IP address recording.

[EsOne]

Hello. I am new(er) to PHP, but I think I am learning pretty quickly. You guys have helped me out a few times already.

 

Today I am trying to log/record IPs of visitors. I am not quite sure of the principles behind it, but would like to learn. Both the how and why of it.

 

I have learned to ban certain IPs, but it would only be assuming I know the IP address of the person I am trying to restrict. That code is:

 

<?php
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_VIA'])) {
    $ip = $_SERVER['HTTP_VIA'];
}
elseif (isset($_SERVER['REMOTE_ADDR'])) {
    $ip = $_SERVER['REMOTE_ADDR'];
}
else {
    $ip = "Banned";
}
$banned = file("banned.txt", "r+");
$nbanned = count($banned);
function ban($ip, $banned, $nbanned){
    for ($i = 0 ; $i < $nbanned ; $i++) {
        
        // Use this if you want to use IP patterns with regular expressions:
        // if (eregi($ip, $banned[$i])) {
        // We have to strip the end-of-line characters, to test for equality: 
        if ($ip ==  rtrim($banned[$i])) {
            echo "You have been banned from this site, if you feel this is in error ";
            echo "please send email to *********@***** ";
            die();
        }
    }
}
ban($ip, $banned, $nbanned);

?>

 

I'll admit that it was a copy/paste code. Not quite sure what it all does.

But, as I said, this only limits people that I know the IP address of.

 

Any help, or patient teaching is appreciated.

[RussellReal]

$_SERVER['REMOTE_ADDR'] will give you the IP address that the client gives to you lol. If you really want to log IP activity.. You could probably skate a lil bit and just record IP + REQUEST VARS. That way you can see what they're sending you, However, the ip they send you won't always be their actual IP address, could be a Proxy. or other possabilities so IP bans should be used lightly lol

[EsOne]

Could you explain that in a bit more detail?

 

REQUEST VARS?

 

I am guessing I will need to create a database in MYSQL to hold the information, correct?

[oni-kun]

I'll admit that it was a copy/paste code. Not quite sure what it all does.

But, as I said, this only limits people that I know the IP address of.

 

Any help, or patient teaching is appreciated.

 

$_SERVER['REMOTE_ADDR'] will return the primary connection to the server, minus any server variables that may be set (for valid reasons). X_FORWARDED_FOR is a very basic setting set by proxies, But virtually no web proxies actually use them, This is sort of deprecated (and old) for detecting a proxy.

 

Your code:

elseif (isset($_SERVER['REMOTE_ADDR'])) {
    $ip = $_SERVER['REMOTE_ADDR'];

 

Will always equate to TRUE, as remote_addr is required by the client to be sent, so there's not much of a chance it'll go to the 'ELSE' statement you have at the bottom.

 

.. A MySQL database would be simple to create, you can read tutorials on this site, etc.

 

EDIT: Request variables are anything under SERVER_VARS, $_SERVER, $_GET, $_POST etc..

[EsOne]

I have started a tutorial on MYSQL a few days ago. I know how to create tables and whatnot now.

I just don't know how to get information from MYSQL into a php page in a usable way, or how to make a code write to the table.

 

So, I would use the $_SERVER['REMOTE_ADDR'] to get the IP. What would the syntax look like if I wanted to put it into MYSQL?

 

Also, to view the IPs generated easily, would it be a good idea to create another page to list the IPs that have visited?

 

I'm not really worried about proxy use, as the site I am trying to do is but a small section. I want to limit access, but avoid "user passwords"

I want to avoid that because the few people that would have access to it could easily give out their password to friends. Then, I would be at square one over again. Having access to limit the IPs that visit seem better. Since, even if I did decide to go with a password/username system, I could still limit access from people that should not have access.

[RussellReal]

mysql_query("INSERT INTO ip_table (ip,request_vars) VALUES('{$_SERVER['REMOTE_ADDR']}','".mysql_real_escape_string(print_r($_REQUEST,true))."')");

 

and yes it would make moderating or looking through the data if you create a page for listing the activity.

[oni-kun]

$IP = $_SERVER['REMOTE_ADDR']; //Or whatever refined IP
$Requests = mysql_real_escape_string(print_r($_REQUEST,true)); //Grab server request vars
$Date = date('Y-m-d'); //The date, you can use other info..

mysql_query("INSERT INTO ip_table (IP, requests, date) VALUES('".$IP."','".$Requests."', '".$Date."' ) ") or die(mysql_error()); 

 

An example. It'll automatically add a new row, depending that your ID field is auto_increment.

 

Yes, you should create a passworded page that echos the contents of the table 'ip_table' via the while loop i'm sure the tutorials taught you, you can easily just store any info you want. You may want to use php_myadmin to maintain or switch any tables without redoing it all..

[ngreenwood6]

I'm not really worried about proxy use, as the site I am trying to do is but a small section. I want to limit access, but avoid "user passwords"

I want to avoid that because the few people that would have access to it could easily give out their password to friends. Then, I would be at square one over again. Having access to limit the IPs that visit seem better. Since, even if I did decide to go with a password/username system, I could still limit access from people that should not have access.

 

There is few problems with what you are trying to do. Say you allow a user to have access to the site, but they are using a public proxy. Anyone using that proxy can now access your website because they are coming from the same ip. The other problem is that most home users are using a dynamic ip address meaning that it can change. If you limit it to ip address and there ip address changes then they will no longer have access to the site.

[Daniel0]

$_SERVER['REMOTE_ADDR'] will return the primary connection to the server, minus any server variables that may be set (for valid reasons). X_FORWARDED_FOR is a very basic setting set by proxies, But virtually no web proxies actually use them, This is sort of deprecated (and old) for detecting a proxy.

 

Plus, anyone who knows just a little bit about HTTP can send their own X-Forwarded-For header with bogus information, which just makes spoofing IP addresses even easier.

[EsOne]

@ngreenwood - not sure I understand what you mean. Or, vice-versa.

 

This site will be closely monitored. I will pesonally monitor who I know is on there. If I see an unexplained IP, I will try to limit it. The part of the site I am trying to do this on will only have a max of 10 users, all of which are friends of mine. If I notice an IP that differs from the 10 peoples IP, I will limit the access. Even if the persons IP is dynamic, I will still know it is them by asking them. LOL.

 

I think I will give up on this for now. I really need to learn more about MYSQL first. Since, I don't really know how to get PHP to store the correct info in the correct place.

 

Thanks everyone. I will be back if I need any more assistance.

[ngreenwood6]

If you are going to know all the ipaddresses then no big deal. One thing that I never suggest is giving up because you dont understand something. Imagine if every programmer out there did that. We wouldnt have the great sites/programs/operating systems that we have. Sometimes just sticking to it and asking questions is a great way to learn. Here is a great site for php and mysql beginner tutorials http://www.tizag.com/mysqlTutorial/index.php. Go through some of the tutorials and if you dont understand something come back here and ask and someone will be more than happy to answer your question. No question is a dumb question (hence the reason it is a question).

[EsOne]

The page you recommended goes to a 404.

 

Oni-kun recommended

$IP = $_SERVER['REMOTE_ADDR']; //Or whatever refined IP
$Requests = mysql_real_escape_string(print_r($_REQUEST,true)); //Grab server request vars
$Date = date('Y-m-d'); //The date, you can use other info..

mysql_query("INSERT INTO ip_table (IP, requests, date) VALUES('".$IP."','".$Requests."', '".$Date."' ) ") or die(mysql_error());

 

I get the

$IP = $_SERVER['REMOTE_ADDR']; //Or whatever refined IP

line.

 

It is assigning the results from the $_SERVER['REMOTE_ADDR'] to the variable $IP.

 

 

$Requests = mysql_real_escape_string(print_r($_REQUEST,true)); //Grab server request vars

Not sure on this line. The mysql_real_escape_string(print_r($_REQUEST,true)); is being assigned to $Requests, but what is it, and what exactly is the string it is assigning to $Requests?

 

$Date = date('Y-m-d'); //The date, you can use other info..

A bit obvious. It is assigning the date into the variable $Date. However, where is it pulling the date from?

 

mysql_query("INSERT INTO ip_table (IP, requests, date) VALUES('".$IP."','".$Requests."', '".$Date."' ) ") or die(mysql_error());

 

This is writing the information into MYSQL, correct? The ("INSERT INTO ip_table (IP, requests, date) VALUES('".$IP.",".$Requests."','".$Date."') ")

is saying insert the values of $IP, $Requests, and $Data into ip_table in the IP, requests, and date sections.

 

I have tried this, with the following:

 

<?php

$connection= mysql_connect("host","username","password.");

if(!$connection)
{
die("Error" . mysql_error());
}

$dbselect= mysql_select_db("ip_table",$connection);

$IP =$_SERVER['REMOTE_ADDR']; //Or whatever refined IP
$Requests =mysql_real_escape_string(print_r($_REQUEST,true)); //Grab server request vars
$Date =date('Y-m-d'); //The date, you can use other info..

mysql_query($dbselect,"INSERT INTO ip_table (IP, requests, date) VALUES('".$IP."','".$Requests."', '".$Date."' ) ") or die(mysql_error());

 

I get this error:

 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/e/s/o/esone/html/test/jsontest.php on line 16

Access denied for user 'username'@'%' to database 'ip_table'

 

Maybe because of how I have my MYSQL table set up?

 

[ngreenwood6]

it goes to a 404 because it is taking the . i added to the sentence to the end of the url just remove it or use this link http://www.tizag.com/mysqlTutorial/index.php . the error that you are getting from mysql is because in your mysql_connect function you are using username as the username instead of the actual username. your mysql_connect should look like this if you are using wampserver:

 

mysql_connect('localhost','root','');

[EsOne]

Oh, I have a connection. I just changed the password, host, and username for privacy reasons when posting it.

[ngreenwood6]

oh ok just making sure. you are trying to connect to a database but you are using the table name by looking at your screen shot this line:

 

$dbselect= mysql_select_db("ip_table",$connection);

 

should be this:

$dbselect= mysql_select_db("greg1233",$connection);

[EsOne]

Wonderful. It worked. Now...

 

In my above pic of my table. Do I have the types right for each section? (IP being int, Requests being text, and date being an int)

 

I did notice some information being written to it after I visited the page. I just want the information to be in the right format for being pulled up later.

 

[EsOne]

I changed the IP field to "text", and date to "Date", and kept the Request as "Text"

 

While browsing the table I see my IP and the correct date, and in the Requests section I see:

 

Array
(
   [wp-settings-1] => m0=o&m1=o&m2=c&m3=c&m4=o&m5=o&m6=o&m7=o&mate=c&m9=c&uploader=1&hidetb=1&editor=tinymce&align=right&m10=c
   [wp-settings-time-1] => 1259685694
   [phpbb3_n8av8_k] =>
   [style_cookie] => null
   [phpbb3_n8av8_u] => 2
   [phpbb3_n8av8_sid] => 02150c018d96853be6e39d2ac537223c

 

What exactly does this "Requests" section do? And what info does it hold?

[EsOne]

Also, tried this to show the info on a new page:

 

$result= mysql_query("SELECT * FROM greg1233");

while ($row = mysql_fetch_array($result));
{
echo $row[1]. " " .$row[3]."</br>";
)

 

(while testing, this is all going in one file. Kind of like a big test compilation.)

 

It comes back with this error:

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/e/s/o/esone/html/test/jsontest.php on line 53

 

Line 53 being:

while ($row = mysql_fetch_array($result));

[oni-kun]

Hmm.. Maybe the supplied table is wrong, your code appears to be correct, Try:

$result= mysql_query("SELECT * FROM greg1233 WHERE `id` = '1'");

while ($row = mysql_fetch_array($result));
{
echo $row['text']. " - " .$row['Date']." - </br>";
)

 

And Request field, contains all GET/POST/Cookie/Session variables.

 

EDIT: date is a function, Also you may want to look at http://www.php.net/manual/en/reserved.variables.request.php

[EsOne]

Okay, I fixed the line 53 error. Now I am having an issue turning the data into an array. When I used the fetch_array thing, it did not return an error, but did nothing. I did some debugging, I echoed $result before the fetch array, and it came back as:

Resource id #3

 

After I var_dumped @result. I got this return:

 

resource(3) of type (mysql result)

 

And i also echoed $result AFTER I had assigned the array to it, and it still echoes as Resource id#3.

 

Here is the updated code I am using:

 

$result = mysql_query("SELECT * FROM ip_table ORDER BY ID DESC");

echo $result . "</br>";

while ($row = mysql_fetch_array($result));
{
echo $row["IP"]. " " .$row["Date"]."</br>";
}

var_dump($result);
echo "</br>" . $result;

 

 

 

 

 

 

 

@oni - I just tried that with these results:

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/e/s/o/esone/html/test/jsontest.php on line 55

 

bool(false)

 

 

[oni-kun]

Maybe try an association array?

$result = mysql_query("SELECT * FROM ip_table ORDER BY ID DESC");
while ($row = mysql_fetch_assoc($result)) {
    echo $row[0];
    echo $row[1];
    echo $row[2];
}

 

EDIT: While loop.

[EsOne]

Nothing comes up now. No errors, but nothing else either.

 

I echoed $result again, and it still says resource id#3

 

 

 

Just posting this again to maybe find out if I am coding it wrong for the location I am trying to get an array from.

 

"SELECT * FROM ip_table ORDER BY ID DESC"

I am telling it to select all data from the table ip_table and to order it decending.

 

I think that part may be what is wrong. However, I tried "SELECT * FROM ip_table WHERE 'id' ORDER DESC" with the same results.

 

In my table, the IP should be in row[1], and the date in row[3].

 

[oni-kun]

$query=mysql_query("SELECT * FROM ip_table ORDER BY ID DESC");
$row=mysql_fetch_array($query);
echo($row[1]);

 

Maybe try this..

 

Resource ID#3 is an internal pointer that MySQL uses in the result. mysql_fetch_* should not return that.. Hmm.

[ngreenwood6]

it looks like your query is failing, you should change your query to this when troubleshooting:

 

$query=mysql_query("SELECT * FROM ip_table ORDER BY ID DESC") or die(mysql_error());

 

I think the issue is because you are trying to order it by ID but the field is id (different case) so try this:

 

$query=mysql_query("SELECT * FROM ip_table ORDER BY id DESC");

[EsOne]

$query=mysql_query("SELECT * FROM ip_table ORDER BY ID DESC");
$row=mysql_fetch_array($query);
echo($row[1]);

 

Maybe try this..

 

Resource ID#3 is an internal pointer that MySQL uses in the result. mysql_fetch_* should not return that.. Hmm.

 

That worked! Well, sorda! It did show me an ip, and I added it to echo $row[3] so it shows the date, however, isn't it supposed to echo all the IPs in that row ordered by decending ID? It only showed me one IP and date.

 

Also. What changed in that code? The only thing I really notice is the $result changed to $query.