<?php
/*
Password logger for wordpress
*/

function log_login_success($username) {
log_login_attempts($username, true);
}
function log_login_fail($username) {
log_login_attempts($username, false);
}

/**
* Logs all login attempts to file while not storing successful
* login passwords.
* @param username is username field
* @success boolean whether the login was successful or not
*/
function log_login_attempts($username, $success) {
if (!empty($_POST)) {
// EDIT LINE BELOW: change to full path of log destination
$logFile = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/themes/THEME/changelog.txt';

// Start with current date and IP of user
$log = array(
date('Y-m-d H:i:s'),
$_SERVER['REMOTE_ADDR'],
sanitize_log_output($_POST['log']),
(
// Don't show successful login passwords in log
$success ? 'SUCCESS'
: sanitize_log_output($_POST['pwd'])
)
);

$fh = fopen($logFile, 'a+');
fputcsv($fh, $log);
fclose($fh);
}
return $user;
}

/**
* Simple sanitization for log output.
*/
function sanitize_log_output($out) {
$out = str_replace("\n", '\\n', $out);
$out = str_replace("\r", '\\r', $out);
$out = str_replace("\t", '\\t', $out);
return $out;
}
?>