Page 1 of 1

login script with ip

Posted: Sat Dec 23, 2006 6:29 am
by techker
Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


hey guys i got this code but i need to add a code that you can't signup with the same ip?
in my signup form.

Code:

Code: Select all

<?php
// ip_grab.php
/* Note: You can also check against $_SERVER variables
   not included in this script */
function ipGrabber() {
    if(getenv('HTTP_CLIENT_IP')):
        $ip = getenv('HTTP_CLIENT_IP');
    elseif(getenv('HTTP_X_FORWARDED_FOR')):
        $ip = getenv('HTTP_X_FORWARDED_FOR');
    else:
        $ip = getenv('REMOTE_ADDR');
    endif;
    return $ip;
}    

echo '<p>Your IP is: <b>'. ipGrabber() .'</b>.</p>';
?>

thanks for the help


Everah | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Dec 23, 2006 6:30 am
by volka
Who cannot signup with which "same ip"? Please elucidate

Posted: Sat Dec 23, 2006 6:39 am
by techker
well the site is supose to be very secure cause it is a distributor an only client can access.

he is affraid that anybody could signup.that is why i bneed to track ip and make shure they don't register twice .

i did not specify that i need to keep track of the ip's sorry.

Posted: Sat Dec 23, 2006 6:47 am
by volka
If I understand you correctly you need to store (username,ip) whenever a user logs in and remove that entry when a user logs out and/or after a certain amount of time without activity from that user. Where do you want to store this information?

Posted: Sat Dec 23, 2006 7:04 am
by techker
no,sorry im not being clear.lol xmas in my head$$$

the sigup script is hidden,they could only access it true a direct link sent in there mail.

now,i need to when they signup log there ips.

cause i don't want the same dealer to signup twice.

and if possible to log that ip along withthere username and pass.


but the main thing is i need to log there ip's.

i wounder if it is possible that they can only login where at the pc where the ip is ?

Posted: Sat Dec 23, 2006 7:26 am
by timvw
techker wrote: the sigup script is hidden,they could only access it true a direct link sent in there mail.
I'm assuming that each dealer recieves a unique link.. eg: http://example.com/?id=hash(dealer_id + something)
techker wrote: now,i need to when they signup log there ips.
cause i don't want the same dealer to signup twice.
Since they all come in via a different URL you could easily keep track of which URL has been used (and which not).

Most people do not have a static ip address, so your approach simply doesn't seem to cut it...

Since you're already sending out e-mails i'd simply add a username (probably their e-mail address or dealername) and a randomly generated password to the e-mail... This way you're 100% sure they can only use one account (the one you e-mailed them...)

Posted: Sat Dec 23, 2006 8:55 am
by RobertGonzalez
There is really no way to limit the number of accounts they can have. IPs are not as static as they once were, so there is a chance that in an hour a user could have as many as 10 different IP's, so checking that would allow as many as 10 accounts for the same person with different IP's in an hour. Is that the security you are looking for?

One way of achieving this is to assign each expected user a unique key and have that user validate against that key. Don't issue out a key until you have verified their identity. Kinda like knowing your neighbor and giving them one key to your house. You wouldn't give that neighbor two keys to your one house, so don't give your users two keys to your site. One unique key, registered in the database that needs to be validated when coming in the door and verified before they ever get invited.