Date:  02/08/2007 05:46:50 AM Msg ID:  003303
From:  Curtis Hertwig Thread:  003291
Subject:  Re: Logging Auth Attempts
Well, without knowing at least the ID used that's not much help.
 
Thanks, 
   -cjh
Sent by FoxWeb Support on 02/06/2007 03:48:40 PM:
The Auth object does not natively support logging of unsuccessful attempts, but you can still do it, by adding your own code:
 
Add the following in fw_enter.prg:

* Instantiate AuthState as a ppublic variable, so that it's

* available to fw_exit.prg after the requested script exits

PUBLIC  AuthState

M.AuthState = 0

 
Add the following to all pages that call Auth.Authenticate:

.

.

M.AuthState = 1

* This is your existing call to Auth.Authenticate 

Auth.Authenticate()

* The following line does not get executed in the case of

* authentication failure.

M.AuthState = 2

.

.

 
Add the following to fw_exit.prg:

IF M.AuthState = 1

* We have had an unsuccessful login attempt

.

. Add code that logs the event

.

ENDIF

 
Unfortunately, FoxWeb removes the secUserID and secPassword fields from the Request.Form list at the beginning of the request (before it passes control to fw_enter.prg), so you will not be able to log the invalid credentials, but you will at least be able to log other stuff, such as the originating IP address. 
FoxWeb Support Team
support@foxweb.com email
Sent by Curtis Hertwig on 02/06/2007 01:22:47 PM:
I realize that I can do that - and I do in every script except the auth.AuthForm. I would like to log unauthorized attempts to log in to my website.
 
How can I do that? 
    -cjh
Sent by FoxWeb Support on 02/06/2007 01:00:24 PM:
You can log requests on your own -- either by adding code in fw_enter.prg, or in specific scripts that you are interested in.  The logging info can be stored in a text file, or a table.  This script logs a bit too much info, but it can serve as an example.
FoxWeb Support Team
support@foxweb.com email
Sent by Curtis Hertwig on 02/06/2007 07:23:08 AM:
 Is there a way to log login attempts?
 
I frequently have users claim that they've been trying to login and can't. I can see when they've been to every part of my website, except when they get to Auth.Authenticate.
<font color=red> -cjh</font>