承接 move-elevator/typo3-login-warning 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

move-elevator/typo3-login-warning

Composer 安装命令:

composer require move-elevator/typo3-login-warning

包简介

Login Warning - Extends the TYPO3 backend login warning_mode functionality to inform about suspicious logins with several features.

README 文档

README

Extension icon

TYPO3 extension typo3_login_warning

Latest Stable Version TYPO3 Coverage CGL Tests License

This extension extends the TYPO3 backend login warning_mode functionality to inform about suspicious logins with several features:

  • New IP based warning to detect logins from new IP addresses
  • Long Time No See notification for infrequent users
  • Out Of Office login detection outside defined working hours, holidays, or vacation periods

Note

Since I was annoyed by the constant login emails from the TYPO3 backend, but the issue of login security is still extremely important, I expanded the standard login notification functions of TYPO3 with some more or less well-known additional features.

🔥 Installation

Requirements

  • TYPO3 >= 12.4
  • PHP 8.2+

Composer

Packagist Packagist Downloads

composer require move-elevator/typo3-login-warning

TER

TER version TER downloads

Download the zip file from TYPO3 extension repository (TER).

Setup

Set up the extension after the installation:

vendor/bin/typo3 extension:setup --extension=typo3_login_warning

By default, the New IP and Long Time No See detectors are enabled.

🧰 Configuration

Configure the extension through the TYPO3 backend:

  1. Go to SettingsExtension Configuration
  2. Select typo3_login_warning
  3. Configure your detectors and notification settings

🔎 Detectors

Detectors are used to detect certain login events. If a detector matches, a notification will be sent.

Important

Only the first matching detector will trigger a notification.

The following detectors are available (in order of execution):

NewIpDetector

Detects logins from new IP addresses and triggers a warning email.

The user "admin" logged in from a new IP address 192.168.97.5 at the site "EXT:typo3-login-warning Dev Environment".

Only an HMAC-SHA-256 hash of the user/IP combination is stored — never the raw IP address. You can also define a whitelist of IP addresses that will not trigger a warning. An IP geolocation lookup and a device information check can be enabled to add more information to the notification email.

Important

Keep in mind, that this detector stores hashed IP addresses in the database table tx_typo3loginwarning_iplog to track known IPs.

Configuration Options:

Setting Description Default
Active Enable New IP detector true
Fetch Geolocation Enable IP geolocation lookup (opt-in, see Geolocation) false
Include Device Information Include browser and OS information in notification emails true
IP Whitelist Comma-separated list of whitelisted IPs/networks (supports CIDR notation like 192.168.1.0/24) 127.0.0.1
Affected Users Which users should trigger this detector: All Users, Only Admins, Only System Maintainers All Users
Notification Receiver Who should receive the notification: Email Recipients, Logged-In User, Both Email Recipients

Note

IP address hashing requires an HMAC key. The extension automatically uses TYPO3's $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] as fallback. Setting a dedicated random key is recommended so the stored hashes are not tied to the global encryption key. Note that changing the key invalidates all stored hashes — every known IP will trigger one new-IP notification again.

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['typo3_login_warning']['hmacKey'] = 'your-secure-random-key';

IP log cleanup

The IP log table grows with every new (user, IP) combination — especially when clients use IPv6 privacy extensions with rotating addresses. To enforce a retention period, delete entries that have not been seen for a given number of days:

vendor/bin/typo3 typo3loginwarning:iplog:cleanup --days 365

Use --dry-run to only report how many entries would be deleted. The command is schedulable, e.g. via the TYPO3 scheduler "Execute console commands" task.

Note

After an entry has been deleted, the next login from that IP address triggers a new-IP notification again — that is the intended effect of a retention period.

Entries created by older extension versions (1.0.3 and below) may lack a last-seen timestamp. The cleanup command initializes such legacy entries with the current time instead of deleting them, so they are granted a full retention period before becoming cleanup candidates — otherwise every already-known IP would be reported as new again after the first cleanup run.

Geolocation

If Fetch Geolocation is enabled, the extension will use the ip-api.com service to fetch geolocation information for the IP address. Only public IP addresses will be looked up to respect privacy.

Warning

Geolocation lookup is disabled by default and is an explicit opt-in: it transfers the login IP address (personal data under GDPR) to the external ip-api.com service, using unencrypted HTTP on the free tier. Before enabling it, check your data protection requirements (third-country transfer, privacy policy, data processing agreement) and note that the free ip-api.com endpoint is limited to non-commercial use. Consider providing your own GeolocationServiceInterface implementation (see below) if you need an EU-hosted or TLS-secured provider.

Tip

You can implement your own geolocation service by implementing the GeolocationServiceInterface and registering it in the DI container.

services:
  MoveElevator\Typo3LoginWarning\Service\GeolocationServiceInterface:
    alias: Vendor\MyExtension\Service\MyCustomGeolocationService

LongTimeNoSeeDetector

Detects logins after a long period of inactivity (default: 365 days).

The user "admin" logged in again after a long time (643 days) at the site "EXT:typo3-login-warning Dev Environment".

Configuration Options:

Setting Description Default
Active Enable Long Time No See detector true
Threshold Days Days of inactivity before triggering 365
Affected Users Which users should trigger this detector: All Users, Only Admins, Only System Maintainers All Users
Notification Receiver Who should receive the notification: Email Recipients, Logged-In User, Both Email Recipients

OutOfOfficeDetector

Detects logins outside defined working hours, holidays, or vacation periods. Supports flexible working hours with multiple time ranges per day (e.g., lunch breaks), timezone handling, and comprehensive blocked periods configuration with both full dates and recurring patterns.

The user "admin" logged in outside office hours at the site "EXT:typo3-login-warning Dev Environment".

Configuration Options:

Setting Description Default
Active Enable Out Of Office detector false
Working Hours JSON configuration for working hours. Supports shortcuts: workday (Mon-Fri), weekend (Sat-Sun). Also supports multiple time ranges per day for lunch breaks. Examples: {"workday":["09:00","17:00"]}, {"workday":["09:00","17:00"],"weekend":["10:00","14:00"]}, {"workday":["09:00","17:00"],"friday":["09:00","15:00"]}, {"monday":[["09:00","12:00"],["13:00","17:00"]]} Business hours (06-20) Mon-Fri
Timezone Timezone for working hours UTC
Blocked Periods Comma-separated list of blocked days or periods. Formats: Full date (2025-12-25), recurring date (12-25), date range (2025-07-15:2025-07-30), recurring range (12-20:01-05). Example: 12-25,01-01,2025-07-15:2025-07-30 Empty
Affected Users Which users should trigger this detector: All Users, Only Admins, Only System Maintainers All Users
Notification Receiver Who should receive the notification: Email Recipients, Logged-In User, Both Email Recipients

Custom Detectors

Tip

You can implement your own detector by implementing the DetectorInterface, extending the AbstractDetector and registering it in the DI container.

services:
  Vendor\MyExtension\Detector\CustomDetector:
    tags:
      - { name: typo3_login_warning.detector, priority: 200 }

📢 Notification

Notification methods are used to notify about detected login events.

The following notification methods are available:

EmailNotification

Sends a warning email to defined recipients. If no recipient is defined, the email will be sent to the address defined in $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'].

Global Configuration Options:

  • Email Recipients: Email address(es) of the notification recipients (comma-separated)

Per-Detector Configuration:

Each detector has its own Notification Receiver setting that controls who receives notifications:

  • Email Recipients (default): Send notification only to configured email recipients
  • Logged-In User: Send notification only to the logged-in user (requires valid email address)
  • Both: Send notification to both email recipients and logged-in user

email.jpg

Templates

You can override the email templates located in Resources/Private/Templates/Email/Default/LoginNotification/.

$GLOBALS['TYPO3_CONF_VARS']['MAIL']['templateRootPaths'][1000] = 'EXT:my_sitepackage/Resources/Private/Templates/Email/';

Custom Notifiers

Tip

You can implement your own notification method by implementing the NotifierInterface and registering it in the DI container.

services:
  Vendor\MyExtension\Notification\SlackNotification:
    tags:
      - { name: typo3_login_warning.notifier }

Event

You can modify the notification by listening to the ModifyLoginNotificationEvent.

use MoveElevator\Typo3LoginWarning\Event\ModifyLoginNotificationEvent;
use TYPO3\CMS\Core\Attribute\AsEventListener;

#[AsEventListener]
final class CustomNotificationListener
{
     public function __invoke(ModifyLoginNotificationEvent $event): void
     {
         // Example: Prevent notifications for test users
          $user = $event->getUser();
          if (str_starts_with($user->user['username'] ?? '', 'test_')) {
              $event->preventNotification();
              return;
          }
    }
}

Note

Register your event listener via the AsEventListener attribute (TYPO3 >= 13) or in your service configuration (see docs).

🧑‍💻 Contributing

Please have a look at CONTRIBUTING.md.

⭐ License

This project is licensed under GNU General Public License 2.0 (or later).

move-elevator/typo3-login-warning 适用场景与选型建议

move-elevator/typo3-login-warning 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 3.49k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2025 年 09 月 24 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 move-elevator/typo3-login-warning 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 move-elevator/typo3-login-warning 我们能提供哪些服务?
定制开发 / 二次开发

基于 move-elevator/typo3-login-warning 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 3.49k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 7
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: GPL-2.0-or-later
  • 更新时间: 2025-09-24