Dupe IP's and passwords [Archive]

rinkrat

09-23-2004, 06:54 PM

This was a great way to spot dupe accounts but now it doesn't work because things have changed with VB. Can someone update it to work with v3.03?? PLEASE :)

<?php
error_reporting(7);

require("./global.php");

cpheader();

echo "<a href='#'>[duplicate ip addresses]</a> | <a href='#pass'>[duplicate passwords]</a>";

$q1 = mysql_query("SELECT ipaddress, count(*) as cnt FROM user GROUP BY ipaddress HAVING cnt > 1 ORDER BY ipaddress");
echo mysql_error();
while(list($ip) = mysql_fetch_array($q1)) {
if ($ip <> "") {
$x .= "'$ip',";
}
}
$x .= "'XXX'";
mysql_free_result($q1);
$qtwo = mysql_query("SELECT u.userid, u.username, u.password, u.ipaddress, u.posts, u.lastvisit,ug.canpostnew
FROM user u
LEFT JOIN usergroup ug ON ug.usergroupid = u.usergroupid
WHERE u.ipaddress IN ($x)
ORDER BY u.ipaddress, u.password, u.posts");
echo mysql_error();
echo "<h1>Duplicate IP Addresses</h1><table border=\"0\" cellspacing=\"0\" cellpadding=\"3\"><tr><td align=center><b><u>Username</u></b></td><td align=center><b><u>Encrypted password</u></b></td><td align=center><b><u>IP</u></b></td><td align=center><b><u>Posts</u></b></td><td align=center><b><u>Last Visit</u></b></td></tr>";
while(list($id, $user,$pass,$ip,$posts,$lastvisit,$canpostnew) = mysql_fetch_array($qtwo)) {
if ($ip <> $ip1) {
if ($bgcolor == "#CCCCCC") {
$bgcolor = "white";
} else {
$bgcolor = "#CCCCCC";
}
}
if ($pass == $passold) { $color = "red"; } else { $color = "black"; }
$lastvisit = date("M j y, H:i:s",$lastvisit);

$canpostnew = ($canpostnew) ? 'Yes' : 'No';
$hostname = gethostbyaddr($ip);

echo "<tr bgcolor=$bgcolor ><td style=\"font-size: smaller;\"><a href=\"../moderator.php?s=&action=useroptions&userid=$id\" >$user</a></td><td><font color=\"$color\" style=\"font-size: smaller;\">$pass</font></td><td >$hostname</td><td style=\"font-size: smaller;\">$posts</td><td style=\"font-size: smaller;\">$lastvisit</td><td style=\"font-size: smaller;\">$canpostnew</td><td style=\"font-size: smaller;\"><a href=\"user.php?s=&action=remove&userid=$id\">Remove</a></td></tr>";
$ip1 = $ip;
}
echo "</table>";
$bgcolor = "";
$qthre = mysql_query("SELECT password, count(*) as cnt FROM user GROUP BY password HAVING cnt > 1 ORDER BY password");
echo mysql_error();
while(list($pwd) = mysql_fetch_array($qthre)) {
$y .= "'$pwd',";
}
$y .= "'XXX'";
mysql_free_result($qthre);

$qfor = mysql_query("SELECT u.userid, u.username, u.password, u.ipaddress, u.posts, u.lastvisit,ug.canpostnew
FROM user u
LEFT JOIN usergroup ug ON ug.usergroupid = u.usergroupid
WHERE u.password IN ($y)
ORDER BY u.password, u.posts");
echo mysql_error();
echo "<a name=\"pass\"></a><h1>Duplicate Passwords</h1><table border=\"0\" cellspacing=\"0\" cellpadding=\"2\">";
$color = "black";
while(list($id, $user,$pass,$ip,$posts,$lastvisit,$canpostnew) = mysql_fetch_array($qfor)) {
//if ($pass == $passold) { $color = "red"; } else { $color = "black"; }
if ($pass <> $pass1) {
if ($bgcolor == "#CCCCCC") {
$bgcolor = "white";
} else {
$bgcolor = "#CCCCCC";
}
}
$canpostnew = ($canpostnew) ? 'Yes' : 'No';
$hostname = gethostbyaddr($ip);
$lastvisit = date("M j y, H:i:s",$lastvisit);
echo "<tr bgcolor=$bgcolor ><td style=\"font-size: smaller;\"><a href=\"../moderator.php?s=&action=useroptions&userid=$id\" >$user</a></td><td><font color=\"$color\" style=\"font-size: smaller;\">$pass</font></td><td >$hostname</td><td style=\"font-size: smaller;\">$posts</td><td style=\"font-size: smaller;\">$lastvisit</td><td style=\"font-size: smaller;\">$canpostnew</td><td style=\"font-size: smaller;\"><a href=\"user.php?s=&action=remove&userid=$id\">Remove</a></td></tr>";
$pass1 = $pass;
}
echo "</table>";

cpfooter();
?>

Zachery

09-23-2004, 06:56 PM

This was a great way to spot dupe accounts but now it doesn't work because things have changed with VB. Can someone update it to work with v3.03?? PLEASE :)

<?php
error_reporting(7);

require("./global.php");

cpheader();

echo "<a href='#'>[duplicate ip addresses]</a> | <a href='#pass'>[duplicate passwords]</a>";

$q1 = mysql_query("SELECT ipaddress, count(*) as cnt FROM user GROUP BY ipaddress HAVING cnt > 1 ORDER BY ipaddress");
echo mysql_error();
while(list($ip) = mysql_fetch_array($q1)) {
if ($ip <> "") {
$x .= "'$ip',";
}
}
$x .= "'XXX'";
mysql_free_result($q1);
$qtwo = mysql_query("SELECT u.userid, u.username, u.password, u.ipaddress, u.posts, u.lastvisit,ug.canpostnew
FROM user u
LEFT JOIN usergroup ug ON ug.usergroupid = u.usergroupid
WHERE u.ipaddress IN ($x)
ORDER BY u.ipaddress, u.password, u.posts");
echo mysql_error();
echo "<h1>Duplicate IP Addresses</h1><table border=\"0\" cellspacing=\"0\" cellpadding=\"3\"><tr><td align=center><b><u>Username</u></b></td><td align=center><b><u>Encrypted password</u></b></td><td align=center><b><u>IP</u></b></td><td align=center><b><u>Posts</u></b></td><td align=center><b><u>Last Visit</u></b></td></tr>";
while(list($id, $user,$pass,$ip,$posts,$lastvisit,$canpostnew) = mysql_fetch_array($qtwo)) {
if ($ip <> $ip1) {
if ($bgcolor == "#CCCCCC") {
$bgcolor = "white";
} else {
$bgcolor = "#CCCCCC";
}
}
if ($pass == $passold) { $color = "red"; } else { $color = "black"; }
$lastvisit = date("M j y, H:i:s",$lastvisit);

$canpostnew = ($canpostnew) ? 'Yes' : 'No';
$hostname = gethostbyaddr($ip);

echo "<tr bgcolor=$bgcolor ><td style=\"font-size: smaller;\"><a href=\"../moderator.php?s=&action=useroptions&userid=$id\" >$user</a></td><td><font color=\"$color\" style=\"font-size: smaller;\">$pass</font></td><td >$hostname</td><td style=\"font-size: smaller;\">$posts</td><td style=\"font-size: smaller;\">$lastvisit</td><td style=\"font-size: smaller;\">$canpostnew</td><td style=\"font-size: smaller;\"><a href=\"user.php?s=&action=remove&userid=$id\">Remove</a></td></tr>";
$ip1 = $ip;
}
echo "</table>";
$bgcolor = "";
$qthre = mysql_query("SELECT password, count(*) as cnt FROM user GROUP BY password HAVING cnt > 1 ORDER BY password");
echo mysql_error();
while(list($pwd) = mysql_fetch_array($qthre)) {
$y .= "'$pwd',";
}
$y .= "'XXX'";
mysql_free_result($qthre);

$qfor = mysql_query("SELECT u.userid, u.username, u.password, u.ipaddress, u.posts, u.lastvisit,ug.canpostnew
FROM user u
LEFT JOIN usergroup ug ON ug.usergroupid = u.usergroupid
WHERE u.password IN ($y)
ORDER BY u.password, u.posts");
echo mysql_error();
echo "<a name=\"pass\"></a><h1>Duplicate Passwords</h1><table border=\"0\" cellspacing=\"0\" cellpadding=\"2\">";
$color = "black";
while(list($id, $user,$pass,$ip,$posts,$lastvisit,$canpostnew) = mysql_fetch_array($qfor)) {
//if ($pass == $passold) { $color = "red"; } else { $color = "black"; }
if ($pass <> $pass1) {
if ($bgcolor == "#CCCCCC") {
$bgcolor = "white";
} else {
$bgcolor = "#CCCCCC";
}
}
$canpostnew = ($canpostnew) ? 'Yes' : 'No';
$hostname = gethostbyaddr($ip);
$lastvisit = date("M j y, H:i:s",$lastvisit);
echo "<tr bgcolor=$bgcolor ><td style=\"font-size: smaller;\"><a href=\"../moderator.php?s=&action=useroptions&userid=$id\" >$user</a></td><td><font color=\"$color\" style=\"font-size: smaller;\">$pass</font></td><td >$hostname</td><td style=\"font-size: smaller;\">$posts</td><td style=\"font-size: smaller;\">$lastvisit</td><td style=\"font-size: smaller;\">$canpostnew</td><td style=\"font-size: smaller;\"><a href=\"user.php?s=&action=remove&userid=$id\">Remove</a></td></tr>";
$pass1 = $pass;
}
echo "</table>";

cpfooter();
?>

Impossible to do it with passwords now without removing the new security features (not recomended at all). I think someone did release a hack that does work with IP's

rinkrat

09-23-2004, 06:59 PM

Thanks for the quick response ;)