Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

LastIpAdress is always NULL

KalleKalle New
edited January 2014 in Vanilla 2.0 - 2.8

Hi all,
I just looked in the database and I saw that the column "LastIPAddress" is NULL....
Could anybody give me a hint how that LastIpAddress of a user is logged in that column?

Thank you very much, Kalle

Comments

  • Options
    peregrineperegrine MVP
    edited January 2014

    welcome to the community :)

    what is the number of your vanilla version?

    out of curiousity, see if it gets populated after you edit the profile.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options

    Hi peregrine, I use Vanilla 2.0.18.10, I have just edit the profile in my application but no entry in LastIPAddress....:-(
    Also InsertIPAdress has no entries yet (but the column 'UpdateIPAdress' has), do you know if there might be an "easy" way to change that?
    Thank you very much, Kai

  • Options
    peregrineperegrine MVP
    edited January 2014

    Could anybody give me a hint how that LastIpAddress of a user is logged in that column?

    LastIPAddress is somehow tied in with authentication, session and cookies and expirations.

    why do you want to change it?

    But, its a good question. What cause InsertIPAddress and LastIPAddress to be updated in in the user table easily understandable terms.

    At the same time, it seems to be more fully populated in vanilla 2.1, or just my imagination.
    Perhap in 2.0.18.10 it was not fully used, or it depends on how user is authenticated.

    @Lincoln maybe

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options

    I got it,

    in .....forum\library\core\class.model.php

    I commented out line 304-306

    // $Data = array_diff_key($Data, array('Attributes' => 0, 'DateInserted' => 0, 'InsertUserID' => 0, 'InsertIPAddress' => 0,
    // 'DateUpdated' => 0, 'UpdateUserID' => 0, 'UpdateIPAddress' => 0));
    // return $Data;

    Now it works :-)

  • Options

    yes but, if you don't know what the purpose of the field is for, you may be changing the behavior.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options
    peregrineperegrine MVP
    edited January 2014

    I have to laugh or cry also. because the line above 304 says....

    Filter out any potentially insecure fields before they go to the database.

    /**
    * Filter out any potentially insecure fields before they go to the database.
    * @param array $Data
    */

    so you may have solved your issue for a field you have no idea where it is used and what is it used is for (simply for an address to be in that field with possibly no function), and potentially opened your world up to a few possibly unwanted surprises.

    there may be a fix, there may be a reason, there may be a solution but based on comment in line 303 - your solution appears to be potentially a bad idea. I hope I am wrong in this assessment for your sake.

    perhaps @Todd could look at this or you could file on github it not already there.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • Options

    Hi peregrine, thank you very much, I changed the values in the way that its "more secure" now, one thing that is very important:

    return $Data; (line 306 in class.model.php)

    is a "must", without that, Forum entries are not possible.

Sign In or Register to comment.