| Author |
Message |
southern
Client
Joined: Jan 29, 2004
Posts: 624
|
 Posted:
Tue Nov 02, 2004 10:53 am |
|
I wonder how to secure the IP page in my forums so only mods and admins can view the IPs of posters... the theme I'm using has an IP button on the same row as Edit, Quote, etc. and when a mod or admin clicks it an IP page opens through modcp with all the IP numbers listed of posters. Is it possible to secure this, perhaps via http auth, or is this a non-issue- if only mods and admins can see it? |
| |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Nov 02, 2004 2:34 pm |
|
I think it's a non issue because they are the only ones who can see it. |
| |
|
|
|
|
southern
|
| Posted:
Tue Nov 02, 2004 3:58 pm |
|
OK. One of my mods said he can't see it when he signs in as a regular member but I could still see it after demoting myself from admin to a regular and dumping my cache and all, so I thought I'd check... in addition this mod hangs out on a site in the UK, which I noticed from my referers, and I'd like to set a code on the modcp IP page so I'll know if he allows anyone to use his username to access the site. I found a php code that emails me but it'd have to be set in the modcp_viewip.tpl of the theme I use:
Code:
<?php
$to = 'adminatsouthernwolfdotnet'; // The email address you want notifiactaions sent to
$subject = 'Visitors IP'; // What do you want the subject line of notifications to be?
// PHP Script By Dave Lauderdale
// Published at: [ Only registered users can see links on this board! Get registered or login! ]
$visitorSpecs =
"<hr size=2 width=300 align=left>".
"<b>Visitor IP address:</b> ".$_SERVER['REMOTE_ADDR'].
"<br>".
"<b>Visitor system specs:</b> ".$_SERVER['HTTP_USER_AGENT'].
"<br>";
$headers = "Content-type: text/html \nFrom: IP sniffer script";
$body = "<body>
<br>
<table cellspacing=1 cellpadding=2 align=center>
<tr>
<td>
<b><font face=arial size=2>Website visitors IP address and system specs:</font></b>
</td></tr>
<tr>
<td>
<font face=arial size=2> ".$visitorSpecs." </font>
</td></tr></table>
</body>";
mail($to,$subject,$body,$headers);
?>
|
This works fine when I test it in a normal php file like footer.php, though I get flooded with emails, so what I need is to set this or some similar code into the viewip.tpl so I'll be notified of the IPs of anyone viewing that page... Thanks for any thoughts. |
| |
|
|
|
|
southern
|
| Posted:
Tue Nov 02, 2004 4:08 pm |
|
I have a similar code from the same guy:
Code:
<?php
function logIP()
{
$ipLog="logfile.htm"; // Your logfiles name here (.txt or .html extensions ok)
// IP logging function by Dave Lauderdale
// Originally published at: [ Only registered users can see links on this board! Get registered or login! ]
$register_globals = (bool) ini_get('register_globals');
if ($register_globals) $ip = getenv(REMOTE_ADDR);
else $ip = $_SERVER['REMOTE_ADDR'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
{
fputs($log, "Logged IP address: $ip - Date logged: $date<br>");
}
else fputs($log, "Logged IP address: $ip - Date logged: $date\n");
fclose($log);
}
// Place the below function call wherever you want the script to fire.
logIp();
?>
|
And his explanation of how to set it up:
| Quote: |
IP logging function / IP logger script
This is just a simple PHP IP logging function / script which can be added to any already existing .php or .html file to log the date and time that the page was accessed and the IP address of the one who accessed it to a file on your server. This function / script checks to see if the logfile ends in either .html or .htm extensions as supposed to .txt or whatever so it can format the logfile correctly. The logFile must have writable permissions in order for the script to be able to write the data to it. This script will require that the log file have writable permissions.
You can use this function as a whole script if you like. Below are two possable ways to launch this script.
<html>
<head>
<title>Your page</title>
</head>
<body>
Your page content here...
<?php
include('ipLogScript.php');
?>
</body>
</html>
Just remember, however you include the code, the HTML page's extension will have to be changed to .php (or .phtml). If you want you can also use an <iframe> tag to load the PHP file like so: (NOTE: page with the <iframe> tag can have a .html extension). For an example of a script that uses an iframe tag see the 'Photo of the day' script in the PHP > Miscellaneous section.
<iframe src="ipLogScript.php" width=0 height=0></iframe>
If you only want to use this function in an already existing script then just add the function WITHOUT the opening and closing PHP tags (<?php ?>) to your script and call it by placing the function call (logIp() wherever you want it to fire in your script.
|
And this looks better but where would I put the logIp(); function within the .tpl file... I suppose as an iframe? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Nov 02, 2004 4:14 pm |
|
When you say you 'demoted' yourself, you would have to change your user_level code in your users table. Is that what you did? |
| |
|
|
|
|
southern
|
| Posted:
Tue Nov 02, 2004 4:45 pm |
|
No sir! I merely went into forums admin user management and changed one of my 'alter egos' from site admin to no special rank, then I used that name to check whether regular members could view IPs in modcp_viewip... and I could even after dumping my cache, deleting cookies, etc. I then re-set that name back to site admin. I have one God account and two alter egos all of which are site admins and I don't mess with the God one... anyway, since I could view IPs as a regular I have to assume that other members can, never mind what the mod of mine said, so I want to set up an email notification so I'll know if anyone other than my mods and me access that page, sort of a trust but verify thing.  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
