Bravo List
Register
Go Back   > Bravo List > Source Code > Active Trackers > Torrent Trader
Reply
  #1  
Old 22nd July 2018, 09:00
Botanicar's Avatar
Botanicar Botanicar is offline
Senior Member
 
Join Date: Jun 2013
Croatia
Posts: 127
Exclamation Deny double IP
How can I preventive deny double IP registration so that users are informed that there is already a user registered from this IP address ....


Regards
Reply With Quote
  #2  
Old 22nd July 2018, 09:52
nilim's Avatar
nilim nilim is offline
Senior Member
 
Join Date: Apr 2016
P2P
Posts: 51
Default
For Detecting duplicate ip during sign up
In account-signup.php

Code:
        // check if IP is already in use
        $a = (@mysql_fetch_row(@SQL_Query_exec("select count(*) from users where ip='$ip'")));
        if ($a[0] != 0)
         $message = sprintf(T_("IP_ADDRESS_INUSE_S"), $ip);

For detecting duplicate ip already in use
In admincp.php

add
Code:
<td align="center"><a href="admincp.php?action=duplicateips"><img src="images/admin/double-ip.png" border="0" width="118" height="80" alt="" /><br /><?php echo T_("DUPLICATEIP"); ?><br /></a></td>
also add

Code:
#======================================================================#
#  Duplicate IP's
#======================================================================#
if ($action == "duplicateips")
{
        $res = SQL_Query_exec("SELECT ip FROM users GROUP BY ip HAVING count(*) > 1");
        $num = mysql_num_rows($res);
        
        list($pagertop, $pagerbottom, $limit) = pager(25, $num, 'admincp.php?action=duplicateips&amp;');
        
        $res = SQL_Query_exec("SELECT id, username, class, email, ip, added, last_access, COUNT(*) as count FROM users GROUP BY ip HAVING count(*) > 1 ORDER BY id ASC $limit");

        stdhead(T_("DUPLICATEIP"));
        
        
        begin_frame(T_("DUPLICATEIP"));
        ?>
        
        <center><?php echo T_("DUPLICATEIPINFO"); ?></center>

        <br />
        
        <?php if ($num > 0): ?>
        <br />
        <table border="0" cellpadding="3" cellspacing="0" width="100%" align="center" class="table_table">
        <tr>
                        <th class="table_head"><?php echo T_("USERNAME"); ?></th>
                        <th class="table_head"><?php echo T_("USERCLASS"); ?></th>
                        <th class="table_head"><?php echo T_("EMAIL"); ?></th>
                        <th class="table_head"><?php echo T_("IP"); ?></th>
                        <th class="table_head"><?php echo T_("ADDED"); ?></th>
                        <th class="table_head"><?php echo T_("COUNT"); ?></th>
        </tr>
        <?php while ($row = mysql_fetch_assoc($res)): ?>
        <tr>
                        <td class="table_col1" align="center"><a href="account-details.php?id=<?php echo $row["id"]; ?>"><?php echo $row["username"]; ?></a></td>
                        <td class="table_col2" align="center"><?php echo get_user_class_name($row["class"]); ?></td>
                        <td class="table_col1" align="center"><?php echo $row["email"]; ?></td>
                        <td class="table_col2" align="center"><?php echo $row["ip"]; ?></td>
                        <td class="table_col1" align="center"><?php echo utc_to_tz($row["added"]); ?></td>
                        <td class="table_col1" align="center"><a href="admincp.php?action=usersearch&amp;ip=<?php echo $row['ip']; ?>"><?php echo number_format($row['count']); ?></a></td>
        </tr>
        <?php endwhile; ?>
        </table>                 
        <?php else: ?>
                   <center><b><?php echo T_("NOTHING_FOUND"); ?></b></center>
        <?php  
        endif;
                                                                                                                  
        if ($num > 25) echo $pagerbottom;

        end_frame();
      navmenu();
        stdfoot();
}
add this in language

Code:
$LANG['DUPLICATEIP'] = 'Duplicate IP\'s';
$LANG['DUPLICATEIPINFO'] = "This page displays all users which the database shows them having more than one account associated by their ip.";
put image in images folder.
Attached Images
 

Last edited by nilim; 22nd July 2018 at 11:14.
Reply With Quote
  #3  
Old 22nd July 2018, 10:02
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
Here is the mod for signup and ip check so noone can signup with the same ip
Attached Files
File Type: rar tmp_2483-ipcheck1793643763.rar (783 Bytes, 20 views)
Reply With Quote
  #4  
Old 22nd July 2018, 12:55
Botanicar's Avatar
Botanicar Botanicar is offline
Senior Member
 
Join Date: Jun 2013
Croatia
Posts: 127
Default
Hi and thaks, first fix give me a blank (white) page

Napon, it's something wrong somewhere, don't know where, but don't work....

My version is 2.5 and use mysqli (line 36 to 38)



Code:
if ($_GET["takesignup"] == "1") { 

$message == "";

Last edited by Botanicar; 22nd July 2018 at 13:09. Reason: version update
Reply With Quote
  #5  
Old 22nd July 2018, 14:50
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
Ok Replace all this keep the config as it is

I should not give code for 13on code at all but here you go
Attached Files
File Type: rar tmp_2054-ok-1275775431.rar (497 Bytes, 11 views)

Last edited by Napon; 22nd July 2018 at 16:47.
Reply With Quote
  #6  
Old 22nd July 2018, 18:33
papad's Avatar
papad papad is offline
Administrator
 
Join Date: Feb 2013
P2P
Posts: 146
Default
You have also for v2.08 Napon??
Reply With Quote
  #7  
Old 22nd July 2018, 20:03
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
Yes mate

This for 13on signup below

Code:
<?php
// 
//  TorrentTrader v2.x 
//    $LastChangedDate: 2012-09-27 22:15:34 +0100 (Thu, 27 Sep 2012) $ 
//      $LastChangedBy: torrenttrader $ 
//     
//    http://www.torrenttrader.org 
// 
// 
require_once("backend/functions.php"); 
dbconn(); 

$username_length = 15; // Max username length. You shouldn't set this higher without editing the database first 
$password_minlength = 6; 
$password_maxlength = 40; 

// Disable checks if we're signing up with an invite 
if (!is_valid_id($_REQUEST["invite"]) || strlen($_REQUEST["secret"]) != 32) { 
    //invite only check 
    if ($site_config["INVITEONLY"]) { 
        show_error_msg(T_("INVITE_ONLY"), "<br /><br /><center>".T_("INVITE_ONLY_MSG")."<br /><br /></center>",1); 
    } 

    //get max members, and check how many users there is 
    $numsitemembers = get_row_count("users"); 
    if ($numsitemembers >= $site_config["maxusers"]) 
        show_error_msg(T_("SORRY")."...", T_("SITE_FULL_LIMIT_MSG") . number_format($site_config["maxusers"])." ".T_("SITE_FULL_LIMIT_REACHED_MSG")." ".number_format($numsitemembers)." members",1); 
} else { 
    $res = SQL_Query_exec("SELECT id FROM users WHERE id = $_REQUEST[invite] AND MD5(secret) = ".sqlesc($_REQUEST["secret"])); 
    $invite_row = mysqli_fetch_assoc($res); 
    if (!$invite_row) { 
        show_error_msg(T_("ERROR"), T_("INVITE_ONLY_NOT_FOUND")." ".($site_config['signup_timeout']/86400)." days.", 1); 
    } 
} 

if ($_GET["takesignup"] == "1") {
if ($site_config["ipcheck"] && $site_config["accountmax"] > "0") {
    $ip = $_SERVER['REMOTE_ADDR'];
    $ipc = SQL_Query_exec("SELECT COUNT(ip) FROM users WHERE ip = '$ip'");
    $ipq = mysqli_result($ipc,  0);
if ($ipq >= $site_config["accountmax"])
    show_error_msg("Error","Only allows $site_config[accountmax] account per IP. If you would like to create a new account, please contact a staff member via PM or IRC.<br><br> The error was: maximum account count($site_config[accountmax]) Exceeded for $ip($ipq), cannot proceed with signup.",1);
}
$message == "";
function validusername($username) {
        $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 
        for ($i = 0; $i < strlen($username); ++$i) 
            if (strpos($allowedchars, $username[$i]) === false) 
            return false; 
        return true; 
} 

    $wantusername = $_POST["wantusername"]; 
    $email = $_POST["email"]; 
    $wantpassword = $_POST["wantpassword"]; 
    $passagain = $_POST["passagain"]; 
    $country = $_POST["country"]; 
    $gender = $_POST["gender"]; 
    $client = $_POST["client"]; 
    $age = (int) $_POST["age"];

  if (empty($wantpassword) || (empty($email) && !$invite_row) || empty($wantusername)) 
    $message = T_("DONT_LEAVE_ANY_FIELD_BLANK"); 
  elseif (strlen($wantusername) > $username_length) 
    $message = sprintf(T_("USERNAME_TOO_LONG"), $username_length); 
  elseif ($wantpassword != $passagain) 
    $message = T_("PASSWORDS_NOT_MATCH"); 
  elseif (strlen($wantpassword) < $password_minlength) 
    $message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength); 
  elseif (strlen($wantpassword) > $password_maxlength) 
    $message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength); 
  elseif ($wantpassword == $wantusername) 
     $message = T_("PASS_CANT_MATCH_USERNAME"); 
  elseif (!validusername($wantusername)) 
    $message = "Invalid username."; 
  elseif (!$invite_row && !validemail($email)) 
        $message = "That doesn't look like a valid email address."; 

    if ($message == "") { 
        // Certain checks must be skipped for invites 
        if (!$invite_row) { 
            //check email isnt banned 
            $maildomain = (substr($email, strpos($email, "@") + 1)); 
            $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='$email'"))); 
            if ($a[0] != 0) 
                $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); 

            $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%$maildomain%'"))); 
            if ($a[0] != 0) 
                $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); 

          // check if email addy is already in use 
          $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where email='$email'"))); 
          if ($a[0] != 0) 
            $message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email); 
        } 

       //check username isnt in use 
      $a = (@mysqli_fetch_row(@SQL_Query_exec("select count(*) from users where username='$wantusername'"))); 
      if ($a[0] != 0) 
        $message = sprintf(T_("USERNAME_INUSE_S"), $wantusername);  

      $secret = mksecret(); //generate secret field 

      $wantpassword = passhash($wantpassword);// hash the password 
    } 

    if ($message != "") 
        show_error_msg(T_("SIGNUP_FAILED"), $message, 1); 

  if ($message == "") { 
        if ($invite_row) { 
            SQL_Query_exec("UPDATE users SET username=".sqlesc($wantusername).", password=".sqlesc($wantpassword).", secret=".sqlesc($secret).", status='confirmed', added='".get_date_time()."' WHERE id=$invite_row[id]"); 
            //send pm to new user 
            if ($site_config["WELCOMEPMON"]){ 
                $dt = sqlesc(get_date_time()); 
                $msg = sqlesc($site_config["WELCOMEPMMSG"]); 
                SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $invite_row[id], $dt, $msg, 0)"); 
            } 
            header("Refresh: 0; url=account-confirm-ok.php?type=confirm"); 
            die; 
        } 

    if ($site_config["CONFIRMEMAIL"]) { //req confirm email true/false 
        $status = "pending"; 
    }else{ 
        $status = "confirmed"; 
    } 

    //make first member admin 
    if ($numsitemembers == '0') 
        $signupclass = '7'; 
    else 
        $signupclass = '1'; 

    SQL_Query_exec("INSERT INTO users (username, password, secret, email, status, added, last_access, age, country, gender, client, stylesheet, language, class, ip) VALUES (" . 
      implode(",", array_map("sqlesc", array($wantusername, $wantpassword, $secret, $email, $status, get_date_time(), get_date_time(), $age, $country, $gender, $client, $site_config["default_theme"], $site_config["default_language"], $signupclass, getip()))).")"); 

    $id = ((is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); 

    $psecret = md5($secret); 
    $thishost = $_SERVER["HTTP_HOST"]; 
    $thisdomain = preg_replace('/^www\./is', "", $thishost); 

    //ADMIN CONFIRM 
    if ($site_config["ACONFIRM"]) { 
        $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_CREATED_YOU_WILL_HAVE_TO_WAIT")."\n\n".$site_config['SITENAME']." ".T_("ADMIN"); 
    }else{//NO ADMIN CONFIRM, BUT EMAIL CONFIRM 
        $body = T_("YOUR_ACCOUNT_AT")." ".$site_config['SITENAME']." ".T_("HAS_BEEN_APPROVED_EMAIL")."\n\n    ".$site_config['SITEURL']."/account-confirm.php?id=$id&secret=$psecret\n\n".T_("HAS_BEEN_APPROVED_EMAIL_AFTER")."\n\n    ".T_("HAS_BEEN_APPROVED_EMAIL_DELETED")."\n\n".$site_config['SITENAME']." ".T_("ADMIN"); 
    } 

    if ($site_config["CONFIRMEMAIL"]){ //email confirmation is on 
        sendmail($email, "Your $site_config[SITENAME] User Account", $body, "", "-f$site_config[SITEEMAIL]"); 
        header("Refresh: 0; url=account-confirm-ok.php?type=signup&email=" . urlencode($email)); 
    }else{ //email confirmation is off 
        header("Refresh: 0; url=account-confirm-ok.php?type=noconf"); 
    } 
    //send pm to new user 
    if ($site_config["WELCOMEPMON"]){ 
        $dt = sqlesc(get_date_time()); 
        $msg = sqlesc($site_config["WELCOMEPMMSG"]); 
        SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)"); 
    } 

    die; 
  } 

}//end takesignup 

?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="author" content="Kodinger">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>TTCE-Signup</title>
    <link rel="stylesheet" type="text/css" href="../login/bootstrap/css/bootstrap.min.css">
    <link rel="stylesheet" type="text/css" href="../login/css/my-login.css">
</head>
<body class="my-login-page">
    <section class="h-100">
        <div class="container h-100">
            <div class="row justify-content-md-center h-100">
                <div class="card-wrapper">
                    <div class="brand">
                        <img src="../login/img/logo.jpg">
                    </div>
                    <div class="card fat">
                        <div class="card-body">
                            <h4 class="card-title">Signup</h4>
<form method="post" action="account-signup.php?takesignup=1"> 
    <?php if ($invite_row) { ?> 
    <input type="hidden" name="invite"  class="form-control" value="<?php echo $_GET["invite"]; ?>" /> 
    <input type="hidden" name="secret" class="form-control" value="<?php echo htmlspecialchars($_GET["secret"]); ?>" /> 
    <?php } ?> 
<div class="form-group">
    <label for="username"><?php echo T_("USERNAME"); ?></label>
    <input id="username" type="text" class="form-control" name="wantusername" required autofocus>
</div>
<div class="form-group">
    <label for="password"><?php echo T_("PASSWORD"); ?></label>
    <input id="password" type="password" class="form-control" name="wantpassword" required data-eye>
</div>                
<div class="form-group">
    <label for="password2"><?php echo T_("CONFIRM"); ?></label>
    <input id="password2" type="password" class="form-control" name="passagain" required data-eye>
</div> 
<?php if (!$invite_row) {?> 
<div class="form-group">
    <label for="email"><?php echo T_("EMAIL"); ?></label>
    <input id="email" type="text" class="form-control" name="email" required autofocus>
</div>
<?php } ?> 
<div class="form-group">
    <label for="age"><?php echo T_("AGE"); ?></label>
    <input id="age" type="text" class="form-control" name="age" maxlength="3" required autofocus>
</div>
 <div class="form-group">
    <label for="country"><?php echo T_("COUNTRY"); ?> </label>
             
<select name="country" id="country" class="form-control" size="1"> 
                        <?php 
                        $countries = "<option value=\"0\">---- ".T_("NONE_SELECTED")." ----</option>\n"; 
                        $ct_r = SQL_Query_exec("SELECT id,name,domain from countries ORDER BY name"); 
                        while ($ct_a = mysqli_fetch_assoc($ct_r)) { 
                            $countries .= "<option value=\"$ct_a[id]\">$ct_a[name]</option>\n"; 
                        } 
                        ?> 
                        <?php echo $countries; ?> 
</select> 
</div>  

<div class="form-group">
    <label for="gender"><?php echo T_("GENDER"); ?></label>
<select name="gender" id="gender" class="form-control" size="1"> 
  <option>Male</option>
  <option>Female</option>                      
</select>     
</div>            
<div class="form-group">
    <label for="client"><?php echo T_("PREF_BITTORRENT_CLIENT"); ?></label>
    <input id="client" type="text" class="form-control" name="client"  maxlength="20" required autofocus>
</div> 
<div class="form-group no-margin">
                                    <button type="submit" class="btn btn-primary btn-block">
                                        Signup
                                    </button>
                                </div>
                                <div class="margin-top20 text-center">
                                    Have an account? <a href="../account-login.php">Login</a>
                                </div>
               
</form> 
</div>
                    </div>
                    <div class="footer">
                        Copyright &copy; 2017 &mdash; TTCE
                    </div>
                </div>
            </div>
        </div>
    </section>

    <script src="../login/js/jquery.min.js"></script>
    <script src="../login/bootstrap/js/bootstrap.min.js"></script>
    <script src="../login/js/my-login.js"></script>
</body>
</html>
On my FMEDition Trader v3
Attached Thumbnails
tmp_9257-11323317883.png  

Last edited by Napon; 22nd July 2018 at 23:27.
Reply With Quote
  #8  
Old 23rd July 2018, 06:06
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default
Are you for real? No security to cover your membership ip's or am I tripping over the mysqli_real_string_escape()
Reply With Quote
  #9  
Old 23rd July 2018, 08:56
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
Bambam go away also this signup is 13on i only put ip check mate
Reply With Quote
  #10  
Old 23rd July 2018, 16:20
HDVinnie's Avatar
HDVinnie HDVinnie is offline
BluCrew
 
Join Date: Dec 2014
P2P
Posts: 140
Default
with VPNs and alike these IP check systems are 99% inefficient. Do the right thing and stop storing your members IP addresses
Reply With Quote
Reply

Tags
deny , double , ip

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 22:16. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.