Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

IP record including Hostname


martinmacca

Recommended Posts

Hi, i know you can record the IP address of your customers when they are placing an order - ive seen on a site that the hostname is also shown with the IP on the order confirmation page- whats contri has the hostname or what code would you use ?

Link to comment
Share on other sites

Ive got your contri Order IP Recorder v1.0 installed & cant get the hostname to work. For testing purposes ive changed all instances of $HTTP_SERVER_VARS["REMOTE_ADDR"] to $HTTP_SERVER_VARS["REMOTE_HOST"] just to see if it works - but no luck.

I tried changing:

 

catalog/checkout_confirmation.php to:

 

<td class="main"><?php echo HEADING_IPRECORDED_1; ?> <? $ip = $HTTP_SERVER_VARS["REMOTE_HOST"]; echo $ip; ?><?php echo HEADING_IPRECORDED_2; ?></td>

 

catalog/checkout_process.php to:

 

  include('includes/application_top.php');

$HTTP_SERVER_VARS["REMOTE_HOST"];

 

But nothing comes up - just a blank gap where the IP originally was :(

 

I cant see anywhere else that would need to be changed

 

Any ideas ?

Link to comment
Share on other sites

Try this:

 

 -------------
| RUN THE SQL |
-------------

ALTER TABLE `orders` ADD `ipaddy` VARCHAR(15) NOT NULL;
ALTER TABLE `orders` ADD `hostaddy` VARCHAR(255) NOT NULL;

================================================================================
==============================

----------------------
| MODIFY THE PHP FILES |
----------------------

We will be modifying the following files:

- catalog/admin/orders.php
- catalog/admin/includes/classes/orders.php
- catalog/admin/includes/languages/english/orders.php
- catalog/checkout_confirmation.php
- catalog/checkout_process.php
- catalog/includes/languages/english/checkout_confirmation.php
- ***any other language files you use***

--------------------------------------------------------------------------------------------------------------

(1) catalog/admin/orders.php

* FIND:

             <tr>
               <td class="main"><b><?php echo ENTRY_EMAIL_ADDRESS; ?></b></td>
               <td class="main"><?php echo '<a href="mailto:' . $order->customer['email_address'] . '"><u>' . $order->customer['email_address'] . '</u></a>'; ?></td>
             </tr>


* ADD BELOW:

              <tr>
               <td class="main"> </td>
              </tr>
              <tr>
               <td class="main"><b><?php echo ENTRY_IPADDRESS; ?></b></td>
               <td class="main"><?php echo $order->customer['ipaddy']; ?></td>
              </tr>
              <tr>
               <td class="main"><b><?php echo ENTRY_HOSTADDRESS; ?></b></td>
               <td class="main"><?php echo $order->customer['hostaddy']; ?></td>
              </tr>


* FIND:

       $order_updated = false;
               $check_status_query = tep_db_query("select customers_name, customers_email_address, orders_status, date_purchased,


* ADD TO THE QUERY:

ipaddy, hostaddy

(so it will look like the piece below)

       $order_updated = false;
               $check_status_query = tep_db_query("select customers_name, customers_email_address, orders_status, date_purchased, ipaddy, hostaddy


--------------------------------------------------------------------------------------------------------------

(2) catalog/admin/includes/classes/orders.php


* FIND:

     $order_query = tep_db_query("select customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, currency, currency_value, date_purchased, orders_status,


* ADD 'ipaddy, hostaddy' to the query (no quotes) so it will look like ...

     $order_query = tep_db_query("select customers_name, customers_company, customers_street_address, customers_suburb, customers_city, customers_postcode, customers_state, customers_country, customers_telephone, customers_email_address, customers_address_format_id, delivery_name, delivery_company, delivery_street_address, delivery_suburb, delivery_city, delivery_postcode, delivery_state, delivery_country, delivery_address_format_id, billing_name, billing_company, billing_street_address, billing_suburb, billing_city, billing_postcode, billing_state, billing_country, billing_address_format_id, payment_method, cc_type, cc_owner, cc_number, cc_expires, currency, currency_value, date_purchased, orders_status, ipaddy, hostaddy 



* FIND:

                             'email_address' => $order['customers_email_address']);


* CHANGE TO:

                             'email_address' => $order['customers_email_address'],
                             'ipaddy' => $order['ipaddy']'
                             'hostaddy' => $order['hostaddy']');

--------------------------------------------------------------------------------------------------------------


(3) catalog/admin/includes/languages/english/orders.php

* FIND:

define('ENTRY_CREDIT_CARD_EXPIRES', 'Credit Card Expires:');


* ADD BELOW:

define('ENTRY_IPADDRESS', 'IP Address:');
define('ENTRY_HOSTADDRESS', 'Host Address:');


--------------------------------------------------------------------------------------------------------------


(4) catalog/checkout_confirmation.php

* FIND:

             <tr>
               <td class="main" colspan="4"><?php echo $confirmation['title']; ?></td>
             </tr>
               


* ADD BELOW:

             <tr>
               <td class="main"><?php echo HEADING_IPRECORDED_1; ?> <? $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; echo $ip; ?><?php echo HEADING_IPRECORDED_2; ?> - <?php echo HEADING_HOSTRECORDED; ?><? $host = $HTTP_SERVER_VARS["REMOTE_HOST"]; echo $ip; ?></td>
             </tr>


--------------------------------------------------------------------------------------------------------------


(5) catalog/checkout_process.php

* FIND:

 include('includes/application_top.php');


* CHANGE TO:

 include('includes/application_top.php');

 $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
 $host = $HTTP_SERVER_VARS["REMOTE_HOST"];


* FIND:

                         'currency_value' => $order->info['currency_value']);

* CHANGE TO:

                         'currency_value' => $order->info['currency_value'],
                         'ipaddy' => $ip,
                         'hostaddy' => $host);

--------------------------------------------------------------------------------------------------------------


(6) catalog/includes/languages/english/checkout_confirmation.php

* FIND:

define('HEADING_ORDER_COMMENTS', 'Comments About Your Order');


* ADD BELOW:

define('HEADING_IPRECORDED_1','Your IP (');
define('HEADING_IPRECORDED_2',' ) has been recorded for security purposes.');
define('HEADING_HOSTRECORDED','Host Address: ');

Link to comment
Share on other sites

  • 2 weeks later...
$HTTP_SERVER_VARS["REMOTE_HOST"];

does not seem to do the trick. However, in the user_tracking mod,

gethostbyaddr
seems to work just fine. How would one write that for this situation?

 

I assume that it would be entered in checkout_process.php and checkout_confirmation.php

 

Is it as simple as changing (in checkout_process.php)

$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = $HTTP_SERVER_VARS["REMOTE_HOST"];

to

$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = gethostbyaddr['$ip'];

and changing(in checkout_confirmation.php)

<tr>
              <td class="main"><?php echo HEADING_IPRECORDED_1; ?> <? $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; echo $ip; ?><?php echo HEADING_IPRECORDED_2; ?> - <?php echo HEADING_HOSTRECORDED; ?><? $host = $HTTP_SERVER_VARS["REMOTE_HOST"]; echo $ip; ?></td>
            </tr>

to

<tr>
              <td class="main"><?php echo HEADING_IPRECORDED_1; ?> <? $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; echo $ip; ?><?php echo HEADING_IPRECORDED_2; ?> - <?php echo HEADING_HOSTRECORDED; ?><?echo $host; ?></td>
            </tr>

... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Link to comment
Share on other sites

gethostbyaddr($ip);

 

or

 

gethostbyaddr($HTTP_SERVER_VARS["REMOTE_ADDR"]);

 

 

First way is easier. :) I wouldn't make this variable required though as getting the host will sometimes produce an error.

Link to comment
Share on other sites

Thanks, Acheron - Once again you have come to my rescue!

 

In step 4, change

<td class="main"><?php echo HEADING_IPRECORDED_1; ?> <? $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; echo $ip; ?><?php echo HEADING_IPRECORDED_2; ?> - <?php echo HEADING_HOSTRECORDED; ?><? $host = $HTTP_SERVER_VARS["REMOTE_HOST"]; echo $ip; ?></td>

to

<td class="main" colspan="4"><?php echo HEADING_IPRECORDED_1; ?> <?php $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; echo $ip; ?><?php echo HEADING_IPRECORDED_2; ?><br><?php echo HEADING_HOSTRECORDED; ?><?php $host = gethostbyaddr($ip); echo $host; ?></td>

and, in step 5, change

$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = $HTTP_SERVER_VARS["REMOTE_HOST"];

to

$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = gethostbyaddr($ip);

It seems to work just fine now!

... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Link to comment
Share on other sites

Thanks guys, ive finally managed to get it to work thanks to your help. I came across a parse error in step 2

 

In catalog/admin/includes/classes/orders.php

 

                            'email_address' => $order['customers_email_address'],

                            'ipaddy' => $order['ipaddy']'

                            'hostaddy' => $order['hostaddy']');

 

I changed mine to

                            'email_address' => $order['customers_email_address'],

                            'ipaddy' => $order['ipaddy'],

                            'hostaddy' => $order['hostaddy']);

 

And for presentation purposes as well as making the user know your getting their IP & hostname before they press the confirm button i changed

 

catalog/checkout_confirmation.php to:

 

Find

<?php

  if (isset($$payment->form_action_url)) {

    $form_action_url = $$payment->form_action_url;

 

Add Above:

<td align="middle"><font size="-1" font color="#FF0000" face="Arial, Helvetica, sans-serif"> Your IP <?php $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; echo $ip; ?> and Hostname <?php $host = gethostbyaddr($ip); echo $host; ?><?php echo HEADING_IPRECORDED_2; ?></td><br>

      <tr>

        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">

          <tr>

            <td align="right" class="main">

 

Thanks Acheron & mugitty ;)

Link to comment
Share on other sites

  • 3 weeks later...

Anyone happens to have a screen shot that shows where the notification was supposed to appear?

...the notification on the checkout confirmation page that was supposed to inform customer their IP has been recorded for security puroposes?

 

Thanks much!

Link to comment
Share on other sites

It appears at the top of the checkout confirmation but I had noticed that it didn't show under certain circumstances. Presumably b/c of it's location within in the code. You can easily move it wherever you want.

Link to comment
Share on other sites

You all might want to re-think your views on this:

 

1/ anyone committing fraud would likely be using a proxy server

2/ showing an ip address could be illegal under UK Law (privacy).

3/ I would never buy from a shop that said "yadda yadda has been recorded for security purposes".

 

I don't care that you do record it, but you should not show it.

Link to comment
Share on other sites

You all might want to re-think your views on this:

 

1/? anyone committing fraud would likely be using a proxy server

2/? showing an ip address could be illegal under UK Law (privacy).

3/? I would never buy from a shop that said "yadda yadda has been recorded for security purposes".?

 

I don't care that you do record it, but you should not show it.

I think that if someones going to make a fraudulent order it "might" put them off placing the order if they realise it could be tracable by another means other than by the address they give. Most of the fraudsters i've come across when i used to work in a shop are usually high on drugs or havnt got 2 brain cells so wouldnt have a clue what a proxy server is.

I dont see how showing an IP could be illegal as it doesnt break the data protection act and is only viewable by the user at the time-i could be wrong :blink: And if i was going to place an order through a site that showed and recorded my IP it wouldnt make a bit of difference to me whatsoever, i might even think that the site is very security conscious ?

The only reason i show it is to try to deter fraudsters so hopefully they'l go to another site where less info is recorded so might be easier to get away with it.

Just my 2 cents worth :P

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...