PDA

View Full Version : Programmer, need IP script!



JGjg
10-29-2002, 03:05 PM
Hi,

I'm looking for a script that will do this:

All IP addresses will be excluded from viewing a certain group of web-pages.

However, when somebody makes a purchase from a visible page, they are redirected to a page where their IP address gets logged, and then they are automatically able to view all of the restricted pages at the site...all of the sudden the once restricted pages will pop-up on their computer.

If they want a refund, I can manually open up the script, and delete their IP address from being included, then upload the page.


Perhaps PHP? ASP?

firepages
10-29-2002, 05:50 PM
Do you want your site to remember these people for next time ? , if so you need to look at something more reliable than the IP address which will change for manyusers on a daily basis.

If its a one-shot thing then <?$ip=$_SERVER[PHP_SELF];?> will grab the IP for you.

I would recommend looking at sessions and/or a user/pass scheme to be really sure, again it depends what you are doing and why.

JGjg
11-06-2002, 07:31 AM
I was just thinking of a cheap and uncomplicated way to have a subscription based section of a website...one that didn't require a username and password, but instead would remember their IP address

MCookie
11-06-2002, 10:20 AM
Millions of dial-up users don't have their own IP number. It's different every time they surf the web.
Also, when someone subscribes to your site while at work, he/she wouldn't be able to log in from home.

fivesidecube
11-06-2002, 01:40 PM
JGjg,

Cookies are the answer. If the user registers on your site write a cookie to their machine. You can record the value written to the machine and hence track which user is trying to access your site and permit those.

If the user doesn't have a cookie or the value isn't know by your site then your don't display the page.

firepages
11-06-2002, 04:31 PM
but not everyone will have cookies enabled (though most will) and cookies can be spoofed, which is why most subscription based sites use some type of server-side validation.

JGjg
11-06-2002, 05:13 PM
I should probably learn more about cookies and IP addresses.

The system I have in mind wouldn't need to be super crypto.

Maybe it could include a range of IP for the dial-ups and offer the option of registering 2 locations.

It's just an idea...I was getting sick of looking for passwords to cut and paste for some reg sites.


-JG

fivesidecube
11-06-2002, 09:28 PM
cookies can be spoofedAgreed, but if the server maintains a database of valid cookie values and the range of possible values is sufficiently large, then the likelyhood of being to stumble over another valid one is very remote.

whammy
11-07-2002, 02:08 AM
Cookies are still not the answer since someone that registers for your site at work, and then tries to access it from another computer will not have the cookie on the latter computer.

You absolutely cannot depend on IP addresses or cookies. IP addresses will probably change each time a dialup user logs on to the internet, and they may even change regularly with a high-speed cable or dsl user depending on their provider.

And regarding cookies, the client may not even have them enabled.

First of all you should understand the difference between client-side (what only is available on an individual user's computer, like a cookie or javascript) and server-side (which allows you to save information on a server to a database or a text file, independent of clients).

What you need to do is save their login information to a database (or at the very least, a text file - but learning databases is better and easier, since that's what they are for), and check the database when they login. It's one of the first things you should learn when you are doing this kind of thing.

If I were you I'd go through some relational database tutorials (they are not very hard), and go from there.

Check out http://hotwired.lycos.com/webmonkey/backend/databases/

The very first tutorial there, "Rugged ASP" is the best introductory relational database tutorial I'm aware of. And even though it's in ASP, the whole concept of relational databases applies to every server-side language.

:)

piglet
11-07-2002, 12:34 PM
Hi whammy,

I have to disagree - Cookies are the answer to this sort of problem - well at least in part.

As you rightly say - they're not the full answer. They are most useful where you have some user identifying information for a site where you don't want to bother the user with logging on each time - but you have to provide another mechanism where the user may log on from more than one computer.

IP address is pretty useless. Not only does it change on most dialups, but to try to use it to identify an individual is futile - someone buys something from the site at an "internet cafe" - the static IP is captured and then anyone else who goes there is recognised as that person?

No - just look at the way this forum works round the problem - cookies stop you from having to log by username and password on every visit, but the facility is there to do so on a new computer. You have the option to turn on or off cookie usage so that your cookie is not stored where you don't want it, or if you're just a paraniod who believes cookies are just evil.

You have to go for a combination of approaches like this to achieve anything which will be of any use.

whammy
11-07-2002, 08:37 PM
I didn't say not to use cookies to remember visitors - but without a login database they are practically useless if you want to know if someone has subscribed to your website.

'Cause anytime they deleted their cookies, they'd either have to resubscribe or contact the webmaster, and that would get annoying to them (and you) rather quickly. ;)

piglet
11-08-2002, 09:45 AM
Hmmm...isn't that what I said?

Hey Whammy - lighten up! Is it that time of the month again - or are you normally like this? ;)

I lol when you suggested fivesidecube read a tutorial about server side things - I think you'd probably find he knows rather a lot about the subject...if you'd bothered to ask rather than disparage!

whammy
11-10-2002, 05:29 AM
You're right, he probably does - I read the post as if he was replying to the original poster... my bad there. :|

I'm just trying to convince the original poster that a database (in conjunction with cookies is fine) MUST be used (and not IP addresses), in order to log someone into a website if you're going to have people register online.

As for you saying "Isn't that what I just said?" You pretty much said in your first post what I had said in my previous post as well. ;)