PDA

View Full Version : IP Tracking/Account Limiter


ipengu
08-21-2011, 01:54 AM
BROKEN AS OF 1.2.3, WORKING ON NEW RELEASE.

So this was the first mod I ever did to this script, simply because I forseen possible abuse (besides fact the donate script is 100% bugged and should be fixed/removed)

MAKE SURE YOU MAKE BACKUPS

To start you need to open phpmyadmin or whatever you use to manage your MySQL database.
Add a new column to YOURPREFIXHERE_users name the column "ip" (Obviously not the " 's only the word ip)

Open: register.php
Find: (Around line 25)
$hidden = $_POST["hidden"];

Add After:
$ip=$_SERVER['REMOTE_ADDR'];

Find: (Around line 57-66)
//Next check that the username does not already exist...

$flag = 0;
$query = "SELECT * FROM ".$prefix."users WHERE username = '$username'";
$result = @runquery($query);
$num = @mysql_numrows($result);

if($num > 0){
$flag = 1;
}

Add After:
//Let's deny them if they already have an account with their current IP - BETA

$ipflag = 0;
$ipquery = "SELECT * FROM ".$prefix."users WHERE ip = '$ip'";
$ipresult = @runquery($ipquery);
$ipnum = @mysql_numrows($ipresult);

if($ipnum > 0){
$ipflag = 1;
}

Find: (Around line 112-116)
else if($flag > 0){

//Username already exists
$article_title = "Your username already exists";
$article_content = $userexists;

}

Add After:
else if($ipflag > 0){

//ip already exists
$article_title = "You already have an account";
$article_content = $ipexists;

}

Find: (Around line 140) NOTE: If you've already done edits to the registration this may not be what you find, that's alright just add , '$ip' to the end of whatever you have as since you just made the ip column it should be the last.
runquery("INSERT INTO ".$prefix."users VALUES ('', '$username', '$pass1','$email','3','1', '$date', '0', '0' ,'0','0','','','','','', '{$GLOBALS['settings']['startmoney']}','','','$avatar', '', '', '', '0', 'Unknown', '')");

Replace with:
runquery("INSERT INTO ".$prefix."users VALUES ('', '$username', '$pass1','$email','3','1', '$date', '0', '0' ,'0','0','','','','','', '{$GLOBALS['settings']['startmoney']}','','','$avatar', '', '', '', '0', 'Unknown', '', '$ip')");

Close + Save register.php

Open: admin.php
Find: (Around line 1570)
<td width='60'><strong>Usergroup:</strong></td>
Add After:
<td width='60'><strong>IP:</strong></td>

Find: (Around line 1611)
$level=@mysql_result($result,$i,"usergroup");
Add After:
$ip=@mysql_result($result,$i,"ip");

Find: (Around line 1619)
<td><center>".$level."</center></td>
Add After:
<td><center>".$ip."</center></td>

Close + Save admin.php

Open: login.php
Find: (Around line 20, still no idea why I did this but eh it's there.)
$password = $_POST["password"];
Add After:
$ip=$_SERVER['REMOTE_ADDR'];

Find:(Around line 68)
$lpass=@mysql_result($result,$i,"password");
Add After:
$lip=@mysql_result($result,$i,"ip");

Find: (Around line 71 ITS RIGHT AFTER THE LAST EDIT)
$i++;
}
Add After:
if ($lip == ""){
mysql_query("UPDATE ".$prefix."users SET ip='".$ip."' WHERE ip=''");
}

Close + Save login.php

Open: lang/lang.php
Find: (Around line 18)
$userexists = "We're sorry, but the username you have selected already exists. Please <a href='register.php'>go back</a> and choose another username.";
Add After:
$ipexists = "We're sorry, but you're only allowed one account, our records show you already have an account. Please <a href='login.php'>login here</a>.";

Close + Save lang/lang.php

Chibi_Chicken
08-21-2011, 10:25 AM
This is very nice, their isn't a lot of tracking (in this script) to tell if any users are trying to break the system.

Hall of Famer
08-21-2011, 12:26 PM
This looks like a real awesome mod, thanks for posting it.

Teshia
08-21-2011, 03:58 PM
That's brilliant. Is there a way to make it so a certain IP can only have, say 5 accounts instead of one? Some of my users share IPs with their family.

Also, for the part that says "You already have an account" maybe have a link to the 'forgot password' page.

ipengu
08-21-2011, 10:59 PM
I've been testing these on low member servers, but I imagine this would have to be re-adapted for a high member volume website, at least a one pass through the database, check for multiple IP's if they exist email user a warning to pick an account to keep (freeze both/all accounts linked to same ip so they cant do sudden transfers and such)

ipengu
08-21-2011, 11:04 PM
Also I'm sure its possible by messing with perhaps the ipflag section of register.php

Not 100% positive as I made this.... almost a month or so ago, I was surprised to remember all my edits.

kratosvr
10-19-2011, 09:54 PM
I do not understand this:
To start you need to open phpmyadmin or whatever you use to manage your MySQL database.
Add a new column to YOURPREFIXHERE_users name the column "ip"

What is column ip ? i need help , i no know the columns

Thanks.