PHPackages move-elevator/typo3-login-warning - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. move-elevator/typo3-login-warning ActiveTypo3-cms-extension[Authentication & Authorization](/categories/authentication) move-elevator/typo3-login-warning ================================= Login Warning - Extends the TYPO3 backend login warning\_mode functionality to inform about suspicious logins with several features. 1.0.0(5mo ago)22.1k↓28.6%[1 issues](https://github.com/move-elevator/typo3-login-warning/issues)[4 PRs](https://github.com/move-elevator/typo3-login-warning/pulls)GPL-2.0-or-laterPHPPHP ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0CI passing Since Sep 30Pushed 1mo agoCompare [ Source](https://github.com/move-elevator/typo3-login-warning)[ Packagist](https://packagist.org/packages/move-elevator/typo3-login-warning)[ RSS](/packages/move-elevator-typo3-login-warning/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (19)Versions (17)Used By (0) [![Extension icon](Resources/Public/Icons/Extension.svg)](Resources/Public/Icons/Extension.svg) TYPO3 extension `typo3_login_warning` ===================================== [](#typo3-extension-typo3_login_warning) [![Latest Stable Version](https://camo.githubusercontent.com/1d42c10937600f14d7ec7c77f454aa13bef3be1a0739ee7ea2b2e88d942022ef/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f7479706f335f6c6f67696e5f7761726e696e672f76657273696f6e2f736869656c64732e737667)](https://extensions.typo3.org/extension/typo3_login_warning)[![Supported TYPO3 versions](https://camo.githubusercontent.com/402f74167f3d192a0da3425e8a843f69198ac06182c8c7f475a97dbb1188f934/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f7479706f335f6c6f67696e5f7761726e696e672f7479706f332f736869656c64732e737667)](https://extensions.typo3.org/extension/typo3_login_warning)[![Coverage](https://camo.githubusercontent.com/5b2b4f2db7a176023811392eea0a5b5ad5edb7368353d7b2552a4eaa9bcd8af3/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c73436f7665726167652f6769746875622f6d6f76652d656c657661746f722f7479706f332d6c6f67696e2d7761726e696e673f6c6f676f3d636f766572616c6c73)](https://coveralls.io/github/move-elevator/typo3-login-warning)[![CGL](https://camo.githubusercontent.com/0ed355d538e22433f7279a54574a403522b8f13e8ef9b19e08bb9142f098658a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d6f76652d656c657661746f722f7479706f332d6c6f67696e2d7761726e696e672f63676c2e796d6c3f6c6162656c3d63676c266c6f676f3d676974687562)](https://github.com/move-elevator/typo3-login-warning/actions/workflows/cgl.yml)[![Tests](https://camo.githubusercontent.com/c11cb5e1614afe101f69af17454e910cf3902544e5585b053242d0699875cfa1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d6f76652d656c657661746f722f7479706f332d6c6f67696e2d7761726e696e672f74657374732e796d6c3f6c6162656c3d7465737473266c6f676f3d676974687562)](https://github.com/move-elevator/typo3-login-warning/actions/workflows/tests.yml)[![License](https://camo.githubusercontent.com/a8538cc029eb19ef022707041f1d9ab3434c8b0e796f1896409e7527bb130757/68747470733a2f2f706f7365722e707567782e6f72672f6d6f76652d656c657661746f722f7479706f332d6c6f67696e2d7761726e696e672f6c6963656e7365)](LICENSE.md) This extension extends the TYPO3 backend login [warning\_mode](https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Security/GuidelinesIntegrators/GlobalTypo3Options.html#security-global-typo3-options-warning-mode) functionality to inform about suspicious logins with several features: - [**New IP**](#newipdetector) based warning to detect logins from new IP addresses - [**Long Time No See**](#longtimenoseedetector) notification for infrequent users - [**Out Of Office**](#outofofficedetector) login detection outside defined working hours, holidays, or vacation periods Note Since I was annoyed by the constant login emails from the TYPO3 backend, but the issue of login security is still extremely important, I expanded the standard login notification functions of TYPO3 with some more or less well-known additional features. 🔥 Installation -------------- [](#-installation) ### Requirements [](#requirements) - TYPO3 >= 12.4 - PHP 8.2+ ### Composer [](#composer) [![Packagist](https://camo.githubusercontent.com/f91c43b29f64279d31e3f36b2102e41edb9da37854322444c9db0bc9e74b8f85/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6f76652d656c657661746f722f7479706f332d6c6f67696e2d7761726e696e673f6c6162656c3d76657273696f6e266c6f676f3d7061636b6167697374)](https://packagist.org/packages/move-elevator/typo3-login-warning)[![Packagist Downloads](https://camo.githubusercontent.com/8f411cbc53c65e55759713636b5ba851dd769d8d91bbe65e6f0405d9b38e6819/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6f76652d656c657661746f722f7479706f332d6c6f67696e2d7761726e696e673f636f6c6f723d627269676874677265656e)](https://packagist.org/packages/move-elevator/typo3-login-warning) ``` composer require move-elevator/typo3-login-warning ``` ### TER [](#ter) [![TER version](https://camo.githubusercontent.com/1d42c10937600f14d7ec7c77f454aa13bef3be1a0739ee7ea2b2e88d942022ef/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f7479706f335f6c6f67696e5f7761726e696e672f76657273696f6e2f736869656c64732e737667)](https://extensions.typo3.org/extension/typo3_login_warning)[![TER downloads](https://camo.githubusercontent.com/1028c2d9e241db6a19495395c56bea447fd4b8eee93632ca8156f86be96360d0/68747470733a2f2f7479706f332d6261646765732e6465762f62616467652f7479706f335f6c6f67696e5f7761726e696e672f646f776e6c6f6164732f736869656c64732e737667)](https://extensions.typo3.org/extension/typo3_login_warning) Download the zip file from [TYPO3 extension repository (TER)](https://extensions.typo3.org/extension/typo3_login_warning). ### Setup [](#setup) Set up the extension after the installation: ``` vendor/bin/typo3 extension:setup --extension=typo3_login_warning ``` By default, the [**New IP**](#newipdetector) and [**Long Time No See**](#longtimenoseedetector) detectors are enabled. 🧰 Configuration --------------- [](#-configuration) Configure the extension through the TYPO3 backend: 1. Go to **Settings** → **Extension Configuration** 2. Select **typo3\_login\_warning** 3. Configure your detectors and notification settings 🔎 Detectors ----------- [](#-detectors) Detectors are used to detect certain login events. If a detector matches, a notification will be sent. Important Only the first matching detector will trigger a notification. The following detectors are available (in order of execution): ### [NewIpDetector](Classes/Detector/NewIpDetector.php) [](#newipdetector) Detects logins from new IP addresses and triggers a warning email. > The user "admin" logged in from a new IP address 192.168.97.5 at the site "EXT:typo3-login-warning Dev Environment". The IP address will be stored and can be hashed for privacy reasons. You can also define a whitelist of IP addresses that will not trigger a warning. An IP geolocation lookup and a device information check can be enabled to add more information to the notification email. Important Keep in mind, that this detector stores hashed IP addresses in the database table `tx_typo3loginwarning_iplog` to track known IPs. **Configuration Options:** SettingDescriptionDefault**Active**Enable New IP detector`true`**Hash IP Addresses**Hash IP addresses for privacy (HMAC‑SHA‑256)`true`**Fetch Geolocation**Enable IP geolocation lookup`true`**Include Device Information**Include browser and OS information in notification emails`true`**IP Whitelist**Comma-separated list of whitelisted IPs/networks (supports CIDR notation like `192.168.1.0/24`)`127.0.0.1`**Affected Users**Which users should trigger this detector: `All Users`, `Only Admins`, `Only System Maintainers``All Users`**Notification Receiver**Who should receive the notification: `Email Recipients`, `Logged-In User`, `Both``Email Recipients`Note IP address hashing requires an HMAC key. The extension automatically uses TYPO3's `$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']` as fallback. For additional security, you can set a dedicated key. ``` $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['typo3_login_warning']['hmacKey'] = 'your-secure-random-key'; ``` #### Geolocation [](#geolocation) If `Fetch Geolocation` is enabled, the extension will use the [ip-api.com](https://ip-api.com/) service to fetch geolocation information for the IP address. Only public IP addresses will be looked up to respect privacy. Tip You can implement your own geolocation service by implementing the `GeolocationServiceInterface` and registering it in the DI container. ``` services: MoveElevator\Typo3LoginWarning\Service\GeolocationServiceInterface: alias: Vendor\MyExtension\Service\MyCustomGeolocationService ``` ### [LongTimeNoSeeDetector](Classes/Detector/LongTimeNoSeeDetector.php) [](#longtimenoseedetector) Detects logins after a long period of inactivity (default: 365 days). > The user "admin" logged in again after a long time (643 days) at the site "EXT:typo3-login-warning Dev Environment". **Configuration Options:** SettingDescriptionDefault**Active**Enable Long Time No See detector`true`**Threshold Days**Days of inactivity before triggering`365`**Affected Users**Which users should trigger this detector: `All Users`, `Only Admins`, `Only System Maintainers``All Users`**Notification Receiver**Who should receive the notification: `Email Recipients`, `Logged-In User`, `Both``Email Recipients`### [OutOfOfficeDetector](Classes/Detector/OutOfOfficeDetector.php) [](#outofofficedetector) Detects logins outside defined working hours, holidays, or vacation periods. Supports flexible working hours with multiple time ranges per day (e.g., lunch breaks), timezone handling, and comprehensive blocked periods configuration with both full dates and recurring patterns. > The user "admin" logged in outside office hours at the site "EXT:typo3-login-warning Dev Environment". **Configuration Options:** SettingDescriptionDefault**Active**Enable Out Of Office detector`false`**Working Hours**JSON configuration for working hours. Supports shortcuts: `workday` (Mon-Fri), `weekend` (Sat-Sun). Also supports multiple time ranges per day for lunch breaks. Examples: `{"workday":["09:00","17:00"]}`, `{"workday":["09:00","17:00"],"weekend":["10:00","14:00"]}`, `{"workday":["09:00","17:00"],"friday":["09:00","15:00"]}`, `{"monday":[["09:00","12:00"],["13:00","17:00"]]}`Business hours (06-20) Mon-Fri**Timezone**Timezone for working hours`UTC`**Blocked Periods**Comma-separated list of blocked days or periods. Formats: Full date (`2025-12-25`), recurring date (`12-25`), date range (`2025-07-15:2025-07-30`), recurring range (`12-20:01-05`). Example: `12-25,01-01,2025-07-15:2025-07-30`Empty**Affected Users**Which users should trigger this detector: `All Users`, `Only Admins`, `Only System Maintainers``All Users`**Notification Receiver**Who should receive the notification: `Email Recipients`, `Logged-In User`, `Both``Email Recipients`### Custom Detectors [](#custom-detectors) Tip You can implement your own detector by implementing the [`DetectorInterface`](Classes/Detector/DetectorInterface.php), extending the [`AbstractDetector`](Classes/Detector/AbstractDetector.php) and registering it in the DI container. ``` services: Vendor\MyExtension\Detector\CustomDetector: tags: - { name: typo3_login_warning.detector, priority: 200 } ``` 📢 Notification -------------- [](#-notification) Notification methods are used to notify about detected login events. The following notification methods are available: ### [EmailNotification](Classes/Notification/EmailNotification.php) [](#emailnotification) Sends a warning email to defined recipients. If no recipient is defined, the email will be sent to the address defined in `$GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']`. **Global Configuration Options:** - **Email Recipients**: Email address(es) of the notification recipients (comma-separated) **Per-Detector Configuration:** Each detector has its own **Notification Receiver** setting that controls who receives notifications: - **Email Recipients** (default): Send notification only to configured email recipients - **Logged-In User**: Send notification only to the logged-in user (requires valid email address) - **Both**: Send notification to both email recipients and logged-in user [![email.jpg](Documentation/Images/email.jpg)](Documentation/Images/email.jpg) #### Templates [](#templates) You can override the email templates located in `Resources/Private/Templates/Email/Default/LoginNotification/`. ``` $GLOBALS['TYPO3_CONF_VARS']['MAIL']['templateRootPaths'][1000] = 'EXT:my_sitepackage/Resources/Private/Templates/Email/'; ``` ### Custom Notifiers [](#custom-notifiers) Tip You can implement your own notification method by implementing the [`NotifierInterface`](Classes/Notification/NotifierInterface.php) and registering it in the DI container. ``` services: Vendor\MyExtension\Notification\SlackNotification: tags: - { name: typo3_login_warning.notifier } ``` ### Event [](#event) You can modify the notification by listening to the [`ModifyLoginNotificationEvent`](Classes/Event/ModifyLoginNotificationEvent.php). ``` use MoveElevator\Typo3LoginWarning\Event\ModifyLoginNotificationEvent; use TYPO3\CMS\Core\Attribute\AsEventListener; #[AsEventListener] final class CustomNotificationListener { public function __invoke(ModifyLoginNotificationEvent $event): void { // Example: Prevent notifications for test users $user = $event->getUser(); if (str_starts_with($user->user['username'] ?? '', 'test_')) { $event->preventNotification(); return; } } } ``` Note Register your event listener via the `AsEventListener` attribute (TYPO3 >= 13) or in your service configuration (see [docs](https://docs.typo3.org/m/typo3/reference-coreapi/12.4/en-us/ExtensionArchitecture/HowTo/Events/Index.html#extension-development-event-listener)). 🧑‍💻 Contributing ---------------- [](#‍-contributing) Please have a look at [`CONTRIBUTING.md`](CONTRIBUTING.md). ⭐ License --------- [](#-license) This project is licensed under [GNU General Public License 2.0 (or later)](LICENSE.md). ### Health Score 45 — FairBetter than 93% of packages Maintenance72 Regular maintenance activity Popularity24 Limited adoption so far Community9 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 93.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~7 days Recently: every ~13 days Total 9 Last Release 168d ago Major Versions 0.7.0 → 1.0.02025-12-02 PHP version history (2 changes)0.1.0PHP ~8.2.0 || ~8.3.0 || ~8.4.0 1.0.0PHP ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/11557705846f24da32a0e6e75c460db505c1b847f081ddaa3d27f3ea27f4097b?d=identicon)[konradmichalik](/maintainers/konradmichalik) ![](https://www.gravatar.com/avatar/f71257bb4db7f3adcabdc7d93e0f84c00aa50689b1411976b57f6a57ed7b6b2e?d=identicon)[move-elevator](/maintainers/move-elevator) --- Top Contributors [![konradmichalik](https://avatars.githubusercontent.com/u/4558190?v=4)](https://github.com/konradmichalik "konradmichalik (188 commits)")[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (14 commits)") --- Tags typo3typo3-cms-extension ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/move-elevator-typo3-login-warning/health.svg) ``` [![Health](https://phpackages.com/badges/move-elevator-typo3-login-warning/health.svg)](https://phpackages.com/packages/move-elevator-typo3-login-warning) ``` ### Alternatives [cakephp/cakephp The CakePHP framework 8.8k18.5M1.6k](/packages/cakephp-cakephp)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[typo3/cms TYPO3 CMS is a free open source Content Management Framework initially created by Kasper Skaarhoj and licensed under GNU/GPL. 1.2k1.9M122](/packages/typo3-cms)[eliashaeussler/typo3-warming Warming - Warms up Frontend caches based on an XML sitemap. Cache warmup can be triggered via TYPO3 backend or using a console command. Supports multiple languages and custom crawler implementations. 20229.9k](/packages/eliashaeussler-typo3-warming)[neos/flow-development-collection Flow packages in a joined repository for pull requests. 144179.3k3](/packages/neos-flow-development-collection)[drupal/core-recommended Locked core dependencies; require this project INSTEAD OF drupal/core. 6939.5M343](/packages/drupal-core-recommended) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)