"Self-Destructing Message" < My first PHP script! Feedback needed please! :)

[Akkari]

Hello everyone,

 

This is my first from scratch php script ever (except for the IP grabbing snippet) and my first post here as well. I really hope you'd post your feedback about it. I saw that this is the most appropriate forum to post. Please excuse me if that's not true.

 

Features:

The aim was to create a webpage that expires immediately after being viewed once. Tracking uses cookies and IP comparison. After being viewed, the webpage gets deleted from the server and an error message appears. Either "You've viewed this message before!" if the cookie is detected or stored IP matches or "This computer is not authorized to view this message" if no cookie is detected and IP does not match. The code is below, I tried to make it well commented.

 

<?php
/* Self-Destructing Message Script v1.0 by Y.Akkari */
//GLOBALS OFF WORK ROUND
// IP grabbing code from DigitalPoint Forums.
if (!ini_get('register_globals')) {
$reg_globals = array($_POST, $_GET, $_FILES, $_ENV, $_SERVER, $_COOKIE);
if (isset($_SESSION)) {
array_unshift($reg_globals, $_SESSION);
}
foreach ($reg_globals as $reg_global) {
extract($reg_global, EXTR_SKIP);
}
}

//FIND THE VISITORS IP
     if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
     {
        $rip = getenv("HTTP_CLIENT_IP");
     }
     else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
     {
        $rip = getenv("HTTP_X_FORWARDED_FOR");
     }
     else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
     {
        $rip = getenv("REMOTE_ADDR");

     }
     else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
     {
        $rip = $_SERVER['REMOTE_ADDR'];

     }
     else
     {
        $rip = "unknown";
     }

//Visitor IP echo removed from original snippet.
// Text file where the IP of the first computer to view the page will be stored and compared later on.
$filename = 'ip.txt';

// Check if that file exists on the server.
if (!file_exists($filename)) {
   die ('Could not read global control file!');}

// No cookie and text file empty meaning message was not viewed yet.
if (filesize('ip.txt') == 0 && !isset($_COOKIE['beenhere'])){
// Set the cookie for future detection, confirm that the "secure message" exists and echo it.    
setcookie("beenhere",time(),time()+31536000);
    if (!file_exists('message.html')) { die ('Unable to retrieve secure message!');}
    echo file_get_contents('message.html');
// Redirect to "expired message" site after 120 seconds (or whatever)
    header("Refresh: 120; url=\"http://www.google.com\"");
// Finally store the user's IP in the text file.   
$fp = fopen('ip.txt','w');
    fwrite($fp,serialize($rip));
    unlink('message.html');
}  
else {
// File is larger than 0 bytes. i.e: An IP has already been recorded or the cookie has been detected.
// Retreive stored IP, compare to current IP and check for the lousy cookie    
$stored_ip = unserialize(file_get_contents($filename));
        if (($stored_ip == $rip) || isset($_COOKIE['beenhere']))   {
            die ('Our records indicate that you have already viewed this message and it has therefore self-destructed.');
        }else{
            die ('We were not able to authorize viewing this message from this computer.');
        }
     }
// bye 
return;
?>

 

Some questions:

1. Was there anything that could have been done in a shorter, more easier manner?

2. Reliability and accuracy issues?

3. Is there any hope that I'd be a "good" developer one day? (hmm, maybe you can tell from the mentality or whatever that code shows)

4. Maybe this one would be HUGE to answer. I'd like to create a "service" for those self destructing message. Something tells me it can't be done smoothly without object oriented programming which gets me pulling out hairs out of my head every time. Is that true?

 

I have other questions but well, enough wasting your time. Would be great if someone could help me with these as a start.

 

Thanks!

[monkeytooth]

I didn't go through the whole thing but it looks sound per say. I would look into the concepts of how "Short-URL's" work like bit.ly and rather than it have it delete the "message.html" i would use a php file using it as a template pulling info from a database based on the string of the short url and populate the template through that means with the message attatched to that string (also stored in the database), attached would be a couple variables to define whether or not the message was viewed or not. I would save the IP there rather than the text file. I could go a million miles with concepts as to how to make this work. Once a message is viewed say you allow your users the attach files i would delete those.. The idea I admit is really good if your someone like me who can appreciate the concept, and has its possibilities of fun to go with it. I might be interested in helping a project like this out. shot me an email or something if you like or reach me on skype: monkeytooth

 

As long as your not someone whos going to try and ride me and just be a jerk about life, an wanna share the glory or credits or whatever later then yea by all means message me 

[ignace]

1. Was there anything that could have been done in a shorter, more easier manner?

 

Quite possible.

 

2. Reliability and accuracy issues?

 

Cookies can be removed, IP's can be changed. Plus only the first viewer would see the message all others would just see the destruction.

 

3. Is there any hope that I'd be a "good" developer one day? (hmm, maybe you can tell from the mentality or whatever that code shows)

 

There is a lot that I can tell here but I'll just go with, sure!

 

4. Maybe this one would be HUGE to answer. I'd like to create a "service" for those self destructing message. Something tells me it can't be done smoothly without object oriented programming which gets me pulling out hairs out of my head every time. Is that true?

 

It can be done with OO just like it can be done procedural or any other way. They are all hammers to hit the nail.

[Akkari]

I didn't go through the whole thing but it looks sound per say. I would look into the concepts of how "Short-URL's" work like bit.ly and rather than it have it delete the "message.html" i would use a php file using it as a template pulling info from a database based on the string of the short url and populate the template through that means with the message attatched to that string (also stored in the database), attached would be a couple variables to define whether or not the message was viewed or not. I would save the IP there rather than the text file. I could go a million miles with concepts as to how to make this work. Once a message is viewed say you allow your users the attach files i would delete those.. The idea I admit is really good if your someone like me who can appreciate the concept, and has its possibilities of fun to go with it. I might be interested in helping a project like this out. shot me an email or something if you like or reach me on skype: monkeytooth

 

As long as your not someone whos going to try and ride me and just be a jerk about life, an wanna share the glory or credits or whatever later then yea by all means message me 

 

"sound per say": sorry didn't get the expression

 

You're quite right about the database thing. Just one thing: I'm quite poor at MySQL so I had to look for a workaround. Plus, I always have this thought of using text files rather than databases whenever possible to save server load and to retrieve things faster and simpler. Of course that's just a "thought" I happen to always have. But if we put text files with sensitive info outside the web root, wouldn't they be secure? What are the risks involved?

 

"As long as your not someone whos going to try and ride me and just be a jerk about life, an wanna share the glory or credits or whatever later then yea by all means message me"

 

LOL. That's an incredible offer. It's like free experience and help and that's way more than enough for me. I seriously don't think that I'm the type of person you're talking about and I've sent you an email anyway. Thanks again for the offer.

 

 

1. Was there anything that could have been done in a shorter, more easier manner?

 

Quite possible.

 

Care to suggest if you have the time?

 

2. Cookies can be removed, IP's can be changed. Plus only the first viewer would see the message all others would just see the destruction.

 

Yeah so is there a more reliable tracking option then? . Yes, this script is so far quite "personal". I'd like to send just one person the thing and lock all others out. And well, the script does exactly that for me:)

 

There is a lot that I can tell here but I'll just go with, sure!

It can be done with OO just like it can be done procedural or any other way. They are all hammers to hit the nail.

 

Thanks.

 

[monkeytooth]

Sound per say, thats just poor punctuation on my part.. "Looks Sound, per say" as in I took a quick glance through didn't see anything bad while glancing, and the concept seems sound. Sound as in good, clever, etc.

 

SQL really isnt that bad. Its getting to know it thats a pain. But look at you, you picked up PHP right? Go check out tizag.com they have some really down to the core basic lessons there. As how to interact with mysql with php I grantee once you get the idea of how to work it better you'll look at yourself and laugh. I did at myself years ago making the same jump. But then again When php was first made publicly available hosts were still not giving you mySQL with the hosting packages. so Flat Files were your only means of doing things, and even then PHP hosting vs HTML hosting then cost more.. anyway back to the point.

 

All this work your doing with flat files is not much more diffrent than what you would do to work with SQL. Execpt the community is stronger in support of php/mysql questions rather than php/flatfile questions 

 

As far as tracking goes, Unfortunately there is no true means of tracking anyone ever. There are soooo many things to account for, and none of them static.

IP's change, Cookies Clear, Sessions Die, theres mobility to factor in laptops and cellphones etc, theres also things like people on shared networks, theres ISP's that have blocks of IPs per region and so on.

[jcbones]

1 glaring problem I see is:

 

line 55: echo statement;

line 57: header function;

 

Question: Would it not be better to have this pulled from a database?

 

This way you could control the output without worry that someone will delete a cookies.  Set IP's and dates to a table, if their IP isn't in the table, show the message and add the IP to the table.  Although, as monkeytooth says, you cannot track anyone 100%.