Quote:
|
Originally Posted by adpboss
Personally, I got lost in all this code somewhere. I know it can be redundant but it's great when people put the whole mod in a single thread or update their original post.
|
Good idea. :P
Here it is. Follow the steps, and for those of you who already got it working, let me know if I missed anything.
If you have Xcart 3.5.8+, change the following shown below in
top.inc.php...
Code:
if (!in_array($__key, array("HTTP_GET_VARS","HTTP_POST_VARS","HTTP_SERVER_VARS","HTTP_ENV_VARS","HTTP_COOKIE_VARS","HTTP_POST_FILES","__key","__val")))
...to have these additional array elements
,"_GET","_POST","_SERVER" so that you have the code:
Code:
if (!in_array($__key, array("HTTP_GET_VARS","HTTP_POST_VARS","HTTP_SERVER_VARS","HTTP_ENV_VARS","HTTP_COOKIE_VARS","HTTP_POST_FILES","__key","__val","_GET","_POST","_SERVER")))
Next, check your PHP server settings using a script containing
<?php phpinfo(); ?> to determine if
register_globals is on. If it is, and you cannot directly change it, add the the line
php_value register_globals 0 to your
root .htaccess file. This is done for security reasons.
After you have completed the above, create a file named
fetch_remote_address.php in the Xcart
include/ directory. Add the following to that file:
Code:
<?php
##########################################################################
## ## Fetch Remote Address ## ##
##########################################################################
## ##
## Fetches all levels of a customer's IP addresses. ##
##########################################################################
## Version: 1.0.1 (6/15/2004)
## Last updated: 6/17/2004
function fetch_remote_address() {
# Record basic remote address.
$remote_address = $_SERVER['REMOTE_ADDR'];
# Take proxies into consideration or IPs behind a LAN.
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != 'unknown' && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR']) {
$HXFF_temp = preg_replace('/, ?unknown/i','',$_SERVER['HTTP_X_FORWARDED_FOR']); // Remove any trailing 'unknowns'.
$remote_address .= ','.$HXFF_temp;
}
if (isset($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP'] != 'unknown' && $_SERVER['HTTP_CLIENT_IP'] != $_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_CLIENT_IP'] != $_SERVER['REMOTE_ADDR']) {
$HCI_temp = preg_replace('/, ?unknown/i','',$_SERVER['HTTP_CLIENT_IP']); // Remove any trailing 'unknowns'.
$remote_address .= ','.$HCI_temp;
}
return $remote_address;
}
?>
Now open
include/func.php, find the declaration for the function
func_place_order(), and add the following directly
below the lines containing
global at the start of the function:
Code:
include_once($xcart_dir.'/include/fetch_remote_address.php');
In that same function in func.php, add
directly after
to the SQL statement in the code block which starts off with
Code:
db_query("INSERT INTO $sql_tbl[orders]
and add
Code:
, '".addslashes(fetch_remote_address())."'
directly after
in that same SQL statement.
Finally, use PHPMyAdmin or some similar MySQL database administration software, to add the field
ip after the field
email. The data type for the
ip field should be
varchar(12
to accomodate the entire string of IP adresses from each type of IP that any customer could have.
There is the possibility that the customer could have a longer IP address list than will fit in a 128 character length field. However, if that is the case then they are probably hiding behind a range of proxies to obfuscate themselves, which points to possible fraud. You can increase the IP field data type to any length if you feel so inclined.
Again, please let me know if I left any step out. I really hope this works this time!
