# script that will store invalid login attemptsErrorDocument 401 /logging.php

1. # script that will store invalid login attempts
2. ErrorDocument 401 /logging.php
3.  
4. AuthName "My Password Protected Site"
5. AuthUserFile /<FULLPATH>/.htpasswd
6. AuthType Basic
7. Require valid-user
8.  
9. # Set REMOTE_USER env variable on 401 ErrorDocument
10. RewriteEngine On
11. RewriteBase /
12. RewriteCond %{ENV:REDIRECT_STATUS} ^401$
13. RewriteRule .* - [E=REMOTE_USER:%{ENV:REDIRECT_REMOTE_USER}]
14.  
15. if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])):
16. $fp = fopen(MYLOGFILE, 'a+');
17. $password = $_SERVER['PHP_AUTH_PW'];
18. $username = $_SERVER['PHP_AUTH_USER'];
19. $time = date('y-m-d/H:i:s');
20. $request = $_SERVER['REDIRECT_URL'];
21. fwrite($fp, $time . "t" . $request . "t" . $username . "/" . $password . "rn");
22. fclose($fp);
23. endif;
24.  
25. ob_start();
26. header("HTTP/1.1 401 Authorization Required",1);
27. header("Status: 401 Authorization Required",1);
28. echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
29. <html><head><title>401 Authorization Required</title></head><body>
30. <h1>Authorization Required</h1>
31. <p>This server could not verify that you are authorized to
32. access the document
33. requested. Either you supplied the wrong
34. credentials (e.g., bad password), or your
35. browser doesn't understand how to supply
36. the credentials required . </p>';
37. exit();
38.  
39. 13-01-01/12:12:16 - /www/ - username/password
40.  
41. access to / failed, reason: verification of user id 'qwdsad' not configured