Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SolusVM - Get all IPs of a customer
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SolusVM - Get all IPs of a customer

jmginerjmginer Member, Patron Provider
edited September 2015 in Tutorials

Hello, I share a litle PHP script that I made to list all IPs addresses of a customer.

I'm not a developer, so, maybe you can find some stupid line, but run ok :)

Just upload and run: http://yoursolusvmurl.com/[email protected]

Source: http://pastebin.com/eMaMLYAC

Comments

  • I'm not trying to bash you here (I like to see people coming up with ideas), but why not just use the IP Report feature in Solus?

  • jmginerjmginer Member, Patron Provider

    @VPSSoldiers said:
    I'm not trying to bash you here (I like to see people coming up with ideas), but why not just use the IP Report feature in Solus?

    Because I'm implementing a "firewall" service for my customers, they are going to be able to create custom firewall rules directly in our main routers, and this is how I'm going to check if a customer owns a IP or not. If you don't own a IP, you can not create a rule for this IP.

    But this is a task that will do a more expert developer, with this script I'm just giving him what IPs are owned from each customer.

  • Cool! You didn't sanitize your inputs!

    Thanked by 1trewq
  • No, he didn't.

    Couldn't even bother to strip slashes, tags, special characters and escape it (mysql_real_escape_string and escapeshellarg)?

    No, these methods are not for production use, but they'll at least protect you against some attacks.

  • hostnoobhostnoob Member
    edited September 2015
    $email = $_GET['email'];

    should be

    if (filter_var($email, FILTER_VALIDATE_EMAIL))
    {
        $email = $_GET['email'];
    }
    else
    {
        exit('invalid email');
    }

    and then use mysql_real_escape_string() too (or even better, prepared statements)

    Thanked by 1jh
  • jenokjenok Member, Host Rep

    Mun said: Cool! You didn't sanitize your inputs!

    write it with pdo should be better :D

    Thanked by 1netomx
  • BharatBBharatB Member, Host Rep
    edited September 2015

    http://pastebin.com/3wnbvc8x

    For those who want @jmginer 's idea in a proper manner.

    Thanked by 1FlamesRunner
  • @hostnoob said:

    $email = $_GET['email'];

    should be

    if (filter_var($email, FILTER_VALIDATE_EMAIL))
    > {
    >     $email = $_GET['email'];
    > }
    > else
    > {
    >     exit('invalid email');
    > }

    and then use mysql_real_escape_string() too (or even better, prepared statements)

    more like the minimum should be "mysqli_real_escape_string()" instead as mysql_real_escape_string is deprecated on PHP 5.5 :)

  • @wcypierre said:
    more like the minimum should be "mysqli_real_escape_string()" instead as mysql_real_escape_string is deprecated on PHP 5.5 :)

    Uhm how you can filter $email before its set lol?

    Thanked by 1MartinD
  • @sepei said:
    Uhm how you can filter $email before its set lol?

    True that for this case. Anyway, my point is on not using mysql_* but to use mysqli_* instead as a minimum.

  • BharatBBharatB Member, Host Rep

    @wcypierre said:

    http://pastebin.com/3wnbvc8x , PDO has a similar but better way to handle queries I suppose.

Sign In or Register to comment.