login script with ip

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
techker
Forum Commoner
Posts: 52
Joined: Fri Sep 02, 2005 9:53 pm

login script with ip

Post by techker »

Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


hey guys i got this code but i need to add a code that you can't signup with the same ip?
in my signup form.

Code:

Code: Select all

<?php
// ip_grab.php
/* Note: You can also check against $_SERVER variables
   not included in this script */
function ipGrabber() {
    if(getenv('HTTP_CLIENT_IP')):
        $ip = getenv('HTTP_CLIENT_IP');
    elseif(getenv('HTTP_X_FORWARDED_FOR')):
        $ip = getenv('HTTP_X_FORWARDED_FOR');
    else:
        $ip = getenv('REMOTE_ADDR');
    endif;
    return $ip;
}    

echo '<p>Your IP is: <b>'. ipGrabber() .'</b>.</p>';
?>

thanks for the help


Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Who cannot signup with which "same ip"? Please elucidate
techker
Forum Commoner
Posts: 52
Joined: Fri Sep 02, 2005 9:53 pm

Post by techker »

well the site is supose to be very secure cause it is a distributor an only client can access.

he is affraid that anybody could signup.that is why i bneed to track ip and make shure they don't register twice .

i did not specify that i need to keep track of the ip's sorry.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

If I understand you correctly you need to store (username,ip) whenever a user logs in and remove that entry when a user logs out and/or after a certain amount of time without activity from that user. Where do you want to store this information?
techker
Forum Commoner
Posts: 52
Joined: Fri Sep 02, 2005 9:53 pm

Post by techker »

no,sorry im not being clear.lol xmas in my head$$$

the sigup script is hidden,they could only access it true a direct link sent in there mail.

now,i need to when they signup log there ips.

cause i don't want the same dealer to signup twice.

and if possible to log that ip along withthere username and pass.


but the main thing is i need to log there ip's.

i wounder if it is possible that they can only login where at the pc where the ip is ?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

techker wrote: the sigup script is hidden,they could only access it true a direct link sent in there mail.
I'm assuming that each dealer recieves a unique link.. eg: http://example.com/?id=hash(dealer_id + something)
techker wrote: now,i need to when they signup log there ips.
cause i don't want the same dealer to signup twice.
Since they all come in via a different URL you could easily keep track of which URL has been used (and which not).

Most people do not have a static ip address, so your approach simply doesn't seem to cut it...

Since you're already sending out e-mails i'd simply add a username (probably their e-mail address or dealername) and a randomly generated password to the e-mail... This way you're 100% sure they can only use one account (the one you e-mailed them...)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

There is really no way to limit the number of accounts they can have. IPs are not as static as they once were, so there is a chance that in an hour a user could have as many as 10 different IP's, so checking that would allow as many as 10 accounts for the same person with different IP's in an hour. Is that the security you are looking for?

One way of achieving this is to assign each expected user a unique key and have that user validate against that key. Don't issue out a key until you have verified their identity. Kinda like knowing your neighbor and giving them one key to your house. You wouldn't give that neighbor two keys to your one house, so don't give your users two keys to your site. One unique key, registered in the database that needs to be validated when coming in the door and verified before they ever get invited.
Post Reply