Extension:LoginNotify

From MediaWiki.org
Jump to navigation Jump to search

Other languages:
English • ‎日本語
MediaWiki extensions manualManual:Extensions
Crystal Clear action run.svg
LoginNotify

Release status:Extension status beta

LoginNotify screenshot for meta documentation.png
ImplementationTemplate:Extension#type User activity
DescriptionTemplate:Extension#description Notify users of suspicious logins
Author(s)Template:Extension#username (Bawolfftalk)
LicenseTemplate:Extension#license MIT License
Download
Hooks usedTemplate:Extension#hook
BeforeCreateEchoEventManual:Hooks/BeforeCreateEchoEvent
LoginAuthenticateAuditManual:Hooks/LoginAuthenticateAudit
AuthManagerLoginAuthenticateAuditManual:Hooks/AuthManagerLoginAuthenticateAudit
AddNewAccountManual:Hooks/AddNewAccount
UserLoadOptionsManual:Hooks/UserLoadOptions
UserSaveOptionsManual:Hooks/UserSaveOptions

Translate the LoginNotify extension if it is available at translatewiki.net

Check usage and version matrix.

IssuesPhabricator

Open tasks · Report a bug

The LoginNotify extension notifies you when someone logs into your account. It can be configured to give warnings after a certain number of failed login attempts (The number is configurable, and can be different between unknown IPs/devices and known IPs/devices). It can also give Echo notices (which can also be emailed) for successful logins from IPs you don't normally use. It can optionally integrate into the CheckUserExtension:CheckUser extension in order to determine if the login is from an IP address you don't normally use. It can also set a cookie to try and determine if the login is from a device you normally use.

Installation[edit]

This extension requires the Echo extension to be installed. This extension can optionally integrate with the CheckUser extension if it is installed, but does not require it.


  • Download and place the file(s) in a directory called LoginNotify in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
    wfLoadExtension( 'LoginNotify' );
    
  • YesY Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

To users running MediaWiki 1.24 or earlier:

The instructions above describe the new way of installing this extension using wfLoadExtension() If you need to install this extension on these earlier versions (MediaWiki 1.24 and earlier), instead of wfLoadExtension( 'LoginNotify' );, you need to use:

require_once "$IP/extensions/LoginNotify/LoginNotify.php";

Usage[edit]

Once LoginNotify is installed, whenever a user logs into the wiki, their IP subnet is cached on the server and a cookie named loginnotify_prevlogins is stored in their browser. These tokens, optionally along with CheckUser tables, are used to see if subsequent logins are coming from a known IP/device.

If CentralAuthExtension:CentralAuth and CheckUserExtension:CheckUser are installed, it will check the IP not only for the current wiki, but also the ten wikis where the user is most active.

Configuration parameters[edit]

Parameters that can be set (in LocalSettings.php):

Name Description Default
$wgLoginNotifyAttemptsKnownIP The number of failed login attempts to permit from a known IP before a notification is triggered. 10
$wgLoginNotifyAttemptsNewIP The number of failed login attempts to permit from a new IP before a notification is triggered. 3
$wgLoginNotifyExpiryKnownIP The time-to-live of the count of failed login attempts from a known IP (from the time of the first failed attempt). 604800 (7 days)
$wgLoginNotifyExpiryNewIP The time-to-live of the count of failed login attempts from a new IP (from the time of the first failed attempt). 1209600 (14 days)
$wgLoginNotifyCheckKnownIPs Whether to trigger a notification after failed logins from known IPs. true
$wgLoginNotifyEnableOnSuccess Whether to trigger a notification after successful logins from unknown IPs. true
$wgLoginNotifyEnableForPriv Set different default notification preferences for different user groups. For user groups that have any of the user rights listed in this array, the preferences specified in Hooks:getOverridenOptions() are on by default. ("Failed login attempts" web notifications and "Login from new computer" web notifications.) [ "editinterface", "userrights" ]
$wgLoginNotifySecretKey Use this key instead of $wgSecretKey to generate the HMACs for the cookie. null
$wgLoginNotifyCookieExpire Expiration of the cookie. 15552000 (180 days)
$wgLoginNotifyCookieDomain To allow sharing login cookies between sites on different subdomains, set this to the parent domain name. null
$wgLoginNotifyMaxCookieRecords Maximum number of users (records) to track as having successfully logged in on a particular device. 6
$wgLoginNotifyCacheLoginIPExpiry How long to cache IPs in memcache. Set to false to disable; set to 0 to cache forever. 5184000 (60 days)