PHP IP Logging

Sully

Hey,

I have a linkdump on my site (www.thenet2k.com) which I try to keep clean from pr0n and other stuff. However, people are constantly posting "inappropriate" sites and I want to find there IP address and ban them from posting a link again.

Im not an experienced PHP Coder, and I cant figure out how to tweak the system to log the IP address of every person who adds a link and also ban them if required. Its not a script that is available to download, it was a Tutorial which myself and the author edited a bit. Neither me nor the author could get it tweaked to record the IP addresses and a banning system with it.

Id appreciate if people could have a look and help me fix it so it will work. If you have any other suggestions - like a script that is out there that does just that, can easily be intergrated with my site, giving me the abilitly to also show the latest 5 or so links added (just as it is now!) then ill listen to them suggestions also!

Iv looked around and tried a few but there not great - which is why I got this one.

Thanks in advance for all your help.

Iv attachted the PHP File in a txt format. Cheers!

- Sully

The Corinthian

At a brief glance there’s a number of things wrong with that script:

• There are no database connection details - I assume these were purposely removed, but just in case they weren’t I wanted to highlight it.
• You don’t actually attempt to reference the users IP from what I can see, at any stage. The variable you would be referencing is:
  [PHP]$_SERVER["REMOTE_ADDR"][/PHP]
• There’s nowhere to log the users IP in the database. You’re populating the id (this probably should be an autonumber, BTW), title, site and description, but nowhere for the IP to go.
• Parse your inputs - as things stand, anyone who is competent at PHP / SQL could royally sodomize your database using a SQL injection attack. A whore’s legs are less open than your site is, TBH.
• If you want to check if people are in a blacklist you actually have to set one up. Additionally you need some means (assuming you don’t want to directly) add blacklisted addresses to a text file or database.

In short you need someone to write rather than debug your code and there’s a fair bit of work involved - at least more than you should expect to get for free.

I honestly suggest that, if you don’t have the budget to pay someone, you learn to code. I think it’s astonishing that you’ve been able to keep the site together so long on so little knowledge, but you’ve probably reached the point where you can no longer go further without real coding skills or money to pay for them.

Sully

The Corinthian wrote:

At a brief glance there’s a number of things wrong with that script:

• There are no database connection details - I assume these were purposely removed, but just in case they weren’t I wanted to highlight it.
• You don’t actually attempt to reference the users IP from what I can see, at any stage. The variable you would be referencing is:
  [PHP]$_SERVER["REMOTE_ADDR"][/PHP]
• There’s nowhere to log the users IP in the database. You’re populating the id (this probably should be an autonumber, BTW), title, site and description, but nowhere for the IP to go.
• Parse your inputs - as things stand, anyone who is competent at PHP / SQL could royally sodomize your database using a SQL injection attack. A whore’s legs are less open than your site is, TBH.
• If you want to check if people are in a blacklist you actually have to set one up. Additionally you need some means (assuming you don’t want to directly) add blacklisted addresses to a text file or database.

In short you need someone to write rather than debug your code and there’s a fair bit of work involved - at least more than you should expect to get for free.

I honestly suggest that, if you don’t have the budget to pay someone, you learn to code. I think it’s astonishing that you’ve been able to keep the site together so long on so little knowledge, but you’ve probably reached the point where you can no longer go further without real coding skills or money to pay for them.

I uploaded that one because I couldnt find the one with the edits in it.

I plan to learn to code over the summer. Iv lasted because a number of people used to code for me if I needed anything but half of them I dont see anymore as they are in college and doing exams and aint on as much!

Here is the code I used (I included it in the linkdump.php file) to record IPS:

<?
mysql_connect("localhost","user","pass"); 

   //select which database you want to edit
   mysql_select_db("db"); 

   //convert all the posts to variables:
   $dte = $_POST['dte'];
   $ip = $_POST['ip'];
   $host = $_POST['host'];
   $browser = $_POST['browser'];
   $siteadded = $_POST['siteadded'];
   $id = $_POST['id'];

   $dte = date("F jS Y, h:iA");
   $ip = $REMOTE_ADDR;
   $host = gethostbyaddr($ip);
   $browser = $HTTP_USER_AGENT; 

   //Insert the values into the correct database with the right fields
   $result=MYSQL_QUERY("INSERT INTO log (id,dte,ip,host,browser,siteadded)".
      "VALUES ('NULL', '$dte', '$ip', '$host', '$browser', 'siteadded')"); 
?>

Oh and im presuming (and hoping) its just that file with security issues?

I plan to re-develop that site in the Summer aswel, its slow and the host is gone ****ty to.

- Sully

The Corinthian

Sully04 wrote:

Here is the code I used (I included it in the linkdump.php file) to record IPS

You're reading the IP (and user agent) - have you altered the database with the new fields?

Still, the fact remains that you need to code a means to administer blacklisted IP's and links and logic to deal with posts from blacklisted IP's. All that code will do is at best log them. If someone wants to do that, grand, but personally would think it would involve more work than you should expect to get for free from complete strangers on the Internet.

Oh and im presuming (and hoping) its just that file with security issues?

No. Both are wide open. Use the addslashes function on your inputs.

Sully

The Corinthian wrote:

You're reading the IP (and user agent) - have you altered the database with the new fields?

Still, the fact remains that you need to code a means to administer blacklisted IP's and links and logic to deal with posts from blacklisted IP's. All that code will do is at best log them. If someone wants to do that, grand, but personally would think it would involve more work than you should expect to get for free from complete strangers on the Internet.

No. Both are wide open. Use the addslashes function on your inputs.

The database had the fields yes, but when I added a site the IP address was not being put in the table.

I use PhpMyAdmin to manage the links added - at best im trying to get the code to log, then ill take a look at dealing with those I want to ban.

- Sully

maxheadroom

Sully04 wrote:

The database had the fields yes, but when I added a site the IP address was not being put in the table.

I use PhpMyAdmin to manage the links added - at best im trying to get the code to log, then ill take a look at dealing with those I want to ban.

- Sully

Very basically, what you want is:
[php]
//Get remote IP
$remoteip = "0.0.0.0";
if (isset($_SERVER)) {
$remoteip = $_SERVER;
}

//db code

$insertSQL = sprintf("INSERT INTO log (dte, ip, host, browser, siteadded) VALUES (%s, %s, %s, %s, %s)",
addslashes($dte),
addslashes($remoteip),
addslashes($host),
addslashes($browser),
addslashes($siteadded));

mysql_select_db( INSERT RELEVANT INFO);

$Result1 = mysql_query($insertSQL) or die(mysql_error()); [/php]

mneylon

You should set it up so that the links aren't added automatically but have to be approved by you.

The site is really painfully slow to load by the way

Sully

blacknight wrote:

You should set it up so that the links aren't added automatically but have to be approved by you.

The site is really painfully slow to load by the way

Yes - and I think ill move host.

Cheers for the code, got one coded that logs the IP's:

<?php
mysql_connect('', '' ,'') or die(mysql_error());
//select which database you want to edit
mysql_select_db('') or die(mysql_error());
$q = mysql_query('SELECT ip FROM bans');
while($r = mysql_fetch_object($q)){
if($r->ip == $_SERVER['REMOTE_ADDR'];){
die("You are banned from posting links!");
}}
$title="The Net 2k - :: Link Dump :: ";
include('header.php');
echo <<<HTML
<div align="center"><b>Link Dump</b><br>Welcome to The Net 2k's Link Dump. Fell free to dump your site in the list! Just fill in the form below, click add, and your in!<br><span style'color: red'>Warning: The Net 2k is <b>NOT</b> responsible for the content of external websites!</span><b>.:: The Links ::.</b></div><br>
HTML;
if($_GET['act'] == 'post'){
$title = htmlspecialchars($_POST['title']);
$site = htmlspecialchars($_POST['site']);
$description = htmlspecialchars($_POST['description']);
$id = htmlspecialchars($_POST['id']);
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO linkdump (title,site,description,ip) VALUES ('$title', '$site', '$description', '$ip')") or die(mysql_error());
echo "<p><div align='center'>Link added sucesfully. Click <a href='http://www.thenet2k.com/linkdump.php'>here</a> to return to the link dump.</div>";
}
else {
$q = mysql_query("SELECT * from linkdump ORDER by id DESC") or die(mysql_error());
while($r = mysql_fetch_object($q)){
echo <<<html
<div align="center"><a href="{$r->site}" target="_blank">{$r->title}</a> - {$r->description}<br></div>
html;
}
echo <<<form
<div align="center">
<form method="post" action="?act=post">
Title of Site: <input type='text' name='title'><br><br>
URL of Site: <input type='text' name='site' value="http://"><br><br>
Description: <input type='text' name='description'><br><br>
<input type='submit' value='Add!'>
</form>
</div>
form;
}
include('footer.php');
?>

- Sully