How to integrate Login Protection in PHP websites?
If you're using a CMS such as WordPress, OpenCart, Magento, Prestashop etc. then the Login Protection module is already enabled, and there is nothing you have to do. However, if you are using a custom PHP website, or use a framework such as Laravel, Symfony etc. then you will have to integrate the Login Protection module by adding a few lines of code to your website.
Before making the following changes, please ensure that you have entered the Activation Code in the Website Protection plugin page.
Find the PHP file where the logic for Admin User Login is written, and add the following PHP function to it. If you are not using Object-oriented programming (Classes) then you will have to update the code accordingly.
Don't forget to update the path to your Astra installation (with trailing slash) in the $astraCorePath variable.
Now find the code where the login has been verified, and the user is successfully logged in. Add the following code snippet, after setting the correct variables for the username, email, full name.
Now find the code where it is determined that the login has failed. Add the following code snippet, after setting the correct variables for the email.
After making these changes, please try to perform a successful & failed login attempt on your website and verify that they are visible on the Login Protection tab in the Astra Dashboard for the respective website.
Before making the following changes, please ensure that you have entered the Activation Code in the Website Protection plugin page.
Step 1 - Find the Login Controller in your application
Find the PHP file where the logic for Admin User Login is written, and add the following PHP function to it. If you are not using Object-oriented programming (Classes) then you will have to update the code accordingly.
Don't forget to update the path to your Astra installation (with trailing slash) in the $astraCorePath variable.
<?php
private function updateAdminLoginStatus($data)
{
$astraCorePath = 'replace this with the path to getastra-premium folder' . DIRECTORY_SEPARATOR;
if (file_exists($astraCorePath . DIRECTORY_SEPARATOR . 'autoload.php'))
{
$astraLoginPluginPath = $astraCorePath . 'plugins/LoginProtectionPlugin/LoginProtectionPlugin.php';
if (!class_exists('LoginProtectionPlugin') && file_exists($astraLoginPluginPath))
{
include_once $astraLoginPluginPath;
}
$options = $this
->astraContainer
->get('options');
$siteSettings = $options->get('siteSettings');
if (!$siteSettings)
{
return;
}
$astraEnabled = $siteSettings['protectionEnabled'] ?? false;
$loginProtectionEnabled = $siteSettings['loginProtection'] ?? false;
if ($astraEnabled && $loginProtectionEnabled)
{
$this->astraLoginModule = new LoginProtectionPlugin($this->astraContainer);
$this
->astraLoginModule
->login($data);
}
}
}Step 2 - Add code to capture Successful Logins
Now find the code where the login has been verified, and the user is successfully logged in. Add the following code snippet, after setting the correct variables for the username, email, full name.
$this->updateAdminLoginStatus([
'success' => true,
'username' => $username,
'email' => $email,
'displayName' => $fullName,
]);Step 3 - Add code to capture Failed Logins
Now find the code where it is determined that the login has failed. Add the following code snippet, after setting the correct variables for the email.
$this->updateAdminLoginStatus([
'success' => false,
'username' => $email,
]);Step 4 - Verify Changes
After making these changes, please try to perform a successful & failed login attempt on your website and verify that they are visible on the Login Protection tab in the Astra Dashboard for the respective website.
Updated on: 25/07/2022
Thank you!