Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Tue Nov 02, 2004 10:53 am Reply with quote

I wonder how to secure the IP page in my forums so only mods and admins can view the IPs of posters... the theme I'm using has an IP button on the same row as Edit, Quote, etc. and when a mod or admin clicks it an IP page opens through modcp with all the IP numbers listed of posters. Is it possible to secure this, perhaps via http auth, or is this a non-issue- if only mods and admins can see it?
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Nov 02, 2004 2:34 pm Reply with quote

I think it's a non issue because they are the only ones who can see it.
 
View user's profile Send private message
southern
PostPosted: Tue Nov 02, 2004 3:58 pm Reply with quote

OK. One of my mods said he can't see it when he signs in as a regular member but I could still see it after demoting myself from admin to a regular and dumping my cache and all, so I thought I'd check... in addition this mod hangs out on a site in the UK, which I noticed from my referers, and I'd like to set a code on the modcp IP page so I'll know if he allows anyone to use his username to access the site. I found a php code that emails me but it'd have to be set in the modcp_viewip.tpl of the theme I use:
Code:


<?php

$to = 'adminatsouthernwolfdotnet';  // The email address you want notifiactaions sent to
$subject = 'Visitors IP'; // What do you want the subject line of notifications to be?

// PHP Script By Dave Lauderdale
// Published at: Only registered users can see links on this board! Get registered or login!

$visitorSpecs =
"<hr size=2 width=300 align=left>".
"<b>Visitor IP address:</b> ".$_SERVER['REMOTE_ADDR'].
"<br>".
"<b>Visitor system specs:</b> ".$_SERVER['HTTP_USER_AGENT'].
"<br>";

$headers = "Content-type: text/html \nFrom: IP sniffer script";

$body = "<body>
<br>
<table cellspacing=1 cellpadding=2 align=center>
<tr>
<td>
<b><font face=arial size=2>Website visitors IP address and system specs:</font></b>
</td></tr>
<tr>
<td>
<font face=arial size=2> ".$visitorSpecs." </font>
</td></tr></table>
</body>";

mail($to,$subject,$body,$headers);
?>

This works fine when I test it in a normal php file like footer.php, though I get flooded with emails, so what I need is to set this or some similar code into the viewip.tpl so I'll be notified of the IPs of anyone viewing that page... Thanks for any thoughts.
 
southern
PostPosted: Tue Nov 02, 2004 4:08 pm Reply with quote

I have a similar code from the same guy:
Code:



<?php

function logIP()
{
     $ipLog="logfile.htm"; // Your logfiles name here (.txt or .html extensions ok)

     // IP logging function by Dave Lauderdale
     // Originally published at: Only registered users can see links on this board! Get registered or login!

     $register_globals = (bool) ini_get('register_globals');
     if ($register_globals) $ip = getenv(REMOTE_ADDR);
     else $ip = $_SERVER['REMOTE_ADDR'];

     $date=date ("l dS of F Y h:i:s A");
     $log=fopen("$ipLog", "a+");

     if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
     {
          fputs($log, "Logged IP address: $ip - Date logged: $date<br>");
     }
     else fputs($log, "Logged IP address: $ip - Date logged: $date\n");

     fclose($log);
}
// Place the below function call wherever you want the script to fire.
logIp();


?>

And his explanation of how to set it up:
Quote:

IP logging function / IP logger script
This is just a simple PHP IP logging function / script which can be added to any already existing .php or .html file to log the date and time that the page was accessed and the IP address of the one who accessed it to a file on your server. This function / script checks to see if the logfile ends in either .html or .htm extensions as supposed to .txt or whatever so it can format the logfile correctly. The logFile must have writable permissions in order for the script to be able to write the data to it. This script will require that the log file have writable permissions.

You can use this function as a whole script if you like. Below are two possable ways to launch this script.



<html>
<head>
<title>Your page</title>
</head>
<body>
Your page content here...



<?php
include('ipLogScript.php');
?>



</body>
</html>



Just remember, however you include the code, the HTML page's extension will have to be changed to .php (or .phtml). If you want you can also use an <iframe> tag to load the PHP file like so: (NOTE: page with the <iframe> tag can have a .html extension). For an example of a script that uses an iframe tag see the 'Photo of the day' script in the PHP > Miscellaneous section.

<iframe src="ipLogScript.php" width=0 height=0></iframe>

If you only want to use this function in an already existing script then just add the function WITHOUT the opening and closing PHP tags (<?php ?>) to your script and call it by placing the function call (logIp()Wink wherever you want it to fire in your script.

And this looks better but where would I put the logIp(); function within the .tpl file... I suppose as an iframe?
 
Raven
PostPosted: Tue Nov 02, 2004 4:14 pm Reply with quote

When you say you 'demoted' yourself, you would have to change your user_level code in your users table. Is that what you did?
 
southern
PostPosted: Tue Nov 02, 2004 4:45 pm Reply with quote

No sir! I merely went into forums admin user management and changed one of my 'alter egos' from site admin to no special rank, then I used that name to check whether regular members could view IPs in modcp_viewip... and I could even after dumping my cache, deleting cookies, etc. I then re-set that name back to site admin. I have one God account and two alter egos all of which are site admins and I don't mess with the God one... anyway, since I could view IPs as a regular I have to assume that other members can, never mind what the mod of mine said, so I want to set up an email notification so I'll know if anyone other than my mods and me access that page, sort of a trust but verify thing. Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©