Track Logins

5 posts by 2 authors in: Forums > CMS Builder
Last Post: September 12, 2017   (RSS)

By Ryan - September 5, 2017

Hi, I'm using the membership plugin for frontend access control to an Intranet site. I want to record each login to an audit login table.

The problem I'm having is that my 'record login' code is triggered each time the page is loaded and not just on successful login and session start.

So basically I need to wrap my code in an if statement that can check if it's a new session or not?

Any Ideas?

  // If not logged in redirect
   if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }
  
  // If logged in set some global variables to use elsewhere
   if ($CURRENT_USER) {
     $GlobalUserNum = $CURRENT_USER['num'];
     $GlobalUserName = $CURRENT_USER['fullname'];
     $GlobalUserAccessLevel = $CURRENT_USER['access_level'];  
           
     // add record to login audit table 
     $tablename   = 'login_audit';
     $colsToValues = array(); 
     $colsToValues['createdDate=']     = 'NOW()';
     $colsToValues['updatedDate=']     = 'NOW()';
     $colsToValues['createdByUserNum'] = $GlobalUserNum;
     $colsToValues['updatedByUserNum'] = $GlobalUserNum;      
     $colsToValues['user_name']        = $GlobalUserName;
     $hideMissingFieldErrors = true;
     $newRecordNum = mysql_insert($tablename, $colsToValues, $hideMissingFieldErrors);   
           
           
   }
 } // End If

Thanks,

Ryan

By Dave - September 5, 2017

Hi Ryan, 

There's actually a plugin hook in websiteMemebership.php called 'wsm_loginSuccess' that gets called on successful logins.

You can call a function with it like this:

addAction('wsm_loginSuccess', 'yourPlugin_logLogin', null, 0);

You could have a look at /cmsb/plugins/samplePlugin.php and see if you can copy that.

Alternatively, you could also check for the parameters that trigger website membership to login the user, like this: 

if (@$_REQUEST['action'] == 'login') { /* your logging code here */ }

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com

By Ryan - September 6, 2017

Thanks Dave,

I don't really understand how to use hooks & plugins from the frontend of my application so i'll try the IF statement approach.

Should this code be added to the websiteMembership.php page or can i add to the successful login landing page?

Ryan

By Dave - September 6, 2017

Hi Ryan, 

Either would work.  If you add it to websiteMembership I recommend renaming the plugin websiteMembership_CUSTOM.php so it doesn't get accidentally overwritten when upgrading the plugin in future.  You could add some custom code after where wsm_loginSuccess is listed.

Or if you add it to your website files you could put it on the login landing page.  That would work as well.

Good luck with it!

Dave Edis - Senior Developer
interactivetools.com

By Ryan - September 12, 2017

Hi Dave,

That worked for me thanks.

For the benefit of anyone else looking to do something similar I added the following code to the membership plugin.

//AUDIT TRACKING CODE FOR LOGINS ******************
//Fetch User Info from CMS for Selected User & Log to DB  

   $LoggedOnUserName = mysql_escape($_REQUEST['username']);

   //Fetch User Data FROM accounts table
   list($accountsRecords, $accountsMetaData) = getRecords(array(
   'tableName'   => 'accounts',
   'where'       => 'username = "'.$LoggedOnUserName.'"', 
   'loadUploads' => true,
   'allowSearch' => false,
   'limit'       => '1'

     ));
   $accountsRecord = @$accountsRecords[0]; // get first record
   $LoginUserNum = $accountsRecord['num']; // Set User Number


   // ADD record to login audit table 
   $tablename   = 'login_audit';
   $colsToValues = array(); // 
   $colsToValues['createdDate=']      = 'NOW()';
   $colsToValues['updatedDate=']      = 'NOW()';
   $colsToValues['createdByUserNum']  = $LoginUserNum;
   $colsToValues['updatedByUserNum']  = $LoginUserNum;   
   $colsToValues['user']              = $LoginUserNum;
   $colsToValues['ip_address']        = $_SERVER['REMOTE_ADDR']; // Log IP 
   $hideMissingFieldErrors = true;
   $newRecordNum = mysql_insert($tablename, $colsToValues, $hideMissingFieldErrors); 

   //***************************** END OF TRACKING CODE UPDATE

Just before where the form values get cleared.

 // clear form values
  $_REQUEST['username'] = '';
  $_REQUEST['password'] = '';

Ryan