RevCMS Registration problem

Woiah

Member
Mar 5, 2012
234
8
Hi Devbest, I got a problem with my retro!
When users register they all got the same reg_ip? The hotel is hosted on a homeserver!

What can i do to fix that ?
 

Woiah

Member
Mar 5, 2012
234
8
PHP:
<!DOCTYPE html>
<html>
<head>
    
    <meta charset="utf-8" />
    
    <link rel="shortcut icon" href="/cache/images/favicon.ico" type="image/x-icon" />
    <link rel="stylesheet" href="/app/tpl/skins/Cave/css/style.css" />

    </head>
<body>


<body>
    <div class="container">
        <nav class="navbar navbar-default" role="navigation">
            <div class="container-fluid">
                <div class="navbar-header">
                    <div class="navbar-brand"><img src="/app/tpl/skins/Cave/img/xmas_icon1.gif"></div>
                </div>

                <div class="collapse navbar-collapse" >
                    <p class="navbar-text navbar-left"><b>
                    Er zijn <span class="online_count"> {online}</span> {hotelname}'s online!</b></p>

                    
                </div>
            </div>
        </nav>

        <div class="jumbotron bg91">
            <div class="text">
                <br />
                <br />
                <br />
                <div class="animated animated fadeInLeft"><a  href=""><img src="/app/tpl/skins/Cave/img/XETRO.gif"></a></div>
                <p class="animated animated fadeInLeft">Maak vrienden, Doe mee en val op!</p>
                <p><a class="btn btn-success animated fadeInLeft" href="/register">Meld je GRATIS aan!</a></p>
            </div>
        </div>

        <div class="row">
            <div class="col-xs-12">
            <?php
            if($template->form->error)
            {
                echo  '<div class="alert alert-danger" role="alert">'.$template->form->error.'</div>';   
            }
            ?>
            </div>
            <form action="register" method="post">
            <div class="col-xs-4">
                <div class="panel panel-default">
                    <div class="panel-heading"><h4>Username & Email</h4></div>
                    
                    <div class="panel-body">
                        <div class="list-index">
                            <font color="black">
                                    <div class="form-group">
                                    <label for="habbo-name"><center>Gebruikersnaam</center></label><br />
                                    <input type="text" id="habbo-name"class="form-control" size="35" value="" name="reg_username" class="text-field" maxlength="32"> <br />
                                    <label for="email"><center>Email Adres</center></label> <br />
                                    <input type="text" id="email" class="form-control"size="35" name="reg_email" value="" class="text-field" maxlength="48">  <br />
                                    </div>
                            </font>
                        </div>
                    </div>
                </div>
            </div>

            <div class="col-xs-4">
            
                <div class="panel panel-default">
                    <div class="panel-heading"><h4>Wachtwoorden</h4></div>
                        <div class="form-group">
                    <div class="panel-body">
                        <div class="list-index">
                                <font color="black">
                                <div class="form-group">
                                <label for="password"><center>Wachtwoord</center></label> <br />
                                <input type="password" id="password" class="form-control"size="35" name="reg_password" value="" class="password-field" maxlength="32"> <br />
                                <label for="password2"><center>Herhaal wachtwoord</center></label> <br />
                                <input type="password" id="password2" class="form-control"size="35" name="reg_rep_password" value="" class="password-field" maxlength="32">
                                </font>
                                </div>
                        </div>
                    </div>
                </div>
            </div>
                </div>
            <div class="col-xs-4">
                <div class="panel panel-default">
                    <div class="panel-heading"><h4>Submit</h4></div>

                    <div class="panel-body">
                        <div class="list-index">
                             <font color="black">
                                <button  name="register"type="submit" class="btn btn-primary">Registreer jouw account</button>
                            </font>
                        
                        </div>
                    </div>
                </div>
            </div>
        </div>
</form>
        <div class="content">
    
        <div>
            <div class="c_box">
                <div class="inner" style="text-align: center;">
                    <b>&copy;</b> {hotelname} - Alle rechten voorbehouden.<br/>
                    <a href="/staff">Medewerkers</a> |                   
                    <a href="/av">Algemene Voorwaarden</a>
                    </div>
        </div>
    
</body>
</html>    <br>
</body>
 

Woiah

Member
Mar 5, 2012
234
8
Code:
<?php

namespace Revolution;
if(!defined('IN_INDEX')) { die('Sorry, you cannot access this file.'); }
class users implements iUsers
{
    
    /*-------------------------------Authenticate-------------------------------------*/
    
    final public function isLogged()
    {
        if(isset($_SESSION['user']['id']))
        {
            return true;
        }
        
        return false;
    }
    
    /*-------------------------------Checking of submitted data-------------------------------------*/
    
    final public function validName($username)     
    {
        if(strlen($username) <= 25 && ctype_alnum($username))         
         {             
             return true;         
         }                 
        
         return false;     
    }         
        
    final public function validEmail($email)     
    {         
        return preg_match("/^[a-z0-9_\.-]+@([a-z0-9]+([\-]+[a-z0-9]+)*\.)+[a-z]{2,7}$/i", $email);     
    }         
    
    final public function validSecKey($seckey)
    {
        if(is_numeric($seckey) && strlen($seckey) == 4)
        {
            return true;
        }
        
        return false;
    }
    
    final public function nameTaken($username)     
    {         
         global $engine;         
        
        if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' LIMIT 1") > 0)
        {
            return true;
        }     
        
        return false;
    }
    
    final public function emailTaken($email)
    {
        global $engine;
        
        if($engine->num_rows("SELECT * FROM users WHERE mail = '" . $email . "' LIMIT 1") > 0)
        {
            return true;
        }
        
        return false;
    }
        
    final public function userValidation($username, $password)
    {         
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") > 0)
        {
            return true;
        }     
        
        return false;
    }         
    
    /*-------------------------------Stuff related to bans-------------------------------------*/
    
    final public function isBanned($value)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM bans WHERE value = '" . $value . "' LIMIT 1") > 0)
        {
            return true;
        }
            
        return false;
    }
    
    final public function getReason($value)
    {
        global $engine;
        return $engine->result("SELECT reason FROM bans WHERE value = '" . $value . "' LIMIT 1");
    }
    
    final public function hasClones($ip)
    {
        global $engine;
        if($engine->num_rows("SELECT * FROM users WHERE ip_reg = '" . $_SERVER['REMOTE_ADDR'] . "'") == 9)
        {
            return true;
        }
        
        return false;
    }
    
    /*-------------------------------Login or Register user-------------------------------------*/
    
    final public function register()
    {
        global $core, $template, $_CONFIG;
        
        if(isset($_POST['register']))
        {
            unset($template->form->error);
            
            $template->form->setData();
                
            if($this->validName($template->form->reg_username))
            {
                if(!$this->nameTaken($template->form->reg_username))
                {
                    if($this->validEmail($template->form->reg_email))
                    {
                        if(!$this->emailTaken($template->form->reg_email))
                        {
                            if(strlen($template->form->reg_password) > 6)
                            {
                                if($template->form->reg_password == $template->form->reg_rep_password)
                                {
                                    if(isset($template->form->reg_seckey))
                                    {
                                        if($this->validSecKey($template->form->reg_seckey))
                                        {
                                            //Continue
                                        }
                                        else
                                        {
                                            $template->form->error = 'Secret key must only have 4 numbers';
                                            return;
                                        }
                                    }
                                    if($this->isBanned($_SERVER['REMOTE_ADDR']) == false)
                                    {
                                        if(!$this->hasClones($_SERVER['REMOTE_ADDR']))
                                        {
                                            if(!isset($template->form->reg_gender)) { $template->form->reg_gender = 'M'; }
                                            if(!isset($template->form->reg_figure)) { $template->form->reg_figure = $_CONFIG['hotel']['figure']; }
                                        
                                            $this->addUser($template->form->reg_username, $core->hashed($template->form->reg_password), $template->form->reg_email, $_CONFIG['hotel']['motto'], $_CONFIG['hotel']['credits'], $_CONFIG['hotel']['pixels'], 1, $template->form->reg_figure, $template->form->reg_gender, $core->hashed($template->form->reg_key));
                            
                                            $this->turnOn($template->form->reg_username);
                                    
                                            header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
                                            exit;
                                        }
                                        else
                                        {
                                            $template->form->error = 'Sorry, but you cannot register twice';
                                        }
                                    }
                                    else
                                    {
                                        $template->form->error = 'Sorry, it appears you are IP banned.<br />';
                                        $template->form->error .= 'Reason: ' . $this->getReason($_SERVER['REMOTE_ADDR']);
                                        return;
                                    }
                                }
                                else   
                                {
                                    $template->form->error = 'Password does not match repeated password';
                                    return;
                                }

                            }
                            else
                            {
                                $template->form->error = 'Password must have more than 6 characters';
                                return;
                            }
                        }
                        else
                        {
                            $template->form->error = 'Email: <b>' . $template->form->reg_email . '</b> is already registered';
                            return;
                        }
                    }
                    else
                    {
                        $template->form->error = 'Email is not valid';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Username is already registered';
                    return;
                }
            }
            else
            {
                $template->form->error = 'Username is invalid';
                return;
            }
        }
    }   
    
    final public function login()
    {
        global $template, $_CONFIG, $core;
        
        if(isset($_POST['login']))
        {
            $template->form->setData();
            unset($template->form->error);
            
            if($this->nameTaken($template->form->log_username))
            {
                if($this->isBanned($template->form->log_username) == false || $this->isBanned($_SERVER['REMOTE_ADDR']) == false)
                {
                    if($this->userValidation($template->form->log_username, $core->hashed($template->form->log_password)))
                    {
                        $this->turnOn($template->form->log_username);
                        $this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
                        $template->form->unsetData();
                        header('Location: ' . $_CONFIG['hotel']['url'] . '/me');
                        exit;
                    }
                    else
                    {
                        $template->form->error = 'Details do not match';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Sorry, it appears this user is banned<br />';
                    $template->form->error .= 'Reason: ' . $this->getReason($template->form->log_username);
                    return;
                }
            }
            else
            {
                $template->form->error = 'Username does not exist';
                return;
            }
        }
    }
    
    final public function loginHK()
    {
        global $template, $_CONFIG, $core;
        
        if(isset($_POST['login']))
        {   
            $template->form->setData();
            unset($template->form->error);
            
            if(isset($template->form->username) && isset($template->form->password))
            {
                if($this->nameTaken($template->form->username))
                {     
                    if($this->userValidation($template->form->username, $core->hashed($template->form->password)))
                    {
                        if(($this->getInfo($_SESSION['user']['id'], 'rank')) >= 4)
                        {
                            $_SESSION["in_hk"] = true;
                            header("Location:".$_CONFIG['hotel']['url']."/ase/dash");
                            exit;
                        }
                        else
                        {
                            $template->form->error = 'Incorrect access level.';
                            return;
                        }
                    }
                    else
                    {
                        $template->form->error = 'Incorrect password.';
                        return;
                    }       
                }
                else
                {
                    $template->form->error = 'User does not exist.';
                    return;
                }
            }
    
            $template->form->unsetData();
        }
    }   
    
    final public function help()
    {
        global $template, $_CONFIG;
        $template->form->setData();
        
        if(isset($template->form->help))
        {
            $to = $_CONFIG['hotel']['email'];
             $subject = "Help from RevCMS user - " . $this->getInfo($_SESSION['user']['id'], 'username');
             $body = $template->form->question;
                
             if (mail($to, $subject, $body))
             {
                 $template->form->error = 'Message successfully sent! We will answer you shortly!';
             }
             else
             {
                   $template->form->error = 'Message delivery failed.';
             }
        }
    }

    /*-------------------------------Account settings-------------------------------------*/
    
    final public function updateAccount()
    {
        global $template, $_CONFIG, $core, $engine;
        
        if(isset($_POST['account']))
        {
        
            if(isset($_POST['acc_motto']) && strlen($_POST['acc_motto']) < 30 && $_POST['acc_motto'] != $this->getInfo($_SESSION['user']['id'], 'motto'))
            {
                $this->updateUser($_SESSION['user']['id'], 'motto', $engine->secure($_POST['acc_motto']));
                header('Location: '.$_CONFIG['hotel']['url'].'/account');
                exit;
            }
            else
            {
                $template->form->error = 'Motto is invalid.';
            }
            
            if(isset($_POST['acc_email']) && $_POST['acc_email'] != $this->getInfo($_SESSION['user']['id'], 'mail'))
            {
                if($this->validEmail($_POST['acc_email']))
                {
                    $this->updateUser($_SESSION['user']['id'], 'mail', $engine->secure($_POST['acc_email']));
                    header('Location: '.$_CONFIG['hotel']['url'].'/account');
                    exit;
                }
                else
                {
                    $template->form->error = 'Email is not valid';
                    return;
                }
            }
            
            if(!empty($_POST['acc_old_password']) && !empty($_POST['acc_new_password']))
            {
                if($this->userValidation($this->getInfo($_SESSION['user']['id'], 'username'), $core->hashed($_POST['acc_old_password'])))
                {
                    if(strlen($_POST['acc_new_password']) >= 8)
                    {
                        $this->updateUser($_SESSION['user']['id'], 'password', $core->hashed($_POST['acc_new_password']));
                        header('Location: '.$_CONFIG['hotel']['url'].'/me');
                        exit;
                    }
                    else
                    {
                        $template->form->error = 'New password is too short';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Current password is wrong';
                    return;
                }
            }
        }       
    }
        
        
    final public function turnOn($k)
    {   
        $j = $this->getID($k);
        $this->createSSO($j);
        $_SESSION['user']['id'] = $j;   
        $this->cacheUser($j);   
        unset($j);
    }
    
    /*-------------------------------Loggin forgotten-------------------------------------*/     
    
    final public function forgotten()
    {
        global $template, $_CONFIG, $core;
        
        if(isset($_POST['forgot']))
        {
        
            $template->form->setData();
            unset($template->form->error);
            
            if($this->nameTaken($template->form->for_username))
            {
                if(strlen($template->form->for_password) > 6)
                {
                    if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
                    {
                        $this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
                        $template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
                        return;
                    }
                    else
                    {
                        $template->form->error = 'Secret key is incorrect';
                        return;
                    }
                }
                else
                {
                    $template->form->error = 'Password must have more than 6 characters.';
                    return;
                }
            }
            else
            {
                $template->form->error = 'Username does not exist';
                return;
            }
        }
    }
    
    /*-------------------------------Create SSO auth_ticket-------------------------------------*/
    
    final public function createSSO($k)     
    {         
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        
        $this->updateUser($k, 'auth_ticket', $sessionKey);
        
        unset($sessionKey);
    }     
        
    /*-------------------------------Adding/Updating/Deleting users-------------------------------------*/
    
    final public function addUser($username, $password, $email, $motto, $credits, $pixels, $rank, $figure, $gender, $seckey)     
    {         
        global $engine;                                   
        $sessionKey = 'RevCMS-'.rand(9,999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
        $engine->query("INSERT INTO users (username, password, mail, motto, credits, activity_points, rank, look, gender, seckey, ip_last, ip_reg, account_created, last_online, auth_ticket) VALUES('" . $username . "', '" . $password . "', '" . $email . "', '" . $motto . "', '" . $credits . "', '" . $pixels . "', '" . $rank . "', '" . $figure . "', '" . $gender . "', '" . $seckey . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '" . time() . "', '" . time() . "', '" . $sessionKey . "')");     
        unset($sessionKey);   
                      
    }                 
        
    final public function deleteUser($k)     
    {         
        global $engine;                 
         $engine->query("DELETE FROM users WHERE id = '" . $k . "' LIMIT 1");         
         $engine->query("DELETE FROM items WHERE userid = '" . $k . "' LIMIT 1");         
        $engine->query("DELETE FROM rooms WHERE ownerid = '" . $k . "' LIMIT 1");     
    }     
          
    final public function updateUser($k, $key, $value)     
    {         
         global $engine;                 
         $engine->query("UPDATE users SET " . $key . " = '" . $engine->secure($value) . "' WHERE id = '" . $k . "' LIMIT 1");
         $_SESSION['user'][$key] = $engine->secure($value);       
    }
    
    /*-------------------------------Handling user information-------------------------------------*/     
    
    final public function cacheUser($k)
    {
        global $engine;             
        $userInfo = $engine->fetch_assoc("SELECT username, rank, motto, mail, credits, activity_points, look, auth_ticket, ip_last FROM users WHERE id = '" . $k . "' LIMIT 1");
        
        foreach($userInfo as $key => $value)
        {
            $this->setInfo($key, $value);
        }
    }   
    
    final public function setInfo($key, $value)
    {
        global $engine;
        $_SESSION['user'][$key] = $engine->secure($value);
    }

    final public function getInfo($k, $key)
    {
        global $engine;
        if(!isset($_SESSION['user'][$key]))
        {
            $value = $engine->result("SELECT $key FROM users WHERE id = '" . $engine->secure($k) . "' LIMIT 1");
            if($value != null)
            {           
                $this->setInfo($key, $value);
            }
        }
            
        return $_SESSION['user'][$key];
    }
    
    
    
    /*-------------------------------Get user ID or Username-------------------------------------*/
    
    final public function getID($k)     
    {         
        global $engine;         
        return $engine->result("SELECT id FROM users WHERE username = '" . $engine->secure($k) . "' LIMIT 1");     
    }         
    
    final public function getUsername($k)
    {
        global $engine;
        return $this->getInfo($_SESSION['user']['id'], 'username');
    }
    
}
?>
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
$this->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);

You're setting their ip last to the server remote address.
 

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
Are you using Cloudflare? If so, add this to your global.php file at the top.

PHP:
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) { $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"]; }
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
so it should be

$this->updateUser($_SESSION['user']['id'], 'ip_last',$_SERVER['HTTP_X_FORWARDED_FOR']
);

??
 

I've checked some other class.users.php and they all got the same code as i do ? :)
Yeah revcms default is that, try changing them to HTTP_x_FORWARDED_FOR and see what happens. If that doesn't work we will do a test and find out what is going to work for you.

This test can be done by using multiple different $_SERVER attritbutes and finding the one that will outprint the IP address of the person visiting.
 

Woiah

Member
Mar 5, 2012
234
8
Yeah revcms default is that, try changing them to HTTP_x_FORWARDED_FOR and see what happens. If that doesn't work we will do a test and find out what is going to work for you.

This test can be done by using multiple different $_SERVER attritbutes and finding the one that will outprint the IP address of the person visiting.
I changed the line you told me to and it didnt work! :)
 

Users who are viewing this thread

Top