PHP - Looking For Advice On Possibly Limiting Users From Hammering My Php Server

Hello   I am trying to work out how many regular users I have to my site and how long those users tend to be users..   So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.   I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...  

 
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
 

I am fairly new to php relating to databases so I'm a little uncertain with my current quandry!

I am using a component for Joomla to display tables of motorsport results. The programme produces a table in a module position with a number of links, driver name, team name and a view table link. My problem is that my SEO plug-in does not have a compatablity add on for the component and it screws up. I dont need the links, so I am trying to remove them.

My question is this:

Code: [Select]
class TracksHelperRoute
{
/**
* return link to details view of specified event
* @param int $id
* @param int $xref
* @return url
*/
function getRoundResultRoute($id = 0)
{
$parts = array( "option" => "com_tracks",
                "view"   => "roundresult" );
if ($id) {
$parts['pr'] = $id;
}
return self::buildUrl( $parts );
}

If I remove this bit:
Code: [Select]
return self::[b]buildUrl[/b]( $parts );
Will that stop the links from being made??

I have removed the link into the application, but I don't want to break the whole component removing code!

does anyone have any update on this? I am using it pretty heavily, and someone who has a gmail account just told me that their message was sent to spam. I have a gmail account myself and last night I ran a test and it was not sent there for me. I guess google could be doing some algorithmic nonsense to analyze behavior patterns, but I would guess not in this case.

Does anyone know the status of some of the major email clients and their acceptance of PHP mailer receipts? I know the DNS is also associated, but the test that I ran myself came to the inbox without the need for a DNS change. gmail simply popped up a warning of information.

thank you guys.  I'm just fishing for info here as to see what I can do to stop this.

This is a function that is being called from an ajax request. I can arrange things so that I get the 'no images' msg, but NOT the 'yep, there\'s images'.

   function build_post($post){
      if ($post['image_data'] == 0){
         return 'no images.';
      } else {
         return 'yep, there\'s images';
      }
   }

If I change the function to just return $post['image_data'], I get an 'Object Object in my javascript alert, meaning the php process is working correctly so there can't be any errors in constructing the array up until this point. (I can also access each of the possible array elements by changing it to return $post['image_data'][1]['alignment'] or whatever.. so like I say, I'm sure there are no errors in the array construction)

I really can't for the life of me then, figure out why I can't get the 'yep there's images' msg. I can probably work around this, but it's bugging me, so if anyone could throw a few possibilities as to how this could be, then I'd be most grateful. Thanks

I just discovered that I have a major security flaw with my website.
Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar.
I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar.
For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information.

Every important page that I have has this code:
Code: [Select]
 session_start();

if (!isset($_SESSION['user_id'])) {
// Start defining the URL.
         $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
         if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
         $url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/index.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else {
                //Else If Logged In Run The Script

if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
         $id = (int) $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
         $id = (int) $_POST['id'];
} else {
         echo ' No valid ID found, passed in url or form element';
        
         exit();
}



What am I doing wrong?
Please help if you know how to correct this.

Many thanks in advance.

Hi,
I have an old code from 2004 and I would like to update it to use new Session object.
That means instead of session_register using the $_SESSION super global variable.
The main reason for this change is that wheneve I logged out from the software I get:

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0
 



Spo I replace my old code:
    <?php
    session_name("MySite");
    session_start();
    reset ($_GET);
   

   


    session_register("ADMIN");
    session_register("ADMINNAME");
    session_register("MAIL") ;


   $USERCOOKIE_FOR_TRACKING = array();

   //to get all session variables
    foreach ($_SESSION as $key => $value)
    { 
          $value=stripslashes(trim($value));   
           $$key=$value;           
    } 
?>

with this new code:


    <?php
    session_name("MySite");
    session_start();
    reset ($_GET);
   

   


    $_SESSION['ADMIN']="";
    $_SESSION['ADMINNAME']="";
    $_SESSION['MAIL']="";


   $USERCOOKIE_FOR_TRACKING = array();

   //to get all session variables
    foreach ($_SESSION as $key => $value)
    { 
          $value=stripslashes(trim($value));   
           $$key=$value;           
    } 
?>





BUT now I cannot login to the software any more.
looks like I am doing something wrong here.

please tell me how do I upgrade my code.
Thank you.

Im not sure f this is the right spot for this or not but...

I have a website that has a content box that has a fixed height and width.

How would i make it so after the box is full it puts a link to read more at the bottom of it? Also images may be used as well.

Its also for a wordpress blog

Hi,

I am wondering if it is possible to monitor how long someone is on a website for and to limit them for example: 30 minutes. An example of this would be one of those Tv Online websites which allow you to only watch 30 minutes of video time. If you try refreshing the page it will still not allow you.

My question is, Is it an ip check which does this?

Sorry If it such a broad topic.

Nick

OMG!  Crafting well thought out business logic is such a PITA sometimes!

I am working on an ecommerce site that sells subscriptions, books, gear, etc.

Similar to a lot of online newspapers, I have a "Subscribe" button in my website mast where people can buy a subscription.

After clicking on that button, the user is first presented with different subscription offers (e.g. sliver, gold, platinum), and then I have a one-page checkout form where they create an account - kind of important for an online subscription! - and they pay with a credit card.  Easy!

Trying to be a nice guy, I decided to add the ability to choose a subscription from my online store as well.  (Presumably you want to offer as many ways for people to buy things from you as possible, right?)

Well here is the issue I just discovered...

What happens if a person is browsing through my product catalog, and they add multiple subscriptions to their shopping cart?

Of course I would welcome the extra $$$, but I just realized that would break how people create their accounts and pay, because above I assume that ONE person, buys ONE subscription and pays for it in ONE transaction.

So my questions is, "Would it be a mortal sin to limit people to buying only ONE subscription at a time if they do so while in my online store?"

I would hope that people would get that, but as we know, users do some crazy stuff!!

In fairness, if you went to buy a subscription at the Wall Street Journal or any other large newspaper/magazine, you would be forced to do one subscription per transaction.  I am just wondering what happens if someone goes on a shopping spree in my online store, buys several books, some t-shirts, and decides he/she also wants to buy 5 subscriptions on the spot.

Thoughts?

 

Ok so here's my code first the ajax/javascript, secondly the php. Issue i'm having is that first it wasn't entering any data into my database then eventual through much troubleshooting I figured out that if I add more then 10 variables in my INSERT INTO query it wont work. Ten or less and it works perfect. I CAN NOT figure this out?! Note, at the bottom of the php script I have the script that I would like to work, commented out, and the script that is currently working, active. You can see it only has 10 working entries.

Code: [Select]
function entervehicle(){

var stk = document.getElementById("stk").value
var my = document.getElementById("my").value
var mak = document.getElementById("mak").value
var mod = document.getElementById("mod").value
var mil = document.getElementById("mil").value
var pri = document.getElementById("pri").value
var bst = document.getElementById("bst").value
var len = document.getElementById("len").value
var eng = document.getElementById("eng").value
var dor = document.getElementById("dor").value
var tra = document.getElementById("tra").value
var gvw = document.getElementById("gvw").value
var inc = document.getElementById("inc").value
var exc = document.getElementById("exc").value
var cfo = document.getElementById("cfo").value
var titl = document.getElementById("titl").value
var desc = document.getElementById("desc").value
var vin = document.getElementById("vin").value
var pic1 = document.getElementById("pic1").value
var pic2 = document.getElementById("pic2").value
var pic3 = document.getElementById("pic3").value
var pic4 = document.getElementById("pic4").value
var pic5 = document.getElementById("pic5").value
var pic6 = document.getElementById("pic6").value
var pic7 = document.getElementById("pic7").value
var pic8 = document.getElementById("pic8").value
var pic9 = document.getElementById("pic9").value


var linksubmit ="../php/entervehicle.php?stk=" + stk
+"&my=" + my
+"&mak=" + mak
+"&mod=" + mod
+"&mil=" + mil
+"&pri=" + pri
+"&bst=" + bst
+"&len=" + len
+"&eng=" + eng
+"&dor=" + dor
+"&tra=" + tra
+"&gvw=" + gvw
+"&inc=" + inc
+"&exc=" + exc
+"&cfo=" + cfo
+"&titl=" + titl
+"&desc=" + desc
+"&vin=" + vin
+"&pic1=" + pic1
+"&pic2=" + pic2
+"&pic3=" + pic3
+"&pic4=" + pic4
+"&pic5=" + pic5
+"&pic6=" + pic6
+"&pic7=" + pic7
+"&pic8=" + pic8
+"&pic9=" + pic9

alert(linksubmit);
var entrequest = getHTTPObject();

if(entrequest)
{
entrequest.open("GET",linksubmit,true);
entrequest.onreadystatechange = function(){
entveh(entrequest);
};
entrequest.send(null);
}
}
function entveh(entrequest){
if(entrequest.readyState == 4){
if(entrequest.status == 200){

var myPHP = entrequest.responseText;
document.getElementById("adminmain").innerHTML = myPHP;
}
}
}



<?php

$stk = $_GET['stk'];
$my = $_GET['my'];
$mak = $_GET['mak'];
$mod = $_GET['mod'];
$mil = $_GET['mil'];
$pri = $_GET['pri'];
$bst = $_GET['bst'];
$len = $_GET['len'];
$eng = $_GET['eng'];
$dor = $_GET['dor'];
$tra = $_GET['tra'];
$gvw = $_GET['gvw'];
$inc = $_GET['inc'];
$exc = $_GET['exc'];
$cfo = $_GET['cfo'];
$titl = $_GET['titl'];
$desc = $_GET['desc'];
$vin = $_GET['vin'];
$pic1 = $_GET['pic1'];
$pic2 = $_GET['pic2'];
$pic3 = $_GET['pic3'];
$pic4 = $_GET['pic4'];
$pic5 = $_GET['pic5'];
$pic6 = $_GET['pic6'];
$pic7 = $_GET['pic7'];
$pic8 = $_GET['pic8'];
$pic9 = $_GET['pic9'];


require("database.php");


$tresult = mysql_query("INSERT INTO automobile_stat (stock_number,model_year, make, model, miles, price, body_style, length, description, trans)
VALUES ('$stk', '$my', '$mak', '$mod', '$mil', '$pri', '$bst', '$len', '$desc', '$tra')");

/*$tresult = mysql_query("INSERT INTO automobile_stat (stock_number, model_year, make, model, miles, price, body_style, length, description, engine, doors, trans, gvw, int_color, ext_color, car_fax_owner, title_desc, main_picture_src, vin)
VALUES ('$stk', '$my', '$mak', '$mod', '$mil', '$pri', '$mpri', '$bst', '$len', '$desc', '$eng', '$dor', 'tra', '$gvw', '$inc', '$exc', '$cfo', '$titl', 'img', '$vin')");*/

/*$tresult=mysql_query("SELECT * FROM automobile_stat" );
$countrows = mysql_num_rows($tresult);


while($row = mysql_fetch_array($tresult)){

echo $row[stock_number];

    }*/

mysql_close($linkID);

?>

I have a database of 100 lines which have echoed onto the page so each line within the database is printed. I would like to limit it to ten. However, I have tried a whole range of different loops but none of them seek to work.

Some of them print the database ten times so I have 1000 lines on the page. Can anyone advise the best method of limiting how many lines within a database are printed on the page?

Hi. Trying to use the "Excerpt or Content Word Limit in WordPress: Redux" code to limit my Amazon product description content but to no avail. Getting the "Fatal error: Call to undefined function content() in index.php on line 36". The following is the code in the index.php file that makes the call: "
<div class="post-content">
   <?php content(30); ?>
<!-- <?php the_post_excerpt($excerpt_length=30); ?> -->
</div><!-- POST CONTENT --> "
The functions.php file is quite large but I attached it so anyone who would like to take a look at it.
Can anyone tell why it's not finding the function 'content'? Thanks!

Hey there -

I have been trying to limit the number of comments a user can make per day on my social network. Thanks to great help on here I am getting really close, however, there are some bugs that have me banging my head against the wall. I am able to limit, but now, its

1. not limiting PER day and limiting all around ( meaning: I can't make any comments at all today )

2. it is limiting for EVERY user as opposed to limiting a specific user

Here is the code I have:

Code: [Select]
if(isset($_POST['commentProfileSubmit'])) {


if($_POST['ProfileComment'] == "" || $_POST['ProfileComment'] == "Tell the community what's on your mind...") {
$valid = false;
$error_msgs_comments[] = "Whoops! You forgot to write your airwave.";
}else{
if($_POST['ProfileComment'] == "" || $_POST['ProfileComment'] == "Leave ".$prof->first_name." a comment here...") {
$valid = false;
$error_msgs_comments[] = "Whoops! You forgot to write your comment.";
}else{

/* if the person signed in is NOT the profile */

$query = "SELECT * FROM `cysticUsers` WHERE `id` = '" . $prof->id . "'";
$request = mysql_query($query,$connection) or die(mysql_error());
$result = mysql_fetch_array($request);
$max_post_per_day = 5;

$Email = $result['Email'];
$check_profi = $result['check_profi'];
$check_reply = $result['check_reply'];

if($prof->id != $auth->id && $check_profi == 'checked' && $max_post_per_day < 5) {

$to = $Email;
$subject = "$auth->first_name $auth->last_name commented on your profile on CysticLife";
$message = "$auth->first_name $auth->last_name commented on your profile on CysticLife: <br /><br />\"$body\"<br /><br /> <a href='http://www.cysticlife.org/Profile_build.php?id=" . $prof->id . "'>Click here to view</a><br /><br />Do LIFE,<br /> The CysticLife Team";
$from = "CysticLife <noreply@cysticlife.org>";
$headers  = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
$headers .= "From: $from";
mail($to, $subject, $message, $headers);
}

$query = "SELECT COUNT(*) FROM `CysticAirwaves`
          WHERE `FromUserID` = $auth->id
            AND `date` = CURDATE()";
$result = mysql_query($query, $connection);
$post_count = mysql_result($result, 0);


if($post_count >= $max_posts_per_day)
{
    echo "You have reached the maximum number of posts for the day. Try again tomorrow";
}
else
{

 
  $comment = mysql_real_escape_string($_POST['ProfileComment']);
        $query = "INSERT INTO `CysticAirwaves`
                      (`FromUserID`, `ToUserID`, `comment`, `status`, `statusCommentAirwave`, `date`, `time`)
                  VALUES
                      ('{$auth->id}', '{$prof->id}', '{$comment}', 'active', 'active', CURDATE(), CURTIME())";
        mysql_query($query, $connection) or die(mysql_error());
    }

if($auth->id == $prof->id) {
$just_inserted = mysql_insert_id();
$query = "UPDATE `CysticAirwaves` SET `status` = 'dead' WHERE `FromUserID` = '" . $auth->id . "' AND `ToUserID` = '" . $prof->id . "' AND `id` != '" . $just_inserted . "'";
$request = mysql_query($query,$connection);
}
}
}

}

thanks so much in advanced

Following on from the excellent help in the thread at http://www.phpfreaks.com/forums/php-coding-help/using-a-generated-row-number-in-another-query I have another question regarding the League Standings that are generated there.

I want to have another version that limits the records to the last 5 games for each team. Just using 'LIMIT 5' would return the first five teams and all their records but I want it to retrieve all of the teams and each teams last five records (games). The easy way would be to restrict a the dates but as games get postponed and moved using WHERE with a specific date would not guarantee the same number of games for each team.

There is the possibility that this could be done via the query but I have not come across anything in some quite extensive searching (although, once again, I do not know if I am using the right search terms!) so I assume PHP would, once again be the saviour!

Thanks in advance for any suggestions.
Steve