Jump to content

Am I being hacked

Voodoo Jai

By Voodoo Jai
in PHP Coding Help

Recommended Posts

Voodoo Jai Regular Member

Voodoo Jai

Posted
Posted

I have a web site page that I have limited the access to, by logging the IP addresses of users. It works by capturing, storing and checking, if the IP has been used more than 5 times in that day they are redirected to an alternative page.

 

I have created a db table that stores the IP and date of all users, a php script then checks and a TRUE /FALSE statement is checked for.

 

When I tested the scenario myself all works fine (redirect to another page when max visits is reached), but I have discovered that a logged IP address appears to be getting more than the allowed number of accesses to the page.

 

What could be going wrong!!

 

Confused

VoodooJai

Link to comment
https://forums.phpfreaks.com/topic/115565-am-i-being-hacked/
Share on other sites
Voodoo Jai Regular Member

Voodoo Jai

Posted
  • Author
Posted

I have changed some of the table names to protect my security so any typos are probably not relavent.

Here is the code I am using.

 

<?php require_once('/Menu_conn.php'); ?>
<?php
//*******************************************************************************************************************
// This section is the IP checking access section
//*******************************************************************************************************************

$ip=$_SERVER['REMOTE_ADDR']; 

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

if (!function_exists("GetSQLValueString")) 
{
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType)
  {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_Menu_conn, $Menu_conn);
$query_ipstored = "SELECT * FROM `ip_stored`";
$ipstored = mysql_query($query_ipstore, $Menu_conn) or die(mysql_error());
$row_ipstored = mysql_fetch_assoc($ip_stored);
$totalRows_ipstored = mysql_num_rows($ip_stored);

mysql_select_db($database_Menu_conn, $Menu_conn);
$query_ipstoreCount = "SELECT ip_stored.address FROM ip_stored";
$ip_storedCount = mysql_query($query_ip_storedCount, $Menu_conn) or die(mysql_error());
$row_ip_storedCount = mysql_fetch_assoc($ip_storedCount);
$totalRows_ip_storeDCount = mysql_num_rows($ip_storedCount);

// Make a MySQL Connection
//***********************************************************************************************************************************
// Inserts the viewers IP address into the ipstore table of the lostmymenu db into an INTEGER format using the INET_ATON function
// also the date the access was made is entered into the db as well for comparison
//***********************************************************************************************************************************

$MaxVisits = 7;

$today = date("Y-m-d");
mysql_query("INSERT INTO ip_stored (address, date) VALUES (INET_ATON('$ip'), ('$today'))")
or die(mysql_error());  
$ipconverted2int = ip2long($ip);

$result = mysql_query("SELECT * FROM ip_stored WHERE address='$ipconverted2int' AND date='$today'"); 
$ShowResult = mysql_num_rows($result);

IF ($ShowResult < $MaxVisits)
{
//*******************************************************************************************************************
//*******************************************************************************************************************
?>

//***********************************************
//THIS SHOWS THE PAGE IF MAX VISITS NOT REACHED
//***********************************************


<?PHP
}
ELSE
{
   header('Location: http://www.REDIREDTEDmenu.com/maintenance.html');
}
?>




<?php
mysql_free_result($ip_stored);

mysql_free_result($ip_storedCount);

mysql_free_result($Takeaway);
?>

Link to comment
https://forums.phpfreaks.com/topic/115565-am-i-being-hacked/#findComment-594162
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.