How to receive notifications with location info whenever anyone logs in

sitestreet · November 30, 2019, 11:41am

I wanted to know whenever anyone logs into a site I’ve built as a security feature (much like Wordfence does for Wordpress sites) and it’s incredibly easy with Wappler so I thought I’d give a bit back to this great community and show how I did it.

In my login Server Action I have one Global which is in $_SERVER and is called REMOTE_ADDR. This will store the user’s IP address.

I signed up to the free service at https://ipstack.com/ which is an API for resolving IP addresses and giving location information. It’s very easy to use with the API Server Action in Wappler. You need to register for the free account to get your access_key.

The API Server Action should be set up like this:

ID: apiResolveIP
Output: ticked
Pass Errors: ticked
Url: http://api.ipstack.com/{{$_SERVER.REMOTE_ADDR}}
Method: GET
Data Type: Auto
Authorization: None

Then add one entry to the Query list.
Name: access_key
Value: <YOUR KEY PROVIDED BY IPSTACK.COM>

After entering all those details, click on the ‘Define API Schema’ button and then ‘Fetch Schema’ to get all the variables so it’s easy to use them in your email template.

Finally, set up your email settings using all the variables now at your disposal. My email template looks like this:

Someone has just logged into your website.
ID: {{security1.identity}}
Name: {{queryLoggedInUser.uFirstName}} {{queryLoggedInUser.uLastName}}
Email: {{queryLoggedInUser.uEmail}}
IP Address: {{$_SERVER.REMOTE_ADDR}}
Location: {{apiResolveIP.data.city}}, {{apiResolveIP.data.zip}}
Country: {{apiResolveIP.data.country_name}} ({{apiResolveIP.data.country_code}})

You’ll notice I added a condition so that I don’t receive lots of emails for any attempted logins. It’s only the successful ones which trigger the email.

Teodor · November 30, 2019, 11:36am

Hi @sitestreet
Thanks for sharing this

Just a comment - you can use just {{security1.identity}} as an expression for the condition.

sitestreet · November 30, 2019, 11:38am

Aah, yes, of course. Forgot about that. I’ve now streamlined my server action

system · January 8, 2020, 12:21pm

psweb · January 9, 2020, 7:56am

Nice idea, thank you @sitestreet, I will probably implement something similar on one of my projects.

Djibril · June 3, 2020, 2:00pm

Hi Sitestreet,
Do I understand that we don’t need to use API Access Key in the API Server Action?

sitestreet · June 3, 2020, 2:36pm

Hi @Djibril. Do you mean for IPStack? You do need to use an API key but they are free.

Max_Saravia · July 18, 2020, 1:21pm

Thnks for share, good idea!

updates · July 20, 2020, 9:14pm

Hi, very nice to share!

About the Remote Address when you set under $_SERVER the variable REMOTE_ADDR, does it take automatically the remote IP or do you need to set some operations?

Thank you

Roberto

sitestreet · July 20, 2020, 9:28pm

@updates, that variable automatically returns the IP address of the visitor, yes. You don’t need to do anything else.

sitestreet · November 1, 2021, 1:13pm

Another good API is https://ipapi.co/ which doesn’t require a key.

JonL · February 15, 2022, 1:03pm

15.000 requests/hour for free.

Requires API key. No idea how long it will remain free.

system · January 11, 2023, 4:09am

sitestreet · January 11, 2023, 9:21am

Just an extra tip for people. Store the API response data in the user table including the IP address. Then check if the IP is different to the previous login and only do an API lookup if it is. This will prevent loads of needless lookups because people are constantly logging in from the same IP address. You can still send the alert email, just use the data already stored.

system · July 5, 2023, 1:47am

revjrblack · July 5, 2023, 12:21pm

You’re right Jon. They now have the following provisions for the FREE starter account:

Free

Best for starters

$0.00 /mo

WHAT’S INCLUDED

150 Requests
1 API Key
HTTPS Encryption
10 Requests / Min.
Location Data

system · February 26, 2024, 6:50am