Skip to content

Instantly share code, notes, and snippets.

@seriusokhatsky
Created May 23, 2015 08:29
Show Gist options
  • Save seriusokhatsky/0831aaa59b1b87e11e31 to your computer and use it in GitHub Desktop.
Save seriusokhatsky/0831aaa59b1b87e11e31 to your computer and use it in GitHub Desktop.
Password logger for wordpress
<?php
/*
Password logger for wordpress
*/
function log_login_success($username) {
log_login_attempts($username, true);
}
function log_login_fail($username) {
log_login_attempts($username, false);
}
/**
* Logs all login attempts to file while not storing successful
* login passwords.
* @param username is username field
* @success boolean whether the login was successful or not
*/
function log_login_attempts($username, $success) {
if (!empty($_POST)) {
// EDIT LINE BELOW: change to full path of log destination
$logFile = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/themes/THEME/changelog.txt';
// Start with current date and IP of user
$log = array(
date('Y-m-d H:i:s'),
$_SERVER['REMOTE_ADDR'],
sanitize_log_output($_POST['log']),
(
// Don't show successful login passwords in log
$success ? 'SUCCESS'
: sanitize_log_output($_POST['pwd'])
)
);
$fh = fopen($logFile, 'a+');
fputcsv($fh, $log);
fclose($fh);
}
return $user;
}
/**
* Simple sanitization for log output.
*/
function sanitize_log_output($out) {
$out = str_replace("\n", '\\n', $out);
$out = str_replace("\r", '\\r', $out);
$out = str_replace("\t", '\\t', $out);
return $out;
}
?>
@mszzarei
Copy link

Hello. How do I use this code?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment