Who uses IP Logging?
IP Logging is used alot now a days, a common place to see it happening is on sites that use shopping cart systems. You will often find that a message will be on the website somewhere stating that your IP address is being logged (For that session) you can also find IP logging on major websites such as Wikipedia. IP logging is present as Wikipedia is a publicly accessible knowledge base that can be edited by anyone, in order to prevent abuse they would track user's IP address to make sure they can block anyone that abuses it.
Why use IP Logging?
I've basically started to cover why someone would want to use IP logging, mainly for prevention of events that could happen, take note of the Wikipedia situation. IP Logging allows you to have some sort of log to look over and review to spot any interesting/query IP address which you may be suspicious of. Essentially giving you the upper hand againest someone thats abusing something.
The PHP Script:
Enough chit chat. Let's show the script thats going to log IP's:
01.02.// Checks the current date and time03.$dateTime = date('Y/m/d G:i:s');04. 05.// Loads the writable text file and await instruction from fwrite command06.$fp = fopen('ip-log.txt', 'r+');07. 08.while (!feof($fp))09.{10.$buffer = fgets($fp);11.// Scan for any previous logs of the IP12.// If scan determines that the user is a logged IP address, overwrite existing log.13.list ($ip, $crap) = split(' ', $buffer);14.if ($_SERVER['REMOTE_ADDR'] == trim($ip))15.$exists = TRUE;16.}17.// If scan determines it's user is a new IP entry, add the IP address to the log file at the end of the document18.if (!$exists)19.fwrite($fp, $_SERVER['REMOTE_ADDR']. " $dateTime\n");20.fclose($fp);21.?>The comment marks should explain many of your questions but I'll break it down:
1.$dateTime = date('Y/m/d G:i:s');First off the script will check the current date and time. It will need to be called first otherwise the log can't process a date and time stamp.
1.$fp = fopen('ip-log.txt', 'r+');This will be your text file that the script will write all logs to. Whatever you name it and wherever it's stored you must update the filename in the script otherwise the script will throw out alot of error's. You will also need to make this text file writable (CHMOD 777) As a recommendation I'd place the text file you are going to use within the public_html folder so it's easily accessible. Notice the fopen command. This is needed to start the log process otherwise the script will not write anything to the text file
01.$buffer = fgets($fp);02.// Scan for any previous logs of the IP03.// If scan determines that the user is a logged IP address, overwrite existing log.04.list ($ip, $crap) = split(' ', $buffer);05.if ($_SERVER['REMOTE_ADDR'] == trim($ip))06.$exists = TRUE;07.}08.// If scan determines it's user is a new IP entry, add the IP address to the log file at the end of the document09.if (!$exists)10.fwrite($fp, $_SERVER['REMOTE_ADDR']. " $dateTime\n");11.fclose($fp);This script will now check the log file for any previous logs of the IP Address that is being logged. The fgets command will be used to fetch the log file and check for any current logs of the same IP Address. If the IP address is new and has not been logged before then the fwrite command will write the new IP address to the log.
1.fclose($fp);The fclose command is important as it will stop the log writing any other details that could end up as bad data. It is vital it is placed as:
1. This script will slightly slow your page loading time down. Not adding in a close function will either effect your page loading times dramatically, or even cause endless loading times (Page will never load)
2. You may end up with random log data if the script does not have a stop function
Security Isssues with this script:
The security level of this script is low as it only records a users IP Address nothing else. If it recorded personal data or passwords it would be much more serious. The fact of the script not using a database may be good for some people, but in actual fact using a database would make this script more secure, but being able to make a script that can write log information to a writable text file does provide some advantages. The point of this script is a quick and simple way to record a users IP Address and as long as you don't advertise the fact that you have a text file thats logs IP address's no one will know.
Even if you want to add a note on your website that IP addresses are logged nearly 99% of people will never know how your logging IP addresses.
So thats how to make a silent and easy way of logging a users IP Address. I've pointed out it has issues but in the end the script does a big stop with little requirements!
Note: I would also like to add that this script should only be used in obtaining user information for a valid purpose. Abusing this script by trying to compramise someone's data is wrong. Respect the data protection act.
