Skip to content

Commit

Permalink
IP Verification.
Browse files Browse the repository at this point in the history
  • Loading branch information
@svenbledt
svenbledt committed Jan 30, 2023
1 parent b967bad commit d999fe9
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 3 deletions.
1 change: 0 additions & 1 deletion _pages/sign-in.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
if ($user) {
if (sha256($_POST['password']) == $user['password_sha256'] && $_POST['email'] == $user['email']) {
login($conn, $_POST['email'], $_POST['password']);
updateLastLogin($conn, $_POST['email']);
$_SESSION['LOGGEDIN'] = true;
$_SESSION['EMAIL'] = $user['email'];
$_SESSION['USERNAME'] = $user['username'];
Expand Down
34 changes: 32 additions & 2 deletions inc/functions.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
<?php
// get User Data
if (isset($_SESSION['EMAIL'])) {
$user = getUser($conn, $_SESSION['EMAIL']);
}
// Session Controller
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800) && !isset($_SESSION['REMEMBER'])) {
// last request was more than 30 minutes ago
Expand Down Expand Up @@ -64,6 +68,14 @@ function login($conn, $email, $password)
} catch (PDOException $e) {
echo $e->getMessage();
}
try {
$sql = "UPDATE users SET last_login, ip = :last_login, :ip WHERE email = :email";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':last_login', getTimestamp(), PDO::PARAM_STR);
$stmt->bindParam(':ip', getrealip(), PDO::PARAM_STR);
} catch (PDOException $e) {
echo $e->getMessage();
}
}

// logout
Expand Down Expand Up @@ -124,6 +136,24 @@ function userValidate($username)
}
}

if (isset($_SESSION['EMAIL'])) {
$user = getUser($conn, $_SESSION['EMAIL']);
function getrealip()
{
if (isset($_SERVER)) {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif (isset($_SERVER["HTTP_CLIENT_IP"])) {
$realip = $_SERVER["HTTP_CLIENT_IP"];
} else {
$realip = $_SERVER["REMOTE_ADDR"];
}
} else {
if (getenv("HTTP_X_FORWARDED_FOR")) {
$realip = getenv("HTTP_X_FORWARDED_FOR");
} elseif (getenv("HTTP_CLIENT_IP")) {
$realip = getenv("HTTP_CLIENT_IP");
} else {
$realip = getenv("REMOTE_ADDR");
}
}
return $realip;
}

0 comments on commit d999fe9

Please sign in to comment.