Page 1 of 1

Placing time restrictions on IP of users

Posted: Mon Nov 21, 2011 2:57 pm
by Live24x7
A part of my program runs a query on the database to fetch mobile numbers of matched users.
The user then reviews the list of mobile numbers.

If he then selects some member from the list and clicks the Send button, the code sends a certain SMS message to all the listed mobile numbers.

So far so good.

Now, I cannot leave this page as an empty playground for (mis)users.
As a workaround, i am planning to allow just one 'send' option per IP address per hour.
I have seen similar functions on rapidshare and other similar download sites where hourly IP download limits are placed for non-premium users.
But i think they use Javascript.

My questions:
1. How do i achieve this in PHP ? (Just give me pointers or links to resources from where i could catch up)

2. More so, Is there any other way(other than IP restriction) to keep bad boys at bay in this situation ?

I googled this, not very satisfactory results though.

thanks and this is my 15th post - so no more captchas now :D

Re: Placing time restrictions on IP of users

Posted: Mon Nov 21, 2011 3:16 pm
by maxx99
1. You can get client IP from server variables:
http://www.php.net/manual/en/reserved.v ... server.php
Store blocked IPs in CSV or DB and don't allow them to use your services
2. You could try cookies, session IDs, tokens but its all to easy to work around :)

Edit:
Variables that could interest you: 'REMOTE_ADDR', 'REMOTE_HOST'
HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED',

Re: Placing time restrictions on IP of users

Posted: Mon Nov 21, 2011 3:30 pm
by Live24x7
@maxx99 : that's a mouthful of variables. :cry:

I thought sessions were not that easy to mess with.

thanks, will explore these.

Re: Placing time restrictions on IP of users

Posted: Tue Nov 22, 2011 2:03 am
by maxx99
Basically REMOTE_ADDR should be enough :) so don't panic

And yep its hard to mess with the session variables on server side :) but its easy to change your own session ID

Re: Placing time restrictions on IP of users

Posted: Mon Nov 28, 2011 11:01 pm
by Live24x7
@maxx99 Thanks a lot- am working on it now. :D

While all other posts have a report spam option for readers. A post which is actually spam has no such options. :(

So Sanjoseasianescorts will have a place here, till the moderators discover it out.

Re: Placing time restrictions on IP of users

Posted: Fri Dec 12, 2014 5:04 am
by Bigboss01
I place non-login (NOT email, database, etc info) details in a database row in it's own table. It's often in the main database that all the other queries go to. Thinking about it, I should place it in a separate database with a separate database login.

I either hardcode the login and extremely sensitive data in a regular .php file above document root in an ini file above document root. Occasionally I have hardcoded these values into an include file (such as a dbconnect.php).