|
-
May 8th, 2008, 03:28 PM
#1
Thread Starter
Lively Member
Security for PHP (variables and such)
Okay i've been working on my new site:
http://lockpick.lukeidiot.com/?go=apply
And I have the Job Application pretty much done, except I want it to be a little more secure. Is it possible to limit the number of 'Submits' a user from a certain IP is capible of submitting a Job Application? (example: user1 from ip: 127.0.0.1 sends in a Job Application Form, and is only allowed one submit per day/week/year) Is this possible?
AKA One submit per IP, per time limit?
Thanks,
Lukeidiot.
-
May 8th, 2008, 04:39 PM
#2
Thread Starter
Lively Member
Re: Security for PHP (variables and such)
Lukeidiots: when one goes to http://lockpick.lukeidiot.com/resume.php I only want them able to submit once, then the submit button will be disabled for a set amount of time aka day/week/year
friendl: log their IP
friendl: to a list
friendl: and on the process page, compare their ip
friendl: to the list
friendl: and if they're on it, don't let them go on
Is also an idea.
Logging the IP to a MySQL or Writable Text file.
Maybe have 3 Submits, then they cant submit anymore.
Last edited by Lukeidiot; May 8th, 2008 at 04:47 PM.
-
May 8th, 2008, 05:41 PM
#3
Re: Security for PHP (variables and such)
well you cant use $_SERVER['REMOTE_ADDR'] to get the user's IP address and use date('r') as a time stamp, then store in a DB.
then when they come back, check the DB for the IP and if the user is within time limit, deny them
My usual boring signature: Something
-
May 8th, 2008, 05:52 PM
#4
Thread Starter
Lively Member
Re: Security for PHP (variables and such)
 Originally Posted by dclamp
well you cant use $_SERVER['REMOTE_ADDR'] to get the user's IP address and use date('r') as a time stamp, then store in a DB.
then when they come back, check the DB for the IP and if the user is within time limit, deny them
How should I go about getting the IP into the DB?
I'm not too familar with MySQL inserting and fetching commands and such.
-
May 8th, 2008, 06:00 PM
#5
Re: Security for PHP (variables and such)
check the link in my signature for more information of MySQL with PHP.
something like this:
PHP Code:
$sql = "SELECT ip, timestamp FROM ip_addresses WHERE ip = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1";
$query = mysql_query($sql);
$num_rows = mysql_num_rows($query);
// $num_rows is how many rows that the ip appears in. if it is more than 0 then the user visited.
if ($num_rows>0) {
//check date
}
My usual boring signature: Something
-
May 8th, 2008, 06:06 PM
#6
Thread Starter
Lively Member
Re: Security for PHP (variables and such)
Originally Posted by dclamp
check the link in my signature for more information of MySQL with PHP.
something like this:
PHP Code:
$sql = "SELECT ip, timestamp FROM ip_addresses WHERE ip = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1";
$query = mysql_query($sql);
$num_rows = mysql_num_rows($query);
// $num_rows is how many rows that the ip appears in. if it is more than 0 then the user visited.
if ($num_rows>0) {
//check date
}
Thanks. Would I need to create a table before this would work?
Heres the code I'm using
PHP Code:
<?php
if(isset($_POST['submit'])) {
$to = "[email protected]";
$subject = "Job Application - Resume IP Log";
$iplog = $_SERVER['REMOTE_ADDR'];
$iplogfilelocation = $_FILES['imgfile']['name'];
mysql_connect ("localhost", "******", "*******") or die ('Error: ' . mysql_error());
mysql_select_db ("luke_iplog");
$sql = "SELECT ip, timestamp FROM ip_addresses WHERE ip = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1";
$query = mysql_query($sql);
$num_rows = mysql_num_rows($query);
// $num_rows is how many rows that the ip appears in. if it is more than 0 then the user visited.
if ($num_rows>0) {
//check date
}
$body = "IP Logged: $iplog\r\nResume Submitter: http://lockpick.lukeidiot.com/upload/$iplogfilelocation";
mail($to, $subject, $body);
$uploadpath = "upload/";
$uploadpath = $uploadpath . basename( $_FILES['imgfile']['name']);
if(move_uploaded_file($_FILES['imgfile']['tmp_name'], $uploadpath)) {
echo "Datebase Updated With: ".$
echo "<b>Your Resume:</b> ". basename( $_FILES['imgfile']['name']). " has been uploaded.<br>";
echo "<b>Type:</b> ". $_FILES['imgfile']['type'] ."<br>";
echo "<b>Size (Bytes):</b> ". $_FILES['imgfile']['size'] ."<br>";
echo "<b>File Name:</b> ". $_FILES['imgfile']['name'] ."<br>";
echo "<b>IP Logged:</b> ". $_SERVER['REMOTE_ADDR']."<br>";
echo "<b>Link to Resume: </b><a href='http://lockpick.lukeidiot.com/upload/$iplogfilelocation'>http://lockpick.lukeidiot.com/upload/$iplogfilelocation</a><br>";
}
else {
echo "There was an error uploading the file, please try again!";
}
}
?>
It's unfinished, have to eat brb.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote