Lambneck Posted October 7, 2008 Share Posted October 7, 2008 Hello, I've just set up my database so that upon a form submission it logs the IP address and time/date of submission: $submission_date = date("l M dS, Y, H:i:s"); $ip = getenv("REMOTE_ADDR"); $insert = mysql_query("INSERT INTO $table (col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$name', '$email', '$subject', '$message', '$submission_date', '$ip')"); } how do I code it to check if the IP has already made a submission, say within the last 20 minutes, and if so, have their submission blocked? Somthing like this?: <?php if ( isset($_POST['submit']) ) { $submission_date = date("l M dS, Y, H:i:s"); $ip = getenv("REMOTE_ADDR"); $timeout='20'; $now=time() if ($now < ($ip[$submission_date]*$timeout) { $_POST['submit'] == 'null' //? } }else{ $insert = mysql_query("INSERT INTO $table (col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$name', '$email', '$subject', '$message', '$submission_date', '$ip')"); ?> i'm lost. Quote Link to comment Share on other sites More sharing options...
Orio Posted October 7, 2008 Share Posted October 7, 2008 Instead of storing a formatted string for the date in the database, use timestamps (see time()). Handling timestamps is much easier than using formatted strings, and it's much faster and efficient to use those. This way, you can simply check if the difference between the current timestamp to the one stored in the DB is smaller/bigger than 60*20 (20 minutes). Also, if you want to display the date the user voted in a formatted way, you can use the date() function with the second optional parameter. Orio. Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 7, 2008 Author Share Posted October 7, 2008 so what would the code look like for that? Quote Link to comment Share on other sites More sharing options...
Orio Posted October 7, 2008 Share Posted October 7, 2008 First, in your database you'll have to hold the date as an integer. Then, on submission you'll have something like: <?php if (isset($_POST['submit'])) { $ip = $_SERVER['REMOTE_ADDR']; $timeout = 20; $result = mysql_query("SELECT * FROM {$table} WHERE ip_address = '{$ip}' AND TIMESTAMPDIFF(MINUTE, UNIX_TIMESTAMP(), submission_date) < {$timeout} LIMIT 1"); or die('Error'); if(mysql_num_rows($result) == 1) die("You can't submit so much! Wait {$timeout} minutes!"); else { $insert = mysql_query("INSERT INTO $table (col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$name', '$email', '$subject', '$message', UNIX_TIMESTAMP(), '$ip')"); } } ?> Haven't tried it, but it should do the job. Orio. Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 7, 2008 Author Share Posted October 7, 2008 ok, so I'm trying the following but am still able to make submissions consecutively without being timed out. ??? <?php //... $connect = mysql_connect($db_host, $db_user, $db_pwd); mysql_select_db($database); $name = check_input($_POST['name'], "Please enter your name."); $email = htmlspecialchars($_POST['email']); if (! preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email) ) { show_error('E-mail address not valid.'); } $subject = check_input($_POST['subject'], "Please enter a subject."); $message = check_input($_POST['message'], "Please enter your resume."); $ip = $_SERVER['REMOTE_ADDR']; $timeout = 20; $result = mysql_query("SELECT submission_date AS 't' FROM $table WHERE ip_address = '$ip' ORDER BY submission_date DESC LIMIT 1") or die('Error'); if(mysql_num_rows($result) == 1){ $data = mysql_fetch_array($result); if(time() - $data['t'] > $timeout * 60) $insert = mysql_query("INSERT INTO $table (col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$name', '$email', '$subject', '$message', ".time().", '$ip')"); else die("Please submit only one resume per month."); } ?> Quote Link to comment Share on other sites More sharing options...
Orio Posted October 7, 2008 Share Posted October 7, 2008 I see nothing that could cause a timeout except your user defined functions. Orio. Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 7, 2008 Author Share Posted October 7, 2008 Sorry, I mean I am trying not to be "timed out" but temporarily banned from making submissions, and with the above posted code I am able to make submissions one after the other with the same IP without being affected by timestamp. Quote Link to comment Share on other sites More sharing options...
Orio Posted October 7, 2008 Share Posted October 7, 2008 Change: if(time() - $data['t'] > $timeout * 60) To: if(time() - $result['t'] > $timeout * 60) Orio Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 7, 2008 Author Share Posted October 7, 2008 No change... Can still submit consecutive form entries. Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 8, 2008 Author Share Posted October 8, 2008 Ok, I think I see the problem. I have the following function with the variable $data before the sql query: function check_input($data, $problem='') { $data = mysql_real_escape_string(trim(strip_tags(htmlspecialchars($data)))); if ($problem && strlen($data) == 0) { show_error($problem); } return $data; } can i replace the $data variable with something else in the following: $ip = $_SERVER['REMOTE_ADDR']; $timeout = 1; $result = mysql_query("SELECT submission_date AS 't' FROM $table WHERE ip_address = '$ip' ORDER BY submission_date DESC LIMIT 1") or die('Error'); if(mysql_num_rows($result) == 1){ $data = mysql_fetch_array($result); if(time() - $result['t'] > $timeout * 60) $insert = mysql_query("INSERT INTO $table (col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$name', '$email', '$subject', '$message', ".time().", '$ip')"); else die("Please submit only one resume per month."); } Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 9, 2008 Author Share Posted October 9, 2008 Replaced $data with $info but still can submit forms consecutively... :'( code looks like it should work I don't understand what the problem is: <?php $ip = $_SERVER['REMOTE_ADDR']; $timeout = 20; $result = mysql_query("SELECT submission_date FROM $table WHERE ip_address = '$ip' ORDER BY submission_date DESC LIMIT 1") or die('Error'); if(mysql_num_rows($result) == 1){ $info = mysql_fetch_array($result); if(time() - $info['submission_date'] > $timeout * 60) $insert = mysql_query("INSERT INTO $table (col_2, col_3, col_4, col_5, submission_date, ip_address) VALUES ('$name', '$email', '$subject', '$message', ".time().", '$ip')"); else die("Please submit only one resume per month."); } ?> Quote Link to comment Share on other sites More sharing options...
Lambneck Posted October 10, 2008 Author Share Posted October 10, 2008 There's nothing wrong with the code.. The problem could be in the MySQL part: Check that the column submission_date is set as int at a length of 10 or 11 numbers. It can't be less than 10. That might be the problem, the script is fine. Orio. That was the problem. My table column was varchar not int. Thanks Orio you really helped me out! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.