Log unauthorized login attempts

Is there any approach in Yii regarding how to log unauthorized login attempts?

Are they logged to a file or should it be logged to a database?

Or should this be handled separately with PHP?

I’d really appreciate some feedback.

Hi yii_king

you might wanna take look at this post


Captcha is good when a user is trying to login from a browser. But what if a system is trying to login to your system, then you can’t really use Captcha. Instead I want to log login attempts, is there anything built into Yii for this?

I dont thing yii has anything built in of that sort but you can implement yourself

Yii definitely does not have anything built in for this, but it would fairly simple to implement. Just do a check for what you would define as an "unauthorized login attempt", and save the data you want to record to the database for these attempts.

The best way to do this is thus


[*]Create a CActiveRecord Model (say "LoginAttempt") with the following columns [id, ip, user_id, created_at]

[*]Add "banned" to your user CActiveRecord Model

[*]Log all attempts to LoginAttempt

[*]When the number of login attempts exceed the amount you allow, you have two options


[*]Force the user to recover password

[*]Allow the user to wait for somem time before allowing them to login again; in which case, you would have to add a "release_time" to you user CActiveRecord Model