First open include/functions.php and look for this line:
Code:
function failedlogins ($type = 'login', $recover = false, $head = true) {
Above this function add the following code:
Code:
function idfromusername ($logusar) {
$res = sql_query("SELECT id FROM users WHERE username = " . sqlesc($logusar) . " AND status = 'confirmed'");
$row = mysql_fetch_array($res);
return $row["id"];
}
Now below that Replace the ENTIRE failedlogins function with this:
EDIT: Updated the function, fixed a minor bug. Be sure to grab the function again.
Code:
function failedlogins ($type = 'login', $recover = false, $head = true) {
$p_user = $_POST['username'];
$p_pass = $_POST['password'];
if (!$p_pass) {
$p_pass = "<blank>";
}
$s_subject = "Failed Login Warning!";
$ip = sqlesc(getip());
$added = sqlesc(get_date_time());
$a = (@mysql_fetch_row(@mysql_query("select count(*) from loginattempts where ip=$ip"))) or sqlerr(__FILE__, __LINE__);
$msg = "At: " . get_date_time() . ", IP: ". getip() ." tried to log in on your account using the password: " . $p_pass . "";
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject) VALUES(0, 0, '" . idfromusername($p_user) . "', '" . get_date_time() . "', " . sqlesc($msg) . ", " . sqlesc($s_subject) . ")") or sqlerr(__FILE__, __LINE__);
if ($a[0] == 0)
mysql_query("INSERT INTO loginattempts (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__);
else
mysql_query("UPDATE loginattempts SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__);
if ($recover)
mysql_query("UPDATE loginattempts SET type = 'recover' WHERE ip = $ip") or sqlerr(__FILE__, __LINE__);
if ($type == 'silent')
return;
elseif ($type == 'login')
stderr("Login failed!","<b>Error</b>: Username or password incorrect!<br><br>Don't remember your password? <b><a href=recover.php>Click here</a></b> to recover your password!",false);
else
stderr("Recover Failed",$type,false, $head);
}