Bravo List
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Bravo List (http://www.bvlist.com/index.php)
-   Torrent Trader (http://www.bvlist.com/forumdisplay.php?f=29)
-   -   Deny double IP (http://www.bvlist.com/showthread.php?t=11693)

Botanicar 22nd July 2018 09:00
Deny double IP
 
How can I preventive deny double IP registration so that users are informed that there is already a user registered from this IP address ....


Regards

also add

Code:
#======================================================================#
#  Duplicate IP's
#======================================================================#
if ($action == "duplicateips")
{
        $res = SQL_Query_exec("SELECT ip FROM users GROUP BY ip HAVING count(*) > 1");
        $num = mysql_num_rows($res);
       
        list($pagertop, $pagerbottom, $limit) = pager(25, $num, 'admincp.php?action=duplicateips&');
       
        $res = SQL_Query_exec("SELECT id, username, class, email, ip, added, last_access, COUNT(*) as count FROM users GROUP BY ip HAVING count(*) > 1 ORDER BY id ASC $limit");

        stdhead(T_("DUPLICATEIP"));
       
       
        begin_frame(T_("DUPLICATEIP"));
        ?>
       
       


       
       
        0): ?>
       
       
nilim 22nd July 2018 09:52
1 Attachment(s)
For Detecting duplicate ip during sign up
In account-signup.php

Code:
        // check if IP is already in use
        $a = (@mysql_fetch_row(@SQL_Query_exec("select count(*) from users where ip='$ip'")));
        if ($a[0] != 0)
        $message = sprintf(T_("IP_ADDRESS_INUSE_S"), $ip);

For detecting duplicate ip already in use
In admincp.php

add
Code:

       
                       
                       
                       
                       
                       
                       
       
       
       
                       
                       
                       
                       
                       
                       
       
       
       
">
               
       
                 

                endif;
                                                                                                                 
        if ($num > 25) echo $pagerbottom;

        end_frame();
      navmenu();
        stdfoot();
}
add this in language

Code:
$LANG['DUPLICATEIP'] = 'Duplicate IP\'s';
$LANG['DUPLICATEIPINFO'] = "This page displays all users which the database shows them having more than one account associated by their ip.";
put image in images folder.
Napon 22nd July 2018 10:02
1 Attachment(s)
Here is the mod for signup and ip check so noone can signup with the same ip

Botanicar 22nd July 2018 12:55
Hi and thaks, first fix give me a blank (white) page

Napon, it's something wrong somewhere, don't know where, but don't work....

My version is 2.5 and use mysqli (line 36 to 38)



Code:
if ($_GET["takesignup"] == "1") {

$message == "";

Napon 22nd July 2018 14:50
1 Attachment(s)
Ok Replace all this keep the config as it is

I should not give code for 13on code at all but here you go

papad 22nd July 2018 18:33
You have also for v2.08 Napon??

Napon 22nd July 2018 20:03
1 Attachment(s)
Yes mate

This for 13on signup below

Code:
//
//  TorrentTrader v2.x
//    $LastChangedDate: 2012-09-27 22:15:34 +0100 (Thu, 27 Sep 2012) $
//      $LastChangedBy: torrenttrader $
//   
//    http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();

$username_length = 15; // Max username length. You shouldn't set this higher without editing the database first
$password_minlength = 6;
$password_maxlength = 40;

// Disable checks if we're signing up with an invite
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) {
    //invite only check
    if ($site_config["INVITEONLY"]) {
        show_error_msg(T_("INVITE_ONLY"), "
".T_("INVITE_ONLY_MSG")."
",1);
    }

    //get max members, and check how many users there is
    $numsitemembers = get_row_count("users");
    if ($numsitemembers >= $site_config["maxusers"])
        show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1);
} else {
    $res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"]));
    $invite_row = mysqli_fetch_assoc($res);
    if (!$invite_row) {
        show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1);
    }
}

if ($_GET["takesignup"] == "1") {
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
    $ip = $_SERVER['REMOTE_ADDR'];
    $ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'");
    $ipq = mysqli_result($ipc,  0);
if ($ipq >= $site_config["accountmax"])
    show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC. The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1);
}
$message == "";
function validusername($username) {
        $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        for ($i = 0; $i < strlen($username); ++$i)
            if (strpos($allowedchars, $username[$i]) === false)
            return false;
        return true;
}

    $wantusername = $_POST["wantusername"];
    $email = $_POST["email"];
    $wantpassword = $_POST["wantpassword"];
    $passagain = $_POST["passagain"];
    $country = $_POST["country"];
    $gender = $_POST["gender"];
    $client = $_POST["client"];
    $age = (int) $_POST["age"];

  if (empty($wantpassword) || (empty($email) && !$invite_row) || empty($wantusername))
    $message = T_("DONT_LEAVE_ANY_FIELD_BLANK");
  elseif (strlen($wantusername) > $username_length)
    $message = sprintf(T_("USERNAME_TOO_LONG"), $username_length);
  elseif ($wantpassword != $passagain)
    $message = T_("PASSWORDS_NOT_MATCH");
  elseif (strlen($wantpassword) < $password_minlength)
    $message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength);
  elseif (strlen($wantpassword) > $password_maxlength)
    $message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength);
  elseif ($wantpassword == $wantusername)
    $message = T_("PASS_CANT_MATCH_USERNAME");
  elseif (!validusername($wantusername))
    $message = "Invalid username.";
  elseif (!$invite_row && !validemail($email))
        $message = "That doesn't look like a valid email address.";

    if ($message == "") {
        // Certain checks must be skipped for invites
        if (!$invite_row) {
            //check email isnt banned
            $maildomain = (substr($email, strpos($email, "@") + 1));
            $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'")));
            if ($a[0] != 0)
                $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);

            $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'")));
            if ($a[0] != 0)
                $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);

          // check if email addy is already in use
          $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'")));
          if ($a[0] != 0)
            $message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
        }

      //check username isnt in use
      $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'")));
      if ($a[0] != 0)
        $message = sprintf(T_("USERNAME_INUSE_S"), $wantusername); 

      $secret = mksecret(); //generate secret field

      $wantpassword = passhash($wantpassword);// hash the password
    }

    if ($message != "")
        show_error_msg(T_("SIGNUP_FAILED"), $message, 1);

  if ($message == "") {
        if ($invite_row) {
            SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]");
            //send pm to new user
            if ($site_config["WELCOMEPMON"]){
                $dt = sqlesc(get_date_time());
                $msg = sqlesc($site_config["WELCOMEPMMSG"]);
                SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)");
            }
            header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
            die;
        }

    if ($site_config["CONFIRMEMAIL"]) { //req confirm email true/false
        $status = "pending";
    }else{
        $status = "confirmed";
    }

    //make first member admin
    if ($numsitemembers == '0')
        $signupclass = '7';
    else
        $signupclass = '1';

    SQL_Query_exec("INSERT INTO users (username, password, secret, email, status, added, last_access, age, country, gender, client, stylesheet, language, class, ip) VALUES (" .
      implode(",", array_map("sqlesc", array($wantusername, $wantpassword, $secret, $email, $status, get_date_time(), get_date_time(), $age, $country, $gender, $client, $site_config["default_theme"], $site_config["default_language"], $signupclass, getip()))).")");

    $id = ((is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);

    $psecret = md5($secret);
    $thishost = $_SERVER["HTTP_HOST"];
    $thisdomain = preg_replace('/^www\./is', "", $thishost);

    //ADMIN CONFIRM
    if ($site_config["ACONFIRM"]) {
        $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_CREATED_YOU_WILL_HAVE_TO_WAIT")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
    }else{//NO ADMIN CONFIRM, BUT EMAIL CONFIRM
        $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_APPROVED_EMAIL")."\n\n    ".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\n".T_("HAS_BEEN_APPROVED_EMAIL_AFTER")."\n\n    ".T_("HAS_BEEN_APPROVED_EMAIL_DELETED")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
    }

    if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on
        sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]");
        header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email));
    }else{ //email confirmation is off
        header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
    }
    //send pm to new user
    if ($site_config["WELCOMEPMON"]){
        $dt = sqlesc(get_date_time());
        $msg = sqlesc($site_config["WELCOMEPMMSG"]);
        SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)");
    }

    die;
  }

}//end takesignup

?>



   
   
   
    TTCE-Signup
   
   


   

       

           

               

                   

                       
                   

                   

                       

                           

Signup



   
    " />
    " />
   

   
   


   
   
               

   
   



   
   



   
   

 

   
           

 


   
   
           

   
   


                                   
                               

                               

                                    Have an account? Login
                               

             


                   

                   

                        Copyright © 2017 — TTCE
                   

               

           

       

   


   
   
   

On my FMEDition Trader v3

BamBam0077 23rd July 2018 06:06
Are you for real? No security to cover your membership ip's or am I tripping over the mysqli_real_string_escape() :coffee:

Napon 23rd July 2018 08:56
Bambam go away also this signup is 13on i only put ip check mate

HDVinnie 23rd July 2018 16:20
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses


All times are GMT +2. The time now is 21:46.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.