Advanced search  

News:

cpg1.5.44 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.42 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Done] Logging Request  (Read 6913 times)

0 Members and 1 Guest are viewing this topic.

406man

  • Coppermine newbie
  • Offline Offline
  • Posts: 13
[Done] Logging Request
« on: June 21, 2012, 01:44:08 PM »

Several of the users of my gallery have had problems due to being banned. On the face of it, there’s no reason for them to have been banned and the Bans part of the admin interface shows the ban not being in effect. But they still can’t log in.  Unfortunately I can’t gather sufficient information to be confirm that there is a problem with Coppermine rather than the users having finger trouble.

So what I’m requesting – this is a feature request, not a request for support – is more logging related to bans. For example, an entry in the log file every time a user does something  that will contribute towards a ban. It should have the date, time, IP address and username. Also an entry when the user tries to log in even though they are banned. Again containing date, time, IPaddress and username.
« Last Edit: May 16, 2013, 11:15:49 AM by Αndré »
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15244
Re: Logging Request
« Reply #1 on: June 21, 2012, 03:00:08 PM »

The security log currently looks like
Quote
Jun 21, 2012 at 12:49 PM - Failed login attempt with Username: test

so we just need to add the IP address like it's done here:
Quote
Jun 21, 2012 at 12:52 PM - Denied privileged access to admin.php by user Guest at IP 127.0.0.1
right?

You can apply that change immediately. Open login.php, find
Code: [Select]
log_write("Failed login attempt with Username: " . $superCage->post->getEscaped('username'), CPG_SECURITY_LOG);and replace with
Code: [Select]
log_write("Failed login attempt at IP $hdr_ip with Username: " . $superCage->post->getEscaped('username'), CPG_SECURITY_LOG);
As far as I know failed login attempts are the only way to ban yourself.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15244
Re: Logging Request
« Reply #2 on: May 16, 2013, 11:15:39 AM »

Committed change in SVN revision 8568.
Logged
Pages: [1]   Go Up
 

Page created in 0.061 seconds with 21 queries.