Hey, I already have a view counter coded, but i need help preventing people from just refreshing and refreshing to add more views. Normally, i Would mark this storing the ip, page name and date viewed in a SQL table where in php, i would run a search to see if someone with that ip has viewed the page within 24 hours, but I run a website that is mostly operated in schools and i want each computer in a computer lab to count as a view when they see the page. Again, i could use cookies but my server isn't sending out cookies right. It works fine on my testserver but not on the dedicated web hosting server. Is there any other way to prevent spam?
Heres my code
function connect() {
$domain = $_SERVER['HTTP_HOST'];
$dbhost = 'censored';
$dbname = 'censored';
$dbuser = 'censored';
$dbpass ='censored';
if ($domain == 'localhost'){
$dbhost = 'localhost';
$dbname = 'db1';
$dbuser = 'root';
$dbpass ='';
}
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(!$con){
trigger_error("Problem Connecting to the MySQL Server.");
}
$db = mysql_select_db($dbname, $con);
if(!$db){
trigger_error("Problem finding the Database!");
}
return $con;
}
function fetchdata($qry){
connect();
$result = mysql_query($qry);
return $fetch = mysql_fetch_assoc($result);
}
function addcounter($id) {
connect();
$counter = fetchdata("SELECT * FROM counter WHERE `path` = '$id';");
$counter = $counter['counter'];
if(isset($_COOKIE["counter_".$id.""])){
}else{
if ($counter === NULL) {
mysql_query("INSERT INTO counter VALUES (0, '" .$id. "');");
}
echo "<!-- submitting query -->";
mysql_query("UPDATE counter SET counter = `counter`+ 1 WHERE path = ".$id."") or die ('failupdate');
setcookie("counter_$id", "Playcookie_".$id."");
}
}
If you cannot use the user's IP address (presumably because they are behind NAT?) and you cannot use cookies, there's really not much you can do.
You could try to use the IP together with the user agent string (which might be different among different computers in the lab), but this would be both slower and of course far from guaranteed to work.
Other than that I think you 're out of options.
Related
I'm trying to make a web/login page, where if a user is in certain location then they can be able to insert data in the database based on their location.
For example, if we have two users bob and max, one in A(bob) and the other in B(max).
If bob logs into the system username... bob password... 123 location.. A, he should be able to to insert his data on the database located on his PC same as max but they should use a single application.
Now my question is how can I achieve this. For example I've a login script below which is communicating with my localhost (A) and i also want to include a remote connection to my other PC on the LAN (B), using Mysql database installed on both computers, I can connect to Mysql database using Mysql workbench but how can I do it using a script in PHP?
login page
<?php
if(isset($_POST['login'])){
include 'includes/config.php';
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$query = "SELECT * FROM admin WHERE uname = '$uname' AND pass = '$pass'";
$rs = $conn->query($query);
$num = $rs->num_rows;
$rows = $rs->fetch_assoc();
if($num > 0){
session_start();
$_SESSION['uname'] = $rows['uname'];
$_SESSION['pass'] = $rows['pass'];
echo "<script type = \"text/javascript\">
alert(\"Login Successful.................\");
window.location = (\"admin/index.php\")
</script>";
} else{
echo "<script type = \"text/javascript\">
alert(\"Login Failed. Try Again................\");
window.location = (\"login.php\")
</script>";
}
}
?>
connection.php
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db = "cars";
$conn = new mysqli($host, $user, $pass, $db);
if($conn->connect_error){
echo "Failed:" . $conn->connect_error;
}
?>
Configuring two connection scripts is what i have in mind, but i don't
think it will work.
Any suggestions would be appreciated.
Thanks
I try to make a simple IOS app that can connect to mysql database and read one table. But my php code does't work and really have no idea why, it's seems correct to me. The database is in a raspberry phpmyadmin server and the server works great.
I will put my code here and please tell me what's wrong.
<?php
$host = "192.168.2.193";
$db = "produtos";
$user = "root";
$pass = "1234";
$connection = mysql_connect($host, $user, $pass);
if(!$connection)
{
die("Database server connection failed.");
}
else
{
//attempt to select the database
$dbconnect = mysql_select_db($db, $connection);
//check to see if we could select the database
if(!dbconnect)
{
die("Unable to connect to the specified database!");
}
else
{
$query = "SELECT * FROM produtos";
$resultset = mysql_query($query, $connection);
$records = array();
//loop throught all our records and add them to our array
while ($r = mysql_fetch_assoc($resultset))
{
$records[] = $r;
}
echo json_ecode($records);
echo $resultset;
}
}
?>
Based on the question:
use mysqli_connect rather than mysql_connect because mysql_connect is deprecated and will not work someday. Also what is the the error you are getting? change your die() statement to something more helpful die(mysqli_error($connection));
Based on your comment:
That error would suggest that you either A) don't have the right IP address or B) there is a network issue between your host server and the SQL server, is this code running on the same server that is hosting the SQL database? if so then you can probably just use localhost for your $host
I have a registration script that doesn't work. It used to work but then suddenly it stopped working. I dont know what I've done or what happend. I have tried for like an hour now to find out where the problem is, but I can't seem to find it.
What happens? When I click register I don't get any errors but it doesn't upload to the database:
When I type: $res = mysql_query($query) or die ("ERROR"); it displays ERROR so I think it's related to that code:
//=============Configuring Server and Database=======
$host = 'localhost';
$user = 'root';
$password = '';
//=============Data Base Information=================
$database = 'login';
$conn = mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish Connection with Server
mysql_select_db($database,$conn) or die('Database Information is not correct');
//===============End Server Configuration============
//=============Starting Registration Script==========
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['pass1']);
$email = mysql_real_escape_string($_POST['email']);
$country = mysql_real_escape_string($_POST['country']);
$rights = '0';
$IP = $_SERVER['REMOTE_ADDR'];
//=============To Encrypt Password===================
//============New Variable of Password is Now with an Encrypted Value========
$query = mysql_query("SELECT username FROM users WHERE username = '".$username."'");
if (mysql_num_rows($query) > 0)
{
echo 'Username or email already in use.';
}
else{
if(isset($_POST['btnRegister'])) //===When I will Set the Button to 1 or Press Button to register
{
$query = "insert into users(username,password,email,country,rights,IP,registrated)values('$username','$password','$email','$country',$rights,$IP,NOW())" ;
$res = mysql_query($query);
header("location:load.php");
}
}
I think you are getting the error because you are missing some quotes in your query for two columns wich really looks like not integers
'$email','$country',$rights,$IP,NOW())" //$rights and $ip doesn't have quotes
so your query would look like
"insert into users(username,password,email,country,rights,IP,registrated)values('$username','$password','$email','$country','$rights','$IP',NOW())"
Use mysql_error() in order to see what the error message is. If you haven't changed anything in the script then it's either your database structure has changed or your rights have.
Update:
You don't have quotes around your IP value, which is surprising because you said that query worked until now. Anyway you should also consider saving IPs the RIGHT way. Good luck!
The codes I'm working on are a bit confusing since I didn't make this one. But what I want to do is get the login information from a different database. I can't just modify the config.php of the database connection cause it will mess up the whole system.
I tried the trick to connect 2 databases by storing different variables on mysql_connect. But in this case, its a bit confusing.
Is there another way to just change the database connection only once in the logging in process?
login.php (the php file once the login info is submitted)
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT * FROM clients WHERE name = '$name' AND password = '$password'";
$result = mysql_db_query($database, $query, $connection);
$date_in = date("Y-m-d");
$time_in = date("H:i:s");
$client_accesslogin = $name;
if (mysql_num_rows($result) == 1)
{
session_start();
session_register('time_in');
session_register('date_in');
session_register('client_accesslogin');
session_register('remoteaddr');
$_SESSION['time_in']=$time_in;
$_SESSION['date_in']=$date_in;
$remoteaddr = $_SERVER['REMOTE_ADDR'];
$ipaddr = $_SERVER['REMOTE_ADDR'];
$client_accesslogin = $_SESSION['client_accesslogin'];
session_register("client_id");
session_register("client_name");
session_register("client_email");
session_register("client_company");
list($clientid, $name,$first_name,$last_name, $pass, $email, $company) = mysql_fetch_row($result);
$client_id = $clientid;
$client_name = $name;
$fname=$first_name;
$lname=$last_name;
$client_email = $email;
$client_company = $company;
$cisloggedin = 'Yes';
session_register("cisloggedin");
session_register("fname");
session_register("lname");
header("Location: menu.php");
mysql_free_result ($result);
mysql_close($connection);
}
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT * FROM admins WHERE name = '$name' AND password = '$password'";
$result = mysql_db_query($database, $query, $connection);
$date_in = date("Y-m-d");
$time_in = date("H:i:s");
$accesslogin = $name;
if (mysql_num_rows($result) == 1)
{
session_start();
session_register('time_in');
session_register('date_in');
session_register('accesslogin');
session_register('remoteaddr');
$_SESSION['time_in']=$time_in;
$_SESSION['date_in']=$date_in;
$remoteaddr = $_SERVER['REMOTE_ADDR'];
$ipaddr = $_SERVER['REMOTE_ADDR'];
$accesslogin = $_SESSION['accesslogin'];
session_register("client_id");
session_register("client_name");
session_register("client_email");
list($clientid, $name, $pass, $email) = mysql_fetch_row($result);
$client_id = $clientid;
$client_name = $name;
$client_name = "admin";
$client_email = $email;
$isloggedin = 'Yes';
session_register("isloggedin");
header("Location: menu.php");
mysql_free_result ($result);
mysql_close($connection);
}
else
{
mysql_free_result ($result);
mysql_close($connection);
header("Location: index.php");
exit;
}
?>
That works. But If I remove the included config.php and just add the connection:
$database = "invoices";
$user = "root";
$pass = "";
$hostname = "localhost";
It doesn't login. I don't get it. the inc/config.php has some codes with the connection but why can't i just add the connection itself without using include?
I'm doing to assume that there's a dedicated page for login processing?
In which case you can just make a new config.php and connect to that db only on the login page?
A bit of your code or structure would help.
mysql_select_db() function sets the active MySQL database.
Syntax
bool mysql_select_db ( string database_name [, resource link_identifier])
mysql_select_db() attempts to select existing database on the server associated with the specified link identifier.
Returns TRUE on success, or FALSE on failure.
We can select database in mysql server by using mysql_select_db function. mysql_select_db() selects the current active database on the server that is associated with the specified link identifier. If no link identifier is specified, the last opened link is assumed. If no link is open, the function will try to set a link as if mysql_connect() was called without arguments.
Made a function to connect to your database, also to close your connection.
function connect(user, pass, location)
function disconnect()
then you connect to your first db, do your operations. Close it and then open a new connection to the other db and do also your operations.
If you want to maintain 2 connections at the time, you could save your instances to variables
and do:
mysqli_select_db($instance1, 'SELECT ...');
mysqli_select_db($instance2, 'SELECT ...');
Also escape your variables in your query :)
i have a button i am trying to get where if i click it it updates the column 'gorg' in the table users to giver according to the current user (session) logged in. Everytime i click the button i get
Access denied for user 'root'#'localhost' (using password: NO)
Here is the top of the php page (BTW i am 100% positive my DB Connection info is correct)
<?php
session_start();
include('src/sql_handler.php'); //this is where my DB Connection info is located
include('src/facebook_handler_core.php');
if(isset($_POST['submitgiver'])) {
$query = "UPDATE users SET gorg='giver' WHERE email='".mysql_real_escape_string($_SESSION['email'])."'";
$result = mysql_query($query) or die(mysql_error());
}
{
if(isset($_SESSION['gorg'])=="Giver")
{
header('Location: picktreetype.php');
}
else if(isset($_SESSION['gorg'])=="Gatherer")
{
header('Location: gatherermap.php');
}
}
?>
and now for the html
<form method="post" action="<?php echo $PHP_SELF;?>">
<input type="submit" class="button orange" name="submitgiver" value="Giver">
</form>
UPDATE:
heres the SQL_HANDLER
<?php
class MySQL_Con {
private $host = 'localhost',
$user = 'fruitfo1_admin',
$pass = 'password',
$db = 'fruitfo1_fruitforest',
$_CON;
function MySQL_Con() {
$this->_CON = mysql_connect($this->host, $this->user, $this->pass);
if(!$this->_CON)
die(mysql_error());
else {
$select_db = mysql_select_db($this->db);
if(!$select_db)
die('Error Connecting To Database'.mysql_error());
}
}
function End_Con() {
mysql_close($this->_CON);
}
}
?>
Apparently your connection setup doesn't include a password. Please post the sql_handler (WITH OBFUSCATED password) to be able to debug further.
If you're 100% positive it's correct, as you're saying, you can try explicitly passing sql handle to mysql_query.
Another note, mysql_* are deprecated, you really should consider switching to either mysqli or PDO.
Also, using root user for ANY kinds of web-applications is a no-no.
Your DB doesn't have a password. Try this
private $host = 'localhost',
$user = 'fruitfo1_admin',
$pass = '',
$db = 'fruitfo1_fruitforest',
$_CON;
i found my issue, it did have to do with exactly what i thought it was. heres my updated code
if(isset($_POST['submitgiver'])) {
$mysql_hostname = "localhost";
$mysql_user = "fruitfo1_admin";
$mysql_password = "password";
$mysql_database = "fruitfo1_fruitforest";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
$query = "UPDATE users SET gorg='giver' WHERE email='".mysql_real_escape_string($_SESSION['email'])."'";
$result = mysql_query($query) or die(mysql_error());
}
basically that IF statement that was attempting to POST wasnt linking back to my handler, so i placed the SAME db connection from the handler and carried it over inside the if isset statement and it worked!