How to receive notifications with location info whenever anyone logs in

I wanted to know whenever anyone logs into a site I’ve built as a security feature (much like Wordfence does for Wordpress sites) and it’s incredibly easy with Wappler so I thought I’d give a bit back to this great community and show how I did it.

In my login Server Action I have one Global which is in $_SERVER and is called REMOTE_ADDR. This will store the user’s IP address.

I signed up to the free service at https://ipstack.com/ which is an API for resolving IP addresses and giving location information. It’s very easy to use with the API Server Action in Wappler. You need to register for the free account to get your access_key.

The API Server Action should be set up like this:

ID: apiResolveIP
Output: ticked
Pass Errors: ticked
Url: http://api.ipstack.com/{{$_SERVER.REMOTE_ADDR}}
Method: GET
Data Type: Auto
Authorization: None

Then add one entry to the Query list.
Name: access_key
Value: <YOUR KEY PROVIDED BY IPSTACK.COM>

After entering all those details, click on the ‘Define API Schema’ button and then ‘Fetch Schema’ to get all the variables so it’s easy to use them in your email template.

Finally, set up your email settings using all the variables now at your disposal. My email template looks like this:

Someone has just logged into your website.
ID: {{security1.identity}}
Name: {{queryLoggedInUser.uFirstName}} {{queryLoggedInUser.uLastName}}
Email: {{queryLoggedInUser.uEmail}}
IP Address: {{$_SERVER.REMOTE_ADDR}}
Location: {{apiResolveIP.data.city}}, {{apiResolveIP.data.zip}}
Country: {{apiResolveIP.data.country_name}} ({{apiResolveIP.data.country_code}})

You’ll notice I added a condition so that I don’t receive lots of emails for any attempted logins. It’s only the successful ones which trigger the email.

18 Likes

Hi @sitestreet
Thanks for sharing this :slight_smile:

Just a comment - you can use just {{security1.identity}} as an expression for the condition.

4 Likes

Aah, yes, of course. Forgot about that. I’ve now streamlined my server action :slight_smile:

2 Likes

Nice idea, thank you @sitestreet, I will probably implement something similar on one of my projects.

1 Like

Hi Sitestreet,
Do I understand that we don’t need to use API Access Key in the API Server Action?

Hi @Djibril. Do you mean for IPStack? You do need to use an API key but they are free.

1 Like

Thnks for share, good idea!

1 Like

Hi, very nice to share!

About the Remote Address when you set under $_SERVER the variable REMOTE_ADDR, does it take automatically the remote IP or do you need to set some operations?

Thank you

Roberto

1 Like

@updates, that variable automatically returns the IP address of the visitor, yes. You don’t need to do anything else.

Another good API is https://ipapi.co/ which doesn’t require a key.

15.000 requests/hour for free.

Requires API key. No idea how long it will remain free.

4 Likes

Just an extra tip for people. Store the API response data in the user table including the IP address. Then check if the IP is different to the previous login and only do an API lookup if it is. This will prevent loads of needless lookups because people are constantly logging in from the same IP address. You can still send the alert email, just use the data already stored.

7 Likes

You’re right Jon. They now have the following provisions for the FREE starter account:

Free

Best for starters

$0.00 /mo

WHAT’S INCLUDED

  • 150 Requests
  • 1 API Key
  • HTTPS Encryption
  • 10 Requests / Min.
  • Location Data
1 Like