tracking log-in user
Quote: $ENV{'REMOTE_HOST'}..$ENV{'REMOTE_ADDR'}..$ENV{'HTTP_USER_AGENT'}..$ENV{HTTP_REFERER}
The above 4 ENV has been used to track log-in user's information..
However, that is not very useful as a lot of smimiler information may get..
I like to minimise the similarity of various users so a unique user may be tracked..
What other %ENV should I get..
ps..
for certain reasons, the script do not allow to use log-in user/password or cookie authentification functionality...
Mark Hensler posted this at 18:12 — 27th March 2002.
He has: 4,048 posts
Joined: Aug 2000
You could use cookies, and save a unique string for identification...
I'm using PHP sessions + $REMOTE_ADDR.
Here is a snippet from my WAHL project. This is taken from my login.php. I am using user/pass, so I tried to take that stuff out.
// prevent people from passing a fake remote_ip
$remote_ip = getenv("REMOTE_ADDR");
// . . . . . . . . .
// kill previous session
// use both session ID/IP to make sure that no one else tries to
// kill someone elses session
if ($sid != NULL) {
$query = "DELETE FROM " . _DBNAME . '.' . _DBTABLE_SESSIONS
." WHERE session_id='$sid'"
." AND session_ip='$remote_ip'";
$result = mysql_query($query);
if (!$result) {
Query_Error(__FILE__, __LINE__, $query);
}
}
// . . . . . . .
// get the user's ID
list($uid) = mysql_fetch_row($result);
// we need to create a unique session ID
// use a loop to create an ID, and check it against the DB
// if the ID is found in the DB, set $loop to true
// if the ID is not found in the DB, set $loop to false
// if we can't find a unique ID in 10 cycles, stop
$loop = TRUE;
$attemp = 0;
do { //BEGIN while ($loop == TRUE)
// create a random session id
$sid=md5(uniqid(microtime()));
// check to see if it exists
$query = "SELECT * FROM " . _DBNAME . '.' . _DBTABLE_SESSIONS
." WHERE session_id='$sid'";
$result = mysql_query($query);
if (!$result) {
Query_Error(__FILE__, __LINE__, $query);
$feedback[] = array(_REPORT_ERROR, "An error occured while trying to find account info");
// break out of the do..while loop
$break = TRUE;
break 1;
}
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
// we've got a unique ID, stop the madness!
$loop = FALSE;
}
else {
$attemp++;
}
} while ($loop == TRUE && $attemp<10);
if ($attemp == 10) {
$feedback[] = array(_REPORT_ERROR, "An error occured while trying to create session.");
}
elseif (!$break) {
// put our new session in the DB
$query = "INSERT INTO " . _DBNAME . '.' . _DBTABLE_SESSIONS
." SET session_id='$sid'"
.", session_ip='$remote_ip'"
.", last_action=FROM_UNIXTIME(" . time() . ")"
.", user_id='$uid'";
$result = mysql_query($query);
if (!$result) {
Query_Error(__FILE__, __LINE__, $query);
$feedback[] = array(_REPORT_ERROR, "An error occured while trying to create session.");
}
// set the PHP session_name
session_name('wahl_session');
// set the PHP session_id
session_id($sid);
// start the PHP session
session_start();
// forward to index
header("Location: index.php?sid=$sid");
exit;
}
Mark Hensler
If there is no answer on Google, then there is no question.
uatt posted this at 23:25 — 27th March 2002.
They have: 27 posts
Joined: Jan 2002
well, that is perl and no cookie using preferable...
by the way , no user id registration has been designed for the script..
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.