Logging IP numbers

NuAlpha · #61 07-06-2004, 05:54 PM

Quote:

Originally Posted by adpboss

Personally, I got lost in all this code somewhere. I know it can be redundant but it's great when people put the whole mod in a single thread or update their original post.

Good idea. :P

Here it is. Follow the steps, and for those of you who already got it working, let me know if I missed anything.

If you have Xcart 3.5.8+, change the following shown below in top.inc.php...

Code:

if (!in_array($__key, array("HTTP_GET_VARS","HTTP_POST_VARS","HTTP_SERVER_VARS","HTTP_ENV_VARS","HTTP_COOKIE_VARS","HTTP_POST_FILES","__key","__val")))

...to have these additional array elements ,"_GET","_POST","_SERVER" so that you have the code:

Code:

if (!in_array($__key, array("HTTP_GET_VARS","HTTP_POST_VARS","HTTP_SERVER_VARS","HTTP_ENV_VARS","HTTP_COOKIE_VARS","HTTP_POST_FILES","__key","__val","_GET","_POST","_SERVER")))

Next, check your PHP server settings using a script containing <?php phpinfo(); ?> to determine if register_globals is on. If it is, and you cannot directly change it, add the the line php_value register_globals 0 to your root .htaccess file. This is done for security reasons.

After you have completed the above, create a file named fetch_remote_address.php in the Xcart include/ directory. Add the following to that file:

Code:

<?php
##########################################################################
##                      ## Fetch Remote Address ##                      ##
##########################################################################
##                                                                      ##
## Fetches all levels of a customer's IP addresses.                     ##
##########################################################################
## Version: 1.0.1 (6/15/2004)
## Last updated: 6/17/2004

function fetch_remote_address() {
	# Record basic remote address.
	 $remote_address = $_SERVER['REMOTE_ADDR'];
	# Take proxies into consideration or IPs behind a LAN.
	if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != 'unknown' && $_SERVER['HTTP_X_FORWARDED_FOR'] != $_SERVER['REMOTE_ADDR']) {
		$HXFF_temp = preg_replace('/, ?unknown/i','',$_SERVER['HTTP_X_FORWARDED_FOR']); // Remove any trailing 'unknowns'.
		$remote_address .= ','.$HXFF_temp;
	}
	if (isset($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP'] != 'unknown' && $_SERVER['HTTP_CLIENT_IP'] != $_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_CLIENT_IP'] != $_SERVER['REMOTE_ADDR']) {
		$HCI_temp = preg_replace('/, ?unknown/i','',$_SERVER['HTTP_CLIENT_IP']); // Remove any trailing 'unknowns'.
		$remote_address .= ','.$HCI_temp;
	}
	
	return $remote_address;
}

?>

Now open include/func.php, find the declaration for the function func_place_order(), and add the following directly below the lines containing global at the start of the function:

Code:

include_once($xcart_dir.'/include/fetch_remote_address.php');

In that same function in func.php, add

Code:

, ip

directly after

Code:

, email

to the SQL statement in the code block which starts off with

Code:

db_query("INSERT INTO $sql_tbl[orders]

and add

Code:

, '".addslashes(fetch_remote_address())."'

directly after

Code:

'$userinfo[email]'

in that same SQL statement.

Finally, use PHPMyAdmin or some similar MySQL database administration software, to add the field ip after the field email. The data type for the ip field should be varchar(12 to accomodate the entire string of IP adresses from each type of IP that any customer could have.

There is the possibility that the customer could have a longer IP address list than will fit in a 128 character length field. However, if that is the case then they are probably hiding behind a range of proxies to obfuscate themselves, which points to possible fraud. You can increase the IP field data type to any length if you feel so inclined.

Again, please let me know if I left any step out. I really hope this works this time!

BCSE · #62 07-06-2004, 05:54 PM

Adpboss,

Just FYI, I got this to work in 3.5.5 with Boomer's original post in the first page of this thread. So if you try getting it to work in something earlier than 3.5.8, you should be able to with Boomer's original post.

This is knawing at me too. Maybe I'll install 3.5.9 tonight and work on it sooner than later. I'll let you guys know if I figure it out as I'll want to be using it when I upgrade to 3.5.9 anyway.

I agree that it should be standard.

Carrie

adpboss · #63 07-06-2004, 06:34 PM

3.5.9

I'll try NuAlpha's mod. Seems exotic but he's just crazy enough to make it work.

Thanks for reposting NuAlpha.

NuAlpha · #64 07-06-2004, 06:40 PM

Quote:

Originally Posted by adpboss

I'll try NuAlpha's mod. Seems exotic but he's just crazy enough to make it work.

Thanks for reposting NuAlpha.

Sorry if the directions look wacky. I might just edit them if I think of a better way of stepping through them.

B00MER · #65 07-06-2004, 07:02 PM

More than likely the global was stripped, although I can't find much to confirm it in the CHANGELOG, course this was probably meant to be left out since its a detourant to keep script kiddies away from injecting code segments into places they don't belong.

I beleive this was added in 3.5.8. Anyone confirm?

If I get a chance I'll get 3.5.9 installed locally and generate a .diff patch for easier installation.

Anyhow...

NuAlpha · #66 07-06-2004, 07:35 PM

Quote:

Originally Posted by B00MER

If I get a chance I'll get 3.5.9 installed locally and generate a .diff patch for easier installation.

What program do you use for this?

GM · #67 07-06-2004, 09:25 PM

I really have to start keeping better records of my mods and my mods to other peoples mods, I have this working in 3.5.9 but I can't remember how I did it?

If I remember I'll post it.

B00MER · #68 07-07-2004, 12:20 PM

Best reference for diff and patch tools is:

http://www.drupal.org/book/view/323

dvanhoos · #69 07-07-2004, 02:41 PM

NuAlpha,

I've been struggling with this for some time and finally got it to work after following your instructions to the letter! Appreciate the help. FYI I'm pretty sure it was because I had register_globals set to "On".

David

NuAlpha · #70 07-07-2004, 03:01 PM

Quote:

Originally Posted by dvanhoos

NuAlpha,

I've been struggling with this for some time and finally got it to work after following your instructions to the letter! Appreciate the help. FYI I'm pretty sure it was because I had register_globals set to "On".

David

Hopefully you won't be the only one to get this working!

I am stumped why IP logging for logins would be built into Xcart by default but not IP logging for orders.

Which, by the way, if you want every form of IP address detected during login, open the file include/login.php and add:

Code:

include_once($xcart_dir.'/include/fetch_remote_address.php');

right below:

Code:

require $xcart_dir."/config.php";

...which is at the top of the file.

After that, do a find on db_query("REPLACE INTO within the same file. Replace every:

Code:

'$REMOTE_ADDR'

in every one of those SQL statements that start as db_query("REPLACE INTO (a total of three) with the following:

Code:

'.fetch_remote_address().'