Altec Posted May 23, 2009 Share Posted May 23, 2009 I'm really at a loss as to why this is happening. Here is my code: <?php mysql_connect('localhost','user','pass') or die('Error connecting to database: '.mysql_error()); mysql_select_db('database') or die('Error selecting database: '.mysql_error()); if(isset($_POST['submit']) && $_SERVER['REQUEST_METHOD'] == "POST") { $ipcheck = "SELECT `ip` FROM `iplog`"; $ips = mysql_fetch_array(mysql_query($ipcheck)); foreach($ips as $ip) { if(stristr($ip,$_SERVER['REMOTE_ADDR'])) { die('You have already signed.'); } } function clean($string) { $string = trim(stripslashes(strip_tags($string))); return $string; } foreach($_POST as $key => $value) { $data[$key] = clean($value); } if(empty($data['name'])) { die('Name is a required field.'); } if(empty($data['comments'])) { $data['comments'] = 'No comment.'; } $namecheck = "SELECT `name` FROM `signatures`"; $namelist = mysql_fetch_array(mysql_query($namecheck)); foreach($namelist as $names) { if(stristr($names,$data['name'])) { die('You have already signed.'); } } $data['ip'] = $_SERVER['REMOTE_ADDR']; $data['timestamp'] = time(); $data['name'] = mysql_real_escape_string($data['name']); $data['comments'] = mysql_real_escape_string($data['comments']); $ipquery = "INSERT INTO `iplog` (name,ip,timestamp) VALUES ('{$data['name']}','{$data['ip']}','{$data['timestamp']}')"; mysql_query($ipquery) or die('Error inserting IP into log: '.mysql_error()); $query = "INSERT INTO `signatures` (name,comments,timestamp) VALUES ('{$data['name']}','{$data['comments']}','{$data['timestamp']}')"; mysql_query($query) or die('Error inserting signature: '.mysql_error()); header("Location: http://www.tf2petition.phreakyourgeek.com/index.php?show=1"); } ?> As you can see from 487 and the following signatures, something is wrong: www.tf2petition.phreakyourgeek.com/index.php?page=7 I should probably get this fixed as traffic is incredibly high right now, but I don't see a loophole or a bug that would cause someone to be able to post four times. Database structure for the iplog table is: www.media.phreakyourgeek.com/db_structure.png Quote Link to comment Share on other sites More sharing options...
kickstart Posted May 23, 2009 Share Posted May 23, 2009 Hi You are not checking an ip in your SELECT statement. Hence it is just going to bring back every row. You then fetch the first row and assign it to an array called $ips. You then loop round all the fields in that row (only 1) to check if the ip matches. Unless by pure chance their IP address is the first one found by the SELECT statement it won't find a match. Same applies to the check for the name. All the best Keith Quote Link to comment Share on other sites More sharing options...
Altec Posted May 23, 2009 Author Share Posted May 23, 2009 So I should do: $ipcheck = "SELECT `ip` FROM `iplog` WHERE `ip`='{$_SERVER['REMOTE_ADDR']}'"; if(mysql_num_rows(mysql_query($ipcheck)) > 0) { die('You have already signed.'); } ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.