SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member
    Join Date
    Feb 2014
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Storing IP address in Mysql then using for verification

    Hey guys and gals,
    I am fairly new to PHP, taught myself the basics for my company but struggling, so I used Usercake to create a secure login page as the one I wrote was terrible, SQL injections the works.

    Now I am a little bit more experienced, but I am trying to set it so that the IP address can be used for verification, basically my boss only wants people to log in when they are on the specific IP address. We know the IP addresses will not change.

    I know that

    Code:
    $ip=$_SERVER['REMOTE_ADDR'];
    is probably the thing I need, the question is how I am to store it..

    I have tried several times, but because I do it on usercake which I did not write, it seems to have a massive spaz.

    Here is an example of the register script:

    Code:
    if (!empty($_POST)) {
                    $errors       = array();
                    $email        = trim($_POST["email"]);
                    $username     = trim($_POST["username"]);
                    $displayname  = trim($_POST["displayname"]);
                    $password     = trim($_POST["password"]);
                    $confirm_pass = trim($_POST["passwordc"]);
                    $captcha      = md5($_POST["captcha"]);
                    
                    
                    if ($captcha != $_SESSION['captcha']) {
                                    $errors[] = lang("CAPTCHA_FAIL");
                    }
                    if (minMaxRange(5, 25, $username)) {
                                    $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT", array(
                                                    5,
                                                    25
                                    ));
                    }
                    if (!ctype_alnum($username)) {
                                    $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS");
                    }
                    if (minMaxRange(5, 25, $displayname)) {
                                    $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(
                                                    5,
                                                    25
                                    ));
                    }
                    if (!ctype_alnum($displayname)) {
                                    $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
                    }
                    if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $confirm_pass)) {
                                    $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT", array(
                                                    8,
                                                    50
                                    ));
    and here is my sql table field..

    13 ipaddress int(10) UNSIGNED Yes NULL
    any help would be great please.

  2. #2
    Community Advisor bronze trophy
    fretburner's Avatar
    Join Date
    Apr 2013
    Location
    Brazil
    Posts
    1,395
    Mentioned
    45 Post(s)
    Tagged
    12 Thread(s)
    Hi,

    Quote Originally Posted by marriott81 View Post

    and here is my sql table field..
    13 ipaddress int(10) UNSIGNED Yes NULL
    any help would be great please.
    You won't be able to store an IP address in an integer field.. the field will need to be varchar(15), as the maximum length of an IP address is going to be 15 chars and it'll have to be stored as a string because it's not a valid numerical format.

  3. #3
    SitePoint Member
    Join Date
    Feb 2014
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for heads up, have changed it

    now just to work out how to get it into it..

  4. #4
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,139
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Unless you are doing simple compares like $current_ip == $db_ip dealing with the "dotted quad" format could get messy.

    You can change them to an Int. I forgot how and I couldn't find the old post or the code I used, but @paul_wilkins ; should remember how.

    Something like
    first*10^3 + second*10^2 + third*10 + fourth

  5. #5
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,180
    Mentioned
    65 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Mittineague View Post
    Unless you are doing simple compares like $current_ip == $db_ip dealing with the "dotted quad" format could get messy.

    You can change them to an Int. I forgot how and I couldn't find the old post or the code I used, but @paul_wilkins ; should remember how.

    Something like
    first*10^3 + second*10^2 + third*10 + fourth
    http://www.aboutmyip.com/AboutMyXApp/IP2Integer.jsp - Looks like your right. I'm not sure how you would handle IP ranges though. I wonder if this does allow for a simple greater / less than logic to be applied to it.

  6. #6
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,139
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Thanks for finding that. I wouldn't have found "octet" searching for "quad".
    And it is 256 not 10. I think in base 10 and sometimes forget computers think in bits.

    As for being easier, I guess it depends on what you want to do with them.
    Strings work fine for simple compares.

    For more it becomes tricky and messy quick, using split, array functions, regex, etc. to work with ranges.

  7. #7
    SitePoint Member
    Join Date
    Feb 2014
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When a user registers, I need the IP address to be stored in the SQL db, when the user tries to log back on I need the IP to be validated. Little confused as to how to do it.

  8. #8
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,139
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    The reason I wanted to get away from the "dotted quad" format was because I wanted to sort the IPs and they didn't sort well at all that way.

    Sounds like you're thinking of a simple comparison though so you're lucky there.

    One potential problem you should think about is changing IPs

    Many ISPs use more than one IP for example MyISP might use 111.122.123.xxx where xxx is anything from 0 to 255
    And they might even have more than one range. eg. not only 111.122.123.xxx but also 57.34.22.xxx where xxx is anything from 0 to 50

    The point is, many legitimate users might have registration IPs that differ from their current one they're using.

  9. #9
    SitePoint Member
    Join Date
    Feb 2014
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Mitt,

    thankfully the people we work with are going to have Static IPs no matter what, they will never change them unless planned. We also have a very niche customer base so not too worried about the average user


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •