Creating login logs

General PHP Help
#1

I have a site and I want to keep a log of all the logins, successful or not. I can think of several ways to do this, none of which seem to be good ideas.

Creating a Table in the DB - This would be ok, except all the efforts at screening malicious data would be wasted since the malicious code would still find it’s way into a query. I could eliminate this again, but then I won’t have complete logs.

Creating a text file - I haven’t investigated this yet, I’m not even sure if php can generate text files. But this would be less than ideal too since anyone could then see the log. I want to save the passwords unencrypted so I can see what people are trying. I want to see if someone just made a typo or if someone is trying a list of words.

Sending EMail - I could have the site email me the information each time, but that would probably generate a lot of emails. I only have about 75-100 regular users, but they’ll be logging in and out several times a day.

Any ideas?

#2

You can use PHP native function:

<?php error_log($message, 3, $log_file); ?>

#3

Ok, but now there’s a text file sitting on my server that anyone can see if they type in the correct URL

#4

create an htaccess file

<Files logfile.log>
order allow,deny
deny from all
</Files>
#5

Can I do that on any server? I don’t have a dedicated host.

#6

yeah just go into notepage
paste the previous code i gave yoy
save it as a .htaccess file ( Make sure there is not .txt in the file name)

and just upload it to your site directory and it will kick in automatically

then try to open you log file

http://yoursite.com/logfile.log
should return with a permission error

Sponsor our Newsletter | Privacy Policy | Terms of Service