Limit the access of a function to once every 24 hours (PHP and MySQL)

[AhmedMostafa50]

I would like to limit the access of a function i've created to once every 24 hour based on the users IP address. I would also like the PHP script to delete the MySQL record if it's older than 24 hours.

If the user already has used the function within 24 hours, show them a message and prevent the script from continue running.

If the user already has used the function but 24 hours has passed since he used the function, delete the MySQL record and let the script continue running.

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$con=mysqli_connect("domain.com.mysql","domain_com","domain_password","domain_database");
$result = mysqli_query($con,"SELECT * FROM ipblock WHERE ip='".$ip."'");
while($row = mysqli_fetch_array($result));

if($ip == $row['ip']) //and code for checking how old the record is
{
// The user has used the function within 24 hours, kill the script.
echo "Come back in 24 hours";
exit;
}
else
{
// Looks clear, let them use the function
$MyFunction = true;
}
?>

I'm lost and as you can see i am also missing some statements for deleting old records (-24 hours)..

Could anyone provide me with an example of how to do this? Thanks

[Jacques1]

You understand that IP addresses can easily be changed, right?

 

What does this function do? Why should it only be executed every 24 hours?

[AhmedMostafa50]

Yes I know it

But I'm in a partner with advertising company

Among its conditions

visit page/24 hours

[ginerjm]

The solution is not to limit access to a "function", but to the script that is performing the function/task/whatever.  As already pointed out the IP address can be changed/forged(?) so it may not be totally accurate to base your decision on that piece of data.  I would simply create a cookie that had an expiration 24 hours from creation that held the ip address as its value.  If the cookie exists, abort the script.  If not re-create the cookie and proceed.

 

Of course if this is vitally important, you might need to use a db to store a token for the ip address since cookies can be toyed with.  Same idea though - store the datetime and the IP address in a record.  Upon execution of the script, check the db table for that IP and if the record's datetime value is too soon, abort.  If the datetime is over 24 hours old, update the record with the new date/time and proceed.  No need to remove expired recs - any future access attempt will simply update them.  If it's a problem though after too many users have visited, you could create a simple maintenance script to delete any record with a datetime older than a given value. and run it manually on a periodic schedule.

[NotionCommotion]

Not positive about the SELECT query, but try something like the following.  Also, look into prepared statements.

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$con=mysqli_connect("domain.com.mysql","domain_com","domain_password","domain_database");
$result = mysqli_query($con,"SELECT (NOW()-INTERVAL DAY > lastvisit) lastvisit FROM ipblock WHERE ip='".$ip."'");
$row = mysqli_fetch_array($result);
if($row && $row['lastvisit'])
{
    //The user has used the function within 24 hours, kill the script.
    echo "Come back in 24 hours";
    exit;
}
else
{
    // Looks clear, let them use the function
    $MyFunction = true;
    mysqli_query($con,"INSERT INTO ipblock SET lastvisit=NOW() WHERE ip='$ip' ON DUPLICATE KEY SET lastvisit=NOW()");
}

[ginerjm]

IMHO - the easier query is to simply find a record for that IP.  If found you still need to update it, so making the query that complex is not necessary.  You simply get the record, then check the date and either abort or update it.