Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-5367

Account Security Email Notifications

        Details

        • Type: New Feature
        • Status: Open
        • Priority: Major
        • Resolution: Unresolved
        • Affects Version/s: 5.11.0
        • Fix Version/s: Sponsored
        • Component/s: Staff Interface
        • Labels:
          None

          Description

          Many services will send you an email if someone logs into your account from a different IP address. It can alert a client or staff member to a potential compromise so they can login and change their password right away or reach out for help.

          Immediately upon Staff or a Client or Contact log in, check log_users for their user_id and see if the IP address has logged in before. Note that result should be "success". Keep in mind that this table can contain millions of records. user_id is a key, so this should provide some speed, but we may want to limit to a certain number of records, say the last 50 or 100 logins. If there is NO match on IP (Not counting our current login), AND there are previous logins, then we want to send the email.

          Create 2 Email Templates

          • Account Security (Under Client Emails)
          • Account Security (Under Staff Emails)

          Available tags:

          • Contact Details (We'll use first_name, but more should be available to the template)
          • IP Address (Make sure we use the right header if we should be using x-forwarded-for based on the "My installation is behind a proxy or load balancer" under Settings > System > General)
          • GeoIP Location (If Maxmind GeoIP is enabled and working, otherwise return Unknown for the location so that the tag is not empty)
          • Date and Time of Login
          • Device / User Agent ($_SERVER['HTTP_USER_AGENT'], though we may want to parse this.. is there a library to parse this and show it in a nice way? There is one called ua-parser/uap-php)
          • Login URL

          Example Email

          Dear [John],

          We’ve detected a new login to your account from a different IP address. Here are the details:

          Date and Time: [March 04, 2025, at 2:37 PM (UTC) ]
          IP Address: [192.168.1.100 ]
          Location: [City, State, Country] (Approximate)
          Device: [e.g., Windows PC, iPhone, etc.]

          If this was you, no action is needed—you’re all set! If you don’t recognize this activity, please secure your account immediately by:

          Log in and reset your password at [login url].

          For your security, we recommend enabling two-factor authentication (2FA) if you haven’t already. You can set it up in the client area under the Authentication tab after clicking the "Change" button on the left side of the Dashboard.

          If you need assistance, please reach out to support staff.

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                Unassigned
                Reporter:
                admin Paul Phillips
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: