So I have an affiliate program that's lately been getting a lot of bad leads from countries we don't service, which we tell affiliates will be voided. Anyways, this is going to cause our reversal rate to be through the roof. So I want to do something about it.
So I want to use geoip, which gets me the stuff as a 2 letter country code.
<?php
$output = shell_exec('geoip-lookup '.$_SERVER['REMOTE_ADDR']);
?>
So how do I put that together?
Would this be correct?
<?php
$output = shell_exec('geoip-lookup '.$_SERVER['REMOTE_ADDR']);
if($_SESSION['check']!=1) && ($output=='US' || $output=='AU' || $output=='GB' || $output=='CA')
{
$submission = $_POST['submission_id'];
$_SESSION['check']=1;
echo 'insert pixel';
}
?>
You'll want to verify $output is what you expect (i.e. a string - var_dump($output)).
However, provided it is, you'll need to quote your country codes to do a string comparison. Also, as noted by heximal, be sure to use == for comparison. Otherwise, it's an assignment.
if ($_SESSION['check'] != 1 && ($output == 'US' || $output == 'AU' ...)) {
Otherwise, the rest of you code appears correct (without knowing your exact logic).
I am not familiar with "geoip-lookup" but I have "geoiplookup" working in my Ubuntu shell. Hopefully I can assume they are the same?
Putting $_SERVER values into a shell command has the potential for disaster, because they can be spoofed, so be careful with that.
Try the following:
// Make sure that the remote address is an IP and not something harmful, like "1.1.1.1; rm ../ -rf".
$found = preg_match('/^(?:\d{1,3}\.){3}\d{1,3}$/', $_SERVER['REMOTE_ADDR']);
if($found)
{
$command = escapeshellcmd('geoiplookup '.escapeshellarg($_SERVER['REMOTE_ADDR']));
$output = shell_exec($command);
if(($_SESSION['check']!=1) && (strpos($output,'US')!==false || strpos($output,'AU')!==false || strpos($output,'GB')!==false || strpos($output,'CA')!==false))
{
$submission = $_POST['submission_id'];
$_SESSION['check'] = 1;
echo 'insert pixel';
}
}
Be careful with $output=US
if you want to compare two operands you should use == operator
Related
I have the following strings that contains parts of a domain as string.
$scheme="http";
$host="example.com";
$filename="demo.php";
$request_uri="/folder/demo.php";
$host and $filename variables one of them is optional.
I am using the following code to check if strings contain the correct value, print the successful messege ,else print the error message
if($scheme ="http" OR $host ="example.com" & $filename ="demo.php" & $request_uri ="/folder/demo.php")
{echo "Sucessful";}
else
{echo "Fail";}
It doesnt work as expected, and I am getting "Successful" everytime . I think the AND oprator is being ignored in the if statement.
Any Idea?
if( $scheme == "http"
&& ($host == "example.com" || $filename == "demo.php")
&& $request_uri == "/folder/demo.php"
) {
echo "Sucessful";
} else {
echo "Fail";
}
&& and || are PHP's operators for AND and OR. Also = assigns a value to a variable, not comparing for equality. Use == or === for comparing.
Also, it seemed that your written statement of requirements did not match your code ... so I changed the logic a little and added () to group the logic. From the written it sounds like the $scheme AND $request_uri test were required and either $host or $filename were required. Your code didn't seem to match that. If I misunderstood your written requirment, change the && and || and () around as you require. Note that breaking long boolean expressions into multiple lines and the use of () to group logic often helps with getting it right.
So I inherited an old site from another developer, and I'm not really a programmer so I'm having some trouble. I've put the code into a Fiddle: https://jsfiddle.net/s6coraf5/
Basically there are different categories of real estate properties and when you click on different pages it's supposed to filter them and only display the ones specific to whatever page you're on. The problem is that no matter what page you're on, it's just displaying everything. I've narrowed down some specific code but can't figure out why it isn't applying it right.
In the php there's:
$select_title = "Unknown";
if ($select_type == "all") { $select_title = "All Listings"; }
if ($select_type == "office") { $select_title = "Office"; }
if ($select_type == "industrial") { $select_title = "Industrial"; }
if ($select_type == "retail") { $select_title = "Retail"; }
if ($select_type == "shoppingcenter") { $select_title = "Shopping Center"; }
if ($select_type == "land") { $select_title = "Land"; }
if ($select_type == "agricultural") { $select_title = "Ranch / Farm"; }
if ($select_type == "investment") { $select_title = "Investment"; }
if ($select_type == "lodging") { $select_title = "Lodging"; }
if ($select_type == "sportsentertainment") { $select_title = "Sports / Entertainment"; }
In the HTML there are various places where those $select_type's are supposed to be applied:
a href="properties.php?select_type=<?php echo $select_type;?>&select_city=<?php echo $select_city;?>&priceForm=<?= $lowPrice;?>,<?= $highPrice; ?>&sqft=<?= $lowSize;?>,<?= $highSize; ?>&sort_type=city, asking_price desc"><font size=4><b>Location,</b></a>
it's only applying the "all" one though on every page. Again, the fiddle has the full php and html which is probably more helpful. I realize it's ugly and bad but maybe someone can see something obvious that I can't.
Thanks in advance for any help anyone can provide.
Based on the PHP code in the fiddle (Which really shouldn't be there since the fiddle is for Javascript), it seems like the problem is that you never use the select_type given in the URL.
Take a look at this line. This is the first time $select_type is used.
if (!isset($select_type)) $select_type = "all";
Thus, $select_type will always be all.
Instead you should either change it to:
if (!isset($select_type)) $select_type = $_GET['select_type'];
Or just add this line before it:
$select_type = $_GET['select_type'];
Your ssql query in your jsfiddle seems like it might be the culprit. I'll put it here to make it easier:
select properties.property_id,selected_subtypes.property_type,properties.listing_type,properties.city,properties.asking_price,memberships.name,properties.membership_id,properties.building_size,memberships.website,properties.sold_price
from selected_subtypes,properties,memberships where (selected_subtypes.property_id = properties.property_id)
and (properties.membership_id = memberships.membership_id)
and (memberships.status = 'Active') and (properties.sold_information = ' ' or properties.sold_information = 'Undisclosed')
and ((selected_subtypes.property_category ='".$select_type."' or '".$select_type."'='all')
or (selected_subtypes.property_type ='".$select_type."'))
and (properties.city = '".$select_city."' or '".$select_city."'='all')
and (properties.asking_price BETWEEN ".$lowPrice." and ".$highPrice.")
and (properties.building_size BETWEEN ".$lowSize." and ".$highSize.")
".$date_sql."
order by ".$sort_type
The query appears to be, in each line, be selecting $select_type OR 'all
This boolean approach will always bring back either of those, so it would bring back "all" every time.
If you want to bring back only the selected type, you'd need to eliminate the "all" within the OR in these rows.
The easiest way to handle this would be to set the value $select_type to be equal to "all" if that is what is selected, or else, the specific type. One way he way I do "all" queries is to set the value to be "1=1" which will always be true.
In other words, modify the query like so (for each of the selected types) to show this (I changed the OR to AND in this case)
AND selected_subtypes.property_type ='".$select_type."'
and then in the php modify the code to be something like this:
if (!isset($select_type)) {
$select_type = "1=1"
}
else {
$select_type = $_GET['select_type'];
}
Another thing to be aware of
This particular code is somewhat vulnerable to SQL injection, so you might want to modify the way that you query the database. I strongly suggest you look into prepared statements, either using mysqli or PDO
I am trying to create an if statement with multiple conditions but it won't work and perhaps it is my syntax.
I have two post variables, which both give me the value fine elsewhere on my page. They are:
$_POST['text']
$_POST['rating'] //can be G, PG or R
What I am trying to do is make my word filter code work only if the rating equals "G"
What is currently happening though is that the filter is flagging a bad word regardless of the rating and ignoring my IF rating = G part.
if (isset($_POST['text']) and $_POST['rating'] = "G") {
//give warning if bad words are used
}
<?php
if (isset($_POST['text']) && $_POST['rating'] =="G") {
//give warning if bad words are used
}?>
use it like this
You may also use the symbol version of the syntax.
&& for and
|| for or
Also, = does not mean equals in an if statement. That is the syntax for setting a variable.
You would say == (equals to).
To say "not equals" you would use != or !=
if (isset($_POST['text']) && $_POST['rating'] == "G") {
//give warning if bad words are used
}
I am experienced programmer, but am not a PHP developer. I have been asked to troubleshoot the following code, but can't see what the problem is. This IF statement works:
<?php
if ($ice_cream_social == 'yes') {
$registration_price = "58.00";
}
?>
However, the page in question requires some compound IF statements to test if form elements have been checked and adjust the price accordingly. This code does NOT work, it doesn't give an error -- but the IF doesn't execute:
<?php
if ($ice_cream_social == 'yes' AND $registration_type == 'Banquet and Conference') {
$registration_price = "78.00";
?>
Using developer tools I have verified the form fields are being passed from the HTML, the code has the variable name and value spelled correctly, and I can test for any ONE variable's value successfully. It seems that when a second or third test is added using the syntax I showed above, the test fails and the IF doesn't run. Based on my limited understanding of PHP's syntax and some Googling, the code looks correct to me (and does not produce any errors), but I am thinking I am missing something about why this isn't working.
Can someone tell me if I'm missing something obvious in my code sample that would cause the IF not to run? I didn't include more code as this is one piece of a messy set of includes :)
Thanks!
It looks like to me on the elseif you don't have a logical check, so you either need to change it to else or add a check(if that is your intention) elseif($registration_price>0)
I used this code to test:
<?php
$registration_price = '';
$ice_cream_social = 'yes';
//$ice_cream_social = 'no';
$registration_type = 'Banquet and Conference';
//$registration_type = 'Something else';
if ($ice_cream_social == 'yes') {
$registration_price = "58.00";
} else {
$registration_price = "not defined";
}
echo $registration_price;
if ($ice_cream_social == 'yes' && $registration_type == 'Banquet and Conference') {
$registration_price = "78.00";
} elseif( 1 > 0) {
$registration_price = "1 million dolars!";
} else {
$registration_price = "not defined";
}
echo $registration_price;
I'm thinking about an application which recieves massive Data from the User.
But this data has to be verified in php:
f.e. $_GET['id'] has to be a number every Element of an array must be a value between a specific range.
so how efficient are functions like is_int($x) or isset($x) ?
Maybe if($x!=null) is faster or (int) x is causing same results.
What is the best way to handle Data that needs to get to Database quick but needs to be verified? Is there any difference in $_GET and $_POST in speed?
Maybe implementing a class doing that improves something?
Maybe for an more concret chance to answer, here a bit inefficent code:
if(isset($_GET["x"]) && $_GET["x"] > 0) { $x = $_GET["x"]; }
if(isset($_GET["y"]) && $_GET["y"] > 0) { $y = $_GET["y"]; }
if(isset($_GET["winWidth"]) && $_GET["winWidth"] > 0) { $winWidth = $_GET["winWidth"]; }
if(isset($_GET["winHeight"]) && $_GET["winHeight"] > 0) { $winHeight = $_GET["winHeight"]; }
if(isset($_GET["a"])) { $a = $_GET["a"]; }
UPDATE:
What about further security functions like:
mysql_real_escape_string($str);
or
stripslashes()
?
Please Stackoverflow, show me the magic :)
Harry
The fastest way to check if something has been posted and whether it's a positive integer:
if (isset($_POST['field']) && ctype_digit($_POST['field']))
mysql_real_escape_string is incredibly slow, compared to addslashes. However, it's definitely more secure.
However, it's normally not necessary to worry about all this too much. We're talking about billionths of a second here.