Page 1 of 1

adding a session to my script. =\. help.

Posted: Fri May 02, 2003 8:24 pm
by synix
this is my code, first off.

Code: Select all

<?
$xname = "$name";
$xmsg = "$msg";
$xemail = "$email";
$xurl = "$url";
$glog = "guestlog.php";
$fp = fopen ($glog, "r+");
$fp2 = fread ($fp, filesize ("$glog"));
fclose ($fp);
$fp = fopen ($glog, "w");
$split = " - ";
if (!$xname || !$xmsg) {
echo("one or more required fields were left blank. <a href="javascript:history.back(1)">click here</a> to go back.");
}
if ($xname || $xmsg) {
fputs ($fp,"<a href="mailto:$xemail">$xname</a>$split<a href="$xurl">www</a>$split$xmsg<br><br>$fp2");
echo("thank you for your comment, i really appreciate your feedback. <a href="guestlog.php" target="shoutbox">click here</a> to view your comment.");
exit;
}
?>
how could i add a session to this script that would only allow a host to tag once every 60 seconds?

Posted: Sat May 03, 2003 4:38 am
by moogue
you don't need sessions-

look for the client-ip and save it together with a timestamp

Code: Select all

$t = time(); 
$ip = $GLOBALS&#1111;'REMOTE_ADDR']; 
$forwarder = $GLOBALS&#1111;'HTTP_X_FORWARDED_FOR']; 
if (($forwarder != "")&&($forwarder != "unknown")) &#123;$ip = $forwarder;&#125;
now you have a timestamp in $t and the client-ip in $ip.
save it in a textfile or better in a database.
everytime someone calls your script, check if his ip is in the file/database. if it is, check if the acutual timestamp is 60 ticks or more bigger than the saved one.


here is an example for using a database:

Code: Select all

$temp = time() - 60;
$r = mysql_query("DELETE FROM iplock WHERE time < $temp");
$r = mysql_query("SELECT ip FROM iplock WHERE ip = '$ip'");
if (mysql_num_rows($r) == 0) &#123;let him do something&#125; else &#123;it's forbidden&#125;
create the table using this sql:

CREATE TABLE iplock (
ip varchar(16) NOT NULL default '',
time bigint(20) NOT NULL default '0'
) TYPE=MyISAM;



the first query deletes all rows where the time (60 seconds) exceeded.
so the table won't grow infinitely. if the second query delivers a record, the user with this ip was here a few seconds ago. if it delivers nothing. the time has exeeded.