Firefox PHP

Search for posts from same IP

Posted by sclark 
Search for posts from same IP
February 23, 2006 02:03AM
(Using version 5.0.21)

Simple hack to allow users to search for posts made from the same IP. This i useful for public forums where users are not required to register and detracts users from pretending to be someone they are not and causing conflict.

The first step is to correct the IP logging to save the correct IP when a users posts a message and not the IP of a proxy. Quite often ISPs will have a transparent proxy which users will not even be aware they are going through.

Firstly edit post.php at line 85-92
        if (empty($error)) {
            if (getenv("HTTP_CLIENT_IP")) $ip = getenv('HTTP_CLIENT_IP');
            else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv('HTTP_X_FORWARDED_FOR');
            else if(getenv("REMOTE_ADDR")) $ip = getenv('REMOTE_ADDR');
            else $ip = '255.255.255.255';
            // do this here so we can call check field against it.
            if ($PHORUM["dns_lookup"]) {
                $REMOTE_ADDR = @gethostbyaddr($ip);
            } else {
                $REMOTE_ADDR = $ip;
            }

Change the phorum_search_check_valid_vars() function at the top to
function phorum_search_check_valid_vars() {
    $PHORUM=$GLOBALS['PHORUM'];
    $retval=true;
    // these are valid values for some args
    $valid_match_types=array("ALL","ANY","PHRASE");
    $valid_match_forum=array("THISONE","ALL");

    if(!in_array($PHORUM["args"]["match_type"],$valid_match_types)) {
        $retval=false;
    } elseif(!in_array($PHORUM["args"]["match_forum"],$valid_match_forum)) {
        $retval=false;
    } elseif(!is_numeric($PHORUM["args"]["match_dates"])) {
        $retval=false;
    } elseif(!is_numeric($PHORUM["args"]["author"]) || !is_numeric($PHORUM["args"]["subject"]) || !is_numeric($PHORUM["args"]["body"])) {
        // these were the just numeric args
        $retval=false;
    } elseif(!is_numeric($PHORUM["args"]["ip"])) {
        $retval=false;
    }
    return $retval;
}

After the line
if(!isset($PHORUM["args"]["subject"]) || $PHORUM['args']['subject'] == "") $PHORUM["args"]["subject"] = (isset($phorum_search)) ? 0: 1;
~line 72
add the line
if(!isset($PHORUM["args"]["ip"])) $PHORUM["args"]["ip"]=0;

Just after the lines
if(!phorum_search_check_valid_vars()) {
    $redir_url=phorum_get_url(PHORUM_LIST_URL);
    phorum_redirect_by_url($redir_url);
    exit();
}
add
$ip_search = '';
if(!empty($PHORUM["args"]["ip"])) {
    $getip = phorum_db_get_message($PHORUM["args"]["ip"]);
    $ip_search = $getip['ip'];
}

change the line
if(!empty($phorum_search)){
to
if(!empty($phorum_search) || !empty($ip_search)){

change the line
    $arr = phorum_db_search($phorum_search, $offset, $PHORUM["list_length"], $PHORUM["args"]["match_type"], $PHORUM["args"]["match_dates"], $PHORUM["args"]["match_forum"], $PHORUM["args"]["body"], $PHORUM["args"]["author"], $PHORUM["args"]["subject"]);
to
    $arr = phorum_db_search($phorum_search, $offset, $PHORUM["list_length"], $PHORUM["args"]["match_type"], $PHORUM["args"]["match_dates"], $PHORUM["args"]["match_forum"], $PHORUM["args"]["body"], $PHORUM["args"]["author"], $PHORUM["args"]["subject"], $ip_search);

change the line
                "url" => phorum_get_url(PHORUM_SEARCH_URL, "search=" . urlencode($phorum_search), "page=$pageno", "match_type={$PHORUM['args']['match_type']}", "match_dates={$PHORUM['args']['match_dates']}", "match_forum={$PHORUM['args']['match_forum']}", "body={$PHORUM['args']['body']}", "author={$PHORUM['args']['author']}", "subject={$PHORUM['args']['subject']}")
to
                "url" => phorum_get_url(PHORUM_SEARCH_URL, "search=" . urlencode($phorum_search), "page=$pageno", "match_type={$PHORUM['args']['match_type']}", "match_dates={$PHORUM['args']['match_dates']}", "match_forum={$PHORUM['args']['match_forum']}", "body={$PHORUM['args']['body']}", "author={$PHORUM['args']['author']}", "subject={$PHORUM['args']['subject']}", "ip={$PHORUM['args']['ip']}")
and do a similar change to the other phorum_get_url() function calls below

change /includes/db/mysql.php

~line 805 change the phorum_db_search() function to
function phorum_db_search($search, $offset, $length, $match_type, $match_date, $match_forum, $body, $author, $subject, $ip = '')
{
    $PHORUM = $GLOBALS["PHORUM"];

    $start = $offset * $PHORUM["list_length"];

    $arr = array("count" => 0, "rows" => array());

    $conn = phorum_db_mysql_connect();

    $sql = "select count(*) as count from {$PHORUM['message_table']}";

    $res = mysql_query($sql, $conn);
    if ($err = mysql_error()) phorum_db_mysql_error("$err: $sql");

    $total_messages = mysql_result($res, 0, "count");

    $search = mysql_escape_string($search);
    $ip = mysql_escape_string($ip);


    if($match_type=="PHRASE"){
        $terms = array($search);
    } else {
        $terms = preg_split("/\s+/", $search);
    }

    foreach($terms as $term){
        $fields=array();
        if($body) $fields[]="body like '%$term%'";
        if($author) $fields[]="author like '%$term%'";
        if($subject) $fields[]="subject like '%$term%'";
        if($fields){
            $clause[] = "( ".implode(" or ", $fields)." )";
        } else {
            return $arr;
        }
    }

    $conj = ($match_type=="ALL") ? "and" : "or";

    $sql = "select message_id from {$PHORUM['message_table']} where status > 0 and " . ((!empty($ip))?"ip like '$ip'":implode(" $conj ", $clause));

    if($match_date>0){
        $ts=time()-86400*$match_date;
        $sql.=" and datestamp>=$ts";
    }

    // have to check what forums they can read first.
    $allowed_forums=phorum_user_access_list(PHORUM_USER_ALLOW_READ);
    // if they are not allowed to search any forums, return the emtpy $arr;
    if(empty($allowed_forums) || ($PHORUM['forum_id']>0 && !in_array($PHORUM['forum_id'], $allowed_forums)) ) return $arr;

    // Add forum 0 (for announcements) to the allowed forums. 
    $allowed_forums[] = 0;

    if($PHORUM['forum_id']!=0 && $match_forum!="ALL"){
        $sql.=" and forum_id={$PHORUM['forum_id']}";
    } else {
        $sql.=" and forum_id in (".implode(",", $allowed_forums).")";
    }

    $res = mysql_query($sql, $conn);
    if ($err = mysql_error()) phorum_db_mysql_error("$err: $sql");

    if (mysql_num_rows($res)){
        while ($rec = mysql_fetch_row($res)){
            $total_ids[] = $rec[0];
        }
        // don't worry about how many ids we have here.
        $sql = "select message_id from {$PHORUM['message_table']} where message_id in (" . implode(",", $total_ids) . ") order by datestamp desc";

        $res = mysql_query($sql, $conn);
        if ($err = mysql_error()) phorum_db_mysql_error("$err: $sql");

        if (mysql_data_seek($res, $start)){
            $ids = array();

            while (($rec = mysql_fetch_row($res)) && count($ids) < $length){
                $ids[] = $rec[0];
            }
            // don't worry about how many ids we have here.
            $sql = "select {$PHORUM['message_table']}.* from {$PHORUM['message_table']} where message_id in (" . implode(",", $ids) . ") order by datestamp desc";

            $res = mysql_query($sql, $conn);
            if ($err = mysql_error()) phorum_db_mysql_error("$err: $sql");

            $rows = array();

            while ($rec = mysql_fetch_assoc($res)){
                $rows[$rec["message_id"]] = $rec;
            }

            $arr = array("count" => count($total_ids), "rows" => $rows, "total" => $total_messages);
        }
    }

    return $arr;
}

in your read.tpl change the reference to
{MESSAGES->ip}
to
{MESSAGES->ip} - <a href="{URL->SEARCH},ip={MESSAGES->message_id}">Search for messages from same IP</a>

I think thats all the changes I made, if anything is a little ambiguous or wrong the tell me and ill try make things clearer

------
Stefan
Re: Search for posts from same IP
November 03, 2006 05:49PM
Hi

Does this work with 5.1.16a? You say "...edit post.php" but there is no post.php, what's the new equivalent?
Re: Search for posts from same IP
November 03, 2006 09:55PM
It's posting.php, with subactions written as separate include files for speed in include/posting/*.php. I think you'll have to do some puzzling to get the code at the right places in there.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Sorry, only registered users may post in this forum.

Click here to login