shortener
makeQR -- Uses google chart api to make QR codes.
MODxTweeter -- Update your twitter status on publish.
-
- 24,544 Posts
This would be the stripped-down version (untested):
$dbase = $modx->dbConfig['dbase'];
$table_prefix = $modx->dbConfig['table_prefix'];
$username = $modx->db->escape($_POST['username']);
$recipient = "[email protected]"; //recipient
$sql = "SELECT $dbase.`".$table_prefix."web_users`.*, $dbase.`".$table_prefix."web_user_attributes`.* FROM $dbase.`".$table_prefix."web_users`, $dbase.`".$table_prefix."web_user_attributes` WHERE BINARY $dbase.`".$table_prefix."web_users`.username = '".$username."' and $dbase.`".$table_prefix."web_user_attributes`.internalKey=$dbase.`".$table_prefix."web_users`.id;";
$ds = $modx->db->query($sql);
$limit = $modx->db->getRecordCount($ds);
$row = $modx->db->getRow($ds);
$failedlogins = $row['failedlogincount'];
//$blocked = $row['blocked'];
//$nrlogins = $row['logincount'];
$fullname = $row['fullname'];
$email = $row['email'];
$ourFileName = "assets/userlog.txt";
$path = $modx->config['base_path'].$ourFileName;
$action = $failedlogins;
if($failedlogins >= $modx->config['failed_login_attempts'] ){
$message = $fullname ."with the username " . $username . ", has been blocked " . $failedlogins . " times"; //mail body
$subject = $fullname . " Blocked!"; //subject
$header = "From: ". $fullname . " <" . $email . ">\r\n"; //optional headerfields
mail($recipient, $subject, $message, $header); //mail command
// $modx->sendAlert('alert',1,1,$subject,$message,1);
}
return;