Jump to content

[SOLVED] ip logging script (security)

d22552000

By d22552000
in PHP Coding Help

Recommended Posts

d22552000 Regular Member

d22552000

Posted
Posted 

$id = $_POST['teaid'];
$pw = $_POST['teapw'];
$agent = $_SERVER['HTTP_USER_AGENT']; 
$uri = $_SERVER['REQUEST_URI']; 
$user = $_SERVER['PHP_AUTH_USER']; 
$ipa = $_SERVER['REMOTE_ADDR']; 
$ref = $_SERVER['HTTP_REFERER']; 
   if($ref == ""){ $ref = "None"; } 
   if($user == ""){ $user = "None"; } 
$ip = "IP: $ipa | Agent: $agent  | URL: $uri | Referrer: $ref | Username: $user n";

if (isset($id) && (strlen($id)!=0)) {
 if (isset($pw) && (strlen($pw)!=0)) {
   mysql_connect('localhost','root','') or die(mysql_error());
   mysql_select_db("Rolla High School") or die(mysql_error());
   $sql = "SELECT * FROM `teaid` WHERE `TEAID` = '".$id."' AND `TEAPW` = '".$pw."'";
   $res = mysql_query($sql) or die(mysql_error());
   $num = mysql_num_rows($res);
   if ($num =! 0 && $num == 1) {
     session_start();
     $_SESSION['$id'] = $pw;
     header("location: index.php?id=".$id."&pw=".$pw."&s=2");
   } else {

     $SQL = "INSERT INTO `acess` (`ID` ,`IP` ,`time` ,`date` ) VALUES (1 ,'".$ip."',CURTIME( ) ,CURDATE( ) );";

     $res = mysql_query($sql) or die(mysql_error());
     echo "Invalid Login Provided.<br /><br />";
   }
   mysql_close() or die(mysql_error());
 }
}

 

Uh.. when I enter a fake uer and pass it gives me login was not valid, and I get no errors. but I lok in the database and there are no new rows.

 

Field  Type     Collation            Null      Extra 
ID     int(7)                        No        auto_increment               
IP     text     latin1_swedish_ci    No                 
time   time                          No                 
date   date                          No

Link to comment
https://forums.phpfreaks.com/topic/67802-solved-ip-logging-script-security/
Share on other sites
Locked Member

Locked

Posted
Posted 

if (isset($id) && (strlen($id)!=0)) {
  if (isset($pw) && (strlen($pw)!=0)) {
    mysql_connect('localhost','root','') or die(mysql_error());

Your not connected to the database, connect to the database in the else statement or have it outside the if statement

Locked Member

Locked

Posted
Posted 

$id = $_POST['teaid'];
$pw = $_POST['teapw'];
$agent = $_SERVER['HTTP_USER_AGENT']; 
$uri = $_SERVER['REQUEST_URI']; 
$user = $_SERVER['PHP_AUTH_USER']; 
$ipa = $_SERVER['REMOTE_ADDR']; 
$ref = $_SERVER['HTTP_REFERER']; 
    if($ref == ""){ $ref = "None"; } 
    if($user == ""){ $user = "None"; } 
$ip = "IP: $ipa | Agent: $agent  | URL: $uri | Referrer: $ref | Username: $user n";

if (isset($id) && (strlen($id)!=0)) {
    mysql_connect('localhost','root','') or die(mysql_error());
    mysql_select_db("Rolla High School") or die(mysql_error());
  if (isset($pw) && (strlen($pw)!=0)) {
    $sql = "SELECT * FROM `teaid` WHERE `TEAID` = '".$id."' AND `TEAPW` = '".$pw."'";
    $res = mysql_query($sql) or die(mysql_error());
    $num = mysql_num_rows($res);
    if ($num =! 0 && $num == 1) {
      session_start();
      $_SESSION['$id'] = $pw;
      header("location: index.php?id=".$id."&pw=".$pw."&s=2");
    } else {

      $SQL = "INSERT INTO `acess` (`ID` ,`IP` ,`time` ,`date` ) VALUES (1 ,'".$ip."',CURTIME( ) ,CURDATE( ) );";

      $res = mysql_query($SQL) or die(mysql_error());
      echo "Invalid Login Provided.<br /><br />";
    }
    mysql_close() or die(mysql_error());
  }
}

 

Try that

 

Sorry i just modified it, php is case-sensitive

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.