README

TYPO3 extension typo3_login_warning

This extension extends the TYPO3 backend login warning_mode functionality to inform about suspicious logins with several features:

• New IP based warning to detect logins from new IP addresses
• Long Time No See notification for infrequent users
• Out Of Office login detection outside defined working hours, holidays, or vacation periods

Note

Since I was annoyed by the constant login emails from the TYPO3 backend, but the issue of login security is still extremely important, I expanded the standard login notification functions of TYPO3 with some more or less well-known additional features.

🔥 Installation

Requirements

• TYPO3 >= 12.4
• PHP 8.2+

Composer

composer require move-elevator/typo3-login-warning

TER

Download the zip file from TYPO3 extension repository (TER).

Setup

Set up the extension after the installation:

vendor/bin/typo3 extension:setup --extension=typo3_login_warning

By default, the New IP and Long Time No See detectors are enabled.

🧰 Configuration

Configure the extension through the TYPO3 backend:

1. Go to Settings → Extension Configuration
2. Select typo3_login_warning
3. Configure your detectors and notification settings

🔎 Detectors

Detectors are used to detect certain login events. If a detector matches, a notification will be sent.

Important

Only the first matching detector will trigger a notification.

The following detectors are available (in order of execution):

NewIpDetector

Detects logins from new IP addresses and triggers a warning email.

The user "admin" logged in from a new IP address 192.168.97.5 at the site "EXT:typo3-login-warning Dev Environment".

The IP address will be stored and can be hashed for privacy reasons. You can also define a whitelist of IP addresses that will not trigger a warning. An IP geolocation lookup and a device information check can be enabled to add more information to the notification email.

Important

Keep in mind, that this detector stores hashed IP addresses in the database table tx_typo3loginwarning_iplog to track known IPs.

Configuration Options:

Note

IP address hashing requires an HMAC key. The extension automatically uses TYPO3's $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] as fallback. For additional security, you can set a dedicated key.

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['typo3_login_warning']['hmacKey'] = 'your-secure-random-key';

Geolocation

If Fetch Geolocation is enabled, the extension will use the ip-api.com service to fetch geolocation information for the IP address. Only public IP addresses will be looked up to respect privacy.

Tip

You can implement your own geolocation service by implementing the GeolocationServiceInterface and registering it in the DI container.

services:
  MoveElevator\Typo3LoginWarning\Service\GeolocationServiceInterface:
    alias: Vendor\MyExtension\Service\MyCustomGeolocationService

LongTimeNoSeeDetector

Detects logins after a long period of inactivity (default: 365 days).

The user "admin" logged in again after a long time (643 days) at the site "EXT:typo3-login-warning Dev Environment".

Configuration Options:

OutOfOfficeDetector

Detects logins outside defined working hours, holidays, or vacation periods. Supports flexible working hours with multiple time ranges per day (e.g., lunch breaks), timezone handling, and comprehensive blocked periods configuration with both full dates and recurring patterns.

The user "admin" logged in outside office hours at the site "EXT:typo3-login-warning Dev Environment".

Configuration Options:

Custom Detectors

Tip

You can implement your own detector by implementing the DetectorInterface, extending the AbstractDetector and registering it in the DI container.

services:
  Vendor\MyExtension\Detector\CustomDetector:
    tags:
      - { name: typo3_login_warning.detector, priority: 200 }

📢 Notification

Notification methods are used to notify about detected login events.

The following notification methods are available:

EmailNotification

Sends a warning email to defined recipients. If no recipient is defined, the email will be sent to the address defined in $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'].

Global Configuration Options:

• Email Recipients: Email address(es) of the notification recipients (comma-separated)

Per-Detector Configuration:

Each detector has its own Notification Receiver setting that controls who receives notifications:

• Email Recipients (default): Send notification only to configured email recipients
• Logged-In User: Send notification only to the logged-in user (requires valid email address)
• Both: Send notification to both email recipients and logged-in user

Templates

You can override the email templates located in Resources/Private/Templates/Email/Default/LoginNotification/.

$GLOBALS['TYPO3_CONF_VARS']['MAIL']['templateRootPaths'][1000] = 'EXT:my_sitepackage/Resources/Private/Templates/Email/';

Custom Notifiers

Tip

You can implement your own notification method by implementing the NotifierInterface and registering it in the DI container.

services:
  Vendor\MyExtension\Notification\SlackNotification:
    tags:
      - { name: typo3_login_warning.notifier }

Event

You can modify the notification by listening to the ModifyLoginNotificationEvent.

use MoveElevator\Typo3LoginWarning\Event\ModifyLoginNotificationEvent;
use TYPO3\CMS\Core\Attribute\AsEventListener;

#[AsEventListener]
final class CustomNotificationListener
{
     public function __invoke(ModifyLoginNotificationEvent $event): void
     {
         // Example: Prevent notifications for test users
          $user = $event->getUser();
          if (str_starts_with($user->user['username'] ?? '', 'test_')) {
              $event->preventNotification();
              return;
          }
    }
}

Note

Register your event listener via the AsEventListener attribute (TYPO3 >= 13) or in your service configuration (see docs).

🧑‍💻 Contributing

Please have a look at CONTRIBUTING.md.

⭐ License

This project is licensed under GNU General Public License 2.0 (or later).