- - Deny double IP
(http://www.bvlist.com/showthread.php?t=11693)
Botanicar
22nd July 2018 09:00
Deny double IP
How can I preventive deny double IP registration so that users are informed that there is already a user registered from this IP address ....
Regards
nilim
22nd July 2018 09:52
1 Attachment(s)
For Detecting duplicate ip during sign up
In account-signup.php
Code:
// check if IP is already in use
$a = (@mysql_fetch_row(@SQL_Query_exec("select count(*) from users where ip='$ip'")));
if ($a[0] != 0)
$message = sprintf(T_("IP_ADDRESS_INUSE_S"), $ip);
For detecting duplicate ip already in use
In admincp.php
add
Code:
also add
Code:
#======================================================================#
# Duplicate IP's
#======================================================================#
if ($action == "duplicateips")
{
$res = SQL_Query_exec("SELECT ip FROM users GROUP BY ip HAVING count(*) > 1");
$num = mysql_num_rows($res);
$res = SQL_Query_exec("SELECT id, username, class, email, ip, added, last_access, COUNT(*) as count FROM users GROUP BY ip HAVING count(*) > 1 ORDER BY id ASC $limit");
$LANG['DUPLICATEIP'] = 'Duplicate IP\'s';
$LANG['DUPLICATEIPINFO'] = "This page displays all users which the database shows them having more than one account associated by their ip.";
put image in images folder.
Napon
22nd July 2018 10:02
1 Attachment(s)
Here is the mod for signup and ip check so noone can signup with the same ip
Botanicar
22nd July 2018 12:55
Hi and thaks, first fix give me a blank (white) page
$username_length = 15; // Max username length. You shouldn't set this higher without editing the database first
$password_minlength = 6;
$password_maxlength = 40;
// Disable checks if we're signing up with an invite
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) {
//invite only check
if ($site_config["INVITEONLY"]) {
show_error_msg(T_("INVITE_ONLY"), "
".T_("INVITE_ONLY_MSG")."
",1);
}
//get max members, and check how many users there is
$numsitemembers = get_row_count("users");
if ($numsitemembers >= $site_config["maxusers"])
show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1);
} else {
$res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"]));
$invite_row = mysqli_fetch_assoc($res);
if (!$invite_row) {
show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1);
}
}
if ($_GET["takesignup"] == "1") {
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
$ip = $_SERVER['REMOTE_ADDR'];
$ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'");
$ipq = mysqli_result($ipc, 0);
if ($ipq >= $site_config["accountmax"])
show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC. The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1);
}
$message == "";
function validusername($username) {
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}
if ($message == "") {
// Certain checks must be skipped for invites
if (!$invite_row) {
//check email isnt banned
$maildomain = (substr($email, strpos($email, "@") + 1));
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
// check if email addy is already in use
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
}
//check username isnt in use
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'")));
if ($a[0] != 0)
$message = sprintf(T_("USERNAME_INUSE_S"), $wantusername);
$secret = mksecret(); //generate secret field
$wantpassword = passhash($wantpassword);// hash the password
}
if ($message != "")
show_error_msg(T_("SIGNUP_FAILED"), $message, 1);
if ($message == "") {
if ($invite_row) {
SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]");
//send pm to new user
if ($site_config["WELCOMEPMON"]){
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)");
}
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
die;
}
if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on
sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]");
header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email));
}else{ //email confirmation is off
header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
}
//send pm to new user
if ($site_config["WELCOMEPMON"]){
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)");
}
die;
}
}//end takesignup
?>
TTCE-Signup
Signup
On my FMEDition Trader v3
BamBam0077
23rd July 2018 06:06
Are you for real? No security to cover your membership ip's or am I tripping over the mysqli_real_string_escape() :coffee:
Napon
23rd July 2018 08:56
Bambam go away also this signup is 13on i only put ip check mate
HDVinnie
23rd July 2018 16:20
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses
Botanicar
23rd July 2018 20:15
Quote:
Originally Posted by HDVinnie
(Post 52288)
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses
TOR browser, Mobile Internet, VPN and other means can give you another IP address, but sometime you will make mistakes and logon from one and the same address, then it will end all your cheetings ....
It's not about what you mean, it's something completely different
Napon
23rd July 2018 20:59
Quote:
Originally Posted by Botanicar
(Post 52297)
TOR browser, Mobile Internet, VPN and other means can give you another IP address, but sometime you will make mistakes and logon from one and the same address, then it will end all your cheetings ....
It's not about what you mean, it's something completely different
Here here pm mate
HDVinnie
23rd July 2018 20:59
Quote:
Originally Posted by Botanicar
(Post 52297)
TOR browser, Mobile Internet, VPN and other means can give you another IP address, but sometime you will make mistakes and logon from one and the same address, then it will end all your cheetings ....
It's not about what you mean, it's something completely different
I hear you. But lets say you have 20k members. Your storing 20k IP address assuming you only do 1 per user. Your system (ip checker) you have here say catches 20 people a year because there dumb or made a mistake.
Is it worth storing 20k IP address of your members over a measly few cheating members? Not to mention your not encrypting them or anything or the issue @BamBam0077 pointed out....
Just saying. Its your site so do you. I for one would not want to be there.
JUST FOOD FOR THOUGHT. DONT TAKE IT PERSONAL!
Napon
23rd July 2018 21:06
Mate i make mods and i can stop them all from getting on the site so thay have to use there own ip only
HDVinnie
23rd July 2018 21:14
Quote:
Originally Posted by Napon
(Post 52300)
Mate i make mods and i can stop them all from getting on the site so thay have to use there own ip only
Sure maybe Authorized Login Locations or IP Locking or other ways , but my point is what the OP as I said is currently using is 99% ineffective. Crap efficiency in return of having to store all your members IP address with no encryption.
Botanicar
23rd July 2018 23:43
Quote:
Originally Posted by HDVinnie
(Post 52299)
I hear you....
You can only imagine how many registered users I have... :-)
So I'm going my way without turning around on all the comments someone leaves here ....