Page 1 of 1

Somethings wrong but I cant see it!

Posted: Mon Dec 21, 2009 3:39 pm
by scatty1985
I have a problem but I can’t understand why it’s not working.

I have a function which checks a db to see if an ip is registered on it, if it’s not then it logs the ip. If it is then it updates a count. Once the count goes over 3 the ip is 'blocked'.

Now I know that my IP is stored in the db so the first part of the function should skip but it doesn’t and I can’t explain why.

I tried the code out on a separate page so I could test the two outputs the functions relies on and they are working so I don’t know why the function is not working as it should.

Perhaps a fresh pair of eyes can stop my mistake!

Function that never goes past the first test even if the IP is stored and the query finds it...

Code: Select all

 
$db = new db_access;
//...
ip_fail($db,$b_ip); // calls the function
 
// Failed login attempt
    function ip_fail(&$db,$b_ip) {
        
        $query = "SELECT * FROM ip_block WHERE ip_add='$b_ip'";
        $db->query_db($query);
        $ip_d = mysql_fetch_row($db->q_result);
        
        // Record IP if not on database
        if ($db->q_rows() < 1) {
            $query = "INSERT INTO ip_block(ip_add, count) VALUES ('$b_ip', 1)";
            $db->query_db($query);
        } else {
            // Count attempts
            if ($ip_d[2] < 3) {
                $count = $ip_d[2] + 1;
                $query = "UPDATE ip_block SET count='$count' WHERE ip_add='$b_ip'";
                $db->query_db($query);
            } else {
            // Record block IP after 3 attempts
                $timestamp = time();
                $query = "UPDATE ip_block SET block='1', timestamp='$timestamp' WHERE ip_add='$b_ip'";
                $db->query_db($query);
            }
        }
    }
 
This outputs what I expect it to. echo $ip_d[2]; prints the current count from the db (which is 1). $db->q_rows(); outputs 1 as well which it should as there is 1 matching ip returned by the query

Code: Select all

<?
require_once("include/mysql_connect.php");
$b_ip = $_SERVER['REMOTE_ADDR'];
 
$db = new db_access;
 
function a(&$db,$b_ip) {
    $query = "SELECT * FROM ip_block WHERE ip_add='$b_ip'";
    $db->query_db($query);
    $ip_d = mysql_fetch_row($db->q_result);
    echo $ip_d[2]; // outputs 1 which is the count stored on the db
}
 
function b(&$db,$b_ip) {
    a($db,$b_ip);
}
 
b($db,$b_ip);
 
echo $db->q_rows(); // outputs 1 which is the number of rows returned for the query
 
?>
This is the class my program uses to query the database.

Code: Select all

// mysql_connect
 
class db_access {
    public $db_hostname = 'localhost', $db_username = 'xxxxxxxx', $db_password = 'xxxxxxxx', $db_server, $q_result, $db_err,
    $db_name = "scatty85_phptest";
    
// Constructor connect to server and select database
    function __construct() {
        $this->db_server = mysql_connect($this->db_hostname,$this->db_username,$this->db_password);
        mysql_select_db($this->db_name);
    }
 
// Query database
    function query_db($query_string) {
        $this->q_result = mysql_query($query_string);
    }
 
// Number of rows from query
    function q_rows() {
        if ($this->q_result) {
            return mysql_num_rows($this->q_result);
        }
    }
 
// Clean data
    function mysql_entities_fix_string($string) {
        return htmlentities(mysql_fix_string($string));
    }
    
    private function mysql_fix_string($string) {
        if (get_magic_quotes_gpc()) $string = stripslashes($string);
        return mysql_real_escape_string($string);
    }
 
}

Re: Somethings wrong but I cant see it!

Posted: Mon Dec 21, 2009 3:56 pm
by Christopher
You should check mysql_error() to see if there are problems with your queries. And I would recommend doing "UPDATE ip_block SET count=count+1 WHERE ip_add='$b_ip'" so multiple requests don't trample the data.

Re: Somethings wrong but I cant see it!

Posted: Mon Dec 21, 2009 5:43 pm
by scatty1985
The query seems fine, it worked before I changed the code (I changed how the program accessed the db, now its done through an object).

The query was the same before. Its like $db->q_rows() on line 14 is returning 0 or nothing yet my test (line 20 in the second block of code) it returns 1 from the same query.

Re: Somethings wrong but I cant see it!

Posted: Mon Dec 21, 2009 6:06 pm
by scatty1985
I've moved the whole bit of code in question to a test.php file and stripped out the code that is not needed when this function is called. When I run the test.php file it does what is expected, records the IP and the number of attempts to log in, after 3 attempts blocks the IP.

This is so frustrating, I see no reason why this should not work in the other file. :banghead:

Code: Select all

<?
require_once("include/mysql_connect.php");
$b_ip = $_SERVER['REMOTE_ADDR'];
 
$db = new db_access;
 
authenticate($db,$b_ip);
 
function ip_fail(&$db,$b_ip) {
        
        $query = "SELECT * FROM ip_block WHERE ip_add='$b_ip'";
        $db->query_db($query);
        $ip_d = mysql_fetch_row($db->q_result);
        print_r($ip_d);
        echo "<br/>";
        echo $db->q_rows();
        
        // Record IP if not on database
        if ($db->q_rows() < 1) {
            echo $db->q_rows();
            $query = "INSERT INTO ip_block(ip_add, count) VALUES ('$b_ip', 1)";
            $db->query_db($query);
        } else {
            // Count attempts
            if ($ip_d[2] < 3) {
                $query = "UPDATE ip_block SET count=count+1 WHERE ip_add='$b_ip'";
                $db->query_db($query);
            } else {
            // Record block IP after 3 attempts
                $timestamp = time();
                $query = "UPDATE ip_block SET block='1', timestamp='$timestamp' WHERE ip_add='$b_ip'";
                $db->query_db($query);
            }
        }
    }
    
function authenticate(&$db,$b_ip) {
    if (1==1) { // Check username & password have been received, look up users password on the databse, assume they have (test return true)
            /* 
            Get the password stored on database and the password salt
             */
        if (1==2) { // If users passes authentication set some session variables, assume false (test returns false)
            /* 
            ///////////////////////////////////////////////////////////
            / THIS CODE DOES NOT RUN IF THE USER FAILS AUTHENTICATION /
            ///////////////////////////////////////////////////////////
            Regenerate the session id
            Update the users salt and hashed password on the database
            Set some session variables
             */
        } else {
                // Else the user supplied an invalid username or password, record their IP and count attempts to log in
                ip_fail($db,$b_ip);
        }
    }
}
 
?>