RevCMS save IP for every login

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Ultimate Member FunHotel is offline
    MemberRank
    Feb 2013 Join Date
    178Posts

    RevCMS save IP for every login


    RaGEZONE Recommends

    RaGEZONE Recommends

    Hi,

    I created a small "extra security" feature for RevCMS. I've had problems with scams on my hotel, people get into eachothers account because they are using the same passwords everywhere.

    Anyhow, this extra security saves the date & IP for each login for every user. Using a seperate table and a simple mysql_query in class.users. Might be helpful for some of you. So you can compare IPs if someone were scammed. If someone is using VPN then sure this tool wont be as helpful, but you can atleast confirm if some scammer logged into someones account or not. (this is 99,9% accurate if you are using VPN block as I am)

    Run this query.
    Code:
    CREATE TABLE `iplogins` (  `userid` int(11) NOT NULL,  `ip` varchar(211) NOT NULL,  `date` varchar(11) NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1;
    Then, add this code below $template->form->unsetData(); in class.users.php
    PHP Code:
    mysql_query("INSERT INTO iplogins (`userid`, `ip`, `date`) VALUES ('".$_SESSION['user']['id']."', '".$_SERVER["HTTP_CF_CONNECTING_IP"]."', '" date('d/M/y'time()) . "')") or die ("Error in query: ".mysql_error()); 
    This saves the date and IP for each login for a players account.
    This could be improved in many ways, please come with suggestions if you'd like.
    Last edited by FunHotel; 21-08-17 at 10:32 PM.
    java ~ php


  2. #2
    Hello there RetroPiggy is offline
    True MemberRank
    Aug 2013 Join Date
    UKLocation
    295Posts

    Re: RevCMS save IP for every login

    This can be quite useful for people that don't have this on their site. On my site, when a login fails the instead of just logging the date/time and IP, it also logs the user agent so the user can see what browser was used (you may find this pointless), if the failed login was attempted using email or username and then also shows the password used for the failed logn.


  3. #3
    Deep thoughts RevCMS save IP for every login Joopie is online now
    Alpha MaleRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,590Posts

    Re: RevCMS save IP for every login

    If only your create table query is any good...
    Please, how hard is it to add the right datatypes????

  4. #4
    Death from above! The General is offline
    The OmegaRank
    Aug 2011 Join Date
    8,900Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by Joopie View Post
    If only your create table query is any good...
    Please, how hard is it to add the right datatypes????
    I was about to say the same thing.

    And

    Code:
    mysql_query()
    If you are using Arcturus, contact me
    Skype: wesley.jabbo
    Discord: TheGeneral#0063

  5. #5
    Ultimate Member FunHotel is offline
    MemberRank
    Feb 2013 Join Date
    178Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by The General View Post
    I was about to say the same thing.

    And

    Code:
    mysql_query()
    Whatever, use mysqli or pdo if you feel like it.
    java ~ php

  6. #6
    Account Upgraded | Title Enabled! Predict is offline
    True MemberRank
    Aug 2008 Join Date
    770Posts

    Re: RevCMS save IP for every login

    Awesome contribution

    You asked for suggestions and mine would be to update the user's last online, rather than inserting data for when they were last online, I assume you have chat logs and timestamps for this kind of thing already?

    PHP Code:
    $this->database->query("UPDATE users SET timestamp = ?, login_count = login_count + 1 WHERE id = ?",[date("Y-m-d H:i:s"),$this->user()->id]); 

  7. #7
    Ultimate Member FunHotel is offline
    MemberRank
    Feb 2013 Join Date
    178Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by Predict View Post
    Awesome contribution

    You asked for suggestions and mine would be to update the user's last online, rather than inserting data for when they were last online, I assume you have chat logs and timestamps for this kind of thing already?

    PHP Code:
    $this->database->query("UPDATE users SET timestamp = ?, login_count = login_count + 1 WHERE id = ?",[date("Y-m-d H:i:s"),$this->user()->id]); 
    That's great, will update mine to that aswell.
    java ~ php

  8. #8
    Account Upgraded | Title Enabled! Predict is offline
    True MemberRank
    Aug 2008 Join Date
    770Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by FunHotel View Post
    That's great, will update mine to that aswell.
    Here are some more contributions

    PHP Code:
    function getIP()
    {
        
    /*
        This function attempts to get real IP address.
        */
        
    if (getenv('HTTP_CLIENT_IP'))
        {
            
    $ip getenv('HTTP_CLIENT_IP');
        }
        elseif (
    getenv('HTTP_X_FORWARDED_FOR'))
        {
            
    $ip getenv('HTTP_X_FORWARDED_FOR');
        }
        elseif (
    getenv('HTTP_X_FORWARDED'))
        {
            
    $ip getenv('HTTP_X_FORWARDED');
        }
        elseif (
    getenv('HTTP_FORWARDED_FOR'))
        {
            
    $ip getenv('HTTP_FORWARDED_FOR');
        }
        elseif (
    getenv('HTTP_FORWARDED'))
        {
            
    $ip getenv('HTTP_FORWARDED');
        }
        else
        {
            
    $ip $_SERVER['REMOTE_ADDR'];
        }
        return 
    $ip;
    }

    function 
    insertIPLogins($userid,$userip)
    {
        
    $database Database::getInitialize();
        
    $time time();
        
    $stmt $database->query("INSERT INTO iplogins (iplogins_userid,iplogins_userip,iplogins_timestamp) VALUES (?,?,?)",[$userid,$userip,$time]);
        
    $result $stmt->results();
        return 
    $result;

    Code:
    CREATE TABLE `iplogins` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `iplogins_userid` int(11) NOT NULL,
      `iplogins_timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
      `iplogins_userip` varchar(255) NOT NULL,
      PRIMARY KEY (`id`)
    ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1
    Last edited by Predict; 20-08-17 at 03:30 AM. Reason: Added table, I think

  9. #9
    "(still lacks brains)" NoBrain is online now
    ModeratorRank
    Sep 2011 Join Date
    United KingdomLocation
    2,696Posts

    Re: RevCMS save IP for every login

    Rather than saving every IP address for every login, you should compare the IP that's logging in with the one that is in the registered IP column (if it still exists) and if they are different then save it and possibly inform the user via Email. This will minimise the size of the table too :)

  10. #10
    Death from above! The General is offline
    The OmegaRank
    Aug 2011 Join Date
    8,900Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by NoBrain View Post
    Rather than saving every IP address for every login, you should compare the IP that's logging in with the one that is in the registered IP column (if it still exists) and if they are different then save it and possibly inform the user via Email. This will minimise the size of the table too :)
    Maybe start of with picking the correct data types before complaining about table size. Storage is cheap anyways nowadays.
    If you are using Arcturus, contact me
    Skype: wesley.jabbo
    Discord: TheGeneral#0063

  11. #11
    "(still lacks brains)" NoBrain is online now
    ModeratorRank
    Sep 2011 Join Date
    United KingdomLocation
    2,696Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by The General View Post
    Maybe start of with picking the correct data types before complaining about table size. Storage is cheap anyways nowadays.
    Just because it is cheap doesn't mean you shouldn't try to minimise the size of the data.

  12. #12
    Deep thoughts RevCMS save IP for every login Joopie is online now
    Alpha MaleRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,590Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by NoBrain View Post
    Just because it is cheap doesn't mean you shouldn't try to minimise the size of the data.
    I like the idea, but instead of using the registration ip to check on, I suggest the latest logged in ip.

    Also, if size is really a problem, the table can be normalized more by extracting the ips into their own table and use the iplogins as a linking table. No duplicated ip values and reduced the record size of the iplogins.

  13. #13
    Registered Kellz is offline
    MemberRank
    Dec 2016 Join Date
    23Posts

    Re: RevCMS save IP for every login

    Why are u using varchar for userId ? Why not use int(11)

    - - - Updated - - -

    Also why are you throw public error for any one to see ? maybe add check for if production or not ?

  14. #14
    Ultimate Member FunHotel is offline
    MemberRank
    Feb 2013 Join Date
    178Posts

    Re: RevCMS save IP for every login

    Quote Originally Posted by Kellz View Post
    Why are u using varchar for userId ? Why not use int(11)

    - - - Updated - - -

    Also why are you throw public error for any one to see ? maybe add check for if production or not ?
    Oh damn, it was just a mistake to use vachar for userid, will update now.
    java ~ php

  15. #15
    https://zaphotel.net/ Jonteh is offline
    GammaRank
    Apr 2007 Join Date
    New ZealandLocation
    3,372Posts

    Re: RevCMS save IP for every login

    If you truly want to protect your players accounts, code a two-factor authentication system. Takes half an hour at the most and Google Auth is widely used and accepted, and has many libraries open sourced for you to use.

    Also, another great way is to not store the ip (hello, dynamic ips??) but to store the last geographical location they signed in from, and compare it to the one they are currently signing in with. Cookies may come in useful too if you're really lazy.

    Just because this is a private server CMS doesn't mean you can't use proper standards in account security. C'mon people.
    Jonteh
    Habbo Retro Developer

    HabboFiles | Zap Hotel




Page 1 of 2 12 LastLast

Advertisement