1. 首頁
  2. 問答
  3. 創建帳戶時需要幫助記錄用戶的IP

創建帳戶時需要幫助記錄用戶的IP

2017-09-15 92 views
-2

我很新的編碼PHP(非常新) ,我爲我的網站創建了一個登錄/註冊系統我目前有一個工作系統,輸入他們的「id int (11)「用戶名,電子郵件和密碼。我現在想添加一個IP列,在創建帳戶時記錄他們的IP。
創建帳戶時需要幫助記錄用戶的IP

我的問題很明顯是我如何才能增加我的代碼的方式來輸入的用戶的IP(只是對我來說,測試的東西和學到的東西網站)地址一旦他們創建一個帳戶在我的網站... 。

我對server.php當前的代碼

<?php 
session_start(); 

// variable declaration 
$username = ""; 
$email = ""; 
$errors = array(); 
$_SESSION['success'] = ""; 

// connect to database 
$db = mysqli_connect('localhost','user','password','db') 
or die('Error connecting to MySQL server.'); 

// REGISTER USER 
if (isset($_POST['reg_user'])) { 
    // receive all input values from the form 
    $username = mysqli_real_escape_string($db, $_POST['username']); 
    $email = mysqli_real_escape_string($db, $_POST['email']); 
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']); 
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']); 

    // form validation: ensure that the form is correctly filled 
    if (empty($username)) { array_push($errors, "Username is required"); } 
    if (empty($email)) { array_push($errors, "Email is required"); } 
    if (empty($password_1)) { array_push($errors, "Password is required"); } 

    if ($password_1 != $password_2) { 
     array_push($errors, "The two passwords do not match"); 
    } 

    // register user if there are no errors in the form 
    if (count($errors) == 0) { 
     $password = md5($password_1);//encrypt the password before saving in the database 
     $query = "INSERT INTO users (username, email, password) 
        VALUES('$username', '$email', '$password')"; 
     mysqli_query($db, $query); 
     $_SESSION['username'] = $username; 
     $_SESSION['success'] = "You are now logged in"; 
     header('location: index.php'); 

     mysql_error(); 
    } 

} 

// ... 

// LOGIN USER 
if (isset($_POST['login_user'])) { 
    $username = mysqli_real_escape_string($db, $_POST['username']); 
    $password = mysqli_real_escape_string($db, $_POST['password']); 

    if (empty($username)) { 
     array_push($errors, "Username is required"); 
    } 
    if (empty($password)) { 
     array_push($errors, "Password is required"); 
    } 

    if (count($errors) == 0) { 
     $password = md5($password); 
     $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; 
     $results = mysqli_query($db, $query); 

     if (mysqli_num_rows($results) == 1) { 
      $_SESSION['username'] = $username; 
      $_SESSION['success'] = "You are now logged in"; 
      header('location: index.php'); 
     }else { 
      array_push($errors, "Wrong username/password combination"); 
     } 
    } 
} 

?>

來源

2017-09-15 Wolly Linka

+0

您還沒有提問任何問題 – symcbean

+0

瞭解如何使用預處理語句。您可以在這裏打開SQL注入。 'mysqli_escape_string()'不足以保護你免受所有攻擊。 – miken32

+0

@symcbean您可以清楚地看到我說的 「我現在想添加一個IP列,在創建帳戶時記錄他們的IP。」 我沒有來這裏告訴你我想做什麼...閱讀標題 –

回答

1

獲得T中的最簡單方法他訪客/客戶的IP address正在使用$_SERVER['REMOTE_ADDR']$_SERVER['REMOTE_HOST']變量。

但是,有時這不會返回訪問者的正確IP地址,所以我們可以使用其他一些服務器變量來獲取IP地址。

下面的兩個函數僅與從中檢索值的方式和區別相同。

getenv()用於獲取PHP中環境變量的值。

// Function to get the client IP address 
function get_client_ip() { 
    $ipaddress = ''; 
    if (getenv('HTTP_CLIENT_IP')) 
     $ipaddress = getenv('HTTP_CLIENT_IP'); 
    else if(getenv('HTTP_X_FORWARDED_FOR')) 
     $ipaddress = getenv('HTTP_X_FORWARDED_FOR'); 
    else if(getenv('HTTP_X_FORWARDED')) 
     $ipaddress = getenv('HTTP_X_FORWARDED'); 
    else if(getenv('HTTP_FORWARDED_FOR')) 
     $ipaddress = getenv('HTTP_FORWARDED_FOR'); 
    else if(getenv('HTTP_FORWARDED')) 
     $ipaddress = getenv('HTTP_FORWARDED'); 
    else if(getenv('REMOTE_ADDR')) 
     $ipaddress = getenv('REMOTE_ADDR'); 
    else 
     $ipaddress = 'UNKNOWN'; 
    return $ipaddress; 
}

$ _SERVER是一個包含由Web服務器創建的服務器變量的數組。

// Function to get the client IP address 
function get_client_ip() { 
    $ipaddress = ''; 
    if (isset($_SERVER['HTTP_CLIENT_IP'])) 
     $ipaddress = $_SERVER['HTTP_CLIENT_IP']; 
    else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 
     $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; 
    else if(isset($_SERVER['HTTP_X_FORWARDED'])) 
     $ipaddress = $_SERVER['HTTP_X_FORWARDED']; 
    else if(isset($_SERVER['HTTP_FORWARDED_FOR'])) 
     $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; 
    else if(isset($_SERVER['HTTP_FORWARDED'])) 
     $ipaddress = $_SERVER['HTTP_FORWARDED']; 
    else if(isset($_SERVER['REMOTE_ADDR'])) 
     $ipaddress = $_SERVER['REMOTE_ADDR']; 
    else 
     $ipaddress = 'UNKNOWN'; 
    return $ipaddress; 
}

來源

2017-09-15 19:44:41 Ank

+0

現在我該如何實現這個代碼到我的server.php,以便每次有人創建一個帳戶時都會記錄下來?謝謝你的信息! –

+0

請記住,除了'$ _SERVER ['REMOTE_ADDR']'之外的任何東西都可以很容易地被篡改,如果有惡意意圖的人想要冒充別人,並用一個「X-Forwarded-For」可以放任何他們想要的。在相信任何其他標頭所說的內容之前,根據已知的受信任代理IP檢查遠程地址。 – SeinopSys

+0

@WollyLinka您可以簡單地使用'$ ipaddress = $ _SERVER ['REMOTE_ADDR'];'然後將$ ipaddress的值保存到MySQL表中。 – Ank

相關問題

 相關問題