Placing time restrictions on IP of users

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Live24x7
Forum Contributor
Posts: 194
Joined: Sat Nov 19, 2011 9:32 am

Placing time restrictions on IP of users

Post by Live24x7 »

A part of my program runs a query on the database to fetch mobile numbers of matched users.
The user then reviews the list of mobile numbers.

If he then selects some member from the list and clicks the Send button, the code sends a certain SMS message to all the listed mobile numbers.

So far so good.

Now, I cannot leave this page as an empty playground for (mis)users.
As a workaround, i am planning to allow just one 'send' option per IP address per hour.
I have seen similar functions on rapidshare and other similar download sites where hourly IP download limits are placed for non-premium users.
But i think they use Javascript.

My questions:
1. How do i achieve this in PHP ? (Just give me pointers or links to resources from where i could catch up)

2. More so, Is there any other way(other than IP restriction) to keep bad boys at bay in this situation ?

I googled this, not very satisfactory results though.

thanks and this is my 15th post - so no more captchas now :D
maxx99
Forum Contributor
Posts: 142
Joined: Mon Nov 21, 2011 3:40 am

Re: Placing time restrictions on IP of users

Post by maxx99 »

1. You can get client IP from server variables:
http://www.php.net/manual/en/reserved.v ... server.php
Store blocked IPs in CSV or DB and don't allow them to use your services
2. You could try cookies, session IDs, tokens but its all to easy to work around :)

Edit:
Variables that could interest you: 'REMOTE_ADDR', 'REMOTE_HOST'
HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED',
Live24x7
Forum Contributor
Posts: 194
Joined: Sat Nov 19, 2011 9:32 am

Re: Placing time restrictions on IP of users

Post by Live24x7 »

@maxx99 : that's a mouthful of variables. :cry:

I thought sessions were not that easy to mess with.

thanks, will explore these.
maxx99
Forum Contributor
Posts: 142
Joined: Mon Nov 21, 2011 3:40 am

Re: Placing time restrictions on IP of users

Post by maxx99 »

Basically REMOTE_ADDR should be enough :) so don't panic

And yep its hard to mess with the session variables on server side :) but its easy to change your own session ID
Live24x7
Forum Contributor
Posts: 194
Joined: Sat Nov 19, 2011 9:32 am

Re: Placing time restrictions on IP of users

Post by Live24x7 »

@maxx99 Thanks a lot- am working on it now. :D

While all other posts have a report spam option for readers. A post which is actually spam has no such options. :(

So Sanjoseasianescorts will have a place here, till the moderators discover it out.
Bigboss01
Forum Newbie
Posts: 1
Joined: Fri Dec 12, 2014 4:52 am

Re: Placing time restrictions on IP of users

Post by Bigboss01 »

I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.

I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).
Get Braindumps demos for redhat certification and passguide with 100% success 642-999 dumps Our high quality cnsu.edu itil prepares you well before appearing in the final keiseruniversity with good luck
Post Reply