PDA

View Full Version : IP Finder for Uploader



Jealousy
03-31-2006, 02:06 AM
http://jealousy.socomladders.co.uk/upload.php

So I made this uploader yesterday & now when anyone uploads a file, everyone could see it. It's partly because of the folders that are created by default, but I'm wondering.......


Is there a code that could recognize someone's IP, so that when someone views http://jealousy.socomladders.co.uk/upload.php they will only see THEIR files.

If not, then is there some sort of script that I could add WITH the current one I have to create usernames?

djr33
03-31-2006, 05:40 AM
You have to create some sort of tracking system, probably a database.
A username and password would work as would IP. IP can change, so what if someone's changes? (Dial-up changes with every new connection!)

So... database, or some text file log or something. Look up doing either.

Then, in the php for displaying all the files, just say, from the database, something like 'If IP="(getIP)" {display}' and loop that so you get all the right results.... or something.
Also.... you're running a big security risk there ^_^

Twey
03-31-2006, 10:35 AM
Also.... you're running a big security risk there ^_^Uploaders usually are, but as they go, this one isn't too bad. S/he's used a whitelist for allowed filetypes, rather than a blacklist; and his/her script checks the extensions, or possibly the mimetypes, itself, rather than relying on the browser to do it.

Jezz
03-31-2006, 09:25 PM
Ok im helping jealousy, im basically inserting the ip into a database then selecting WHERE their ip=the ip in the database.


$ip = @$REMOTE_ADDR;
$message = ($result)?"$file_name uploaded successfully." :
"Somthing is wrong with uploading a file.";
mysql_connect("***", "***", "***") or die(mysql_error());
mysql_select_db("***") or die(mysql_error());
mysql_query("INSERT INTO jealousy
(URL, IP) VALUES('http://socomladders.co.uk/$file_name', '$ip') ")
or die(mysql_error());


Its just not inserting the ip, ive tried making the ip variable a simple word like 'hello' and it inserts it just fine. Its not retreiving the ip for some bizare reason.

It would be easier to do a username and password type thing. Want me to do that?

Twey
03-31-2006, 09:36 PM
What's all this "@$REMOTE_ADDR" business? The correct way to obtain the IP address these days is:
$_SERVER['HTTP_REMOTE_ADDR']

Jezz
03-31-2006, 10:04 PM
Yeh I should get round to using that, the thing is when echoing the @$REMOTE_ADDR; it came up fine - I have used it many times before and its worked fine.

Anyway I just coded him a simple user script so she should be ok now.