- - Deny double IP
(http://www.bvlist.com/showthread.php?t=11693)
Botanicar
22nd July 2018 09:00
Deny double IP
How can I preventive deny double IP registration so that users are informed that there is already a user registered from this IP address ....
Regards
nilim
22nd July 2018 09:52
1 Attachment(s)
For Detecting duplicate ip during sign up
In account-signup.php
Code:
// check if IP is already in use
$a = (@mysql_fetch_row(@SQL_Query_exec("select count(*) from users where ip='$ip'")));
if ($a[0] != 0)
$message = sprintf(T_("IP_ADDRESS_INUSE_S"), $ip);
For detecting duplicate ip already in use
In admincp.php
add
Code:
also add
Code:
#======================================================================#
# Duplicate IP's
#======================================================================#
if ($action == "duplicateips")
{
$res = SQL_Query_exec("SELECT ip FROM users GROUP BY ip HAVING count(*) > 1");
$num = mysql_num_rows($res);
$res = SQL_Query_exec("SELECT id, username, class, email, ip, added, last_access, COUNT(*) as count FROM users GROUP BY ip HAVING count(*) > 1 ORDER BY id ASC $limit");
$LANG['DUPLICATEIP'] = 'Duplicate IP\'s';
$LANG['DUPLICATEIPINFO'] = "This page displays all users which the database shows them having more than one account associated by their ip.";
put image in images folder.
Napon
22nd July 2018 10:02
1 Attachment(s)
Here is the mod for signup and ip check so noone can signup with the same ip
Botanicar
22nd July 2018 12:55
Hi and thaks, first fix give me a blank (white) page
$username_length = 15; // Max username length. You shouldn't set this higher without editing the database first
$password_minlength = 6;
$password_maxlength = 40;
// Disable checks if we're signing up with an invite
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) {
//invite only check
if ($site_config["INVITEONLY"]) {
show_error_msg(T_("INVITE_ONLY"), "
".T_("INVITE_ONLY_MSG")."
",1);
}
//get max members, and check how many users there is
$numsitemembers = get_row_count("users");
if ($numsitemembers >= $site_config["maxusers"])
show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1);
} else {
$res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"]));
$invite_row = mysqli_fetch_assoc($res);
if (!$invite_row) {
show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1);
}
}
if ($_GET["takesignup"] == "1") {
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
$ip = $_SERVER['REMOTE_ADDR'];
$ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'");
$ipq = mysqli_result($ipc, 0);
if ($ipq >= $site_config["accountmax"])
show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC. The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1);
}
$message == "";
function validusername($username) {
$allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < strlen($username); ++$i)
if (strpos($allowedchars, $username[$i]) === false)
return false;
return true;
}
if ($message == "") {
// Certain checks must be skipped for invites
if (!$invite_row) {
//check email isnt banned
$maildomain = (substr($email, strpos($email, "@") + 1));
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
// check if email addy is already in use
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'")));
if ($a[0] != 0)
$message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
}
//check username isnt in use
$a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'")));
if ($a[0] != 0)
$message = sprintf(T_("USERNAME_INUSE_S"), $wantusername);
$secret = mksecret(); //generate secret field
$wantpassword = passhash($wantpassword);// hash the password
}
if ($message != "")
show_error_msg(T_("SIGNUP_FAILED"), $message, 1);
if ($message == "") {
if ($invite_row) {
SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]");
//send pm to new user
if ($site_config["WELCOMEPMON"]){
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)");
}
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
die;
}
if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on
sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]");
header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email));
}else{ //email confirmation is off
header("Refresh: 0; url=account-confirm-ok.php?type=noconf");
}
//send pm to new user
if ($site_config["WELCOMEPMON"]){
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)");
}
die;
}
}//end takesignup
?>
TTCE-Signup
Signup
On my FMEDition Trader v3
BamBam0077
23rd July 2018 06:06
Are you for real? No security to cover your membership ip's or am I tripping over the mysqli_real_string_escape() :coffee:
Napon
23rd July 2018 08:56
Bambam go away also this signup is 13on i only put ip check mate
HDVinnie
23rd July 2018 16:20
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses