How to Log browser and OS information from a failed log-in attempt

Question

This is what I've got so far:

<?php
echo '<body style="background-color:red">';
$user = $_POST["username"];
$pass = $_POST["password"];
$validated = false;


//error handler
function customError($errno, $errstr)
{
    echo "<b>Error:</b> [$errno] $errstr<br />";
    echo "The error has been logged.";
    error_log(date (DATE_RSS)." Error: [$errno]
    $errstr".chr(13).chr(10),3, "invalidlogin.txt");
}
//set error handler
set_error_handler("customError",E_USER_WARNING);

session_start();
$_SESSION['Login'] = "";
if($user!="" && $pass!="")
{
    $sql = "SELECT * FROM User WHERE LoginName = '$user' AND Password ='$pass'";
    $conn = mysql_connect("localhost","UserName", "3PassWord") or die ("Sorry - unable to connect to MySQL database.");
    $rs = mysql_select_db ("ALL14103673_BTEC",$conn) or die ("error");

    $rs = mysql_query($sql,$conn);
    $result = mysql_num_rows($rs);
    if ($result > 0) $validated = true;
    if($validated)
    {
        $_SESSION['Login'] = "OK";
        $_SESSION['username'] = $user;
        $_SESSION['password'] = $pass;
        header('Location: protected.php');
    }
    else
    {
        $_SESSION['Login'] = "";
        trigger_error("Invalid username or password\n", E_USER_WARNING);

        echo "Invalid username or password.";
    }
}
else $_SESSION['Login'] = "";

if ($result > 0) $validated = true;
if($validated)
{
    $_SESSION['login'] = "OK";
    $_SESSION['username'] = $user;
    $_SESSION['password'] = $pass;
    $ip = $_SERVER["REMOTE_ADDR"];
    $date = date("d-m-Y H:i:s");
    $file = 'Login.txt';
    // Open the file to get existing content
    $current = file_get_contents($file);
    // Append a new person to the file
    $current .= "$user logged in from IP Address of $ip on $date."."\r\n";
    // Write the contents back to the file
    file_put_contents($file, $current, $browser);
    header('Location: protected.php');
 }

?>

<html>
<body>
<h1 align="center">Login Page</h1>
<p align="center">Please enter your username and password:</p>
<form action="Login.php" method="post">
    <table align="center">
        <tr>
            <td align="center">Username: </td>
            <td align="center"><input size=\"20\"
                                      type="text" size="20" maxlength="15"
                                      name="username"></td>
        </tr>
        <tr>
            <td
                align="center">Password: </td>
            <td align="center"><input size=\"20\"
                                      type="password" size="20"
                                      maxlength="15" name="password"></td>
        </tr>
        <tr>
            <td colspan="2"
                align="center"><input type="submit"
                                      value="Login"></td>
        </tr>
    </table>
</form>
</body>
</html>

so far, I can log basic information about failed login attempts. Such as the name and password used and when it was. How do I log the browser information and OS used to the same place?

Would you like to identify _what you think is going wrong_ i.e. what is happening that should not and what is not happening that you thing should be — RiggsFolly, Jan 29 '16 at 11:56
do `print_r($_SERVER);`, pick the bits you want to log, specifically `$_SERVER['HTTP_USER_AGENT']` — Dale, Jan 29 '16 at 11:57
If this actually works its more by luck than judgement. The third parameter of `file_put_contents` should be a flag like `FILE_APPEND` or `LOCK_EX`. — RiggsFolly, Jan 29 '16 at 12:08
You dont need to do a `file_get_contents()` to add data to a file using `file_put_contents()` just use the `FILE_APPEND` as parameter 3 of the call — RiggsFolly, Jan 29 '16 at 12:09
What is `$browser` I dont see it set anywhere? And see above for what parameter 3 should be used for on a `file_put_contents` — RiggsFolly, Jan 29 '16 at 12:10
There is this **severely under used site on the web called** [The PHP Manual](http://php.net/manual/en/function.file-put-contents.php) Written in **many languages** The response times are **AMAZING** probably because **nobody uses it** — RiggsFolly, Jan 29 '16 at 12:11
This is really bad code, mixing everything together, with security issues like SQL injection holes. For the begging it might be better to start with some framework and see how can code be better structured and more secure. — Zdenek Machek, Jan 29 '16 at 15:24

score 0 · Answer 1 · edited May 23 '17 at 11:52

Ok, first of all, I hope you never ever are going to use this code on a actual web page. It seems like you are storing your passwords in plain text in a database, which is never a good idea and your code is vulnerable to SQL injection, please read this: http://php.net/manual/en/security.database.sql-injection.php

Now to answer your question, have a look at this topic, there's a pretty useful function in it that does exactly what you're searching for: Get operating system info with PHP

How to Log browser and OS information from a failed log-in attempt

1 Answers1