Logging user access with IP..?

I want oto add some user logging for my site and since it requires authentication I believe most of the heavy lifting has already been completed. I'm hoping someone can give me some direction as to how to incorporate the pieces I need into what I have already existing.
Currently I believe the following is the php for granting access on my site:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && true) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "../logon.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
I believe some of the pieces I'm missing are the IP address for the user and the sql needed for the INSERT into mySQL which I believe are as follows:
$ip_address = $_SERVER["REMOTE_ADDR"];
       $sql = "INSERT INTO user_tracking
              (username, ip_address)
              VALUES ('MM_Username', '$ip_address')";
mysql_query($sql, $maxdbconn) or die(mysql_error());       'Is this the command for executing the SQL???
My problem is I'm still green and don't understand the php routine well enough to be able to plug in these pieces and whether I'm missing something else so I'm hoping someone can help shed some light.
Thanks.
A JM,

I found the original page and again I realize that I was missing some original code, I realize it makes it tough to follow - my appologies. I tested this source below and all is back to normal.
So, back to trying to add the user to the tracking DB.
I think the pieces I'm missing are as follows- not sure though...????
    //SQL string for user logged in
    $insertSQL = "INSERT INTO user_tracking (username, ip_address) VALUES ('maxadmin', '192.168.1.100')";
    mysql_select_db($database_maxdbconn, $maxdbconn);
    $Result1 = mysql_query($insertSQL, $maxdbconn) or die(mysql_error());
However, when I add the lines before ( header("Location: " . $MM_redirectLoginSuccess ); ) I get an error message in Dreamweaver, "The Server Behavior panel cannot determine whether "Log In User" or "Log In User" is applied to your page. Please select Edit Server Behaviors and change one of the two behaviors to ensure that each is uniquely identifiable."
A JM,
<?php require_once('Connections/maxdbconn.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "dbpages/claimroot.php";
$MM_redirectLoginFailed = "failedlogin.html";
$MM_redirecttoReferrer = false;
mysql_select_db($database_maxdbconn, $maxdbconn);
$LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $maxdbconn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
     $loginStrGroup = "";
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>

Similar Messages

After SysPrep Windows Logs Users In With Temporary Profile

I have created a Windows 8.1 Pro image which was created by installing from the DVD. On first login I put windows into audit mode and installed all software and customised. I then ran sysprep with an unattend file with "copy profile" set to true.
Once the image is loaded onto a new PC it is joined to our domain and if I login as a Domain Admin things are fine, but if I login as a Domain User it logs the user in with a temporary profile which disappears at log off. The fact that Domain Admins
can login successfully suggests it is permissions but I am not sure where or why. To create the image I used Microsoft best practice as detailed on the MSDN. It is not a corrupted profile as there are no domain users have been logged on prior to capturing
the image. I am using DISM to capture and deploy. I did use the ADK to create the unattend file.
Does anyone have any suggestions as to what might be causing this behaviour?
Thanks
JeffW

Hi,
We have not heard from you in a couple of days. Please post back at your convenience if we can assist further.
If the above suggestions doesn't work, We'd collect PROFILE.ETL to further troubleshoot the issue.
a. Log onto the machine as an administrator.
b. Select the start menu
c. Type cmd in "Start Search"
d. Right click on cmd under “programs”
e. Select "Run as administrator"
f. Enable the User Profile Service Tracing using the following command in the new-opened elevated command prompt at the root of the C drive:
logman -start profile -p {eb7428f5-ab1f-4322-a4cc-1f1a9b2c5e98} 255 3 -ets
g. Do not Log off as the current user and switch to logon as the user who receives the profile problem (please tell me the user name).
h. Once the user experiences profile issue, please switch back as the administrator.
i. Stop the User Profile Service Tracing using the following command in an elevated command prompt
logman -stop profile -ets
j. Gather the profile.etl file in the root of the C drive and upload it to a shared space like Onedrive and shared the link here.
Kate Li
TechNet Community Support

Controll user access with internal attribute date

I all.
i've created an internal attribute called Date-of-validity of type Date.
the objective is to controll user access based on the date configured in this attribute and permit acces only when the date as not been reached.
who do i control-it, putt the acs looking to the date in an autommated way.
thanks in adv
Antero Vasconcelos

It is possible to define an internal user whose password is taken from an external store.
In internal user definition select "Password Type" to be the LDAP database and then define the rest of the user definition, including identity groups, as desired

Logging User access

LAMP system DWMX 6.1
I have a table "USERS" which contains, as you'd expect, User,
password, accesspermissions. This I use for controlling access.
I have also added a new column of lastaccessed.
What I am trying to acheive is a timestamp on first login but
I'm not sure how to go about this.
I attach the login code block for ref.
<form ACTION="<?php echo $loginFormAction; ?>"
method="POST" name="form1"
onSubmit="YY_checkform('form1','Username','#q','0','* Username
field cannot be empty *','Password','#q','0','* Password field
cannot be empty *');return document.MM_returnValue">
<p align="center"><font face="Arial">Username
<input name="Username" type="text" id="Username">
</font></p>
<p align="center"><font face="Arial">Password
<input name="Password" type="password" id="Password">
</font></p>
<p align="center"><font face="Arial">
<input type="submit" name="Submit" value="Login">
</font></p>
</form>

Thanks for this
I'm running on LAMP (Linux, Apache, MySQL, PHP)
I have set the main "lastaccessed" column via myphpadmin to
timestamp format but am still quite new at coding so will need some
help with the code and positioning. (Use DW to construct the code -
lazy I know but I'm short on time!)
I would think it would go something like this...
if (isset($HTTP_POST_VARS['Username'])) {
$loginUsername=$HTTP_POST_VARS['Username'];
$password=$HTTP_POST_VARS['Password'];
$MM_fldUserAuthorization = "ACCESSPERM";
$MM_redirectLoginSuccess = "/loginsuccess.htm";
$MM_redirectLoginFailed = "/loginfailed.php";
$MM_redirecttoReferrer = false;
$updateSQL = sprintf("UPDATE DBUSERS SET LASTACCESSED=%s",
GetSQLValueString($HTTP_POST_VARS['nowdatefield'], "text"));
mysql_select_db($database_dbcrm1, $dbcrm1);
$LoginRS__query=sprintf("SELECT USER, PASSWORD, ACCESSPERM
FROM DBUSERS WHERE USER='%s' AND PASSWORD='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $dbcrm1) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'ACCESSPERM');
Probably way off but at least I'm trying!

Logging VPN access

I have an ASA5510 configured for remote access VPN (standard and clientless). It uses LDAP to authenticate against domain controllers in my environment.
Is there a way to configure syslog to log user access to the VPN (date & time, etc.), without turning on "logging trap informational" and filling up my syslog server with loads of other information (conduits opening, teardowns, etc.)?
I am syslogging to SolarWinds using udp

Hi Colin,
For this, you need to first know what message IDs you want syslog to receive. Say you want to receive the below message id 713059 (tunnel reject -user group-lock check failed) to syslog server...
logging list TEST message 713059
logging list TEST message 713070-713080 --> For range of messages
configure syslog server on ASA and issue the command 'logging trap TEST'.
Check the below link for more info...
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml
hth
MS

Multiple simutaneously logged in users accessing AFP home directories?

Hi,
Many of our problems are described in this guy's blog:
http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
(here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
I've read that using NFS home directories will work, though.
I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
Thanks for your help!
Adam

Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

Problem with users accessing sharepoint 2013 site collection

I have an unbeliveable problem..
I have a sp site with several site collections..
I have around 15 users.. Everybody have access to the root site. Two users do not have access to site collections even though they are in EXACTLY same permission groups like other users who can access those site collections!
I tried to delete them from all user groups in SP, then delete their user profiles in Central Administration, and delete them from Active Directory. After that I recreated their profiles in Active directory, readded them to Central Administration, and again
added them to coresponding groups in SharePoint site collections. They again CAN NOT ACCESS site collections.
What should I do.. This is incredible that 5 users with the same user privileges can access site collections, and 2 can not, even though they are all created in the same way..
Regards,
Srdjan

Hello,
Have you found a solution for this problem? I have the exact same problem with 2 users accessing a site collection (access denied). I found also this row on uls log:
Access Denied. Exception: Attempted to perform an unauthorized operation., StackTrace:   at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(Exception ex)     at Microsoft.Office.Project.PWA.PJBaseWebPartPage.OnPreInit(EventArgs
e)     at System.Web.UI.Page.PerformPreInit()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest()     at System.Web.UI.Page.ProcessRequest(HttpContext context)     at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionSt... 6955b79c-c42c-50fc-84f8-2b68f97002ea

Windows cannot load the user's profile but has logged you on with the default profile for the system.

My Windows 7 crashed a couple days ago after a windows update, I got this message.
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
I restarted the machine and got this message
Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.
DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\TEMP\ntuser.dat
I checked the event Log I found these .
Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.
DETAIL - The process cannot access the file because it is being used by another process.
This is the first error in the event viewer after a successful logon
The description for Event ID 34 from source ccSvcHst cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
ccSetMgr
Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Looking at the Logs all I can tell is that after the Desktop Window Manager started if caused this error.
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
then this one
The Desktop Window Manager has exited with code (0x40010004)
Then this before it shutdown.
The User Profile Service has stopped.
I started up the PC and the first message I got was
How can I get access to my user profile? do I need to createa new Administrator account? Please help
The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.

hi do the following
1. In Search programs and files (Windows 7) area, type in regedit, and press Enter.
2. If prompted click yes,
3. expand the following HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
4. click the sid that related to your admin profile (if you not sure, click each sid and in turn look to the right hand side of registry editor it will show who that sid is related to one of the registry files should hae in description localhost\admin or
something similair)
5. right click the sid and press delete.
6. restart your machine and log back on with the admin account, this will then rebuild the admin profile... dont worry when it loads and none of your personal settings are saved or files or folders... go to c:\users
in here you will see two folders for the admin account, one will be just admin and the other most likely admin.localhost
i cant remember which one is which but just check both, one will still have all your files and folders in it.
i suggest making a backup of your data before doing this incase something does go wrong, but ive had this happen many times in a domain enviorment and has worked for me everytime.

Missing a User access in the log-on picture

Lacks a user access to log on picture after start-up in Yosemite. In user administration there has been created two user entries - an administrator and a normal access. The normal access is not visible from the log on picture, and it is only possible to access through the visible user (Adm.) and then switch the user by switching in the upper right corner!!!
Wish, possible for all users to log on from the boot up image. (Adm - Normal - Guest access)

same issue:
retina MacBookPro mid2012. Clean install of OS X Yosemite 10.10
I'm randomly missing an account at login screen after reboot.
Sometimes I can fix it with booting into my initial account 'Kevin' (userid 501) and then changing to different login 'Christina' (userid 502).
But if I log out from my account, the second account is missing. Same if I do a reboot.. This have me in stitches as I ofcause has the need for privacy from each account.
Both accounts are set up as admins, guest is deactivated.
rMBP 16gb sep2012.
userid 501:
home directory: /Users/Kevin
userid 502:
home directory: /Users/Christina
apart from that... I have loads of problems with Bluetooth, and hand-off only working 1 way (5s with 8.1) where only iOS -> OS X works, not vice-versa.

Anonymous access with named users

Hi!
I am trying to set up anonymous access with named users on EP6 SP9. I am using Database only as UME Data storage. I have applied the note #728106, since most of the content is html-pages on the KM.
I defined the UME settings ume.login.guest_user.uniqueids=anon01,anon02
ume.login.anonymous_user.mode=1
Restarted the server and attached user account into roles (which contain only anonymous content).
I then accessed the page /irj/portal/anonymous (or the longer version /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.anonymous) and everything was fine. However I wasn't able to get the portal working with /irj/portal/anonymous?j_user=anon02. I always received Portal runtime error. From the logs I saw that the portal tried to access as user anon01.
When I changed the UME settings into
ume.login.guest_user.uniqueids=anon02,anon01
I was able to get the anon02 user account working, but not /irj/portal/anonymous?j_user=anon01. From the logs I saw that the portal tried to access as user anon02.
Both user account are using the same rule, portal desktop and framework page. I can see the correct (and different) TLN for each user only in the content are I see this error.
Any ideas?
Thanks,
Petri

I need to switch between two named anonymous users.
It works fine using http://<server>:<port>/irj/portal?j_user=<first_Guest_user>&j_password=<pwd_of_first_Guest_user>&login_submit=true
Then to switch to the other user I must do a log-off or close the browser and input the other url http://<server>:<port>/irj/portal?j_user=<second_Guest_user>&j_password=<pwd_of_second_Guest_user>&login_submit=true
I developed a servlet to switch the users using IAuthentication (method forceLogoffUser) and then redirect to the respective url. But when I call forceLogoffUser method I get a login screen and the script stop executing. Passing 'returnURL' parameter did not work.
Parameters:
req - HttpServletRequest
resp - HttpServletResponse
returnURL - url to use to logon again.
Is there a way to switch automaticaly between the two named anonymous users?

Log the user Access to a Channel

It's possible to log the access to a channel with the system log facility or a simple file when an user click in the desktop link... the link can be an external URL.
The log must have the user id and the name of the URL for tracking user action in the desktop.
It's possible using the Rewriter Rules and Rulesets to perfome this?
If it's impossible we're the better solution?
Obsiously it's possible to redirect all the channel link of the desktop in a new servelets o jsp page that provides this functionality and log the access but I think there is not the better solution...
Thank for the help
Best Regards
Fausto

Hi Fausto,
Of course there are several cool tricks ;-)
- Your "JS trick with post " will refresh the page - no good...
(Also what if you log several channels etc.... )
- For reporting I actually used "JS hidden image" trick.
Note: You will loose the browser handle from logging jsp
- "One Pixel Frame" is good only if you need to have a browser handle.
For example on click e.g. TabSwitch you can show immediate statistics
(e.g. how many time user spend with this channel and how much he has to pay!)
PS: I am actually done with the reporting tool.
Send me a mail if you wanna see it.
Cheers,
Alex :-)

AD Resource forest access with user from different forest

I am trying to access a AD resource forest using a user from a different forest.
The "different forest" is the main forest used to contain all user accounts etc. This domain is trusted by the resource forest (which contains things like outlook distribution lists etc) and so I am able to log into the resource forest (using ldp.exe or the mmc ad snap-ins) with my credentials from the main forest.
How can I replicate this in java?
I can connect directly to the user forest with simple authentication. But I can't do the same with the resource forest (as the user does not exist on it - it is merely trusted). Is there an authentication method that will allow me to do this?
In this organisation user accounts for the resource forest are not given out - you have to use one from the main user forest. So I have to find a work-around where I can connect with my current credentials.
Any ideas anyone?

Devid,
I am facing the same problem.
Did you get the solutions.
I am getting exception while calling "InitialDirContext"
"Problem searching directory: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece"

Access to user management with j2ee_admin

Hello, All
I have a problem I'm trying to access to user management () with j2ee_admin user, but when I log on with this users in the screen don't shown anything, only the fiels of usuername and password are cleaned and I enter other password in the screen, I got this message on the screen: User authentication failed . However I log on in the visual administrator with j2ee_admin and the same password nd the connection is succesfull.
We have enabled the sap* user but it did work.
Any suggestions for this problem?
thanks a lot
Danny

HI Joao
we found that one certificate there isn`t in the backend, this certificate was created again then this certificate was uploaded and the problem was solved
You could check the certificates in your backend system.
I hope this information helps you
Danny

ITS access with users not defined as dialog users

Hello ,
We have a requirement so that the users accessing HR Machine are restricted and only few of them are defined as dialog users . For the users defined as comunication users in the R3 core , we are now installing ESS - MSS services .
The ITS is needed for reporting , and also is needed for PCR´s functionality . But the ITS is asking for dialog users .
Does anyone know how can we use system or communicatio users ¿? . Or where can we fix the problem .
Regards
Álvaro

Hi,
I have been running my Own test on this.
Any Screen Name on my G4 will show a Red Away Blob. In the Header ang where I have Some Accounts as Buddies in Other Buddy Lists.
This is also true if I log in with yet more Screen Names on my second computer.
I posted an Red Away message asking people to IM me if they could see it as Away.
In two days I had one reply form someone who saw it as Green.
If I set it to the Basic Away Setting the Message became Away but I showed as On Line and Available (Green).
I am currently testing having deleted com.apple.ichat.AIM.plist
You can try here
http://www.apple.com/feedback/ichat.html
There is no reply but enough people will produce a result over time (few days if there is a rush)
I will also make the Hosts aware via another Channel
8:31 PM Wednesday; July 1, 2009
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

We have multiple users, each with multiple devices, on 1 apple id - as we want to share music and ibooks etc. We want the children to have access to the store, but with a financial limit. How do we do this?

We have multiple users, each with multiple devices, on 1 apple id - as we want to share music and ibooks etc. We want the children to have access to the store, but with a financial limit. How do we do this?

Welcome to the Apple Community.
That's simply not possible I'm afraid. You'd need to give them their own account and allowance or make it so you are required to be there to input the password when they wish to make a purchase.

Logging user access with IP..?

Similar Messages

Maybe you are looking for