CODEWITHSUNDEEP
php
Joren Willems
Joren Willems

Reputation: 167

PHP get user information

I made a website with a login script. Now there is some guy that makes false logins all the time. For example usernames like 'lfdjgh' and email addresses like [email protected]. I want to find out where this person is located etc.

Is there a way to find some detailed information about that user? Computer-name, Ip address, location, etc?

Thanks

Upvotes: 4

Views: 23338

Answers (8)

Rohit Gupta
Rohit Gupta

Reputation: 4191

Getting $_SERVER['REMOTE_ADDR'] as in the accepted answer is too simplistic.

The currently accepted method is

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}

Copied from Tim Kennedy's answer in Stackoverflow Post

Upvotes: 0

Elyor
Elyor

Reputation: 5532

run this php code to see what you can get

echo '<pre>';
echo print_r($_SERVER);
echo '</pre>';

Upvotes: 0

PeeHaa
PeeHaa

Reputation: 72642

You cannot (really) find out where the user is located (if it is what I suspect it is).

It's probably some hacker (/ script kiddy) / spambot.

You can try to change your input field's names to break the automated process of filling the formfields.

You can use the $_SERVER superglobal to find out the ip of the user.

You could suspend the ip address for some time also you could add a captcha to the form.

Upvotes: 0

Chandresh M
Chandresh M

Reputation: 3828

i think the simplest way to track them is only to store the location and IP-address when some one make registration as well as when he/she login in your application from there location..its also safe and good practice for any admin; this entry will make you good tracked application for fake as well as real users too...

I think this facility provided by Google analytic also..they are provided all the details of the user hit on your applications with time/ipaddress/location etc...

But if the entry are just some kind of fake entry from the script only, then its batter to put captcha in your site..

ALL THE BEST..:)

Thanks.

Upvotes: 0

Patch
Patch

Reputation: 2507

I agree with that the other answers have said, you can use the values passed with $_SERVER to help avoid this.

Along with adding a CAPTCHA to your page, you can also add the IP address to your database, grabbed with $_SERVER['REMOTE_ADDR'] and compare known spam IP's to new registrations, and check if its a known spammer. Its what I do, and I don't have much spam at all (:

Happy hunting!

Upvotes: 2

oezi
oezi

Reputation: 51797

you can use $_SERVER['REMOTE_ADDR'] to get the users IP-Adress (hopefully*) and then use a site like http://ip-lookup.net/ to get the broad location of taht address.

*there could be some kind of router/proxy/whatever in use together with other users (like in a students' hostel, for example) where you would only get the ip-adress of that device, so you can't identify a unique user.

Upvotes: 0

Till Helge
Till Helge

Reputation: 9311

You can use certain values in $_SERVER to find out more about the attacker. In most cases $_SERVER['REMOTE_ADDR'] will contain the user's IP address. Be aware though that there is no guarantee that this value is correct and there still might be some kind of proxy involved. The best way probably would be to use some kind of captcha to prevent bots from using your signup form. Because that's most likely the reason.

Upvotes: 0

cambraca
cambraca

Reputation: 27839

You can get the user's IP using the $_SERVER variables, and store it when they submit the form. Then you could use a service to geographically locate the computer, like this one.

Upvotes: 0

Related Questions