Page 1 of 1

your opinion on this type of counter

Posted: Sun Jun 12, 2005 2:30 am
by andrei.mita
I have build a page traffic analizer/counter and I would like to know what you think of it. It is good? Does it have buggs? Can the script make fals entries into the db? How can I optimeze it?

Code: Select all

<?php
session_start();
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("db") or die(mysql_error());

$page = $_GET['page'];
$ip = $_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$user = $_SESSION['user'];
$last= date("Y-m-d");

if (empty($_SESSION['user']))  //for index page or any other that doesnt need 
                               //you to be authenticated
	{
	 $select = "SELECT * FROM `counter` WHERE ip='".$ip."' LIMIT 1";  //check for ip
	 $result = mysql_query($select);
	 	if (mysql_affected_rows()<1)  //if the ip is not there it means 
                                             //this persone is for the first time here
	 		{
	 		$insert = "INSERT INTO counter (ip, host, nr, last, ".$page.") VALUES ('".$ip."', '".$host."',1,'".$last."',1 )"; 
	 		$result = mysql_query($insert);
	 		}

	 	elseif (mysql_affected_rows()>0) //if ip is there, check for the last view of the page
	 		{	
	 		$row = mysql_fetch_assoc($result);
	 		if  ($row['last'] != $last)  
	 			{
	 			$update = "UPDATE counter SET nr=nr+1, last='".$last."' WHERE ip='".$ip."'";
	 			$resultU = mysql_query($update);
	 			}
	 		elseif ($row['last'] == $last)   
	 			{
	 			$update1 = "UPDATE counter SET ".$page."=".$page."+1 WHERE ip='".$ip."'";
	 			$resultU1 = mysql_query($update1);
	 			}
	 		}
	 }
	 
elseif (!empty($_SESSION['user'])) //user is logged in
{
	$select  = "SELECT * FROM `counter` WHERE `user` ='".$user."' LIMIT 1";
	$result = mysql_query($select);
	
        if(mysql_affected_rows()<1)
		{
		$update2 = "UPDATE `counter` SET user='".$user."' WHERE ip='".$ip."'";
		$resulU2 = mysql_query($update2);
		}
        
        elseif(mysql_affected_rows()>0)
                {
	         $select  = "SELECT * FROM `counter` WHERE `user` ='".$user."' LIMIT 1";
	         $result = mysql_query($select);
	         $row = mysql_fetch_assoc($result);
	
	         if ($row['last'] != $last)
		        {
		        $update = "UPDATE `counter` SET ip='".$ip."', host='".$host."',  nr=nr+1, last='".$last."', ".$page."=".$page."+1 WHERE user='".$user."'";
		        $resulU = mysql_query($update);
		        }
	         elseif ($row['last'] == $last )
		        {
		        $update1 = "UPDATE counter SET ".$page."=".$page."+1 WHERE user='".$user."'";
	 	        $resultU1 = mysql_query($update1);
	 	        }
	         } 
}
 	
?>

Posted: Sun Jun 12, 2005 8:38 am
by Chris Corbyn
:arrow: Moved to PHP Theory & Design

EDIT | Moved back to PHP Code

Posted: Sun Jun 12, 2005 9:18 am
by Buddha443556
Escaping your SQL variable is usually a good idea especailly $page. $_GET needs validation.

Some users, like those on AOL, may change their IP with every page. Might consider using:

$_SERVER['HTTP_CLIENT_IP']
$_SERVER['HTTP_X_FORWARDED_FOR']

Snippet form my session tracker:

Code: Select all

if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) === true) {
	
		if(isset($_SERVER['HTTP_CLIENT_IP']) === true) {
			$_SESSION['session_proxy_ip'] = $_SERVER['HTTP_CLIENT_IP'];
		} else {
			$_SESSION['session_proxy_ip'] = $_SERVER['REMOTE_ADDR'];
		}
		
		$_SESSION['session_ip'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
		
	} else{
		
		if(isset($_SERVER['HTTP_CLIENT_IP']) === true) {
			$_SESSION['session_ip'] = $_SERVER['HTTP_CLIENT_IP'];
		} else {
			$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];
		}
		
	}

Posted: Sun Jun 12, 2005 3:30 pm
by andrei.mita
There will be a small (200 people) comunity using my website. Thanks for the advice, I'll be using it on my other websites. If that's all, that means the script is good, no? Thanks.

Posted: Sun Jun 12, 2005 3:54 pm
by Buddha443556
andrei.mita wrote:There will be a small (200 people) comunity using my website. Thanks for the advice, I'll be using it on my other websites. If that's all, that means the script is good, no? Thanks.
I just mentioned the obvious. Weekends are slow here ... other member may comment during the week. Might post the database layout and any updates to the script? I'm still wondering what $page is? :oops: I'm willing to bet you'll be wondering the same thing in six months ... could use a comment.

Posted: Mon Jun 13, 2005 10:35 am
by andrei.mita
$page holds the name of the page the user is browsing, i.e. index.php, profile.php, contact.php etc.
as for the bd:
ip varchar(25)
host varchar(250)
user varchar(15)
nr int(12)
last varchar(50)
p_index int(12)
p_main int(12)
p_.....
.
.
.
Any other suggestion. I'm not sure if my algorithm is right.