Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Torrent Trader (http://www.bvlist.com/forumdisplay.php?f=29)
-   -   Deny double IP (http://www.bvlist.com/showthread.php?t=11693)

Botanicar 22nd July 2018 09:00
Deny double IP
 
How can I preventive deny double IP registration so that users are informed that there is already a user registered from this IP address ....


Regards

also add

Code:
#======================================================================#
#  Duplicate IP's
#======================================================================#
if ($action == "duplicateips")
{
        $res = SQL_Query_exec("SELECT ip FROM users GROUP BY ip HAVING count(*) > 1");
        $num = mysql_num_rows($res);
       
        list($pagertop, $pagerbottom, $limit) = pager(25, $num, 'admincp.php?action=duplicateips&');
       
        $res = SQL_Query_exec("SELECT id, username, class, email, ip, added, last_access, COUNT(*) as count FROM users GROUP BY ip HAVING count(*) > 1 ORDER BY id ASC $limit");

        stdhead(T_("DUPLICATEIP"));
       
       
        begin_frame(T_("DUPLICATEIP"));
        ?>
       
       


       
       
        0): ?>
       
       
nilim 22nd July 2018 09:52
1 Attachment(s)
For Detecting duplicate ip during sign up
In account-signup.php

Code:
        // check if IP is already in use
        $a = (@mysql_fetch_row(@SQL_Query_exec("select count(*) from users where ip='$ip'")));
        if ($a[0] != 0)
        $message = sprintf(T_("IP_ADDRESS_INUSE_S"), $ip);

For detecting duplicate ip already in use
In admincp.php

add
Code:

       
                       
                       
                       
                       
                       
                       
       
       
       
                       
                       
                       
                       
                       
                       
       
       
       
">
               
       
                 

                endif;
                                                                                                                 
        if ($num > 25) echo $pagerbottom;

        end_frame();
      navmenu();
        stdfoot();
}
add this in language

Code:
$LANG['DUPLICATEIP'] = 'Duplicate IP\'s';
$LANG['DUPLICATEIPINFO'] = "This page displays all users which the database shows them having more than one account associated by their ip.";
put image in images folder.
Napon 22nd July 2018 10:02
1 Attachment(s)
Here is the mod for signup and ip check so noone can signup with the same ip

Botanicar 22nd July 2018 12:55
Hi and thaks, first fix give me a blank (white) page

Napon, it's something wrong somewhere, don't know where, but don't work....

My version is 2.5 and use mysqli (line 36 to 38)



Code:
if ($_GET["takesignup"] == "1") {

$message == "";

Napon 22nd July 2018 14:50
1 Attachment(s)
Ok Replace all this keep the config as it is

I should not give code for 13on code at all but here you go

papad 22nd July 2018 18:33
You have also for v2.08 Napon??

Napon 22nd July 2018 20:03
1 Attachment(s)
Yes mate

This for 13on signup below

Code:
//
//  TorrentTrader v2.x
//    $LastChangedDate: 2012-09-27 22:15:34 +0100 (Thu, 27 Sep 2012) $
//      $LastChangedBy: torrenttrader $
//   
//    http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();

$username_length = 15; // Max username length. You shouldn't set this higher without editing the database first
$password_minlength = 6;
$password_maxlength = 40;

// Disable checks if we're signing up with an invite
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) {
    //invite only check
    if ($site_config["INVITEONLY"]) {
        show_error_msg(T_("INVITE_ONLY"), "
".T_("INVITE_ONLY_MSG")."
",1);
    }

    //get max members, and check how many users there is
    $numsitemembers = get_row_count("users");
    if ($numsitemembers >= $site_config["maxusers"])
        show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1);
} else {
    $res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"]));
    $invite_row = mysqli_fetch_assoc($res);
    if (!$invite_row) {
        show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1);
    }
}

if ($_GET["takesignup"] == "1") {
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
    $ip = $_SERVER['REMOTE_ADDR'];
    $ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'");
    $ipq = mysqli_result($ipc,  0);
if ($ipq >= $site_config["accountmax"])
    show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC. The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1);
}
$message == "";
function validusername($username) {
        $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        for ($i = 0; $i < strlen($username); ++$i)
            if (strpos($allowedchars, $username[$i]) === false)
            return false;
        return true;
}

    $wantusername = $_POST["wantusername"];
    $email = $_POST["email"];
    $wantpassword = $_POST["wantpassword"];
    $passagain = $_POST["passagain"];
    $country = $_POST["country"];
    $gender = $_POST["gender"];
    $client = $_POST["client"];
    $age = (int) $_POST["age"];

  if (empty($wantpassword) || (empty($email) && !$invite_row) || empty($wantusername))
    $message = T_("DONT_LEAVE_ANY_FIELD_BLANK");
  elseif (strlen($wantusername) > $username_length)
    $message = sprintf(T_("USERNAME_TOO_LONG"), $username_length);
  elseif ($wantpassword != $passagain)
    $message = T_("PASSWORDS_NOT_MATCH");
  elseif (strlen($wantpassword) < $password_minlength)
    $message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength);
  elseif (strlen($wantpassword) > $password_maxlength)
    $message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength);
  elseif ($wantpassword == $wantusername)
    $message = T_("PASS_CANT_MATCH_USERNAME");
  elseif (!validusername($wantusername))
    $message = "Invalid username.";
  elseif (!$invite_row && !validemail($email))
        $message = "That doesn't look like a valid email address.";

    if ($message == "") {
        // Certain checks must be skipped for invites
        if (!$invite_row) {
            //check email isnt banned
            $maildomain = (substr($email, strpos($email, "@") + 1));
            $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'")));
            if ($a[0] != 0)
                $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);

            $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'")));
            if ($a[0] != 0)
                $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);

          // check if email addy is already in use
          $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'")));
          if ($a[0] != 0)
            $message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
        }

      //check username isnt in use
      $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'")));
      if ($a[0] != 0)
        $message = sprintf(T_("USERNAME_INUSE_S"), $wantusername); 

      $secret = mksecret(); //generate secret field

      $wantpassword = passhash($wantpassword);// hash the password
    }

    if ($message != "")
        show_error_msg(T_("SIGNUP_FAILED"), $message, 1);

  if ($message == "") {
        if ($invite_row) {
            SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]");
            //send pm to new user
            if ($site_config["WELCOMEPMON"]){
                $dt = sqlesc(get_date_time());
                $msg = sqlesc($site_config["WELCOMEPMMSG"]);
                SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)");
            }
            header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
            die;
        }

    if ($site_config["CONFIRMEMAIL"]) { //req confirm email true/false
        $status = "pending";
    }else{
        $status = "confirmed";
    }

    //make first member admin
    if ($numsitemembers == '0')
        $signupclass = '7';
    else
        $signupclass = '1';

    SQL_Query_exec("INSERT INTO users (username, password, secret, email, status, added, last_access, age, country, gender, client, stylesheet, language, class, ip) VALUES (" .
      implode(",", array_map("sqlesc", array($wantusername, $wantpassword, $secret, $email, $status, get_date_time(), get_date_time(), $age, $country, $gender, $client, $site_config["default_theme"], $site_config["default_language"], $signupclass, getip()))).")");

    $id = ((is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);

    $psecret = md5($secret);
    $thishost = $_SERVER["HTTP_HOST"];
    $thisdomain = preg_replace('/^www\./is', "", $thishost);

    //ADMIN CONFIRM
    if ($site_config["ACONFIRM"]) {
        $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_CREATED_YOU_WILL_HAVE_TO_WAIT")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
    }else{//NO ADMIN CONFIRM, BUT EMAIL CONFIRM
        $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_APPROVED_EMAIL")."\n\n    ".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\n".T_("HAS_BEEN_APPROVED_EMAIL_AFTER")."\n\n    ".T_("HAS_BEEN_APPROVED_EMAIL_DELETED")."\n\n".$site_config['SITENAME']." ".T_("ADMIN");
    }

    if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on
        sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]");
        header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email));
    }else{ //email confirmation is off
        header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
    }
    //send pm to new user
    if ($site_config["WELCOMEPMON"]){
        $dt = sqlesc(get_date_time());
        $msg = sqlesc($site_config["WELCOMEPMMSG"]);
        SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)");
    }

    die;
  }

}//end takesignup

?>



   
   
   
    TTCE-Signup
   
   


   

       

           

               

                   

                       
                   

                   

                       

                           

Signup



   
    " />
    " />
   

   
   


   
   
               

   
   



   
   



   
   

 

   
           

 


   
   
           

   
   


                                   
                               

                               

                                    Have an account? Login
                               

             


                   

                   

                        Copyright © 2017 — TTCE
                   

               

           

       

   


   
   
   

On my FMEDition Trader v3

BamBam0077 23rd July 2018 06:06
Are you for real? No security to cover your membership ip's or am I tripping over the mysqli_real_string_escape() :coffee:

Napon 23rd July 2018 08:56
Bambam go away also this signup is 13on i only put ip check mate

HDVinnie 23rd July 2018 16:20
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses

Botanicar 23rd July 2018 20:15
Quote:
Originally Posted by HDVinnie (Post 52288)
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses
TOR browser, Mobile Internet, VPN and other means can give you another IP address, but sometime you will make mistakes and logon from one and the same address, then it will end all your cheetings ....

It's not about what you mean, it's something completely different

Napon 23rd July 2018 20:59
Quote:
Originally Posted by Botanicar (Post 52297)
TOR browser, Mobile Internet, VPN and other means can give you another IP address, but sometime you will make mistakes and logon from one and the same address, then it will end all your cheetings ....

It's not about what you mean, it's something completely different
Here here pm mate

HDVinnie 23rd July 2018 20:59
Quote:
Originally Posted by Botanicar (Post 52297)
TOR browser, Mobile Internet, VPN and other means can give you another IP address, but sometime you will make mistakes and logon from one and the same address, then it will end all your cheetings ....

It's not about what you mean, it's something completely different
I hear you. But lets say you have 20k members. Your storing 20k IP address assuming you only do 1 per user. Your system (ip checker) you have here say catches 20 people a year because there dumb or made a mistake.

Is it worth storing 20k IP address of your members over a measly few cheating members? Not to mention your not encrypting them or anything or the issue @BamBam0077 pointed out....

Just saying. Its your site so do you. I for one would not want to be there.

JUST FOOD FOR THOUGHT. DONT TAKE IT PERSONAL!

Napon 23rd July 2018 21:06
Mate i make mods and i can stop them all from getting on the site so thay have to use there own ip only

HDVinnie 23rd July 2018 21:14
Quote:
Originally Posted by Napon (Post 52300)
Mate i make mods and i can stop them all from getting on the site so thay have to use there own ip only
Sure maybe Authorized Login Locations or IP Locking or other ways , but my point is what the OP as I said is currently using is 99% ineffective. Crap efficiency in return of having to store all your members IP address with no encryption.

Botanicar 23rd July 2018 23:43
Quote:
Originally Posted by HDVinnie (Post 52299)
I hear you....

You can only imagine how many registered users I have... :-)
So I'm going my way without turning around on all the comments someone leaves here ....


All times are GMT +2. The time now is 16:54.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.