Mysidia Adoptables Support Forum

Mysidia Adoptables Support Forum (http://www.mysidiaadoptables.com/forum/index.php)
-   Mys v1.2.x Mods (http://www.mysidiaadoptables.com/forum/forumdisplay.php?f=38)
-   -   IP Tracking/Account Limiter (http://www.mysidiaadoptables.com/forum/showthread.php?t=2327)

ipengu 08-21-2011 01:54 AM
IP Tracking/Account Limiter
 
BROKEN AS OF 1.2.3, WORKING ON NEW RELEASE.

So this was the first mod I ever did to this script, simply because I forseen possible abuse (besides fact the donate script is 100% bugged and should be fixed/removed)

MAKE SURE YOU MAKE BACKUPS

To start you need to open phpmyadmin or whatever you use to manage your MySQL database.
Add a new column to YOURPREFIXHERE_users name the column "ip" (Obviously not the " 's only the word ip)

Open: register.php
Find: (Around line 25)
PHP Code:
$hidden $_POST["hidden"]; 
Add After:
PHP Code:
$ip=$_SERVER['REMOTE_ADDR']; 
Find: (Around line 57-66)
PHP Code:
    //Next check that the username does not already exist...

    $flag 0;
    $query "SELECT * FROM ".$prefix."users WHERE username = '$username'";
    $result = @runquery($query);
    $num = @mysql_numrows($result);

    if($num 0){
    $flag 1;
    } 
Add After:
PHP Code:
    //Let's deny them if they already have an account with their current IP - BETA
    
    $ipflag 0;
    $ipquery "SELECT * FROM ".$prefix."users WHERE ip = '$ip'";
    $ipresult = @runquery($ipquery);
    $ipnum = @mysql_numrows($ipresult);

    if($ipnum 0){
    $ipflag 1;
    } 
Find: (Around line 112-116)
PHP Code:
    else if($flag 0){

    //Username already exists
    $article_title "Your username already exists";
    $article_content $userexists;    

    } 
Add After:
PHP Code:
    else if($ipflag 0){

    //ip already exists
    $article_title "You already have an account";
    $article_content $ipexists;    

    } 
Find: (Around line 140) NOTE: If you've already done edits to the registration this may not be what you find, that's alright just add , '$ip' to the end of whatever you have as since you just made the ip column it should be the last.
PHP Code:
runquery("INSERT INTO ".$prefix."users VALUES ('', '$username', '$pass1','$email','3','1', '$date', '0', '0' ,'0','0','','','','','', '{$GLOBALS['settings']['startmoney']}','','','$avatar', '', '', '', '0', 'Unknown', '')"); 
Replace with:
PHP Code:
runquery("INSERT INTO ".$prefix."users VALUES ('', '$username', '$pass1','$email','3','1', '$date', '0', '0' ,'0','0','','','','','', '{$GLOBALS['settings']['startmoney']}','','','$avatar', '', '', '', '0', 'Unknown', '', '$ip')"); 
Close + Save register.php

Open: admin.php
Find: (Around line 1570)
PHP Code:
<td width='60'><strong>Usergroup:</strong></td
Add After:
PHP Code:
<td width='60'><strong>IP:</strong></td
Find: (Around line 1611)
PHP Code:
$level=@mysql_result($result,$i,"usergroup"); 
Add After:
PHP Code:
$ip=@mysql_result($result,$i,"ip"); 
Find: (Around line 1619)
PHP Code:
<td><center>".$level."</center></td
Add After:
PHP Code:
<td><center>".$ip."</center></td
Close + Save admin.php

Open: login.php
Find: (Around line 20, still no idea why I did this but eh it's there.)
PHP Code:
$password $_POST["password"]; 
Add After:
PHP Code:
$ip=$_SERVER['REMOTE_ADDR']; 
Find:(Around line 68)
PHP Code:
$lpass=@mysql_result($result,$i,"password"); 
Add After:
PHP Code:
$lip=@mysql_result($result,$i,"ip"); 
Find: (Around line 71 ITS RIGHT AFTER THE LAST EDIT)
PHP Code:
$i++;
Add After:
PHP Code:
if ($lip == ""){
mysql_query("UPDATE ".$prefix."users SET ip='".$ip."' WHERE ip=''");  
Close + Save login.php

Open: lang/lang.php
Find: (Around line 18)
PHP Code:
$userexists "We're sorry, but the username you have selected already exists.  Please <a href='register.php'>go back</a> and choose another username."
Add After:
PHP Code:
$ipexists "We're sorry, but you're only allowed one account, our records show you already have an account.  Please <a href='login.php'>login here</a>."
Close + Save lang/lang.php

Chibi_Chicken 08-21-2011 10:25 AM
This is very nice, their isn't a lot of tracking (in this script) to tell if any users are trying to break the system.

Hall of Famer 08-21-2011 12:26 PM
This looks like a real awesome mod, thanks for posting it.

Teshia 08-21-2011 03:58 PM
That's brilliant. Is there a way to make it so a certain IP can only have, say 5 accounts instead of one? Some of my users share IPs with their family.

Also, for the part that says "You already have an account" maybe have a link to the 'forgot password' page.

ipengu 08-21-2011 10:59 PM
I've been testing these on low member servers, but I imagine this would have to be re-adapted for a high member volume website, at least a one pass through the database, check for multiple IP's if they exist email user a warning to pick an account to keep (freeze both/all accounts linked to same ip so they cant do sudden transfers and such)

ipengu 08-21-2011 11:04 PM
Also I'm sure its possible by messing with perhaps the ipflag section of register.php

Not 100% positive as I made this.... almost a month or so ago, I was surprised to remember all my edits.

kratosvr 10-19-2011 09:54 PM
I do not understand this:
Quote:
To start you need to open phpmyadmin or whatever you use to manage your MySQL database.
Add a new column to YOURPREFIXHERE_users name the column "ip"
What is column ip ? i need help , i no know the columns

Thanks.


All times are GMT -5. The time now is 10:27 AM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.