[Done] Logging Request [Done] Logging Request
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Done] Logging Request

Started by 406man, June 21, 2012, 01:44:08 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

406man

Several of the users of my gallery have had problems due to being banned. On the face of it, there's no reason for them to have been banned and the Bans part of the admin interface shows the ban not being in effect. But they still can't log in.  Unfortunately I can't gather sufficient information to be confirm that there is a problem with Coppermine rather than the users having finger trouble.

So what I'm requesting – this is a feature request, not a request for support – is more logging related to bans. For example, an entry in the log file every time a user does something  that will contribute towards a ban. It should have the date, time, IP address and username. Also an entry when the user tries to log in even though they are banned. Again containing date, time, IPaddress and username.

Αndré

The security log currently looks like
QuoteJun 21, 2012 at 12:49 PM - Failed login attempt with Username: test

so we just need to add the IP address like it's done here:
QuoteJun 21, 2012 at 12:52 PM - Denied privileged access to admin.php by user Guest at IP 127.0.0.1
right?

You can apply that change immediately. Open login.php, find
log_write("Failed login attempt with Username: " . $superCage->post->getEscaped('username'), CPG_SECURITY_LOG);
and replace with
log_write("Failed login attempt at IP $hdr_ip with Username: " . $superCage->post->getEscaped('username'), CPG_SECURITY_LOG);

As far as I know failed login attempts are the only way to ban yourself.

Αndré

Committed change in SVN revision 8568.