RevCMS save IP for every login
Hi,
I created a small "extra security" feature for RevCMS. I've had problems with scams on my hotel, people get into eachothers account because they are using the same passwords everywhere.
Anyhow, this extra security saves the date & IP for each login for every user. Using a seperate table and a simple mysql_query in class.users. Might be helpful for some of you. So you can compare IPs if someone were scammed. If someone is using VPN then sure this tool wont be as helpful, but you can atleast confirm if some scammer logged into someones account or not. (this is 99,9% accurate if you are using VPN block as I am)
Run this query.
Code:
CREATE TABLE `iplogins` ( `userid` int(11) NOT NULL, `ip` varchar(211) NOT NULL, `date` varchar(11) NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Then, add this code below $template->form->unsetData(); in class.users.php
PHP Code:
mysql_query("INSERT INTO iplogins (`userid`, `ip`, `date`) VALUES ('".$_SESSION['user']['id']."', '".$_SERVER["HTTP_CF_CONNECTING_IP"]."', '" . date('d/M/y', time()) . "')") or die ("Error in query: ".mysql_error());
This saves the date and IP for each login for a players account.
This could be improved in many ways, please come with suggestions if you'd like.
Re: RevCMS save IP for every login
This can be quite useful for people that don't have this on their site. On my site, when a login fails the instead of just logging the date/time and IP, it also logs the user agent so the user can see what browser was used (you may find this pointless), if the failed login was attempted using email or username and then also shows the password used for the failed logn.
Re: RevCMS save IP for every login
If only your create table query is any good...
Please, how hard is it to add the right datatypes????
Re: RevCMS save IP for every login
Quote:
Originally Posted by
Joopie
If only your create table query is any good...
Please, how hard is it to add the right datatypes????
I was about to say the same thing.
And
Re: RevCMS save IP for every login
Quote:
Originally Posted by
The General
I was about to say the same thing.
And
Whatever, use mysqli or pdo if you feel like it.
Re: RevCMS save IP for every login
Awesome contribution
You asked for suggestions and mine would be to update the user's last online, rather than inserting data for when they were last online, I assume you have chat logs and timestamps for this kind of thing already?
PHP Code:
$this->database->query("UPDATE users SET timestamp = ?, login_count = login_count + 1 WHERE id = ?",[date("Y-m-d H:i:s"),$this->user()->id]);
Re: RevCMS save IP for every login
Quote:
Originally Posted by
Predict
Awesome contribution
You asked for suggestions and mine would be to update the user's last online, rather than inserting data for when they were last online, I assume you have chat logs and timestamps for this kind of thing already?
PHP Code:
$this->database->query("UPDATE users SET timestamp = ?, login_count = login_count + 1 WHERE id = ?",[date("Y-m-d H:i:s"),$this->user()->id]);
That's great, will update mine to that aswell.
Re: RevCMS save IP for every login
Quote:
Originally Posted by
FunHotel
That's great, will update mine to that aswell.
Here are some more contributions
PHP Code:
function getIP()
{
/*
This function attempts to get real IP address.
*/
if (getenv('HTTP_CLIENT_IP'))
{
$ip = getenv('HTTP_CLIENT_IP');
}
elseif (getenv('HTTP_X_FORWARDED_FOR'))
{
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
elseif (getenv('HTTP_X_FORWARDED'))
{
$ip = getenv('HTTP_X_FORWARDED');
}
elseif (getenv('HTTP_FORWARDED_FOR'))
{
$ip = getenv('HTTP_FORWARDED_FOR');
}
elseif (getenv('HTTP_FORWARDED'))
{
$ip = getenv('HTTP_FORWARDED');
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
function insertIPLogins($userid,$userip)
{
$database = Database::getInitialize();
$time = time();
$stmt = $database->query("INSERT INTO iplogins (iplogins_userid,iplogins_userip,iplogins_timestamp) VALUES (?,?,?)",[$userid,$userip,$time]);
$result = $stmt->results();
return $result;
}
Code:
CREATE TABLE `iplogins` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`iplogins_userid` int(11) NOT NULL,
`iplogins_timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`iplogins_userip` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1
Re: RevCMS save IP for every login
Rather than saving every IP address for every login, you should compare the IP that's logging in with the one that is in the registered IP column (if it still exists) and if they are different then save it and possibly inform the user via Email. This will minimise the size of the table too :)
Re: RevCMS save IP for every login
Quote:
Originally Posted by
NoBrain
Rather than saving every IP address for every login, you should compare the IP that's logging in with the one that is in the registered IP column (if it still exists) and if they are different then save it and possibly inform the user via Email. This will minimise the size of the table too :)
Maybe start of with picking the correct data types before complaining about table size. Storage is cheap anyways nowadays.
Re: RevCMS save IP for every login
Quote:
Originally Posted by
The General
Maybe start of with picking the correct data types before complaining about table size. Storage is cheap anyways nowadays.
Just because it is cheap doesn't mean you shouldn't try to minimise the size of the data.
Re: RevCMS save IP for every login
Quote:
Originally Posted by
NoBrain
Just because it is cheap doesn't mean you shouldn't try to minimise the size of the data.
I like the idea, but instead of using the registration ip to check on, I suggest the latest logged in ip.
Also, if size is really a problem, the table can be normalized more by extracting the ips into their own table and use the iplogins as a linking table. No duplicated ip values and reduced the record size of the iplogins.
Re: RevCMS save IP for every login
Why are u using varchar for userId ? Why not use int(11)
- - - Updated - - -
Also why are you throw public error for any one to see ? maybe add check for if production or not ?
Re: RevCMS save IP for every login
Quote:
Originally Posted by
Kellz
Why are u using varchar for userId ? Why not use int(11)
- - - Updated - - -
Also why are you throw public error for any one to see ? maybe add check for if production or not ?
Oh damn, it was just a mistake to use vachar for userid, will update now.
Re: RevCMS save IP for every login
If you truly want to protect your players accounts, code a two-factor authentication system. Takes half an hour at the most and Google Auth is widely used and accepted, and has many libraries open sourced for you to use.
Also, another great way is to not store the ip (hello, dynamic ips??) but to store the last geographical location they signed in from, and compare it to the one they are currently signing in with. Cookies may come in useful too if you're really lazy.
Just because this is a private server CMS doesn't mean you can't use proper standards in account security. C'mon people.
