Post: PHP Script to collect viewers information
Options
06-20-2011, 04:16 PM
#1
Relevant
Banned
<?php
$sql_server = "Your.Sql.Server";
$sql_username = "YourSqlUserName";
$sql_password = "YourSqlUserPassword";
$sql_database = "YourSqlDatabase";
$sql_table = "YourSqlTable";
$ip=$_SERVER['REMOTE_ADDR'];
$url=file_get_contents("https://whatismyipaddress.com/ip/$ip");
preg_match_all('/<th>(.*?)<\/th><td>(.*?)<\/td>/s',$url,$output,PREG_SET_ORDER);
$isp=$output[1][2];
function geoCheckIP($ip)
{
//check, if the provided ip is valid
if(!filter_var($ip, FILTER_VALIDATE_IP))
{
throw new InvalidArgumentException("IP is not valid");
}
//contact ip-server
$response=@file_get_contents('https://www.netip.de/search?query='.$ip);
if (empty($response))
{
throw new InvalidArgumentException("Error contacting Geo-IP-Server");
}
//Array containing all regex-patterns necessary to extract ip-geoinfo from page
$patterns=array();
$patterns["domain"] = '#Domain: (.*?) #i';
$patterns["country"] = '#Country: (.*?) #i';
$patterns["state"] = '#State/Region: (.*?)<br#i';
$patterns["town"] = '#City: (.*?)<br#i';
//Array where results will be stored
$ipInfo=array();
//check response from ipserver for above patterns
foreach ($patterns as $key => $pattern)
{
//store the result in array
$ipInfo[$key] = preg_match($pattern,$response,$value) && !empty($value[1]) ? $value[1] : 'not found';
}
return $ipInfo;
}
function getBrowser()
{
$u_agent = $_SERVER['HTTP_USER_AGENT'];
$bname = 'Unknown';
$platform = 'Unknown';
$version= "";
//First get the platform?
if (preg_match('/linux/i', $u_agent)) {
$platform = 'Linux';
}
elseif (preg_match('/macintosh|mac os x/i', $u_agent)) {
$platform = 'Mac';
}
elseif (preg_match('/windows|win32/i', $u_agent)) {
$platform = 'Windows';
}
// Next get the name of the useragent yes seperately and for good reason
if(preg_match('/MSIE/i',$u_agent) && !preg_match('/Opera/i',$u_agent))
{
$bname = 'Internet Explorer';
$ub = "MSIE";
}
elseif(preg_match('/Firefox/i',$u_agent))
{
$bname = 'Mozilla Firefox';
$ub = "Firefox";
}
elseif(preg_match('/Chrome/i',$u_agent))
{
$bname = 'Google Chrome';
$ub = "Chrome";
}
elseif(preg_match('/Safari/i',$u_agent))
{
$bname = 'Apple Safari';
$ub = "Safari";
}
elseif(preg_match('/Opera/i',$u_agent))
{
$bname = 'Opera';
$ub = "Opera";
}
elseif(preg_match('/Netscape/i',$u_agent))
{
$bname = 'Netscape';
$ub = "Netscape";
}
// finally get the correct version number
$known = array('Version', $ub, 'other'
;
$pattern = '#(?<browser>' . join('|', $known) .
'[/ ]+(?<version>[0-9.|a-zA-Z.]*)#';
// see how many we have
$i = count($matches['browser']);
if ($i != 1) {
//we will have two since we are not using 'other' argument yet
//see if version is before or after the name
if (strripos($u_agent,"Version") < strripos($u_agent,$ub)){
$version= $matches['version'][0];
}
else {
$version= $matches['version'][1];
}
}
else {
$version= $matches['version'][0];
}
// check if we have a number
if ($version==null || $version=="") {$version="?";}
return array(
'userAgent' => $u_agent,
'name' => $bname,
'version' => $version,
'platform' => $platform,
'pattern' => $pattern
);
}
$SYSTEM=getBrowser();
$GEO =geoCheckIP($ip);
$INFO = array("ip" => $ip, "os" => $SYSTEM['platform'],"browser" => $SYSTEM['name'], "time" => strftime('%c', "country" => $GEO['country'], "state" => $GEO['state'], "town" => $GEO['town'], "isp" => $isp);
$TRACKER = $_REQUEST['tracker'];
mysql_connect($sql_server,$sql_username,$sql_password);
mysql_select_db($sql_database);
mysql_query("INSERT INTO `" . $sql_database . "` .`" . $sql_table . "` (`ip`,`os`,`browser`,`time`,`country`,`state`,`town`,`isp`,`tracker`)
VALUES ('" . $INFO['ip'] . "','" . $INFO['os'] . "','" . $INFO['browser'] . "','" . $INFO['time'] . "','" . $INFO['country'] . "','" . $INFO['state'] . "','" . $INFO['town'] . "','" . $INFO['isp'] . "','" . $TRACKER . "';");
header("Content-Type: image/png");
$im = @imagecreate(1, 1)
or die("");
$background_color = imagecolorallocate($im, 255, 255, 255);
$text_color = imagecolorallocate($im, 204, 0, 255);
imagepng($im);
imagedestroy($im);
?>
upload this to your website with SQL support (make the SQL table first)
Your SQL table should look like this:
You must login or register to view this content.
Once your php script is uploaded as a .png extension you need to add a file called ".htaccess"
within this file you need to add
RewriteBase /
AddType application/x-httpd-php .png
This will made it render as a php script, which results a .png image so the image essentially runs the script in the background.
Now you have all the resources to do this, do not complain about this being too much of a security risk, after all this is the hacking section >_>.
image.png?tracker=Message
use the tracker= to add a Message to the SQL row, for example
?tracker=Testing
then who ever views that image using [img]url/image.png?tracker=Testing[/img]
it will be easy to find in the database amongst the other rows.
You must login or register to view this content.
Note: You have to modify the PHP server variables at the top.
Viewing your results via PHP page
Save as track.php
<html>
<head>
<title>Tracking: <?php echo $_REQUEST['tracker']; ?></title>
</head>
<body>
<?php
$sql_server = "Your.Sql.Server";
$sql_username = "YourSqlUserName";
$sql_password = "YourSqlUserPassword";
$sql_database = "YourSqlDatabase";
$sql_table = "YourSqlTable";
$page_password = "password";
if($_REQUEST['tracker'])
{
if($_REQUEST['password']!=$page_password){die("<center><h1>Password Wrong <a href='track.php'>Click Here To Refresh</a></h1></center>");}
mysql_connect($sql_server,$sql_username,$sql_password);
mysql_select_db($sql_database);
echo "<h2>Information tracking: " . $_REQUEST['tracker'] . "</h2>";
echo "<hr />";
if($query_rows = mysql_query("select * from " . $sql_table . " where `tracker` = '" . $_REQUEST['tracker'] . "';"))
{
while($INFO = mysql_fetch_row($query_rows))
{
echo "[" . $_REQUEST['tracker'] . "] IP Address: " . $INFO[1] . " - Operating System: " . $INFO[2] . " - Browser: " . $INFO[3] . " - Location: " . $INFO[5] . ", " . $INFO[6] . ", " . $INFO[7] . " - ISP: " . $INFO[8] . " - Time Logged: " . $INFO[4];
echo "<hr style='width:80%' />";
}
}
else
{
echo "No information yet!";
}
}
else
{
echo '<form action="#" method="post">';
echo '<table>';
echo '<tr><td>Tracker</td><td><input type="text" name="tracker" /></td></tr>';
echo '<tr><td>Password</td><td><input type="password" name="password" /></td></tr>';
echo '</table>;';
echo '<input type="submit" value="Track" />';
echo '</form>';
}
?>
</body>
</html>
The following user thanked Relevant for this useful post:
The following user groaned Relevant for this awful post:
06-20-2011, 04:18 PM
#2
KyleWTF
Climbing up the ladder
Originally posted by Relevant
This simple PHP script that I've put together allows you to capture the viewers information and insert it into your SQL database:
upload this to your website with SQL support (make the SQL table first)
Your SQL table should look like this:
You must login or register to view this content.
Once your php script is uploaded as a .png extension you need to add a file called ".htaccess"
within this file you need to add
This will made it render as a php script, which results a .png image so the image essentially runs the script in the background.
Now you have all the resources to do this, do not complain about this being too much of a security risk, after all this is the hacking section >_>.
image.png?tracker=Message
use the tracker= to add a Message to the SQL row, for example
?tracker=Testing
then who ever views that image using [img]url/image.png?tracker=Testing[/img]
it will be easy to find in the database amongst the other rows.
You must login or register to view this content.
---------- Post added at 05:16 PM ---------- Previous post was at 05:15 PM ----------
Note: You have to modify the PHP server variables at the top.
<?php
$ip=$_SERVER['REMOTE_ADDR'];
$url=file_get_contents("https://whatismyipaddress.com/ip/$ip");
preg_match_all('/<th>(.*?)<\/th><td>(.*?)<\/td>/s',$url,$output,PREG_SET_ORDER);
$isp=$output[1][2];
function geoCheckIP($ip)
{
//check, if the provided ip is valid
if(!filter_var($ip, FILTER_VALIDATE_IP))
{
throw new InvalidArgumentException("IP is not valid");
}
//contact ip-server
$response=@file_get_contents('https://www.netip.de/search?query='.$ip);
if (empty($response))
{
throw new InvalidArgumentException("Error contacting Geo-IP-Server");
}
//Array containing all regex-patterns necessary to extract ip-geoinfo from page
$patterns=array();
$patterns["domain"] = '#Domain: (.*?) #i';
$patterns["country"] = '#Country: (.*?) #i';
$patterns["state"] = '#State/Region: (.*?)<br#i';
$patterns["town"] = '#City: (.*?)<br#i';
//Array where results will be stored
$ipInfo=array();
//check response from ipserver for above patterns
foreach ($patterns as $key => $pattern)
{
//store the result in array
$ipInfo[$key] = preg_match($pattern,$response,$value) && !empty($value[1]) ? $value[1] : 'not found';
}
return $ipInfo;
}
function getBrowser()
{
$u_agent = $_SERVER['HTTP_USER_AGENT'];
$bname = 'Unknown';
$platform = 'Unknown';
$version= "";
//First get the platform?
if (preg_match('/linux/i', $u_agent)) {
$platform = 'Linux';
}
elseif (preg_match('/macintosh|mac os x/i', $u_agent)) {
$platform = 'Mac';
}
elseif (preg_match('/windows|win32/i', $u_agent)) {
$platform = 'Windows';
}
// Next get the name of the useragent yes seperately and for good reason
if(preg_match('/MSIE/i',$u_agent) && !preg_match('/Opera/i',$u_agent))
{
$bname = 'Internet Explorer';
$ub = "MSIE";
}
elseif(preg_match('/Firefox/i',$u_agent))
{
$bname = 'Mozilla Firefox';
$ub = "Firefox";
}
elseif(preg_match('/Chrome/i',$u_agent))
{
$bname = 'Google Chrome';
$ub = "Chrome";
}
elseif(preg_match('/Safari/i',$u_agent))
{
$bname = 'Apple Safari';
$ub = "Safari";
}
elseif(preg_match('/Opera/i',$u_agent))
{
$bname = 'Opera';
$ub = "Opera";
}
elseif(preg_match('/Netscape/i',$u_agent))
{
$bname = 'Netscape';
$ub = "Netscape";
}
// finally get the correct version number
$known = array('Version', $ub, 'other';
$pattern = '#(?<browser>' . join('|', $known) .
'[/ ]+(?<version>[0-9.|a-zA-Z.]*)#';
// see how many we have
$i = count($matches['browser']);
if ($i != 1) {
//we will have two since we are not using 'other' argument yet
//see if version is before or after the name
if (strripos($u_agent,"Version") < strripos($u_agent,$ub)){
$version= $matches['version'][0];
}
else {
$version= $matches['version'][1];
}
}
else {
$version= $matches['version'][0];
}
// check if we have a number
if ($version==null || $version=="") {$version="?";}
return array(
'userAgent' => $u_agent,
'name' => $bname,
'version' => $version,
'platform' => $platform,
'pattern' => $pattern
);
}
$SYSTEM=getBrowser();
$GEO =geoCheckIP($ip);
$INFO = array("ip" => $ip, "os" => $SYSTEM['platform'],"browser" => $SYSTEM['name'], "time" => strftime('%c', "country" => $GEO['country'], "state" => $GEO['state'], "town" => $GEO['town'], "isp" => $isp);
$TRACKER = $_REQUEST['tracker'];
mysql_connect("YOUR.SQL.SERVER","username","password");
mysql_select_db("yourdatabase");
mysql_query("INSERT INTO `yourdatabase`.`yourtable` (`ip`,`os`,`browser`,`time`,`country`,`state`,`town`,`isp`,`tracker`)
VALUES ('" . $INFO['ip'] . "','" . $INFO['os'] . "','" . $INFO['browser'] . "','" . $INFO['time'] . "','" . $INFO['country'] . "','" . $INFO['state'] . "','" . $INFO['town'] . "','" . $INFO['isp'] . "','" . $TRACKER . "';");
header("Content-Type: image/png");
$im = @imagecreate(1, 1)
or die("");
$background_color = imagecolorallocate($im, 255, 255, 255);
$text_color = imagecolorallocate($im, 204, 0, 255);
imagepng($im);
imagedestroy($im);
?>
upload this to your website with SQL support (make the SQL table first)
Your SQL table should look like this:
You must login or register to view this content.
Once your php script is uploaded as a .png extension you need to add a file called ".htaccess"
within this file you need to add
RewriteBase /
AddType application/x-httpd-php .png
This will made it render as a php script, which results a .png image so the image essentially runs the script in the background.
Now you have all the resources to do this, do not complain about this being too much of a security risk, after all this is the hacking section >_>.
image.png?tracker=Message
use the tracker= to add a Message to the SQL row, for example
?tracker=Testing
then who ever views that image using [img]url/image.png?tracker=Testing[/img]
it will be easy to find in the database amongst the other rows.
You must login or register to view this content.
---------- Post added at 05:16 PM ---------- Previous post was at 05:15 PM ----------
Note: You have to modify the PHP server variables at the top.
I have no idea what most of this is, but I'm sure others will appreciate for posting it here on NGU. Thanks.
06-22-2011, 03:44 AM
#3
Luulz
Bounty hunter
Originally posted by Relevant
This simple PHP script that I've put together allows you to capture the viewers information and insert it into your SQL database:
upload this to your website with SQL support (make the SQL table first)
Your SQL table should look like this:
You must login or register to view this content.
Once your php script is uploaded as a .png extension you need to add a file called ".htaccess"
within this file you need to add
This will made it render as a php script, which results a .png image so the image essentially runs the script in the background.
Now you have all the resources to do this, do not complain about this being too much of a security risk, after all this is the hacking section >_>.
image.png?tracker=Message
use the tracker= to add a Message to the SQL row, for example
?tracker=Testing
then who ever views that image using [img]url/image.png?tracker=Testing[/img]
it will be easy to find in the database amongst the other rows.
You must login or register to view this content.
Note: You have to modify the PHP server variables at the top.
Viewing your results via PHP page
Save as track.php
<?php
$sql_server = "Your.Sql.Server";
$sql_username = "YourSqlUserName";
$sql_password = "YourSqlUserPassword";
$sql_database = "YourSqlDatabase";
$sql_table = "YourSqlTable";
$ip=$_SERVER['REMOTE_ADDR'];
$url=file_get_contents("https://whatismyipaddress.com/ip/$ip");
preg_match_all('/<th>(.*?)<\/th><td>(.*?)<\/td>/s',$url,$output,PREG_SET_ORDER);
$isp=$output[1][2];
function geoCheckIP($ip)
{
//check, if the provided ip is valid
if(!filter_var($ip, FILTER_VALIDATE_IP))
{
throw new InvalidArgumentException("IP is not valid");
}
//contact ip-server
$response=@file_get_contents('https://www.netip.de/search?query='.$ip);
if (empty($response))
{
throw new InvalidArgumentException("Error contacting Geo-IP-Server");
}
//Array containing all regex-patterns necessary to extract ip-geoinfo from page
$patterns=array();
$patterns["domain"] = '#Domain: (.*?) #i';
$patterns["country"] = '#Country: (.*?) #i';
$patterns["state"] = '#State/Region: (.*?)<br#i';
$patterns["town"] = '#City: (.*?)<br#i';
//Array where results will be stored
$ipInfo=array();
//check response from ipserver for above patterns
foreach ($patterns as $key => $pattern)
{
//store the result in array
$ipInfo[$key] = preg_match($pattern,$response,$value) && !empty($value[1]) ? $value[1] : 'not found';
}
return $ipInfo;
}
function getBrowser()
{
$u_agent = $_SERVER['HTTP_USER_AGENT'];
$bname = 'Unknown';
$platform = 'Unknown';
$version= "";
//First get the platform?
if (preg_match('/linux/i', $u_agent)) {
$platform = 'Linux';
}
elseif (preg_match('/macintosh|mac os x/i', $u_agent)) {
$platform = 'Mac';
}
elseif (preg_match('/windows|win32/i', $u_agent)) {
$platform = 'Windows';
}
// Next get the name of the useragent yes seperately and for good reason
if(preg_match('/MSIE/i',$u_agent) && !preg_match('/Opera/i',$u_agent))
{
$bname = 'Internet Explorer';
$ub = "MSIE";
}
elseif(preg_match('/Firefox/i',$u_agent))
{
$bname = 'Mozilla Firefox';
$ub = "Firefox";
}
elseif(preg_match('/Chrome/i',$u_agent))
{
$bname = 'Google Chrome';
$ub = "Chrome";
}
elseif(preg_match('/Safari/i',$u_agent))
{
$bname = 'Apple Safari';
$ub = "Safari";
}
elseif(preg_match('/Opera/i',$u_agent))
{
$bname = 'Opera';
$ub = "Opera";
}
elseif(preg_match('/Netscape/i',$u_agent))
{
$bname = 'Netscape';
$ub = "Netscape";
}
// finally get the correct version number
$known = array('Version', $ub, 'other';
$pattern = '#(?<browser>' . join('|', $known) .
'[/ ]+(?<version>[0-9.|a-zA-Z.]*)#';
// see how many we have
$i = count($matches['browser']);
if ($i != 1) {
//we will have two since we are not using 'other' argument yet
//see if version is before or after the name
if (strripos($u_agent,"Version") < strripos($u_agent,$ub)){
$version= $matches['version'][0];
}
else {
$version= $matches['version'][1];
}
}
else {
$version= $matches['version'][0];
}
// check if we have a number
if ($version==null || $version=="") {$version="?";}
return array(
'userAgent' => $u_agent,
'name' => $bname,
'version' => $version,
'platform' => $platform,
'pattern' => $pattern
);
}
$SYSTEM=getBrowser();
$GEO =geoCheckIP($ip);
$INFO = array("ip" => $ip, "os" => $SYSTEM['platform'],"browser" => $SYSTEM['name'], "time" => strftime('%c', "country" => $GEO['country'], "state" => $GEO['state'], "town" => $GEO['town'], "isp" => $isp);
$TRACKER = $_REQUEST['tracker'];
mysql_connect($sql_server,$sql_username,$sql_password);
mysql_select_db($sql_database);
mysql_query("INSERT INTO `" . $sql_database . "` .`" . $sql_table . "` (`ip`,`os`,`browser`,`time`,`country`,`state`,`town`,`isp`,`tracker`)
VALUES ('" . $INFO['ip'] . "','" . $INFO['os'] . "','" . $INFO['browser'] . "','" . $INFO['time'] . "','" . $INFO['country'] . "','" . $INFO['state'] . "','" . $INFO['town'] . "','" . $INFO['isp'] . "','" . $TRACKER . "';");
header("Content-Type: image/png");
$im = @imagecreate(1, 1)
or die("");
$background_color = imagecolorallocate($im, 255, 255, 255);
$text_color = imagecolorallocate($im, 204, 0, 255);
imagepng($im);
imagedestroy($im);
?>
upload this to your website with SQL support (make the SQL table first)
Your SQL table should look like this:
You must login or register to view this content.
Once your php script is uploaded as a .png extension you need to add a file called ".htaccess"
within this file you need to add
RewriteBase /
AddType application/x-httpd-php .png
This will made it render as a php script, which results a .png image so the image essentially runs the script in the background.
Now you have all the resources to do this, do not complain about this being too much of a security risk, after all this is the hacking section >_>.
image.png?tracker=Message
use the tracker= to add a Message to the SQL row, for example
?tracker=Testing
then who ever views that image using [img]url/image.png?tracker=Testing[/img]
it will be easy to find in the database amongst the other rows.
You must login or register to view this content.
Note: You have to modify the PHP server variables at the top.
Viewing your results via PHP page
Save as track.php
<html>
<head>
<title>Tracking: <?php echo $_REQUEST['tracker']; ?></title>
</head>
<body>
<?php
$sql_server = "Your.Sql.Server";
$sql_username = "YourSqlUserName";
$sql_password = "YourSqlUserPassword";
$sql_database = "YourSqlDatabase";
$sql_table = "YourSqlTable";
$page_password = "password";
if($_REQUEST['tracker'])
{
if($_REQUEST['password']!=$page_password){die("<center><h1>Password Wrong <a href='track.php'>Click Here To Refresh</a></h1></center>");}
mysql_connect($sql_server,$sql_username,$sql_password);
mysql_select_db($sql_database);
echo "<h2>Information tracking: " . $_REQUEST['tracker'] . "</h2>";
echo "<hr />";
if($query_rows = mysql_query("select * from " . $sql_table . " where `tracker` = '" . $_REQUEST['tracker'] . "';"))
{
while($INFO = mysql_fetch_row($query_rows))
{
echo "[" . $_REQUEST['tracker'] . "] IP Address: " . $INFO[1] . " - Operating System: " . $INFO[2] . " - Browser: " . $INFO[3] . " - Location: " . $INFO[5] . ", " . $INFO[6] . ", " . $INFO[7] . " - ISP: " . $INFO[8] . " - Time Logged: " . $INFO[4];
echo "<hr style='width:80%' />";
}
}
else
{
echo "No information yet!";
}
}
else
{
echo '<form action="#" method="post">';
echo '<table>';
echo '<tr><td>Tracker</td><td><input type="text" name="tracker" /></td></tr>';
echo '<tr><td>Password</td><td><input type="password" name="password" /></td></tr>';
echo '</table>;';
echo '<input type="submit" value="Track" />';
echo '</form>';
}
?>
</body>
</html>
this might get useful for ppl that want to see their viewer static
I Got an error and the message kind of got duplicated.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
