Jump to content

Insert ip once and restrict access


techker

Recommended Posts

Hey guy's i have an app that im building with a webview that points to my servers.

 

the app is made to check status of services and renew.

 

i did a login just by email and would like to add ip restriction

 

so on first boot of the app it would log the ip only once and lock it.

 

so when i look for email on login i can check to see if the email is the same..

 

it's the first insert that im stock on.

 

once that is done the rest is ok.

 

 

Link to comment
Share on other sites

Why are you wanting to lock an email to an IP address? You know IP addresses are not unique right?

 

What exactly are you stuck on anyway? When an email is first registered record the IP associated with it. Then compare both the email and IP during your login.

Link to comment
Share on other sites

I know they change bot the boxes are always in the house unless the house ip changes also..would like to log mac but can't seem to get that going due to routers blocking it..

 

i check in my login page if it is not in my database i register it.

$DateIn = date("Y-m-d");

$result1 = $DBcon->query("SELECT * FROM AuthIp WHERE IP = $ip LIMIT 1");
$nrowsx  = mysql_num_rows($result1);
	

if (nrowsx == 0) {

$result1 = $DBcon->query("INSERT INTO AuthIp (IP,Name,Email,Status,DateLocked) VALUES ('$ip','','','$Status','$DateIn')")or die(mysql_error());

$Msg = 'Your IP address  is now Set to :' .$ip . '<br />';
} else {
	
$Msg = 'Your IP address  is in Database';	
//in db already';
}

but it always enters it when i logout out and login..

Link to comment
Share on other sites

The first query will always fail and you'll think you got zero rows. Can you see why?

 

And you can only get MAC addresses on your local network and if the OS remembers seeing it. But not natively with PHP. Check the output of arp -a on Windows or arp -n on Linux.

 

I don't use mysqli but seems the query is written wrong to me.

If you did use it then you might know it's okay.
Link to comment
Share on other sites

Where is your current code? Also, why are there no comments in your code? The time to add (relevant) comments in code is more than outweighed by the benefits gained. Not only does it help you, but it is very helpful when others (i.e. us) are looking at your code. For example, if you have an if() condition, the comment should explain what the condition check is for. If the condition was properly constructed but was the wrong condition it is difficult for someone to know that without stepping back through other lines of code to try to ascertain what you are trying to achieve.

 

So, as to what you are trying to achieve, I am still a little lost. What happens if a 2nd user wants to run the application from the same PC as another? You say you want to have only one record for an IP, but you have other unique data associated with that IP: email & name. SO, if I am understanding the logic, once a person uses a PC to run the application, no other user would be recognized from that PC. Seems very odd. Why not use cookies?

 

Anyway, there is obviously a bug in the logic, but always one way to resolve this. You could put a unique constraint on the IP field. This way the database will prevent the insertion of any record with the same IP as an existing record. You would then want to trap any errors from the INSERT to verify it is due to duplicate or you could use an ON DUPLICATE KEY IGNORE parameter in the query.

 

But, I think you should fix your logic, if for nothing else as a learning exercise. You say it is always INSERTing. That would seem to indicate that the if() condition is always true. I would add some debugging code to "see" what is happening

$query = "SELECT * FROM AuthIp WHERE IP = '{$ip}' LIMIT 1";
echo "Query: {$query}<br>\n";
$result1 = $DBcon->query($query);
$nrowsx = $result1->num_rows;
echo "nrowsx: {$nrowsx}<br>\n";
 
if ($nrowsx == 0) {

Assuming you don't have any errors, one possible explanation is that the field in the DB is of a type/configuration that is not storing the complete/unaltered value. For example, if the filed was only configured to hold 12 characters and you tried to save the value '123.123.123.123', it would only store '123.123.123.'. Therefore, the check to see if the record exists would fail.

Link to comment
Share on other sites

Where is the logic that controls what your script decides to do? You are showing us such a little bit of code that we can't possibly debug this for you.

 

When a script begins YOU need to have logic in it that can determine what is supposed to be accomplished during THAT execution of the script. Sometimes you may want to recognize that it is the first time in the script and therefore you should simply output your form and exit. Then on the second call to that script you may recognize that the user has submitted that form and therefore you want to grab the inputs from it and analyze them and do something with them. And when done with that you will want to send something back to the client indicating the success or failure of the process.

 

You need to make your script a thinking process and you aren't showing us anything but a mish-mash of poor code.

 

BTW - STOP using the MySQL* functions. They are deprecated.

Also - turn on php error checking so that your simple errors will be flagged and displayed for you. It will save you a lot of time.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.