OK! I'm really new to php (1 week) so making this script was very very time consuming. I figured out how to strip html from the page when it's displayed on my mysql table page, so that problem is solved, but now I need to know how to keep a user limited to posting once every 30 seconds.

Here is my script:

<?php
$db = mysql_connect("server", "user", "password");

mysql_select_db("db120468699",$db);
$sql = "INSERT INTO shitlist (firstname, lastname, city, state, reason) VALUES ('$first', '$last', '$city','$state','$reason')";
$result = mysql_query($sql);
echo "Submitted. Click <a href=index.php>here</a> to return to main page";
?>

Here is another guys script that I saw, but had no idea how to implement into my script.


$ip = $_SERVER['REMOTE_ADDR'];
$ctime = time();
$db = 'db.txt';

/*This function will return true if ip was posted here in the past 60 seconds */
function checkIP()
{
   global $ip, $ctime, $db;
   $match = false;

   $lines = file($db);
   $handle = fopen($db,"w") ;

   foreach($lines as $line)
   {
      list($thisip, $thistime ) = explode( "|" , $line );

  if ( $thistime > $ctime-60 ) {
     if ( $thisip == $ip ) $match = true;
     fwrite($handle, "{$thisip}|{$thistime}\n");
  }
   }
   fclose($handle);

   return $match;
}

I'd appreciate your help! I'm sure it wont take long to explain or to show me how it's done.

    A simple and partially effective solution is to restrict posting from a person based on IP. It would be better to restrict based on username or userid if you have created an authentication page, but otherwise you can insert this in your page.

    
<?PHP

$RemoteIP = $REMOTE_ADDR;

$Current_time = time(); // Current Time
$Lockout_Expire = ($Current_time + 30);

$query = "SELECT TIME_COL FROM IP_TBL WHERE IP_COL ='{$RemoteIP}'";
$result = mysql_query($query);
$moresql = mysql_fetch_array($result);

if (mysql_num_rows($result) > 0)
{
$LockedOutTimeEnds = $moresql["TIME_COL"];

 IF ($Current_time  > $LockedOutTimeEnds)
 {
  // They Can Post because 30seconds is up



// When All is said and done update the lock out time for another 30seconds
$query = "UPDATE `IP_TBL` SET `Lockout_COL` = '{$Lockout_Expire}'  WHERE `IP_COL` = '{$RemoteIP}' LIMIT 1 ";
mysql_query($query) or die(GENERAL_ERROR_Unable_to_Submit_Results_Please_Refresh_Browser);
 } Else {
  // No Post for you, you should wait a while.
 }

} ELSE {

// They Can Post Because There Ip Has Never Posted Before

// When All is said and done Insert there IP to Lock them Out for 30 seconds
				$query = "INSERT INTO `IP_TBL` ( `IP_COL` , `Lockout_COL`)"; 
				$query.= "VALUES ('{$RemoteIP}', '{$Lockout_Expire}')";
				mysql_query($query) or die(GENERAL_ERROR_Unable_to_Submit_Results_Please_Refresh_Browser);
}

    Hope this helps

      It'll probably take me 3 hours to figure out, but HOPEFULLY I'll get it finished. What type of input areas will I make in the tables? VarChar? Also, how will this script log into the sql database? I don't see any areas to put server, user, pass, and table. Should I just put them in there like I did in my script? ( remember i'm new to this )

      I kinda like the idea of that txt file one and it seems to be much easier. Could you possibly copy paste the 2 together to help me figure this out? I suppose on my script
      It'd work something like "if $match = true then run the table input script I posted, else You can only post once per 30 seconds" I just can't figure out how to work it yet since my php knowledge is 1 week deep.

        This is just a stab at it. I know the syntax may not be correct, but let me know if I'm going in the right path.

        $ip = $_SERVER['REMOTE_ADDR'];
$ctime = time();
$db = 'db.txt';

/*This function will return true if ip was posted here in the past 60 seconds */
function checkIP()
{
   global $ip, $ctime, $db;
   $match = false;

   $lines = file($db);
   $handle = fopen($db,"w") ;

   foreach($lines as $line)
   {
      list($thisip, $thistime ) = explode( "|" , $line );

  if ( $thistime > $ctime-60 ) {
     if ( $thisip == $ip ) $match = true;
     fwrite($handle, "{$thisip}|{$thistime}\n");
  }
   }
   fclose($handle);

   return $match;
}


/*If math is true run data input into mysql database */

If $match = true



$db = mysql_connect("server", "user", "password");

mysql_select_db("db120468699",$db);
$sql = "INSERT INTO shitlist (firstname, lastname, city, state, reason) VALUES ('$first', '$last', '$city','$state','$reason')";
$result = mysql_query($sql);
echo "Submitted. Click <a href=index.php>here</a> to return to main page";




/*And if it isn't true it ouputs this to the user */
Else
echo "You must wait 30 seconds before posting again!";

          I recomend against useing text files.

          HERE is the command to create a compatable SQL database. A slight update to the origional code will be posted soon.

          
CREATE TABLE `IP_TBL` (
`Index` INT( 6 ) NOT NULL AUTO_INCREMENT ,
`IP_COL` DOUBLE,
`Lockout_COL` DOUBLE,
INDEX ( `Index` )
);

            Ok I actually tested this and fixed a few type O's in previous code. It has your php insert stuff in the appropriate.

            It seems you do not understand SQL queries from your previous question so before I give you the answer let me tell you a few things. You only need to connect to a database once per script.

            The connection to a database is usually the longest part or any sql--> php interaction.

            When you say

            Select * From TBL

            It means that you want all colums from table TBL in the database you should have connected to earlier.

            So everything in this code works properly on my test machine except for possibly your command as I didt bother to send pretend post data to it.

            
<?PHP

$db = mysql_connect("server", "user", "password");
$db_selected =mysql_select_db("db120468699", $db);
if (!$db_selected) {
   die ('Cant use foo : ' . mysql_error());
}

// Updated Remote IP to be more fault tollerant for Getting Address.
$RemoteIP = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );

// Convert IP to long Address to make it store as a # in mysql
$RemoteIP = ip2long($RemoteIP);

$Current_time = time(); // Current Time
$Lockout_Expire = ($Current_time + 30); // Current Time + 30 Seconds
$query = "SELECT * FROM `IP_TBL` WHERE `IP_COL` ='{$RemoteIP}'"; // Set Up the Sql Query
$result = mysql_query($query);	// Performs the Query
$moresql = mysql_fetch_array($result); // Creates an Array with your results in it called moresql
$numrows = mysql_num_rows($result); // The Number of Rows that match users IP Address

if ($numrows > 0) // If there is more then 0 rows found ie if the IP had a match in the table
{
$LockedOutTimeEnds = $moresql["Lockout_COL"]; // Gets the time listed in the table which is the time that the lockout will be over.

 IF ($Current_time  > $LockedOutTimeEnds)
 {
  // They Can Post because 30seconds is up

	// In This Area they Have been given permission to post so you can put your origional Post function here.
	// If they got here they have posted before, but it was longer then 30 seconds before now.

	$sql = "INSERT INTO shitlist (firstname, lastname, city, state, reason) VALUES ('$first', '$last', '$city','$state','$reason')";
	$result = mysql_query($sql);
	echo "Submitted. Click <a href=index.php>here</a> to return to main page";

// When All is said and done update the lock out time for another 30seconds
$query = "UPDATE `IP_TBL` SET `Lockout_COL` = '{$Lockout_Expire}'  WHERE `IP_COL` = '{$RemoteIP}' LIMIT 1 ";
mysql_query($query) or die(GENERAL_ERROR_Unable_to_Submit_Results_Please_Refresh_Browser);
 } Else {
  // No Post for you, you should wait a while.
	Echo "You Fool, Why should I let you post 2x in 30 seconds. Go Away or I shall have to mock you some more<BR>";
 }

} ELSE { // There was no match for the IP address.

// They Can Post Because There Ip Has Never Posted Before

	// In This Area they Have been given permission to post so you can put your origional Post function here.
	// If they got here they have never posted.

// When All is said and done Insert there IP to Lock them Out for 30 seconds
				$query = "INSERT INTO `IP_TBL` ( `IP_COL` , `Lockout_COL`)"; 
				$query.= "VALUES ('{$RemoteIP}', '{$Lockout_Expire}')";
				mysql_query($query) or die(GENERAL_ERROR_Unable_to_Submit_Results_Please_Refresh_Browser);

	$sql = "INSERT INTO shitlist (firstname, lastname, city, state, reason) VALUES ('$first', '$last', '$city','$state','$reason')";
	$result = mysql_query($sql);
	echo "Submitted. Click <a href=index.php>here</a> to return to main page";
}

?>

              Again I dont recomend that you use a file for writing all this data because if it gets long which it will if you have quite a few visits since there is no trimming of the file the checking process will take a lot of processing power.

              As far as your code, with out looking really closely at it I found 3 major errors.

              1. You never call your function to do so you would have to do somthing like
              $match = checkIP();

              1. If $match = true
                Should Be more along the Lines 
                IF ($match) {

/* Found a Match */


} ELSE {

/* Didnt find a match He can Post */

}
                Please not I did not Check the Function for Functionality as I have already written a working program for you.


                Please note you Can Turn the Program I gave you into A function by 
                function CheckTime()
{
/* Other Code Goes Here 
    Replace the 2 spots where I put your sql query with  */

RETURN 1;

/* and replace 
Echo "You Fool, Why should I let you post 2x in 30 seconds. Go Away or I shall have to mock you some more<BR>"; 

WITH */
RETURN 0;

/* If the Function Reutrns 1, then the user can post, but If the function returns 0 the user posted already within 30 seconds */
}

                I actually knew how MySQL queries work, as I had to look up on php.net how to return a random row from a table and search a table.

                Much different than visual basic 🙂

                Thank you so much. You're the best. I'm going to try it out when I get home. I'll let you know how it turns out, and link you to it if you're interested.

                My next task will be creating or finding a script that pages search results, so I'll be returning shortly if I have any problems.

                I'm working on a fun site; a database of assholes where people can submit and search for assholeseither by state or last name. The main idea of creating the site is to learn some php and MySQL, although it seemed like a uniqe idea. Here it is if you're interested. http://shit-list.org Domain and space is free for 6 months thanks to 1and1.com. Check it out and give me any suggestions or thoughts on it.

                Thanks for being such a nice guy.

                Brian

                  Created the table using the query you gave me by using phpmyadmin.
                  Filled in mysql server, user name, and password. Tested script using this page
                  http://shit-list.org/submit.php
                  Got this error :

                  Parse error: parse error, unexpected T_STRING in /homepages/32/d120334555/htdocs/datain.php on line 40

                  Line 40 is the Refresh_Browser); Line

                   
    $query = "UPDATE `IP_TBL` SET `Lockout_COL` = '{$Lockout_Expire}'  WHERE `IP_COL` = '{$RemoteIP}' LIMIT 1 ";
    mysql_query($query) or  die(GENERAL_ERROR_Unable_to_Submit_Results_Please_
Refresh_Browser);
     } Else {
      // No Post for you, you should wait a while.
        Echo "You Fool, Why should I let you post 2x in 30 seconds. Go Away or I shall have to mock you some more<BR>";

                  it's still like this in the script, forum wont let me post that much without spaces:

                  (GENERAL_ERROR_Unable_to_Submit_Results_Please_
                  Refresh_Browser)

                    The error is because the Refresh Browser String Is susposed to be one line without any white space. I am un sure as to why it shows up with a space on this page.

                    It is just an error message saying that the sql query was unable to complete.
                    (GENERAL_ERROR_Unable_to_Submit_Results_Please_Refresh_Browser)

                      did you define() that GENERAL_ERROR_..... anywhere... otherwise it needs to be a STRING using 'quotes' of some "sort"

                        I figured it was a php error sort of template like visual basic has messagebox template sort of things. I'll fix it and see what happens.

                          It works now. If you want to check it out go here.
                          www.shit-list.org/submit.php

                            Write a Reply...