I have a site and I want to keep a log of all the logins, successful or not. I can think of several ways to do this, none of which seem to be good ideas.
Creating a Table in the DB - This would be ok, except all the efforts at screening malicious data would be wasted since the malicious code would still find it’s way into a query. I could eliminate this again, but then I won’t have complete logs.
Creating a text file - I haven’t investigated this yet, I’m not even sure if php can generate text files. But this would be less than ideal too since anyone could then see the log. I want to save the passwords unencrypted so I can see what people are trying. I want to see if someone just made a typo or if someone is trying a list of words.
Sending EMail - I could have the site email me the information each time, but that would probably generate a lot of emails. I only have about 75-100 regular users, but they’ll be logging in and out several times a day.