...

View Full Version : Signup check?



markman641
10-04-2011, 12:47 AM
Ok I have a simple signup form on my website:


<form action="doregister.php" method="post">
<table width="220" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2"><div class="menu"> <span class="menu_txt">Register</span></div></td>
</tr>
<tr>
<td colspan="2" bgcolor="#10d305"></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Username </td>
<td bgcolor="#10d305"><input name="u" type="text" size="16" maxlength="16" /></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Password</td>
<td bgcolor="#10d305"><input name="p" type="password" size="16" maxlength="16" /></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Email</td>
<td bgcolor="#10d305"><input name="e" type="text" size="16" maxlength="75" /></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Location</td>
<td bgcolor="#10d305"><select name="country" style="width:150px;" id="country">
<option value="United States" selected="selected">United States</option>
<option value="Canada">Canada</option>
<option value="United Kingdom" >United Kingdom</option>
a whole bunch of <options> here
</select></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Address</td>
<td bgcolor="#10d305"><input type="text" name="address" size="16" /></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Phone Number</td>
<td bgcolor="#10d305"><input type="text" name="phone" size="16" /></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Age</td>
<td bgcolor="#10d305"><input type="text" name="age" size="5" /></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Gender</td>
<td bgcolor="#10d305"><select name="gender" size="1">
<option value='male'>Male</option>
<option value='female'>Female</option>
</select></td>
</tr>
<tr>
<td bgcolor="#10d305" class="freeroll_txt">Referrer </td>
<td bgcolor="#10d305"><input name="ref" type="text" value="<?=$_GET['ref']?>" size="10" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#10d305"><div align="center">
<input type="submit" value="Register" />
<br>
By clicking Register, you agree to our <a href='terms.php'target=”_blank”>TOS</a>
<tr>
<td bgcolor="#10d305"><input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" size="10" /></td>
</tr>
</div></td>
</tr>
</table>
</form>
<br />


Now the doregister page says this:


<?
session_start();
include("config.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?=$title?></title>
<link href="style.css" rel="stylesheet" type="text/css" />
<meta name="description" content="<?=$metadesc?>" />
<meta name="keywords" content="<?=$metakeywords?>" />

</head>
<body>

<?php
$showip = $_SERVER['REMOTE_ADDR']
?>

<table width="960" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2"><img src="images/logo.png" alt="" width="322" height="90" /></td>
</tr>
<tr>
<td colspan="2">
<?
if ($_SESSION['Board']) {
include ("membersnav.php");
} else {
include ("nav.php");
}
?>
</td>
</tr>
<tr>
<td colspan="2">
</td>
</tr>
<tr>
<td width="240" height="661" valign="top" bgcolor="#2baa0e"><br />

<?
if ($_SESSION['Board']) {
} else {
include("login_inc.php");
include("register_inc.php");
}
?>


<div align="center"><? include("sidebar1.php"); ?></div></td>
<td width="720" height="661" valign="top" bgcolor="#2baa0e">
<div align="center">
<table width="710" border="0" cellspacing="0" cellpadding="3">
<tr>
<td valign="top"><br />
<table width="710" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><div class="menu">
<span class="menu_txt">Register</span></div>
</td>
</tr>
<tr>
<td bgcolor="#10d305">

</td>
</tr>
<tr>
<td bgcolor="#10d305"> <div align="center">
<?

$u = $_POST['u'];
$p = $_POST['p'];
$e = $_POST['e'];
$country = $_POST['country'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$g = $_POST['gender'];
$a = $_POST['age'];
$ref = $_POST['ref'];
$ip = $_POST['ip'];

$u = htmlspecialchars($u);
$p = htmlspecialchars($p);
$e = htmlspecialchars($e);
$g = htmlspecialchars($g);
$d = htmlspecialchars($d);
$ref = htmlspecialchars($ref);
$ip = htmlspecialchars($ip);

if($u && $p && $e && $a && $g && $ip) {
$check = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`=\"$u\""));

if($check==0) {

$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$sign = $_POST['sign'];

$month = htmlspecialchars($month);
$day = htmlspecialchars($day);
$year = htmlspecialchars($year);
$sign = htmlspecialchars($sign);

$date = date("m/d/y");

// remove spaces
// $uu = str_replace (" ", '$u', $uu);
// echo $uu;
// echo $u;
// die;

$insert = mysql_query("INSERT INTO `members` (`country`, `address`, `phone`, `gender`, `age`, `date`, `dob`, `username`, `password`, `email`, `ref`, `ip` ) VALUES('$country', '$address', '$phone', '$g', '$a', '$date', '$month/$day/$year', \"$u\", \"$p\", \"$e\", \"$ref\", '$ip')");
$msg = mysql_query("INSERT INTO `messages` (`to`, `from`, `subject`, `message`, `status`, `date`) VALUES(\"$u\", 'admin', 'Welcome', '$mess', 'unread', '$date')");
$rctpts = mysql_query("INSERT INTO `recentpoints` (`message`) VALUES('$u just joined! Welcome!')");



$_SESSION['Board'] = $u;
if (session_register('Board')) {
print "You have been registered. You are now able
to access all of the features on this site.<p>
<a href=\"index.php\">Click here to continue</a>";
print "";
}
else {
print "Cant set session!";
}

}
else {
print "User already exists!";
}
}
else {
print "All fields required!";
}
?>
</div></td>
</tr>
</table><br /> <div align="center"></div>
</td>
</tr>
</table>
</div>
</td>
</tr>
<tr>
<td colspan="2"><br />
<? include ("footer.php"); ?></td>
</tr>
</table>


</body>
</html>



Now how would i take the $ip and check the Members database and if it is already in there Echo "Only one account per IP!"

markman641
10-04-2011, 01:07 AM
This was a LOT simpler then I thought.




...

if($u && $p && $e && $a && $g && $ip) {
$check = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `username`=\"$u\""));
$ipcheck = mysql_num_rows(mysql_query("SELECT * FROM `members` WHERE `ip`=\"$ip\""));

if($ipcheck==0) {
if($check==0) {

....



and at the end..





....

}
else {
print "Only one account per IP!";
}
}
else {
print "All fields required!";
}
?>

Old Pedant
10-04-2011, 08:00 AM
Ummm...and what will you do about members who signup who have companies such as AOL or Earthlink as their ISPs?

Such companies (a) don't assign static IPs, so each time a user logs in to your site he/she may have a *different* IP and (b) any give IP address may be used by thousands or even hundreds of thousands of users.

Even people such as myself, who have a unique IP address, may be serviced by a large company such as GoDaddy or Frontier which reserves the right to change their IP address at any time. (I know that occurred to me recently. A site to which I have special privileges locked me out because my IP address was changed by my host. Fortunately, I have a "back door" and was able to go change my credentials, else I'd have had to have asked the site manager to go in and manually change it for me.)

In short, IP addresses are among the worst ways to identify your users.

markman641
10-11-2011, 05:14 AM
its just a way to stop signups with the same IP, thats all

Old Pedant
10-11-2011, 05:42 AM
Obviously you didn't read what I wrote. What do you do if you have, say, two Earthlink customers who both want to sign up. And just by coincidence they get assigned the same IP address???

One more time: An IP address can *NOT* be used to identify a single person. If you only have a dozen people on your site, you *might* be okay.

BubikolRamios
10-11-2011, 06:03 PM
One more time: An IP address can *NOT* be used to identify a single person. If you only have a dozen people on your site, you *might* be okay.

If they all have static ip & all only one person accessing your site per 1 ip. Close to impossible situation as Old Pedant said.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum