Is It Possible to Track Logins

[sundial2k]

Hi - Password Protect works perfectly.  I'm wondering if there is a way to track the logins - like how many times a specific user went to the site?

Thanks,
John

[zubrag]

Such thing should be tracked using database.

But if log file of login date/IP/username is enough, then

find this code
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

and insert following code before it
$f = @fopen('logins.log', 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia").'  IP='.$_SERVER['REMOTE_ADDR'].'  Username='.$login."\n");
  @fclose($f);
}


It will append to log file each time user logs in

[sundial2k]

Thanks - what/where is the log file that it's appending?

[zubrag]

$f = @fopen('logins.log', 'a+');

log filename gets set in this line, highlighted. Specify path from the root (i.e. absolute path) to make sure it gets saved where you need it, like /path/from/root/mylog.txt

[sundial2k]

Thanks!!!  Here's my last question... I'm not requiring a username, just a password.  Can I collect the passwords in the log?

[zubrag]

yes, replace $login with $pass in following line and it will store passwords instead of logins
@fputs($f, date("m.d.Y g:ia").'  IP='.$_SERVER['REMOTE_ADDR'].'  Username='.$login."\n");

[sundial2k]

Thanks again for your replies (a donation was made )

I thought I was done but I have one more question. 

I'm using Password Protect for limiting access to a private shopping site.  I am running into an issue when people go to checkout on the secure (SSL) part of my site, that they are asked for the password again.  Is there a way of preventing this 2nd password request?  I'm using this on a Joomla website, so I think EVERY page is the same index.html page.

Thanks,
John

[zubrag]

John,

i did not have a chance to try it on https, but from what you say it looks like a cookie issue (cookie somehow lost). Could you provide me with exact url of where user login and sample https url which is not working (send private message for security)?

and thank you for donation

[sundial2k]

Hi - the site is: http://egallery.kinkadeevents.com (j2010 is a password to get in).  

Once you are in, choose a category, add something to the cart and then begin the checkout process and you'll see what I'm referring to.

You can use the username Test with P/W test123 if the cart asks for a login.

Thanks a lot!
John

[zubrag]

I think the problem is as follows. User login on http://egallery.kinkadeevents.com, so your browser sets a cookie for this domain. When you checkout - it redirects to https://secure.bluehost.com which is a different domain (causing cookie loss).
Is it somehow possible to perform checkout on https://egallery.kinkadeevents.com ?

[sundial2k]

I'm working on that with my client, but don't think the address will end up being https://egallery.kinkadeevents.com.  The hosting company he's using (Bluehost) has their system configured to only give the primary domain the SSL prefix, so in this case I think the checkout might look more like https://www.kinkadeevents.com/egallery. 

Do you think that will that cause the same issue?

[zubrag]

i think this one should work fine

[Kimball342]

couple of weeks ago social networking site FACEBOOK introduce this type of activity but its not work there properly, i don't how it is possible to see person whose visiting your profile or site.