ok block by ip address

scrypte

ok i have a submission script that i use for my radio station and i want to be able to limit submissions by ip address or name so that people can only submit a request every so often, is there any easy way to do this

discostudio

A client's IP address is held in the php predefined variable:

$_SERVER['REMOTE_ADDR']

scrypte

ok i figured that out. here is what I have so far

<?php session_start(); ?>

<?php
$ewCurSec = 0; // Initialise

// User levels
define("ewAllowadd", 1, true);
define("ewAllowdelete", 2, true);
define("ewAllowedit", 4, true);
define("ewAllowview", 8, true);
define("ewAllowlist", 8, true);
define("ewAllowreport", 8, true);
define("ewAllowsearch", 8, true);																														
define("ewAllowadmin", 16, true);						
?>
<?php

// Initialize common variables
$x_id = Null; 
$ox_id = Null;
$x_artist = Null; 
$ox_artist = Null;
$x_song = Null; 
$ox_song = Null;
$x_username = Null; 
$ox_username = Null;
$x_info = Null; 
$ox_info = Null;
$x_ip_address = Null; 
$ox_ip_address = Null;
$x_time = Null; 
$ox_time = Null;
?>
<?php include ("db.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php

// v3.1 Multiple Primary Keys
// Load key from QueryString

$bCopy = true;
$x_id = @$HTTP_GET_VARS["id"];
if (empty($x_id)) {
	$bCopy = false;
}

// Get action
$sAction = @$HTTP_POST_VARS["a_add"];
if (($sAction == "") || (($sAction == NULL))) {
	if ($bCopy) {
		$sAction = "C"; // Copy record
	}else{
		$sAction = "I"; // Display blank record
	}
}else{

// Get fields from form
$x_id = @$HTTP_POST_VARS["x_id"];
$x_artist = @$HTTP_POST_VARS["x_artist"];
$x_song = @$HTTP_POST_VARS["x_song"];
$x_username = @$HTTP_POST_VARS["x_username"];
$x_info = @$HTTP_POST_VARS["x_info"];
$x_ip_address = @$HTTP_POST_VARS["x_ip_address"];
$x_time = @$HTTP_POST_VARS["x_time"];
}
$conn = phpmkr_db_connect(HOST, USER, PASS, DB, PORT);
switch ($sAction)
{
	case "C": // Get a record to display
		if (!LoadData($conn)) { // Load Record based on key
			$HTTP_SESSION_VARS["ewmsg"] = "No requests found";
			phpmkr_db_close($conn);
			ob_end_clean();
			header("Location: requestlist.php");
			exit();
		}
		break;
	case "A": // Add
		if (AddData($conn)) { // Add New Record
			$HTTP_SESSION_VARS["ewmsg"] = "Thank you, your request has been recieved.";
			phpmkr_db_close($conn);
			ob_end_clean();
			header("Location: requestlist.php");
			exit();
		}
		break;
}
?>
<?php include ("header.php") ?>
<script type="text/javascript" src="ew.js"></script>
<script type="text/javascript">
<!--
EW_dateSep = "/"; // set date separator	

//-->
</script>
<script type="text/javascript">
<!--
function EW_checkMyForm(EW_this) {
if (EW_this.x_artist && !EW_hasValue(EW_this.x_artist, "TEXT" )) {
	if (!EW_onError(EW_this, EW_this.x_artist, "TEXT", "Please enter required field - artist"))
		return false;
}
if (EW_this.x_song && !EW_hasValue(EW_this.x_song, "TEXT" )) {
	if (!EW_onError(EW_this, EW_this.x_song, "TEXT", "Please enter required field - song"))
		return false;
}
if (EW_this.x_username && !EW_hasValue(EW_this.x_username, "TEXT" )) {
	if (!EW_onError(EW_this, EW_this.x_username, "TEXT", "Please enter required field - username"))
		return false;
}
if (EW_this.x_info && !EW_hasValue(EW_this.x_info, "TEXTAREA" )) {
	if (!EW_onError(EW_this, EW_this.x_info, "TEXTAREA", "Please enter required field - info"))
		return false;
}
if (EW_this.x_ip_address && !EW_hasValue(EW_this.ip_address, "TEXTAREA" )) {
	if (!EW_onError(EW_this, EW_this.ip_address, "TEXTAREA", "Sorry you can only submit one song per 30 minutes"))
		return false;
}
if (EW_this.x_time && !EW_hasValue(EW_this.time, "TEXTAREA" )) {
	if (!EW_onError(EW_this, EW_this.time, "TEXTAREA", ""))
		return false;
}
return true;
}

//-->
</script>
<p><span class="phpmaker">Add to TABLE: request<br><br><a href="requestlist.php">Back to List</a></span></p>
<form name="requestadd" id="requestadd" action="requestadd.php" method="post" onSubmit="return EW_checkMyForm(this);">
<p>
<input type="hidden" name="a_add" value="A">
<?php
if (@$HTTP_SESSION_VARS["ewmsg"] <> "") {
?>
<p><span class="phpmaker" style="color: red;"><?php echo $HTTP_SESSION_VARS["ewmsg"] ?></span></p>
<?php
	$HTTP_SESSION_VARS["ewmsg"] = ""; // Clear message
}
?>
<table border="0" cellspacing="1" cellpadding="3">
	<tr>
		<td bgcolor="575a57"><span class="phpmaker" style="color: ;">artist</span></td>
		<td bgcolor=""><span class="phpmaker">
<input type="text" name="x_artist" id="x_artist" size="30" maxlength="100" value="<?php echo htmlspecialchars(@$x_artist) ?>">
</span></td>
	</tr>
	<tr>
		<td bgcolor="575a57"><span class="phpmaker" style="color: ;">song</span></td>
		<td bgcolor=""><span class="phpmaker">
<input type="text" name="x_song" id="x_song" size="30" maxlength="100" value="<?php echo htmlspecialchars(@$x_song) ?>">
</span></td>
	</tr>
	<tr>
		<td bgcolor="575a57"><span class="phpmaker" style="color: ;">username</span></td>
		<td bgcolor=""><span class="phpmaker">
<input type="text" name="x_username" id="x_username" size="30" maxlength="100" value="<?php echo htmlspecialchars(@$x_username) ?>">
</span></td>
	</tr>
	<tr>
		<td bgcolor="575a57"><span class="phpmaker" style="color: ;">info</span></td>
		<td bgcolor=""><span class="phpmaker">
<textarea cols="35" rows="4" id="x_info" name="x_info"><?php echo @$x_info; ?></textarea>
</span></td>
	</tr>
</table>
<p>
<input type="hidden" name="x_ip_address" id="x_ip_address" size="30" maxlength="100" value="<?php echo $REMOTE_ADDR ?>" >
<input type="hidden" name="x_time" id="x_time" size="30" maxlength="100" value="<?php now(); ?>">
<input type="submit" name="Action" value="ADD">
</form>
<?php include ("footer.php") ?>
<?php
phpmkr_db_close($conn);
?>
<?php

//-------------------------------------------------------------------------------
// Function LoadData
// - Load Data based on Key Value sKey
// - Variables setup: field variables

function LoadData($conn)
{
	global $HTTP_SESSION_VARS;
	global $x_id;
	$sSql = "SELECT * FROM `request`";
	$sWhere = "";
	$sGroupBy = "";
	$sHaving = "";
	$sOrderBy = "";
	if ($sWhere <> "") { $sWhere .= " AND "; }
	$sTmp =  (get_magic_quotes_gpc()) ? stripslashes($x_id) : $x_id;
	$sWhere .= "(`id` = " . addslashes($sTmp) . ")";
	$sSql .= " WHERE " . $sWhere;
	if ($sGroupBy <> "") {
		$sSql .= " GROUP BY " . $sGroupBy;
	}
	if ($sHaving <> "") {
		$sSql .= " HAVING " . $sHaving;
	}
	if ($sOrderBy <> "") {
		$sSql .= " ORDER BY " . $sOrderBy;
	}
	$rs = phpmkr_query($sSql,$conn) or die("Failed to execute query: " . phpmkr_error() . '<br>SQL: ' . $sSql);
	if (phpmkr_num_rows($rs) == 0) {
		$bLoadData = false;
	}else{
		$bLoadData = true;
		$row = phpmkr_fetch_array($rs);

	// Get the field contents
	$GLOBALS["x_id"] = $row["id"];
	$GLOBALS["x_artist"] = $row["artist"];
	$GLOBALS["x_song"] = $row["song"];
	$GLOBALS["x_username"] = $row["username"];
	$GLOBALS["x_info"] = $row["info"];
	$GLOBALS["x_ip_address"] = $row["ip_address"];
	$GLOBALS["x_time"] = $row["time"];
}
phpmkr_free_result($rs);
return $bLoadData;
}
?>
<?php

//-------------------------------------------------------------------------------
// Function AddData
// - Add Data
// - Variables used: field variables

function AddData($conn)
{
	global $HTTP_SESSION_VARS;
	global $HTTP_POST_VARS;
	global $HTTP_POST_FILES;
	global $HTTP_ENV_VARS;
	global $x_id;
	$sSql = "SELECT * FROM `request`";
	$sWhere = "";
	$sGroupBy = "";
	$sHaving = "";
	$sOrderBy = "";

// Check for duplicate key
$bCheckKey = true;
$sWhereChk = $sWhere;
if ((@$x_id == "") || ($x_id == NULL)) {
	$bCheckKey = false;
} else {
	if ($sWhereChk <> "") { $sWhereChk .= " AND "; }
	$sTmp =  (get_magic_quotes_gpc()) ? stripslashes($x_id) : $x_id;			
	$sWhereChk .= "(`id` = " . addslashes($sTmp) . ")";
}
if ($bCheckKey) {
	$sSqlChk = $sSql . " WHERE " . $sWhereChk;
	$rsChk = phpmkr_query($sSqlChk, $conn) or die("Failed to execute query: " . phpmkr_error() . '<br>SQL: ' . $sSqlChk);
	if (phpmkr_num_rows($rsChk) > 0) {
		$HTTP_SESSION_VARS["ewmsg"] = "Duplicate value for primary key";
		phpmkr_free_result($rsChk);
		return false;
	}
	phpmkr_free_result($rsChk);
}

// Field artist
$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_artist"]) : $GLOBALS["x_artist"]; 
$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
$fieldList["`artist`"] = $theValue;

// Field song
$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_song"]) : $GLOBALS["x_song"]; 
$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
$fieldList["`song`"] = $theValue;

// Field username
$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_username"]) : $GLOBALS["x_username"]; 
$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
$fieldList["`username`"] = $theValue;

// Field info
$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_info"]) : $GLOBALS["x_info"]; 
$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
$fieldList["`info`"] = $theValue;

// Field ip_address
$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_ip_address"]) : $GLOBALS["x_ip_address"]; 
$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
$fieldList["`ip_address`"] = $theValue;

// Field info
$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_time"]) : $GLOBALS["x_time"]; 
$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
$fieldList["`time`"] = $theValue;

// insert into database
$sSql = "INSERT INTO `request` (";
$sSql .= implode(",", array_keys($fieldList));
$sSql .= ") VALUES (";
$sSql .= implode(",", array_values($fieldList));
$sSql .= ")";
phpmkr_query($sSql, $conn) or die("Failed to execute query: " . phpmkr_error() . '<br>SQL: ' . $sSql);
return true;
}
?>

having two issues, one is that i have no clue how to post the date, because its not working corrently and the second is how to dectect if a user has already posted within the past 30minutes.

gufmn

You wouldn't actually post the date. You would submit the form, then get the time for comparison.

I would personally use time() to get a unix timestamp, set that as a session var, then compare to that the next time the form is submitted.

DeadlySin3

From what I understand - you're looking for a form of flood control - so users may only submit (a form?) more than once in a time period you specify?

Here's what I do when I want to prevent users from double posting a form:

<?php

# First off, I have a field in a table in my database - we'll call it "tagitflood"
# When you insert your data into mySQL, use "now()" as the value for this field.
# You must obtain and insert users IP address into your db as well.
# For example:

$usersIp =$_SERVER['REMOTE_ADDR'];

$sql = "INSERT INTO tagit(tagitname, tagiturl, tagitpost, tagitip, tagitflood)

VALUES('".$_POST['tagitname']."','".$_POST['tagiturl']."','".$_POST['tagitpost']."', '$usersIp', now())";

# Then, every submission made must be checked to see if
# a user who's already submitted is submitting again in a certain
# time period.

$floodTime = "25"; // Time !! in seconds !! a user should wait to post

$floodQuery = "SELECT * FROM tagit WHERE tagitip = '$usersIp' AND tagitflood > (NOW() - INTERVAL '". $floodTime . "' SECOND)";

$flooding = @mysql_query($floodQuery); // Add Error checking 

# If said IP address is trying to submit, the above code will catch it
# Let's toss out an error message letting the user we know that they've
# already posted and cannot re-post for $floodTime seconds.

while($f=mysql_fetch_array($flooding))

{



# Setting rows as vars | in case you want to use them


$tagitflood=$f['tagitflood'];

$tagitip=$f['tagitip'];

$floodMsgMain = "Formatted Message Here explaining that a submission has already been made from $tagitip. You must wait $floodTime seconds to submit again.";

echo "$floodMsgMain";



} // End While Loop

?>

I think that pretty well covers it. I know I didn't go into great detail on how to do this but I think I gave you enough to get you started. If you need more help with this - don't hesitate to ask and good luck!

[edit]

as for posting the date, if you want to - here's what I do

<?php
/*
 * Timestamp Configuration
 *
 * $hourdiff
 * The time difference between your LOCAL
 * and SERVERS time. I.E
 * $hourdiff = "-1"; # If your server is est and your are central 
 * $hourdiff = "0"; # if your server and local machine are in same time zone
 * $hourdiff = "+2"; # if your server is mountain and you are est
 *
 * $timeadjust
 * No real need to modify this variable.
 *
 * $todays_date
 * The 'timestamp' itself. Change this
 * to modify the way the stamp is displayed
 */

$hourdiff    = "0";

$timeadjust  = ($hourdiff * 60 * 60);

$todays_date   = date("l, F d Y h:i a",time() + $timeadjust);

# I use this bit of code in an include file
# and print $todays_date when I want to 
# display date and time on any page.

?>

Hope this helps

[/edit]