It'd be good to have the possibility to have the board NOT logging the IPs of the people posting, for boards in which users are afraid for their security. Anyway, I've never seen any ISP answering to a complaing made about one of its user. And I personnally know many people who would be reassured if their IP was not kept permanently in any way by the board. (especially as there's no way to be totally sure a board will never be hacked. And there's always security holes in such huge scripts)...
How would they know whether the board had it on or off? If you don't log the IP it makes it very hard to properly ban someone. Also - IP address is something that is dead easy to get from someone by just talking to them on ICQ etc. If someone is that worried I'm sure they will use a proxy to attempt to hide it. That said if it is a real bother you can mod it yourself by just deleting the contents of writeLog() in Security.php. Bear in mind by not doing this you won't be able to track guests online. If you just want to stop members having their IP logged change this line in the function mentioned:
updateMemberData($ID_MEMBER, array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'totalTimeLoggedIn' => 'totalTimeLoggedIn + ' . (time() - $_SESSION['timeOnlineUpdated'])));
Just remove the memberIP bit...
I can't imagine this becoming a feature but someone may mod it - maybe...
Thank you for the tip ! ;D
Are you also going to mod Apache to not log the connecting IP address? What about routers and firewalls on the network? No matter what the users do, it's logged somewhere.
Yes, but it's somehow easier to hack into a php-written bulletin board than to hack Apache and the routers. Of course there's no such thing as total anonymity (well, maybe except Freenet), but that's not a reason to have useless security threats for paranoid members. I personnally don't care having my IP logged in a board (otherwise I wouldn't post here), but I know some people who actually do...
No it's not. That's flop.
I could hack into your apache logs probably easier than I could into the database in many cases.
-[Unknown]
Lainaus käyttäjältä: Kero - toukokuu 25, 2004, 06:24:06 IP
Anyway, I've never seen any ISP answering to a complaint made about one of its user.
actually i have contacted an isp because of a spamming/harassing member and they shut their internet off because of the evidence i gave them, which showed their ip in their posts.
Lainaus käyttäjältä: Grudge - toukokuu 25, 2004, 06:56:06 IPIf you just want to stop members having their IP logged change this line in the function mentioned:
updateMemberData($ID_MEMBER, array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'totalTimeLoggedIn' => 'totalTimeLoggedIn + ' . (time() - $_SESSION['timeOnlineUpdated'])));
Just remove the memberIP bit...
I can't imagine this becoming a feature but someone may mod it - maybe...
I need a forum without IPs too, but I don't manage to use the information here, I alwyas get an errormessage about a valid callback.
I found the quotet entry in the LogInOut.php - but what I have to delete exactly? Someone with more php-experience help please.