What data can I pull from the user?

Outer · Aug 22, 2005

I know of USER_AGENT and IP Address, but I need more than that.

What other information can I retrieve from the user?

iNod · Aug 22, 2005

What do you need?

Mostly all you can pull is OS, Browser, IP, Res.. There are a few others.. But I forget which ones.

You can pull OS, Browser through User Agent.

iNod

Outer · Aug 22, 2005

Honestly, I need anything and everything

NuPagady · Aug 22, 2005

Just use this command to check what you can get:

Code:

<? print_r($_SERVER); ?>

That's what you will get:

[PATH] => /usr/local/bin:/usr/bin:/bin
[DOCUMENT_ROOT] => /home/nupagady/public_html
[HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
[HTTP_CONNECTION] => keep-alive
[HTTP_HOST] => www.nupagady.info
[HTTP_KEEP_ALIVE] => 300
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
[REDIRECT_STATUS] => 200
[REDIRECT_URL] => /test1.php
[REMOTE_ADDR] => some ip(I have removed mine )
[REMOTE_PORT] => 1543
[SCRIPT_FILENAME] => /home/nupagady/public_html/test1.php
[SERVER_ADDR] => 63.247.87.154
[SERVER_ADMIN] => (removed my email)
[SERVER_NAME] => www.nupagady.info
[SERVER_PORT] => 80
[SERVER_SOFTWARE] => Apache
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /test1.php
[SCRIPT_NAME] => /test1.php
[PHP_SELF] => /test1.php
[argv] => Array

So you can get visitors IP, you can find out can user run flash or not, what is his/her accepted language, encoding and much more (just check variables starting with HTTP_).. and of course some server info as well too :]

Outer · Aug 22, 2005

Great ^^

Thank you for the help

NuPagady · Aug 22, 2005

np

when you will find in this list what you need, just use $_SERVER + ['what_you_need']
i.e., $_SERVER['HTTP_ACCEPT_CHARSET'] - that would be for charset
$_SERVER['HTTP_USER_AGENT'] - that would be for browser, etc.. don't forget quotes.

Good luck

Peter · Aug 23, 2005

remember if the person goes via a proxy some of the information may not be correct. Also not all browsers will give the same information (some can spoof as well)

Outer · Aug 23, 2005

I know the information can be spoofed.

What Im trying to do with all of this information is make a 128-bit secure code that pertains to that user only (like a session_id, just a bit more secure in my opinion)

It will rely on user information such as the IP, User Agent, etc.

Do you know the function that bypasses the Proxy server's address and gets the users true IP address?

nasaboy007 · Aug 23, 2005

wow thats pretty cool. thanks i can use that

Porte · Aug 23, 2005

NuPagady, very nice function, thanks for this.

Peter · Aug 23, 2005

Outer said:
It will rely on user information such as the IP, User Agent, etc.

That may cause a problem on your web page. Certain users will not be able to use your page. For example AOL users, their IP can change from page to page.

Outer · Aug 23, 2005

Thats what I was thinking about also, but I could have the IP change with the user.

Either that, or have it rely on the first 3 digits in an IP address (since the first 3 don't change too often with the provider such as AOL)

AOL has these sets of IP's basically:
<pre>
172.128.0.0/10----172.192.0.0/12----172.208.0.0/14----202.67.66.0/23
172.200.0.0/15----172.202.0.0/15----172.212.0.0/14----172.216.0.0/16
202.67.68.0/22----202.67.72.0/21----202.67.80.0/20----202.67.96.0/19
</pre>

I will probably pick one of those solutions, hence the reason I asked for more information in this thread, so I either dont have to base it off of the IP, or use it so as to not create *as much* problems

primacomputer · Aug 23, 2005

How about generating a 128 bit cookie and use that instead of a session id? What are you trying to accomplish? Why do you need something more “secure” than a session id?

Eric · Aug 23, 2005

There's quite a bit you can pull:
http://www.secondversion.com/ip/test.php
OS, OS Version, OS Vendor etc etc I have the script for that somewhere..

Atomical · Aug 23, 2005

What I used to do for sessions is this. When you log the user in store his ip address in a session variable. Then when he loads other pages check to make sure that the IP address matches the one you stored.

NuPagady · Aug 23, 2005

nasaboy007 said:
wow thats pretty cool. thanks i can use that

Designporte said:
NuPagady, very nice function, thanks for this.

np, good luck in coding :]

Outer · Aug 23, 2005

It's a bit more complicated than just placing a 128-bit code inside of the cookie

Im doing it for the sole purpose of doing it. Making things more secure should be everyones initiative

I need it to be more secure because of the reason my new application will be protecting very sensitive data in which I do not want just anyone to have access to or easily be able to get through something to see that information

Everything has vulnerabilities, sessions and cookies alike. My little sessions makup here will probably have a few vulnerabilities. I don't want anything going through the URL or anything stored on the clients side, hence the reason for this.

Peter · Aug 23, 2005

1 thing you have to be careful about is making it too secure that it becomes awkward to use for the customer.

I do agree that security is a main concern but dont go overkill on it.

Also I would suggest being reluctant on using cookies, if you rely on them then that alienates a section of your audience, have a contingency plan for people who do not allow cookies.

Outer · Aug 23, 2005

I wont be using cookies for this project

I am keeping off of sessions and cookies completely.

I will make a seperate version in which cookies are enabled for two reasons (An additional check and remember me) but thats just about it...

SecondVersion said:
There's quite a bit you can pull:
http://www.secondversion.com/ip/test.php
OS, OS Version, OS Vendor etc etc I have the script for that somewhere..

Could you share the script to that? I think I know how you are doing it all, but not completely positive

iNod · Aug 23, 2005

http://flubel.vphost.net/IPDNS/

If you pay me like 5$ I can give you the above script.. I would like to give it to you for free but it is like 800 lines or so.. So well..

iNod

What data can I pull from the user?

Established Member

Eating PieVIP Member

Established Member

Established Member

Established Member

Established Member

VIP Member

Established Member

VIP Member

VIP Member

VIP Member

Established Member

Established Member

VIP Member

Established Member

Established Member

Established Member

VIP Member

Established Member

Eating PieVIP Member

CarouselBank.com

HypoTrade.com

BeYourBest.net

TheMacroPulse.xyz

FinRating.com

1x.club

cashlesschips.com

DiaWallet.com

MacroUSD.com

Zampre.com

Similar threads

We're social

CarouselBank.com

HypoTrade.com

BeYourBest.net

TheMacroPulse.xyz

FinRating.com

1x.club

cashlesschips.com

DiaWallet.com

MacroUSD.com

Zampre.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling