Announcement

**Nadeem** · 14-Dec-2004, 11:08 AM

Hi Bernie

Thankyou for providing this information. Much appreciated

Kind Regards

**dave_finlayson** · 14-Dec-2004, 11:44 AM

Bernie,

Just implemented this into my site now and it works perfectly. Is it possible to show this information to the customer?

Many thanks for a great little add on!

David

**berniejones** · 15-Dec-2004, 08:00 AM

David,

I haven't tried this myself yet but, as we're just making use of a standard Actinic variable, I reckon that the technique described on p64 of the Advanced Guide - "Adding Extra Fields into the Customer Email" - will do the trick.

When you edit 'Act_CustomerEmail.txt' you could add a prompt like:

Your IP address: <Actinic:GENUSERDEF/> has been logged for security purposes

Let me know if that works!

Bernie

**dave_finlayson** · 15-Dec-2004, 09:24 AM

Bernie,

I had thought as much myself, just made all the changes and it works perfectly. Would still be good to be able to display in the checkout however, it's a nice security feature, it costs nothing and may just help put off anyone considering placing a fraudulent transaction if they can see their information has been logged.

One thing that has arisen from doing this is the need for additional extra information fields within the checkout. Once you have a hidden field to capture your referrer info, then a second to capture the users ip/host address this only leaves you with 1 extra field. Not a problem for us but I am sure some people could do with some more for whatever marketing/order questions they want to present customers with in the checkout.

Perhaps this could be added to the wishlist Actinic?

Thanks again for your very useful code Bernie. hope you are having a busy christmas period.

Dave

**dscontroller** · 15-Dec-2004, 09:32 AM

Bernie,

I too have implemented this feature and it works 'a dream'.

Being one of the 'boys in blue' (retired) it's good to see security features like this being implemented and possibly preventing fraudulent transactions. Well done! and Thank You.

David

**NormanRouxel** · 15-Dec-2004, 12:35 PM

Just for interest. Actinic detects and uses the clients IP address internally.

It uses it as part of the .session filename (the customers on-line Shopping Cart). E.g. look in your live acatalog directory and (assuming someone's shopping) you'll see file like 192Z168Z0Z1A1097265929B3940.session.

Now the first bit is the customers IP address with the dots replaces by Zs. So I was on 192.168.0.1 (my local server as it happened) when shopping here.

**berniejones** · 04-Feb-2005, 08:14 AM

Tech Update

Folks,
An update on the IP address logger:

Many ISPs use proxies to forward the requests from their clients onto the 'net.

In these cases, the REMOTE_HOST and REMOTE_ADDR values relate to the ISP's proxy server and not to the end client (the PC/Mac/whatever) that you're interested in capturing.

I've noticed for instance that nearly half my hits are from NTL proxies.

These proxies can (and should) carry through the address of the actual client in one of two other HTTP header variables: HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR.

So, a better check is to first determine whether either of these values is non-null and, if so, to use that value. If they are null, then the exising code is good. Alternatively you may just capture these value in addition to the existing ones and log them all.

A final point: Many ISPs allocate dynamic IP addresses from a 'pool' that they are allocated. This is typically used for dial up connections and means that:

a) The same physical user and PC may have a different IP address each time they connect
b) The same IP address does not necessarily mean the same physical user!

Oh the joys of identity management through HTTP!!

Hope that helps,

Bernie

**BeerHunter** · 04-Feb-2005, 04:06 PM

...and one further note;

a) The same physical user and PC may have a different IP address each time they connect
b) The same IP address does not necessarily mean the same physical user!

If the user is behind a corporate firewall (which is using NAT or Network Address Translation) or through a Proxy all users behind this firewall will have the same public IP.

**dave_finlayson** · 24-Feb-2005, 08:21 PM

Bernie,

Have you written code to include the HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR variables. I have tried to amend yours but sadly my script amending leaves a lot to be desired!

Regards

David

**retekdirect** · 07-Apr-2005, 01:23 PM

Hi folks

I was encouraged to hear that a few of you were having no problems with this excellent scripting addition, nice work Bernie.

Sadly, i'm unable to get it to work correctly. In the Misc tab for any given order, the first two fields are returned fine, then simply a line break for the third

I'm comfortable with the HTML side of things, so i'm pretty sure it's not that (let's face it, it's just a hidden field). Which only leaves the JavaScript. Unless it's a server-side problem?

(Incidentally Bernie, did Actinic ask to use this in the Advanced Guide? I first saw it there, then found it in here again while searching for further info)

Thanks for any info,

Ryan

**retekdirect** · 20-Apr-2005, 08:18 AM

Filthy bump.

Still unable to get this to work i'm afraid.

Ryan

**Mike Hughes** · 20-Apr-2005, 08:29 AM

When you say 'the first two fields are returned fine, then simply a line break for the third' are you seeing the text 'IP address'?

If not, it would imply you may have missed this bit:

First, go to Design|text|Web Site (cont) and select the General Information tab. Check the 'show' box for the entry 'User Definable 3' and set the Prompt value to 'IP address'

Mike

**retekdirect** · 20-Apr-2005, 08:50 AM

Hi Mike

I don't get the text "IP address" in the misc tab for orders, nope. I do have the text set in the design options though.

I did however have it unticked. I assumed this was a typo, and that checking it would show the field on the relevant order page. I see that this is not the case, as it is hidden. I have ticked the box to show it, but i'm still getting a blank line.

Ryan

**retekdirect** · 20-Apr-2005, 09:16 AM

Ahaaaaarr!

Working now. Turns out it was a 'series of unfortunate events'. I migrated the store from one PC to another, and the 2 files (order2 and the perl script) weren't copied. Either that or i reverted back to the originals when it didn't work until i could get the whole lot operational.

Cheers for the heads up (about the pesky checkbox) Mike.

Might be worth pointing out that checking the 3rd box to show the IP address will NOT show customers their IP address when ordering, only in the "Misc" tab for each order.

Ryan

Announcement

How to log the IP address when an order is placed

How to log the IP address when an order is placed

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment