Jump to content

Recommended Posts

Hey there,

 

The company I worked for would like to put in security to our login page (we have a very niche market and can guarantee the clients who will be logging in.) in which when the user registers their account, it takes the IP address and registers it to that account, that way that account can only be accessed via that IP address. (can also guarantee with 99.9% that the IP addresses will stay the same)

 

I am using usercake, but just need some help adding in the IP address validation. I know that:

$ip=$_SERVER['REMOTE_ADDR'];

will show the ip address when they log in.

 

I know the theory just not how to do it.

 

My register script is: 

 

<?php

require_once("models/config.php");
if (!securePage($_SERVER['PHP_SELF'])) {
                die();
}

//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
                header("Location: account.php");
                die();
}

//Forms posted
if (!empty($_POST)) {
                $errors       = array();
                $email        = trim($_POST["email"]);
                $username     = trim($_POST["username"]);
                $displayname  = trim($_POST["displayname"]);
                $password     = trim($_POST["password"]);
                $confirm_pass = trim($_POST["passwordc"]);
                $captcha      = md5($_POST["captcha"]);
                
                
                if ($captcha != $_SESSION['captcha']) {
                                $errors[] = lang("CAPTCHA_FAIL");
                }
                if (minMaxRange(5, 25, $username)) {
                                $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT", array(
                                                5,
                                                25
                                ));
                }
                if (!ctype_alnum($username)) {
                                $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS");
                }
                if (minMaxRange(5, 25, $displayname)) {
                                $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(
                                                5,
                                                25
                                ));
                }
                if (!ctype_alnum($displayname)) {
                                $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
                }
                if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $confirm_pass)) {
                                $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT", array(
                                                8,
                                                50
                                ));
                } else if ($password != $confirm_pass) {
                                $errors[] = lang("ACCOUNT_PASS_MISMATCH");
                }
                if (!isValidEmail($email)) {
                                $errors[] = lang("ACCOUNT_INVALID_EMAIL");
                }
                //End data validation
                if (count($errors) == 0) {
                                //Construct a user object
                                $user = new User($username, $displayname, $password, $email);
                                
                                //Checking this flag tells us whether there were any errors such as possible data duplication occured
                                if (!$user->status) {
                                                if ($user->username_taken)
                                                                $errors[] = lang("ACCOUNT_USERNAME_IN_USE", array(
                                                                                $username
                                                                ));
                                                if ($user->displayname_taken)
                                                                $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array(
                                                                                $displayname
                                                                ));
                                                if ($user->email_taken)
                                                                $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array(
                                                                                $email
                                                                ));
                                } else {
                                                //Attempt to add the user to the database, carry out finishing  tasks like emailing the user (if required)
                                                if (!$user->userCakeAddUser()) {
                                                                if ($user->mail_failure)
                                                                                $errors[] = lang("MAIL_ERROR");
                                                                if ($user->sql_failure)
                                                                                $errors[] = lang("SQL_ERROR");
                                                }
                                }
                }
                if (count($errors) == 0) {
                                $successes[] = $user->success;
                }
}
echo "
<?php include 'models/site-templates/default.css'; ?>
</style>

<body>
  <div id='header'>

    <div id='top'>
      <div id='logo'>
      </div>
    </div>

       <div id='default'>
        ";
        include("left-nav3.php");
        echo "
      </div>

      <div id='output'>
        ";


echo resultBlock($errors, $successes);


echo "<div id='details'>
Please complete the form, once you have finished our friendly admin will need to approve you</div>
        <div id='regbox'>
          <form name='newUser    
      
            <center>
                <p>
                  <label>
                    User Name
                  </label>
                </br>
              <p>
                <input type='text' name='username' />
              </p>
            </center>
            <center>
              <p>
                <label>
                  Display Name
                </label>
              </br>
            <input type='text' name='displayname' />
          </p>
        </center>
        <center>
          <p>
            <label>
              Password
            </label>
          </br>
        <input type='password' name='password' />
      </p>
    </center>
    <center>
      <p>
        <label>
          Confirm
        </label>
      </br>
    <input type='password' name='passwordc' />
  </p>
</center>
<center>
  <p>
    <label>
      Email
    </label>
  </br>
<input type='text' name='email' />
</p>
</center>
<center>
  <p>
    <label>
      Security Code
    </label>
  </br>
<img src='models/captcha.php'>
</p>
</center>
<center>
  <label>
    Enter Security Code
  </label>
</br>
<input name='captcha' type='text'>
</p>
</center>
<center>
  <label>
     
    <br>
    <input type='submit' value='Register'/>
  </p>
</center>
</form>
</div>
</div>
</body>
</html>
";
?>

I realise that its a long script, I just need to take the IP address and add it to the table under the column IP, then when the login is done it checks the IP to make sure.

 

P.s. I am very new to PHP, hence my use of usercake

 

 

I haz free cookies to anyone who helps?

 

 

Assuming you're talking about IPv4, right?  A common use of dot-decimal notation is to separate those four octets just for human convenience, nothing else. So, no need to create a special space for them inside an column, not to mention that they are not numbers. Just create a standard column with integer type 4 bytes unsigned int(4) and use mysql INET_ATON() function to store an IP address and INET_NTOA to return the dotted-quad representation of the address as a binary string. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.