PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Dec 15, 2017 7:01 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Mon Nov 21, 2011 3:57 pm 
Offline
Forum Contributor

Joined: Sat Nov 19, 2011 10:32 am
Posts: 194
A part of my program runs a query on the database to fetch mobile numbers of matched users.
The user then reviews the list of mobile numbers.

If he then selects some member from the list and clicks the Send button, the code sends a certain SMS message to all the listed mobile numbers.

So far so good.

Now, I cannot leave this page as an empty playground for (mis)users.
As a workaround, i am planning to allow just one 'send' option per IP address per hour.
I have seen similar functions on rapidshare and other similar download sites where hourly IP download limits are placed for non-premium users.
But i think they use Javascript.

My questions:
1. How do i achieve this in PHP ? (Just give me pointers or links to resources from where i could catch up)

2. More so, Is there any other way(other than IP restriction) to keep bad boys at bay in this situation ?

I googled this, not very satisfactory results though.

thanks and this is my 15th post - so no more captchas now :D


Top
 Profile  
 
PostPosted: Mon Nov 21, 2011 4:16 pm 
Offline
Forum Contributor

Joined: Mon Nov 21, 2011 4:40 am
Posts: 142
1. You can get client IP from server variables:
http://www.php.net/manual/en/reserved.variables.server.php
Store blocked IPs in CSV or DB and don't allow them to use your services
2. You could try cookies, session IDs, tokens but its all to easy to work around :)

Edit:
Variables that could interest you: 'REMOTE_ADDR', 'REMOTE_HOST'
HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED',


Top
 Profile  
 
PostPosted: Mon Nov 21, 2011 4:30 pm 
Offline
Forum Contributor

Joined: Sat Nov 19, 2011 10:32 am
Posts: 194
@maxx99 : that's a mouthful of variables. :cry:

I thought sessions were not that easy to mess with.

thanks, will explore these.


Top
 Profile  
 
PostPosted: Tue Nov 22, 2011 3:03 am 
Offline
Forum Contributor

Joined: Mon Nov 21, 2011 4:40 am
Posts: 142
Basically REMOTE_ADDR should be enough :) so don't panic

And yep its hard to mess with the session variables on server side :) but its easy to change your own session ID


Top
 Profile  
 
PostPosted: Tue Nov 29, 2011 12:01 am 
Offline
Forum Contributor

Joined: Sat Nov 19, 2011 10:32 am
Posts: 194
@maxx99 Thanks a lot- am working on it now. :D

While all other posts have a report spam option for readers. A post which is actually spam has no such options. :(

So Sanjoseasianescorts will have a place here, till the moderators discover it out.


Top
 Profile  
 
PostPosted: Fri Dec 12, 2014 6:04 am 
Offline
Forum Newbie

Joined: Fri Dec 12, 2014 5:52 am
Posts: 1
I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.

I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).

_________________
Get Braindumps demos for redhat certification and passguide with 100% success 642-999 dumps Our high quality cnsu.edu itil prepares you well before appearing in the final keiseruniversity with good luck


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group