|
#1
|
||||
|
||||
Deny double IP
How can I preventive deny double IP registration so that users are informed that there is already a user registered from this IP address ....
Regards |
#2
|
||||
|
||||
For Detecting duplicate ip during sign up
In account-signup.php Code:
// check if IP is already in use $a = (@mysql_fetch_row(@SQL_Query_exec("select count(*) from users where ip='$ip'"))); if ($a[0] != 0) $message = sprintf(T_("IP_ADDRESS_INUSE_S"), $ip); For detecting duplicate ip already in use In admincp.php add Code:
<td align="center"><a href="admincp.php?action=duplicateips"><img src="images/admin/double-ip.png" border="0" width="118" height="80" alt="" /><br /><?php echo T_("DUPLICATEIP"); ?><br /></a></td> Code:
#======================================================================# # Duplicate IP's #======================================================================# if ($action == "duplicateips") { $res = SQL_Query_exec("SELECT ip FROM users GROUP BY ip HAVING count(*) > 1"); $num = mysql_num_rows($res); list($pagertop, $pagerbottom, $limit) = pager(25, $num, 'admincp.php?action=duplicateips&'); $res = SQL_Query_exec("SELECT id, username, class, email, ip, added, last_access, COUNT(*) as count FROM users GROUP BY ip HAVING count(*) > 1 ORDER BY id ASC $limit"); stdhead(T_("DUPLICATEIP")); begin_frame(T_("DUPLICATEIP")); ?> <center><?php echo T_("DUPLICATEIPINFO"); ?></center> <br /> <?php if ($num > 0): ?> <br /> <table border="0" cellpadding="3" cellspacing="0" width="100%" align="center" class="table_table"> <tr> <th class="table_head"><?php echo T_("USERNAME"); ?></th> <th class="table_head"><?php echo T_("USERCLASS"); ?></th> <th class="table_head"><?php echo T_("EMAIL"); ?></th> <th class="table_head"><?php echo T_("IP"); ?></th> <th class="table_head"><?php echo T_("ADDED"); ?></th> <th class="table_head"><?php echo T_("COUNT"); ?></th> </tr> <?php while ($row = mysql_fetch_assoc($res)): ?> <tr> <td class="table_col1" align="center"><a href="account-details.php?id=<?php echo $row["id"]; ?>"><?php echo $row["username"]; ?></a></td> <td class="table_col2" align="center"><?php echo get_user_class_name($row["class"]); ?></td> <td class="table_col1" align="center"><?php echo $row["email"]; ?></td> <td class="table_col2" align="center"><?php echo $row["ip"]; ?></td> <td class="table_col1" align="center"><?php echo utc_to_tz($row["added"]); ?></td> <td class="table_col1" align="center"><a href="admincp.php?action=usersearch&ip=<?php echo $row['ip']; ?>"><?php echo number_format($row['count']); ?></a></td> </tr> <?php endwhile; ?> </table> <?php else: ?> <center><b><?php echo T_("NOTHING_FOUND"); ?></b></center> <?php endif; if ($num > 25) echo $pagerbottom; end_frame(); navmenu(); stdfoot(); } Code:
$LANG['DUPLICATEIP'] = 'Duplicate IP\'s'; $LANG['DUPLICATEIPINFO'] = "This page displays all users which the database shows them having more than one account associated by their ip."; Last edited by nilim; 22nd July 2018 at 11:14. |
#3
|
|||
|
|||
Here is the mod for signup and ip check so noone can signup with the same ip
|
#4
|
||||
|
||||
Hi and thaks, first fix give me a blank (white) page
Napon, it's something wrong somewhere, don't know where, but don't work.... My version is 2.5 and use mysqli (line 36 to 38) Code:
if ($_GET["takesignup"] == "1") { $message == ""; Last edited by Botanicar; 22nd July 2018 at 13:09. Reason: version update |
#5
|
|||
|
|||
Ok Replace all this keep the config as it is
I should not give code for 13on code at all but here you go Last edited by Napon; 22nd July 2018 at 16:47. |
#6
|
||||
|
||||
You have also for v2.08 Napon??
|
#7
|
|||
|
|||
Yes mate
This for 13on signup below Code:
<?php // // TorrentTrader v2.x // $LastChangedDate: 2012-09-27 22:15:34 +0100 (Thu, 27 Sep 2012) $ // $LastChangedBy: torrenttrader $ // // http://www.torrenttrader.org // // require_once("backend/functions.php"); dbconn(); $username_length = 15; // Max username length. You shouldn't set this higher without editing the database first $password_minlength = 6; $password_maxlength = 40; // Disable checks if we're signing up with an invite if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) { //invite only check if ($site_config["INVITEONLY"]) { show_error_msg(T_("INVITE_ONLY"), "<br /><br /><center>".T_("INVITE_ONLY_MSG")."<br /><br /></center>",1); } //get max members, and check how many users there is $numsitemembers = get_row_count("users"); if ($numsitemembers >= $site_config["maxusers"]) show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1); } else { $res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"])); $invite_row = mysqli_fetch_assoc($res); if (!$invite_row) { show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1); } } if ($_GET["takesignup"] == "1") { if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") { $ip = $_SERVER['REMOTE_ADDR']; $ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'"); $ipq = mysqli_result($ipc, 0); if ($ipq >= $site_config["accountmax"]) show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC.<br><br> The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1); } $message == ""; function validusername($username) { $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; for ($i = 0; $i < strlen($username); ++$i) if (strpos($allowedchars, $username[$i]) === false) return false; return true; } $wantusername = $_POST["wantusername"]; $email = $_POST["email"]; $wantpassword = $_POST["wantpassword"]; $passagain = $_POST["passagain"]; $country = $_POST["country"]; $gender = $_POST["gender"]; $client = $_POST["client"]; $age = (int) $_POST["age"]; if (empty($wantpassword) || (empty($email) && !$invite_row) || empty($wantusername)) $message = T_("DONT_LEAVE_ANY_FIELD_BLANK"); elseif (strlen($wantusername) > $username_length) $message = sprintf(T_("USERNAME_TOO_LONG"), $username_length); elseif ($wantpassword != $passagain) $message = T_("PASSWORDS_NOT_MATCH"); elseif (strlen($wantpassword) < $password_minlength) $message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength); elseif (strlen($wantpassword) > $password_maxlength) $message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength); elseif ($wantpassword == $wantusername) $message = T_("PASS_CANT_MATCH_USERNAME"); elseif (!validusername($wantusername)) $message = "Invalid username."; elseif (!$invite_row && !validemail($email)) $message = "That doesn't look like a valid email address."; if ($message == "") { // Certain checks must be skipped for invites if (!$invite_row) { //check email isnt banned $maildomain = (substr($email, strpos($email, "@") + 1)); $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'"))); if ($a[0] != 0) $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'"))); if ($a[0] != 0) $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); // check if email addy is already in use $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'"))); if ($a[0] != 0) $message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email); } //check username isnt in use $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'"))); if ($a[0] != 0) $message = sprintf(T_("USERNAME_INUSE_S"), $wantusername); $secret = mksecret(); //generate secret field $wantpassword = passhash($wantpassword);// hash the password } if ($message != "") show_error_msg(T_("SIGNUP_FAILED"), $message, 1); if ($message == "") { if ($invite_row) { SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]"); //send pm to new user if ($site_config["WELCOMEPMON"]){ $dt = sqlesc(get_date_time()); $msg = sqlesc($site_config["WELCOMEPMMSG"]); SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)"); } header("Refresh: 0; url=account-confirm-ok.php?type=confirm"); die; } if ($site_config["CONFIRMEMAIL"]) { //req confirm email true/false $status = "pending"; }else{ $status = "confirmed"; } //make first member admin if ($numsitemembers == '0') $signupclass = '7'; else $signupclass = '1'; SQL_Query_exec("INSERT INTO users (username, password, secret, email, status, added, last_access, age, country, gender, client, stylesheet, language, class, ip) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpassword, $secret, $email, $status, get_date_time(), get_date_time(), $age, $country, $gender, $client, $site_config["default_theme"], $site_config["default_language"], $signupclass, getip()))).")"); $id = ((is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); $psecret = md5($secret); $thishost = $_SERVER["HTTP_HOST"]; $thisdomain = preg_replace('/^www\./is', "", $thishost); //ADMIN CONFIRM if ($site_config["ACONFIRM"]) { $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_CREATED_YOU_WILL_HAVE_TO_WAIT")."\n\n".$site_config['SITENAME']." ".T_("ADMIN"); }else{//NO ADMIN CONFIRM, BUT EMAIL CONFIRM $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_APPROVED_EMAIL")."\n\n ".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\n".T_("HAS_BEEN_APPROVED_EMAIL_AFTER")."\n\n ".T_("HAS_BEEN_APPROVED_EMAIL_DELETED")."\n\n".$site_config['SITENAME']." ".T_("ADMIN"); } if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]"); header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email)); }else{ //email confirmation is off header("Refresh: 0; url=account-confirm-ok.php?type=noconf"); } //send pm to new user if ($site_config["WELCOMEPMON"]){ $dt = sqlesc(get_date_time()); $msg = sqlesc($site_config["WELCOMEPMMSG"]); SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)"); } die; } }//end takesignup ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="author" content="Kodinger"> <meta name="viewport" content="width=device-width,initial-scale=1"> <title>TTCE-Signup</title> <link rel="stylesheet" type="text/css" href="../login/bootstrap/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="../login/css/my-login.css"> </head> <body class="my-login-page"> <section class="h-100"> <div class="container h-100"> <div class="row justify-content-md-center h-100"> <div class="card-wrapper"> <div class="brand"> <img src="../login/img/logo.jpg"> </div> <div class="card fat"> <div class="card-body"> <h4 class="card-title">Signup</h4> <form method="post" action="account-signup.php?takesignup=1"> <?php if ($invite_row) { ?> <input type="hidden" name="invite" class="form-control" value="<?php echo $_GET["invite"]; ?>" /> <input type="hidden" name="secret" class="form-control" value="<?php echo htmlspecialchars($_GET["secret"]); ?>" /> <?php } ?> <div class="form-group"> <label for="username"><?php echo T_("USERNAME"); ?></label> <input id="username" type="text" class="form-control" name="wantusername" required autofocus> </div> <div class="form-group"> <label for="password"><?php echo T_("PASSWORD"); ?></label> <input id="password" type="password" class="form-control" name="wantpassword" required data-eye> </div> <div class="form-group"> <label for="password2"><?php echo T_("CONFIRM"); ?></label> <input id="password2" type="password" class="form-control" name="passagain" required data-eye> </div> <?php if (!$invite_row) {?> <div class="form-group"> <label for="email"><?php echo T_("EMAIL"); ?></label> <input id="email" type="text" class="form-control" name="email" required autofocus> </div> <?php } ?> <div class="form-group"> <label for="age"><?php echo T_("AGE"); ?></label> <input id="age" type="text" class="form-control" name="age" maxlength="3" required autofocus> </div> <div class="form-group"> <label for="country"><?php echo T_("COUNTRY"); ?> </label> <select name="country" id="country" class="form-control" size="1"> <?php $countries = "<option value=\"0\">---- ".T_("NONE_SELECTED")." ----</option>\n"; $ct_r = SQL_Query_exec("SELECT id,name,domain from countries ORDER BY name"); while ($ct_a = mysqli_fetch_assoc($ct_r)) { $countries .= "<option value=\"$ct_a[id]\">$ct_a[name]</option>\n"; } ?> <?php echo $countries; ?> </select> </div> <div class="form-group"> <label for="gender"><?php echo T_("GENDER"); ?></label> <select name="gender" id="gender" class="form-control" size="1"> <option>Male</option> <option>Female</option> </select> </div> <div class="form-group"> <label for="client"><?php echo T_("PREF_BITTORRENT_CLIENT"); ?></label> <input id="client" type="text" class="form-control" name="client" maxlength="20" required autofocus> </div> <div class="form-group no-margin"> <button type="submit" class="btn btn-primary btn-block"> Signup </button> </div> <div class="margin-top20 text-center"> Have an account? <a href="../account-login.php">Login</a> </div> </form> </div> </div> <div class="footer"> Copyright © 2017 — TTCE </div> </div> </div> </div> </section> <script src="../login/js/jquery.min.js"></script> <script src="../login/bootstrap/js/bootstrap.min.js"></script> <script src="../login/js/my-login.js"></script> </body> </html> Last edited by Napon; 22nd July 2018 at 23:27. |
#8
|
|||
|
|||
Are you for real? No security to cover your membership ip's or am I tripping over the mysqli_real_string_escape()
|
#9
|
|||
|
|||
Bambam go away also this signup is 13on i only put ip check mate
|
#10
|
||||
|
||||
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses
|
Tags |
deny , double , ip |
|
|