This module logs user login (session) activity for every user on a Drupal installation. This can be used to provide important user information about when and from where their user account was used to login to the website. If a user notices unusual activity, the user might take required action to protect the account from getting compromised.

How is it different from other modules
The closest I have seen anything to this is the log entry for session opening/closing at Admin > Reports > Recent Log Entries. It unfortunately does not provide enough information (provides date and time of activity, referrer and hostname). Also, it cannot be used by site builders for exposing it site users. Login Activity is a module for site administrators and site builders.

Project page: http://drupal.org/sandbox/vaidik/1309036
Git repository: git clone --branch master vaidik@git.drupal.org:sandbox/vaidik/1309036.git login_activity
Core: 7.x

CommentFileSizeAuthor
#3 login_activity.jpg68.74 KBvaidik

Comments

sreynen’s picture

Status: Needs review » Needs work

Hi vaidik,

I reviewed your code and saw some issues:

  • .info description is required. See http://drupal.org/node/542202 for more info.
  • In login_activity_schema(), you should not be wrapping database descriptions in t(). See http://drupal.org/node/332123 for more info. For future projects, anything in install files should use get_t() instead of t(). For this project, you don't have any reason to use either.
  • file_save_data('test'); This shouldn't be here. Is this for debugging? You might want to use the Devel module for that.
  • Minor issue: your indentation is more than the standard 2 spaces, which makes the code a little harder to read.
  • This code doesn't seem to do as much as the description suggests. You wrote "If a user notices unusual activity [...]" but the activity isn't displayed to users anywhere, so how would they ever notice it? Have you considered displaying the user log in Drupal so users don't need to look at it directly in the database?

Please change the status back to "needs review" when these issues are fixed.

vaidik’s picture

Thanks for the quick review.

I applied for review because I thought it might take time. Here is my response to every issue that you pointed out:
- Agreed. Slipped of my mind. Will do that.
- t() in login_activity_schema() - Thanks. Wasn't aware of this.
- file_save_data() - used it for debugging. Thanks for pointing out. Not required there.
- As mentioned earlier, I applied early. Will sanitize my code according to the Drupal standards.
- The same reason. Not yet ready. Activity log will be displayed at user/%uid/login_activity.

Will update it here soon. Thanks!

vaidik’s picture

Status: Needs work » Needs review
StatusFileSize
new68.74 KB

All the issues mentioned have been fixed.
Kindly review.

Thanks!

sreynen’s picture

Status: Needs review » Needs work

Hi vaidik,

Your changes look great. I noticed one security issue that needs to be fixed:

    $variables['rows'][] = array(
      'data' => array(
        format_date($row->timestamp, 'long'),
        $row->hostname,
        $row->host_user_agent,
      ),
    );

Both $row->hostname and $row->host_user_agent should be wrapped in check_plain(), as those values from $_SERVER could be potentially populated with harmful HTML.

Once that's fixed, please set this back to "needs review."

vaidik’s picture

Status: Needs work » Needs review

Hi sreynen,

Thanks once again for the quick review!

The issue has been fixed. Please review.

sreynen’s picture

Status: Needs review » Reviewed & tested by the community

Looks good to me.

vaidik’s picture

Thanks for your time! :)

greggles’s picture

Status: Reviewed & tested by the community » Fixed

It appears you are working in the "master" branch in git. You should really be working in a version specific branch. The most direct documentation on this is Moving from a master branch to a version branch. For additional resources please see the documentation about release naming conventions and creating a branch in git.

For translation, don't escape the quote, use double quotes around it.
return t('You don\'t have rights to get details of other users.');
Should be:
return t("You don't have rights to get details of other users.");

Thanks for your contribution, vaidik! Welcome to the community of project contributors on drupal.org.

I've granted you the git vetted user role which will let you promote this to a full project and also create new projects as either sandbox or "full" projects depending on which you feel is best.

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

As you continue to work on your module, keep in minde: Commit messages - providing history and credit and Release naming conventions.

vaidik’s picture

Hi greggles!

Thanks for your time! I will take important note of everything that you have pointed out.

Reviewing pending projects is something I had in my mind (it came only to my mind when my own project was getting reviewed). Will surely start doing that as well when I have the right knowledge for it.

Thanks once again!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

avpaderno’s picture

Title: Login Activity » [D7] Login Activity
Issue summary: View changes

avpaderno’s picture

Status: Closed (fixed) » Fixed

I am giving credits to the users who participated in this issue and in the issue marked as duplicate.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.