marriott81 Posted February 4, 2014 Share Posted February 4, 2014 Hey there, The company I worked for would like to put in security to our login page (we have a very niche market and can guarantee the clients who will be logging in.) in which when the user registers their account, it takes the IP address and registers it to that account, that way that account can only be accessed via that IP address. (can also guarantee with 99.9% that the IP addresses will stay the same) I am using usercake, but just need some help adding in the IP address validation. I know that: $ip=$_SERVER['REMOTE_ADDR']; will show the ip address when they log in. I know the theory just not how to do it. My register script is: <?php require_once("models/config.php"); if (!securePage($_SERVER['PHP_SELF'])) { die(); } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: account.php"); die(); } //Forms posted if (!empty($_POST)) { $errors = array(); $email = trim($_POST["email"]); $username = trim($_POST["username"]); $displayname = trim($_POST["displayname"]); $password = trim($_POST["password"]); $confirm_pass = trim($_POST["passwordc"]); $captcha = md5($_POST["captcha"]); if ($captcha != $_SESSION['captcha']) { $errors[] = lang("CAPTCHA_FAIL"); } if (minMaxRange(5, 25, $username)) { $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT", array( 5, 25 )); } if (!ctype_alnum($username)) { $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS"); } if (minMaxRange(5, 25, $displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array( 5, 25 )); } if (!ctype_alnum($displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $confirm_pass)) { $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT", array( 8, 50 )); } else if ($password != $confirm_pass) { $errors[] = lang("ACCOUNT_PASS_MISMATCH"); } if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } //End data validation if (count($errors) == 0) { //Construct a user object $user = new User($username, $displayname, $password, $email); //Checking this flag tells us whether there were any errors such as possible data duplication occured if (!$user->status) { if ($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE", array( $username )); if ($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array( $displayname )); if ($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array( $email )); } else { //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required) if (!$user->userCakeAddUser()) { if ($user->mail_failure) $errors[] = lang("MAIL_ERROR"); if ($user->sql_failure) $errors[] = lang("SQL_ERROR"); } } } if (count($errors) == 0) { $successes[] = $user->success; } } echo " <?php include 'models/site-templates/default.css'; ?> </style> <body> <div id='header'> <div id='top'> <div id='logo'> </div> </div> <div id='default'> "; include("left-nav3.php"); echo " </div> <div id='output'> "; echo resultBlock($errors, $successes); echo "<div id='details'> Please complete the form, once you have finished our friendly admin will need to approve you</div> <div id='regbox'> <form name='newUser <center> <p> <label> User Name </label> </br> <p> <input type='text' name='username' /> </p> </center> <center> <p> <label> Display Name </label> </br> <input type='text' name='displayname' /> </p> </center> <center> <p> <label> Password </label> </br> <input type='password' name='password' /> </p> </center> <center> <p> <label> Confirm </label> </br> <input type='password' name='passwordc' /> </p> </center> <center> <p> <label> Email </label> </br> <input type='text' name='email' /> </p> </center> <center> <p> <label> Security Code </label> </br> <img src='models/captcha.php'> </p> </center> <center> <label> Enter Security Code </label> </br> <input name='captcha' type='text'> </p> </center> <center> <label> <br> <input type='submit' value='Register'/> </p> </center> </form> </div> </div> </body> </html> "; ?> I realise that its a long script, I just need to take the IP address and add it to the table under the column IP, then when the login is done it checks the IP to make sure. P.s. I am very new to PHP, hence my use of usercake I haz free cookies to anyone who helps? Quote Link to comment https://forums.phpfreaks.com/topic/285931-locking-ip-addresses-to-an-account-on-login/ Share on other sites More sharing options...
marriott81 Posted February 7, 2014 Author Share Posted February 7, 2014 As an update, I tried to just store the IP as a 15 point int, howver that worked but the calling of the code screwed it all up Quote Link to comment https://forums.phpfreaks.com/topic/285931-locking-ip-addresses-to-an-account-on-login/#findComment-1468023 Share on other sites More sharing options...
jazzman1 Posted February 7, 2014 Share Posted February 7, 2014 Assuming you're talking about IPv4, right? A common use of dot-decimal notation is to separate those four octets just for human convenience, nothing else. So, no need to create a special space for them inside an column, not to mention that they are not numbers. Just create a standard column with integer type 4 bytes unsigned int(4) and use mysql INET_ATON() function to store an IP address and INET_NTOA to return the dotted-quad representation of the address as a binary string. Quote Link to comment https://forums.phpfreaks.com/topic/285931-locking-ip-addresses-to-an-account-on-login/#findComment-1468035 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.