469,613 Members | 1,365 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,613 developers. It's quick & easy.

Limiting access by reading server logs and matching against client IP address.

Basically,

I have a email script which (on the sending of the email) writes into a file handle called $fcf (on a new line) with the senders ip address ($ipaddress) and the time on which they sent their email ($time) in this format: $ipaddress--$time on a new line in $fcf.

I am new to php and if someone could convert my normal language into PHP scripting I would be very grateful.
Expand|Select|Wrap|Line Numbers
  1. if ($fcf contains $_SERVER['REMOTE_ADDR'] with time() [giving a time offset anywhere between 0 and 500 seconds ago]) {
  2. [continue the script]
Thanks

(This is the full code:
[PHP]<?php

$subject = $_POST['subject'];
$message = $_POST['message'];
$time = $_SERVER['REQUEST_TIME'];
$ipaddress = $_SERVER['REMOTE_ADDR'];
$fcfdata = "$ipaddress--$time\n";
include 'config.inc.php';
$fcf = fopen($floodcontrolfile, 'a+');
$fcfread = fread($fcf);

//if ($fcf contains $_SERVER['REMOTE_ADDR'] with time() [giving a time offset anywhere between 0 and 500 seconds ago]) {

if ($subject == "") {

echo '
<script language="Javascript">
<!--
alert ("The message contained no subject. Redirecting you to the homepage.")
//-->
</script>
';
echo ' <META HTTP-EQUIV="refresh" CONTENT="2;URL=';
echo $homepage;
echo ' ">';
echo ' <h1> Redirecting... ( Error! No Subject! ) </h1>';
exit();

}

elseif (mail($to, $subject, $message, $headers)) {
fwrite($fcf, $fcfdata);
echo '
<script language="Javascript">
<!--
alert ("Message sent. Redirecting you to the homepage.")
//-->
</script>
';
echo ' <META HTTP-EQUIV="refresh" CONTENT="2;URL=';
echo $homepage;
echo ' ">';
echo ' <h1> Redirecting... ( Sent! ) </h1>';
exit();

} else {

echo '
<script language="Javascript">
<!--
alert ("Error sending message. Redirecting you to the homepage.")
//-->
</script>
';
echo ' <META HTTP-EQUIV="refresh" CONTENT="3;URL=';
echo $homepage;
echo ' ">';
echo ' <h1> Redirecting ( Error Sending Message! Try Again! ) </h1>';
exit();

}[/PHP]
Sep 1 '07 #1
7 1580
Atli
5,058 Expert 4TB
Hi.

Are you only trying to check whether the user with a given IP address has sent anything recently?

If so you should consider some alternate methods. Your method would require you to read through the entire file every time, which will take up more and more resources as the file gets longer.

If you were to use Sessions, you could simply write the current time to the session and then check that field each time before you send an email. You wouldn't even have to save the IP address.
Sep 1 '07 #2
Are you only trying to check whether the user with a given IP address has sent anything recently?
Yep

If so you should consider some alternate methods. Your method would require you to read through the entire file every time, which will take up more and more resources as the file gets longer.
I was going to add a part that deletes the IP Address/Time once it expires

If you were to use Sessions, you could simply write the current time to the session and then check that field each time before you send an email. You wouldn't even have to save the IP address.
How would I do that?
Sep 2 '07 #3
Atli
5,058 Expert 4TB
Sessions are very easy to use. I wrote an article on them, if you want to know the basics.

In your case, you would simply have to check if a session variable exists before you send your email. If it does not, then create it and set it's value to the current time. If it does, make sure that that the time value it contains is older than the time you want to elapse.

That could be accomplished somewhat like this:
Expand|Select|Wrap|Line Numbers
  1. // Start session
  2. session_start();
  3.  
  4. // Check the session variable exists
  5. if(isset($_SESSION['LastSent'])) {
  6.   // Check if a post was made in the last 5 seconds
  7.   if($_SESSION['LastSent'] > time() + 5) {
  8.     die("You have already sent a message in the last 5 seconds!");
  9.   }
  10. }
  11. // Set the session variable to the current time
  12. $_SESSION['LastSent'] = time();
  13.  
  14. // Send your mail
  15. // <your code here>
  16.  
  17.  
Sep 2 '07 #4
pbmods
5,821 Expert 4TB
Changed thread title to better describe the problem (did you know that threads whose titles do not follow the Posting Guidelines actually get FEWER responses?).
Sep 2 '07 #5
I would recommend using a database to store IP addresses, sessions can easily be lost,destroyed, or changed.
When someone is attempting to send use this.
[PHP]
<?php
$sql = 'SELECT id FROM ips WHERE ip="'.$_SERVER['REMOTE_ADDR'].'" AND lastsent <= UNIX_TIMESTAMP()-500 LIMIT 1';
$res = mysql_query($sql);
if(mysql_num_rows($res) > 0){
//Deny
}else{
//allow
}
?>
[/php]
When its sent use this.
[php]
<?php
//Clean out any old sends. you could do this with select if found update else insert if you want
$sql = 'DELETE FROM ips WHERE ip="'.$_SERVER['REMOTE_ADDR'].'" LIMIT 1';
mysql_query($sql);
$sql = 'INSERT INTO ips VALUES(``,"'.$_SERVER['REMOTE_ADDR'].'",UNIX_TIMESTAMP())';
mysql_query($sql);
?>
[/php]

I recomend a structure of
Expand|Select|Wrap|Line Numbers
  1. int id `20` PRIMARY AUTO_INC
  2. varchar ip `15`  PRIMARY
  3. int lastsent `10` PRIMARY
Sep 2 '07 #6
thanks, ill try and implement that.
Sep 2 '07 #7
Atli
5,058 Expert 4TB
I would recommend using a database to store IP addresses, sessions can easily be lost,destroyed, or changed.
Sessions can only be used by the server. So unless you plan on throwing in random session_destroy() calls, your sessions are pretty safe.

Databases are also a pretty good way of doing this, but they do tend to use more resources and they are, in my opinion, not to be used for data that you do not want to keep. That is to say; you should avoid using your databases as a temporary storage, they should used for long-term storage. Especially if there are other, easier, ways to accomplish the same functionality.
Sep 2 '07 #8

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

3 posts views Thread by dstewart | last post: by
4 posts views Thread by BerkshireGuy | last post: by
10 posts views Thread by Robert | last post: by
12 posts views Thread by Hugh Welford | last post: by
2 posts views Thread by RSH | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.