Both $_SERVER['HTTP_CLIENT_IP'] and $_SERVER['HTTP_X_FORWARDED_FOR'] should not be trusted. Only use them if you are using a proxy that sets them.
If you do need to use them, then pass both though filter_var or at the very least pass through htmlspecialchars (or use $this->request->server version) if used in HTML. Otherwise HTML could be injected into you email. Yes they would need an admin login, but still better to do things the correct way.
Being "trusted" vs being a proper ip address are two different things.ADD Creative wrote: ↑Thu Jan 02, 2025 8:00 pmBoth $_SERVER['HTTP_CLIENT_IP'] and $_SERVER['HTTP_X_FORWARDED_FOR'] should not be trusted. Only use them if you are using a proxy that sets them.
If you do need to use them, then pass both though filter_var or at the very least pass through htmlspecialchars (or use $this->request->server version) if used in HTML. Otherwise HTML could be injected into you email. Yes they would need an admin login, but still better to do things the correct way.
This is about the fact that $_SERVER['HTTP_X_FORWARDED_FOR'] may not contain a single ip address but a comma separated string of ip addresses.
I.e. a format issue.
Whether you should or should not trust what is ultimately in there is a different issue.
My comment wasn't as a reply to your post, more aimed at anyone using the posted modification.nonnedelectari wrote: ↑Thu Jan 02, 2025 8:37 pmBeing "trusted" vs being a proper ip address are two different things.
This is about the fact that $_SERVER['HTTP_X_FORWARDED_FOR'] may not contain a single ip address but a comma separated string of ip addresses.
I.e. a format issue.
Whether you should or should not trust what is ultimately in there is a different issue.
I take your XML file - edit the stuff specific to my store (all of which works when I manually dump it into the login.php file) and I then zip it up and rename the zipped xml file AdminLastLogin-EmailJan2.ocmod.zip.supak111 wrote: ↑Thu Jan 02, 2025 3:23 pmYou use the code below if you are making an ocmod for installation through admin->extensions->installer page...
If you are hardcoding the code into the login.php file directly (hardcoding is never really recommended), you don't need the code below, and you don't need a bunch of other code from my original file
Code: Select all
<search> <![CDATA[$this->session->data['user_token'] = token(32);]]> </search> <add position="after"> <
This is not my first extension installation...so yes, I refreshed extension/modification (and clear all caches) - it simply doesn't show up! I'm assuming it got stuck and followed the <operation error="skip"> instruction
My complete ocmod file: (will look at ip security remarks later)
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<modification>
<name>Send email on Admin Login</name>
<code>Send email On Admin Login</code>
<version>1.0</version>
<author>opencart.com username: MyOpe</author>
<link>https://forum.opencart.com/viewtopic.php?p=876242</link>
<file path="admin/controller/common/login.php">
<operation error="skip">
<search>
<![CDATA[$this->session->data['user_token'] = token(32);]]>
</search>
<add position="after">
<![CDATA[
$ip_address = '';
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip_address = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip_list = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
$ip = trim($ip_list[0]);
if (filter_var ($ip, FILTER_VALIDATE_IP)) $ip_address = $ip;
}
if ($ip_address === '') $ip_address = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_REFERER'])) {
$refer = $_SERVER['HTTP_REFERER'];
} else {
$refer = 'referrer not found';
}
$to = "jrr@flippers.com"; //the address the email is being sent to
$subject = "Admin LOGIN"; //the subject of the message
$msg = "Admin LOGIN
<br><br>
Admin: {$this->request->post['username']}<br>
Referer: {$refer}<br>
From IP: <a href='https://flippers.com/catalog_oc/admin/ip/{$ip_address}'>https://flippers.com/catalog_oc/admin/ip/{$ip_address}</a><br>"; //the message of the email
// Set content-type header for sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// Additional headers
$headers .= 'From: JRR <noreply@flippers.com>' . "\r\n";
mail($to, $subject, $msg, $headers); //send the email
]]>
</add>
</operation>
</file>
</modification>Code: Select all
<search>
<![CDATA[$this->session->data['user_token'] = token(32);]]>
</search>
<add position="after">
<![CDATA[Arghh!
Thanks!
Does your admin/controller/common/login.php file have this line of code in it:
It should be there around line 15.
Your OCmod file looks fine, I don't see why it woundn't work. Maybe someone else here sees an issue?
"Send email on Admin Login" should be there in you Modification List
Code: Select all
$this->session->data['user_token'] = token(32);Your OCmod file looks fine, I don't see why it woundn't work. Maybe someone else here sees an issue?
"Send email on Admin Login" should be there in you Modification List
~ OC 3.0.3.2 and OCmods only ~
Yup - - is on line 15.
Weird.
Probably all my fault...
Thanks!
John :-#)#
Code: Select all
$this->session->data['user_token'] = token(32);Weird.
Probably all my fault...
Thanks!
John :-#)#
Try this and check your error logs if it does not work
Tested and Send Email on Admin Login (seoal for short) is working on 3.0.4.0
IMPORTANT : this download has site specific addresses
Tested and Send Email on Admin Login (seoal for short) is working on 3.0.4.0
IMPORTANT : this download has site specific addresses
Attachments
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Hi Mona,
That worked as it should - I'm getting the emails from admin logins - and the extension now shows up in extensions/modifications.
Thank you!
John :-#)#
I just compared his code to your new OCmod code and there is nothing in there that I can see that would make his code not work.
No clue why his code didn't work lol
.
No clue why his code didn't work lol
.
Last edited by supak111 on Sat Jan 04, 2025 11:55 pm, edited 1 time in total.
~ OC 3.0.3.2 and OCmods only ~
There is something wrong with my compress function in osx Sonoma. I tried expanding Mona's extension and then recompressed it using osx's native compress that appears to make zipped files but I realized that it did NOT actually compress the file. Mona's compressed file was 1K in size, and mine was 3K.
I then compressed this on a Windows XP machine and tried uploading the XP Zipped file and see if that worked...nope same null result.
Something is wrong with how the compressed file is being created on both Windows and OSX. It's late, and I'm tired...anyone have a bright idea I can check on tomorrow?
Thanks!
Maybe use this : https://www.7-zip.org/ and install (or use) it on every device instead of their internal compression functions.jrr wrote: ↑Sat Jan 04, 2025 4:30 pmThere is something wrong with my compress function in osx Sonoma. I tried expanding Mona's extension and then recompressed it using osx's native compress that appears to make zipped files but I realized that it did NOT actually compress the file. Mona's compressed file was 1K in size, and mine was 3K.
I then compressed this on a Windows XP machine and tried uploading the XP Zipped file and see if that worked...nope same null result.
Something is wrong with how the compressed file is being created on both Windows and OSX.
With that it should work on every device ..
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
My mac will zip it to 2k
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
And my Atari can do that to 720 B
7zip use 1.12 KB
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
@OSWorX It was to jrr not you.
Point being jrr has made an assumption that the zip function is the problem because of the difference in file size.
This is not a reliable way to debug a problem.
Each zip and rounding method will produce a different result.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
I do all my coding and compression on a M1 MacBook Air and never had issues with a compressed ocmod "install.xml"
Double click the install.xml file, and click: "Compress install.xml", then rename the compressed file so that it ends with: XXX.ocmod.zip
.
Double click the install.xml file, and click: "Compress install.xml", then rename the compressed file so that it ends with: XXX.ocmod.zip
.
~ OC 3.0.3.2 and OCmods only ~
It was all my fault - as I suspected. Nothing to do with the zip function at all.
I hadn't followed the ocmod file convention!
I hadn't named the xml file install.xml and then zipped it and renamed the zip to what I wanted.
Much like this: viewtopic.php?t=216022
Sigh, crawling back under my rock now...and sorry to waste folk's time!
John :-#(#
It was half a joke ..
Seriousely: I know that each and every compression tool will output a different result.
Depends on what definitions are made and a few other settings of the tool.
But my suggestion was true, because on whatever system I use the same tool (like here 7zip), the output will be the same.
And then I can compare between all.
Was to eleminate possible user faults - as this is in 99% of all cases the reason why something fails.
And for example, Win* PCs had a problem with compressing files long a time.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Who is online
Users browsing this forum: No registered users and 17 guests
