IP Finder for Uploader

**Jealousy** · 03-31-2006, 02:06 AM

http://jealousy.socomladders.co.uk/upload.php

So I made this uploader yesterday & now when anyone uploads a file, everyone could see it. It's partly because of the folders that are created by default, but I'm wondering.......

Is there a code that could recognize someone's IP, so that when someone views http://jealousy.socomladders.co.uk/upload.php they will only see THEIR files.

If not, then is there some sort of script that I could add WITH the current one I have to create usernames?

**djr33** · 03-31-2006, 05:40 AM

You have to create some sort of tracking system, probably a database.
A username and password would work as would IP. IP can change, so what if someone's changes? (Dial-up changes with every new connection!)

So... database, or some text file log or something. Look up doing either.

Then, in the php for displaying all the files, just say, from the database, something like 'If IP="(getIP)" {display}' and loop that so you get all the right results.... or something.
Also.... you're running a big security risk there ^_^

**Twey** · 03-31-2006, 10:35 AM

Also.... you're running a big security risk there ^_^

Uploaders usually are, but as they go, this one isn't too bad. S/he's used a whitelist for allowed filetypes, rather than a blacklist; and his/her script checks the extensions, or possibly the mimetypes, itself, rather than relying on the browser to do it.

**Jezz** · 03-31-2006, 09:25 PM

Ok im helping jealousy, im basically inserting the ip into a database then selecting WHERE their ip=the ip in the database.

Code:

$ip = @$REMOTE_ADDR;
    $message = ($result)?"$file_name uploaded successfully." :
     	      "Somthing is wrong with uploading a file.";
mysql_connect("***", "***", "***") or die(mysql_error());
mysql_select_db("***") or die(mysql_error());
mysql_query("INSERT INTO jealousy
(URL, IP) VALUES('http://socomladders.co.uk/$file_name', '$ip') ") 
or die(mysql_error());

Its just not inserting the ip, ive tried making the ip variable a simple word like 'hello' and it inserts it just fine. Its not retreiving the ip for some bizare reason.

It would be easier to do a username and password type thing. Want me to do that?

**Twey** · 03-31-2006, 09:36 PM

What's all this "@$REMOTE_ADDR" business? The correct way to obtain the IP address these days is:

Code:

$_SERVER['HTTP_REMOTE_ADDR']

**Jezz** · 03-31-2006, 10:04 PM

Yeh I should get round to using that, the thing is when echoing the @$REMOTE_ADDR; it came up fine - I have used it many times before and its worked fine.

Anyway I just coded him a simple user script so she should be ok now.

Thread: IP Finder for Uploader

Thread Tools

Search Thread

IP Finder for Uploader

Bookmarks

Bookmarks

Posting Permissions