Ip blocker for my website is very much needed

Darien Brown Posted in Technical Support 5 years ago

This is needed as I have repeat offenders on my website

Replies
Tatar Steven downer Replied 5 years ago

Bansh33,

I have indeed read through the complete post and including your replies. I understand and appreciate what has been said.

Both Darien and myself, as users of the OSSN system as admins, agree that an IP logging system, as a component, is required.

I cannot speak for Darien, but I myself am not a developer with the skillset of an OSSN developer, changing a few PHP lines or text here and there does not make me one.
The gist I have been getting from these pages is that this site/page is not an introduction to programming or how to write PHP scripts and I would not expect it to be. However, Darien’s request…..as with mine…..is clear. Can the developers, any developer, with the skillset beyond mine in the first instance, write an IP logging system as a component….The answer apparently is YES, they can and time and “other duties” with this site/page/forum aside, it is appreciated that it cannot be turned out at will without full consideration.

I do not think we are asking HOW TO write one, for as I have said previously, in the weeks since Darien first made the request, I have written a set of PHP scripts, outside of OSSN and not as a component, to get and record the IP/Proxy/VPN, and with a lookup to a free Lookup service API, obtain the ISP, city, country, Lat, Long and other information. We then, as admins only, use that to the Google maps API to display an approximate location, based upon the IP/ISP information obtained. I can, of course update the OSSN_USERS table but I opted to save the information outside of OSSN and in a separate table.

Tatar Steven downer Replied 5 years ago

Scrap the last message...Apparently I can reply, My response was too long I guess

Tatar Steven downer Replied 5 years ago

I have just written a response and your system is telling me I cannot ADD REPLY...

Has this been closed or have I been prevented from replying??

gb Rishi B Replied 5 years ago

@steven, you might want to read through my previous replies on this thread - i already explained fully how to save a user's ip to the ossn database, and Arsalan provided another method for saving the data as well.

Tatar Steven downer Replied 5 years ago

Bansh33,

Indeed, I have used
$SERVER['HTTPCLIENTIP'];
$
SERVER['HTTPXFORWARDEDFOR'];
$
SERVER['REMOTEADDR'];
$
SERVER["HTTPCFCONNECTING_IP"];

and a few others from standard $_SERVER scripts to obtain the IP to then lookup with an API.

getting the IP is just part of the story....if you just want to record the IP then such scripts would work fine and can obviously be sent to a SQL database.

if a more accurate record is required then a Lookup API would be needed or a subscription to something like Maxmind, etc, with its own databases to download.

Given that Darien originally asked about an "IP BLOCKER", then a separate script would also have to query the database to determine if a recorded ip address should or should not be allowed to go through.

This can be done outside of OSSN or within OSSN as a component. I have chosen the former, as of yet I am not familiar with writing components to that level.

I see such a script/component as important and note what has been said previously on it but would agree with Darien that it is required, and feel that whichever component developer should not make a unilateral decision that such a component is not required, unless there are strong technical reasons for not doing it, which I find difficult to see, in my humble opinion.

But that is just me.

gb Rishi B Replied 5 years ago

it's in the superglobal $_SERVER in php and in most cases you can use $_SERVER['REMOTE_ADDR'] to get the client ip address in a script. there are certain cases where it may be under one of the other indices in that superglobal, such as HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_FORWARDED and maybe a couple more that i'm forgetting. i know there are several posts on stackoverflow that describe comprehensive ways of getting the client IP address.

Tatar Steven downer Replied 5 years ago

Darien,

If you are familiar with PHP and SQL databases then it is fairly easy to write a Client/remote IP address script (or even for the User agent for the browser as well) but the trick for the ISP is to get a lookup via an IP Address API if you were interested in recording the ISP.

Certainly the IP address can be found, even if they are hiding behind a proxy.

Once you have the script for getting the IP address and writing it to a database then it could be used with a PHP INCLUDE statement even before hitting the OSSN website. After that, it depends on what you want to do with the information and it would be subject to Data protection laws as with other information recorded.

I have noticed that there are 2 new components available to remove Gender and to remove Birthdate from a OSSN created website....apparently these were created "on user requests.".

Given that for security reasons the recording of an IP address is far more relevant that removing genders, then perhaps if more members requested an IP ADDRESS log component then it may happen.

For now, I have used my own script, written since you made this post and it works well. It is not a component made for OSSN.

gb Rishi B Replied 5 years ago

gotcha, I meant a callback, they can be easy to confuse... lol

Indonesian Arsalan Shah Replied 5 years ago

You still need a callback, there is a callback for login and hook for registration, you may use that to enter into those events. I was referring in case you want to store something to user within those events you may use that code.

gb Rishi B Replied 5 years ago

wouldn't you still have to set that data via a hook though? what I mean is, wouldn't the code ending with $user->save() still have to be run as part of the login hook? I do see what you mean about how that avoids the need to add an extra column to the users table, that is certainly useful to know.