Html Posted August 10, 2019 Share Posted August 10, 2019 Hi, I wanted to inquire, I have this comment code, forum code is what it is called, from this code example, if I wanted to stop a random poster from posting, could adding some sort of extra code it log the Internet protocol address to stop a spammer for example. I suppose the address would be logged onto another page, where the option to simply stop the poster from submitting a comment. The comment would need an id with which an IP is logged with in the mysql db? <?php $page_title = 'PHP Process Error' ; include ( 'includes/header.html' ) ; function fail( $str ) { echo "<p>Please enter a $str.</p>"; echo '<p><a href="post.php">Post Message</a>' ; include ( 'includes/footer.html' ) ; exit(); } if( isset( $_POST[ 'message' ] ) ) { if ( !empty( trim( $_POST[ 'first_name' ] ) ) ) { $first_name = addslashes( $_POST[ 'first_name' ] ) ; } else { fail( 'First Name' ) ; } if ( !empty( trim( $_POST[ 'last_name' ] ) ) ) { $last_name = addslashes( $_POST[ 'last_name' ] ) ; } else { fail( 'Last Name' ) ; } if ( !empty( trim( $_POST[ 'subject' ] ) ) ) { $subject = addslashes( $_POST[ 'subject' ] ) ; } else { fail( 'Subject' ) ; } if ( !empty( trim( $_POST[ 'message' ] ) ) ) { $message = addslashes( $_POST[ 'message' ] ) ; } else { fail( 'Message' ) ; } require ( '../connect_db.php' ) ; $sql = "INSERT INTO forum (first_name,last_name,subject,message,post_date) VALUES ('$first_name', '$last_name','$subject', '$message', NOW() )" ; $result = mysqli_query( $dbc, $sql ) ; if (mysqli_affected_rows($dbc) != 1) { echo '<p>Error</p>'.mysqli_error($dbc); mysqli_close( $dbc ) ; } else { mysqli_close( $dbc ) ; header('Location: forum.php') ; } } process.php And here is the forum.php <?php $page_title = 'PHP Forum' ; include ( 'includes/header.html' ) ; require ( '..\connect_db.php' ) ; $sql = 'SELECT * FROM forum' ; $result = mysqli_query( $dbc, $sql ) ; if ( mysqli_num_rows( $result ) > 0 ) { echo '<table><tr><th>Posted By</th><th>Subject</th><th id="msg">Message</th></tr>'; while ( $row = mysqli_fetch_array( $result , MYSQLI_ASSOC )) { echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['post_date'].'</td><td>' . $row['subject'] . '</td><td>' . $row['message'] . '</td> </tr>'; } echo '</table>' ; } else { echo '<p>There are currently no messages.</p>' ; } echo '<p><a href="post.php">Post Message</a></p>' ; mysqli_close( $dbc ) ; include ( 'includes/footer.html' ) ; ?> if( isset( $_POST[ 'message' ] ) ) { if ( !empty( trim( $_POST[ 'first_name' ] ) ) ) { $first_name = addslashes( $_POST[ 'first_name' ] ) ; } else { fail( 'First Name' ) ; } if ( !empty( trim( $_POST[ 'last_name' ] ) ) ) { $last_name = addslashes( $_POST[ 'last_name' ] ) ; } else { fail( 'Last Name' ) ; } if ( !empty( trim( $_POST[ 'subject' ] ) ) ) { $subject = addslashes( $_POST[ 'subject' ] ) ; } else { fail( 'Subject' ) ; } if ( !empty( trim( $_POST[ 'message' ] ) ) ) { $message = addslashes( $_POST[ 'message' ] ) ; } else { fail( 'Message' ) ; } require ( 'connect_db.php' ) ; $sql = "INSERT INTO forum (first_name,last_name,subject,message,post_date) VALUES ('$first_name', '$last_name','$subject', '$message', 'logged address' NOW() )" ; $result = mysqli_query( $dbc, $sql ) ; if (mysqli_affected_rows($dbc) != 1) { echo '<p>Error</p>'.mysqli_error($dbc); mysqli_close( $dbc ) ; } This above, some sort of idea on how it would Link to comment Share on other sites More sharing options...
justsomeguy Posted August 12, 2019 Share Posted August 12, 2019 An IP address blacklist is one option, although it's not difficult to get around it. Most forums will record the IP address any time someone creates an account, posts a message, etc, and then there are tools to look up how a particular IP address has used the forum and things to maybe require admin approval for a certain IP or just block them entirely. The first step is saving the IP when people use your site, and then you can build the other tools that use the IPs. Link to comment Share on other sites More sharing options...
Html Posted August 12, 2019 Author Share Posted August 12, 2019 Right, well that is what I'd want to try and do with what I've got here. So I'm going to need what addition to the mysql? $sql = "INSERT INTO forum (first_name,last_name,subject,message,post_date) VALUES ('$first_name', '$last_name','$subject', '$message', 'logged address' NOW() )" ; I won't need an ID, similar to a registration code. So that logged ip, displays on another page, so not sure how that works out with the code above, somehow send data and linked to the new page. And from there, simply button to End posting or block or what ever. Link to comment Share on other sites More sharing options...
Html Posted August 12, 2019 Author Share Posted August 12, 2019 Alternatively, could use email instead of subject? But the email wouldn't be visible on the posted comments page. Link to comment Share on other sites More sharing options...
dsonesuk Posted August 12, 2019 Share Posted August 12, 2019 You would need a field to identify that email is blocked with boolean true or false, or 0 and 1. Then check users email is not blocked before adding message to forum. You then would create a admin page only accessible to you to adjust and save their blocking status. Link to comment Share on other sites More sharing options...
Html Posted August 12, 2019 Author Share Posted August 12, 2019 I'm not sure how to do achieve that. I guess the email address form may be the first step to getting a system working. So, email instead of subject, and in the mysql db, change subject to email. Then add boolean to the line of email with true and a false setting. Link to comment Share on other sites More sharing options...
Html Posted August 12, 2019 Author Share Posted August 12, 2019 <?php $page_title = 'PHP Forum' ; include ( 'includes/header.html' ) ; require ( 'connect_db.php' ) ; $sql = 'SELECT * FROM forum' ; $result = mysqli_query( $dbc, $sql ) ; if ( mysqli_num_rows( $result ) > 0 ) { echo '<table><tr><th>Posted By</th><th>Subject</th><th id="msg">Message</th></tr>'; while ( $row = mysqli_fetch_array( $result , MYSQLI_ASSOC )) { echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['post_date'].'</td><td>' . $row['email'] . '</td><td>' . $row['message'] . '</td> </tr>'; } echo '</table>' ; } else { echo '<p>There are currently no messages.</p>' ; } echo '<p><a href="post.php">Post Message</a></p>' ; mysqli_close( $dbc ) ; include ( 'includes/footer.html' ) ; ?> Now, I can't post a message, as it states enter a email. <?php $page_title = 'PHP Process Error' ; include ( 'includes/header.html' ) ; function fail( $str ) { echo "<p>Please enter a $str.</p>"; echo '<p><a href="post.php">Post Message</a>' ; include ( 'includes/footer.html' ) ; exit(); } if( isset( $_POST[ 'message' ] ) ) { if ( !empty( trim( $_POST[ 'first_name' ] ) ) ) { $first_name = addslashes( $_POST[ 'first_name' ] ) ; } else { fail( 'First Name' ) ; } if ( !empty( trim( $_POST[ 'last_name' ] ) ) ) { $last_name = addslashes( $_POST[ 'last_name' ] ) ; } else { fail( 'Last Name' ) ; } if ( !empty( trim( $_POST[ 'email' ] ) ) ) { $email = addslashes( $_POST[ 'email' ] ) ; } else { fail( 'email' ) ; } if ( !empty( trim( $_POST[ 'message' ] ) ) ) { $message = addslashes( $_POST[ 'message' ] ) ; } else { fail( 'Message' ) ; } require ( 'connect_db.php' ) ; $sql = "INSERT INTO forum (first_name,last_name,subject,message,post_date) VALUES ('$first_name', '$last_name','$email', '$message', NOW() )" ; $result = mysqli_query( $dbc, $sql ) ; if (mysqli_affected_rows($dbc) != 1) { echo '<p>Error</p>'.mysqli_error($dbc); mysqli_close( $dbc ) ; } else { mysqli_close( $dbc ) ; header('Location: forum.php') ; } } In the mysql db, email line, boolean and then value? 1, no 0,1 can be stored. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 12, 2019 Share Posted August 12, 2019 You can find the user's IP address and other information in the $_SERVER array: https://www.php.net/manual/en/reserved.variables.server.php Link to comment Share on other sites More sharing options...
dsonesuk Posted August 12, 2019 Share Posted August 12, 2019 (edited) If the table stores multiple rows with identical emails or ip addresses its going to almost impossible to block effectively. You would need to have a table to hold singular unique emails OR ip addresses and an blocked column. This column will be type boolean taking true and false value with default false. As administrator you alone would have access to a form list of email or ip addresses to block. Once a posting is made the email/ip IF new is added to blocking table at the same time it will check if current email/ip is listed as blocked, if yes ignore else show. Normally this block column is stored with users registration details such as name, email address, username, password, but i have a feeling this is not the case with the forum code you're using. Edited August 12, 2019 by dsonesuk Link to comment Share on other sites More sharing options...
justsomeguy Posted August 12, 2019 Share Posted August 12, 2019 It would be more efficient for lookups to only store the list of the blocked IPs, the list of all IPs could be retrieved from the IP column in the posts table. Again, some forums also choose to store which IPs an account was created with or at various other points (account activation, login, etc). As an admin I can see the IP on every post here, for example, and can use some tools to see all of the activity associated with a certain IP, like which users posted using it or who registered an account using it. The list of blocked IPs should be its own table only listing those that are blocked, because it's going to need to be looked up fairly frequently and you'd want to keep that as small as possible. Link to comment Share on other sites More sharing options...
dsonesuk Posted August 12, 2019 Share Posted August 12, 2019 What i said. Link to comment Share on other sites More sharing options...
Html Posted August 12, 2019 Author Share Posted August 12, 2019 (edited) Yes the forum code is from the book Php 7. I don't know what I can do with the code, but yes the project I had with the login failed, so I thought, why not expand on what I would of wanted to do with a comment system for a profile index or something. I would needed something like what I want to do eventually. I think for now, I just want to be able to simply End posting to a email account that is listed,, and that is that. But yes this is the error I have after making those small changes in the code above, enter an email, it won't post. Edited August 12, 2019 by Html Link to comment Share on other sites More sharing options...
justsomeguy Posted August 12, 2019 Share Posted August 12, 2019 What i said. No, you said "a table to hold singular unique IP addresses and a blocked column." That's not efficient. Store the IPs along with whatever else makes sense (posts, accounts, etc), but have a separate table for blocked IPs and only list the blocked IPs, not every IP with a column indicating whether or not it's blocked. When you're checking if an IP is blocked you only need to look through the blocked IPs, not every IP. If the point is a blacklist it doesn't make sense to also list everything that is not blacklisted. Just list the blacklist. Link to comment Share on other sites More sharing options...
dsonesuk Posted August 12, 2019 Share Posted August 12, 2019 Since there is NO indication in the insertion of data of id to store it to. I said If the table stores multiple rows with identical emails or ip addresses its going to almost impossible to block effectively. Then said Make a separate table to store blocked ip/email Then at end i said Normally this block column is stored with users registration details such as name, email address, username, password, but i have a feeling this is not the case with the forum code you're using. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 12, 2019 Share Posted August 12, 2019 Quote Then said Make a separate table to store blocked ip/email No.... no, the words "make" and "separate" do not appear in your post: Quote If the table stores multiple rows with identical emails or ip addresses its going to almost impossible to block effectively. You would need to have a table to hold singular unique emails OR ip addresses and an blocked column. This column will be type boolean taking true and false value with default false. As administrator you alone would have access to a form list of email or ip addresses to block. Once a posting is made the email/ip IF new is added to blocking table at the same time it will check if current email/ip is listed as blocked, if yes ignore else show. Normally this block column is stored with users registration details such as name, email address, username, password, but i have a feeling this is not the case with the forum code you're using. Maybe you thought you did, but you didn't say to make a separate table, so it seemed like a good idea to point that out. In fact, it sounds like you're suggesting adding all IPs to a table: Quote Once a posting is made the email/ip IF new is added to blocking table at the same time it will check if current email/ip is listed as blocked, if yes ignore else show. That's not a good idea. Don't do that. Don't have a "block column," do not use a column to state if an IP is blocked or not. Every IP in the table is blocked, that's the specific purpose of the table. You're not describing the same thing I am, you keep talking about a column to store whether it is blocked. That's not a good idea. There's no reason to have a separate table to list all IPs that have accessed the site, you can get that information from the various other tables where the IP is stored along with the post/account/etc. The table of blocked IPs should only list IPs that are blocked. There is no "block column" anywhere. Link to comment Share on other sites More sharing options...
dsonesuk Posted August 13, 2019 Share Posted August 13, 2019 I'm pretty sure 5 hours ago, dsonesuk said: You would need to have a table to hold singular unique emails OR ip addresses and an blocked column. Obviously suggests a separate table as current table would hold many identical email and ip addresses from posts made within the forum. And since you would be listing ip/email associated with individual users ID only, a blocked users listing would be short, and once blocked would disable using ip, email username IF set up to do so. Link to comment Share on other sites More sharing options...
Html Posted August 13, 2019 Author Share Posted August 13, 2019 (edited) $sql = "INSERT INTO forum (first_name,last_name,subject,message,post_date) VALUES ('$first_name', '$last_name','$email', '$message', NOW() )" ; Right okay, hang on. So far all there is what there is displayed above. So now a new table will need to be created, so $email as boolean , 0, 1 value? Then the code <?php $page_title = 'PHP Forum' ; include ( 'includes/header.html' ) ; require ( 'connect_db.php' ) ; $sql = 'SELECT * FROM forum' ; $result = mysqli_query( $dbc, $sql ) ; if ( mysqli_num_rows( $result ) > 0 ) { echo '<table><tr><th>Posted By</th><th>Subject</th><th id="msg">Message</th></tr>'; while ( $row = mysqli_fetch_array( $result , MYSQLI_ASSOC )) { echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['post_date'].'</td><td>' . $row['email'] . '</td><td>' . $row['message'] . '</td> </tr>'; } echo '</table>' ; } else { echo '<p>There are currently no messages.</p>' ; } echo '<p><a href="post.php">Post Message</a></p>' ; mysqli_close( $dbc ) ; include ( 'includes/footer.html' ) ; ?> This will need to have a verify code once an email is typed in, a comment is displayed which simply states error or posting banned. So the code needs some sort of validation or something, with a connection to the mysql db? There is one there at the top. https://www.w3schools.com/sql/func_mysql_isnull.asp I guess select not from email <?php $page_title = 'PHP Forum' ; include ( 'includes/header.html' ) ; require ( 'connect_db.php' ) ; $sql = 'SELECT * FROM forum' ; $sql = 'SELECT * FROM email' ; $result = mysqli_query( $dbc, $sql ) ; if ( mysqli_num_rows( $result ) > 0 ) { echo '<table><tr><th>Posted By</th><th>Subject</th><th id="msg">Message</th></tr>'; while ( $row = mysqli_fetch_array( $result , MYSQLI_ASSOC )) { echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['post_date'].'</td><td>' . $row['email'] . '</td><td>' . $row['message'] . '</td> </tr>'; } echo '</table>' ; } else { echo '<p>There are currently no messages.</p>' ; } echo '<p><a href="post.php">Post Message</a></p>' ; mysqli_close( $dbc ) ; include ( 'includes/footer.html' ) ; ?> Edited August 13, 2019 by Html Removed pointless code example Link to comment Share on other sites More sharing options...
dsonesuk Posted August 13, 2019 Share Posted August 13, 2019 No you have email address or if available a id of the user to identify for blocking. Then a blocked column with boolean with default false. Every post made you will compare email and block status, if blocked is true don't proceed any further with posting. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 13, 2019 Share Posted August 13, 2019 You guys can go ahead with however you want to set it up, but it is not efficient to have a table hold everything and say what is blocked. It is much more efficient to have a table only contain what is blocked. If you really want to list everything and have a column saying whether it's blocked I'm not going to stop you, it's just a bad design. Link to comment Share on other sites More sharing options...
dsonesuk Posted August 13, 2019 Share Posted August 13, 2019 Bad joomla for using such a method bad bad jommla. Its used to control users who abuse the site. It will only store current users IP and email against the users id. Link to comment Share on other sites More sharing options...
Html Posted August 13, 2019 Author Share Posted August 13, 2019 (edited) Well, for now I only want the email, I decided to leave the Ip for the moment, and get this first step done. And yes there is an id so far 1. If you see, I'm trying to picture what needs to go where, <?php $page_title = 'PHP Forum' ; include ( 'includes/header.html' ) ; require ( 'connect_db.php' ) ; $sql = 'SELECT * FROM forum' ; $sql = 'SELECT * FROM email' ; $result = mysqli_query( $dbc, $sql ) ; if ( mysqli_num_rows( $result ) > 0 ) { echo '<table><tr><th>Posted By</th><th>Subject</th><th id="msg">Message</th></tr>'; while ( $row = mysqli_fetch_array( $result , MYSQLI_ASSOC )) { echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['post_date'].'</td><td>' . $row['email'] . '</td><td>' . $row['message'] . '</td> </tr>'; } echo '</table>' ; } else { echo '<p>There are currently no messages.</p>' ; } echo '<p><a href="post.php">Post Message</a></p>' ; mysqli_close( $dbc ) ; include ( 'includes/footer.html' ) ; ?> So a blocked column in email. # Name Type Collation Attributes Null Default Extra Action 1 blocked tinyint(1) No None Edited August 13, 2019 by Html Added example Link to comment Share on other sites More sharing options...
justsomeguy Posted August 13, 2019 Share Posted August 13, 2019 Bad joomla for using such a method bad bad jommla. Yeah, a lot of big projects have bad ideas. No reason to copy them. If you see, I'm trying to picture what needs to go where, Are you saying that you have a table called "email", and in the email table you have columns for first_name, last_name, post_date, email, and message? If that's true, then why did you decide to name that table "email?" Link to comment Share on other sites More sharing options...
Html Posted August 13, 2019 Author Share Posted August 13, 2019 No, there it is Forum and email are the two tables. The code states forum. # Name Type Collation Attributes Null Default Extra Action 1 blocked tinyint(1) No None Link to comment Share on other sites More sharing options...
justsomeguy Posted August 13, 2019 Share Posted August 13, 2019 You're not selecting and displaying records from the forum table, you're using the email table. Look at the code. Link to comment Share on other sites More sharing options...
Html Posted August 13, 2019 Author Share Posted August 13, 2019 Sure, I understand that. What I want to do is that the code obviously would check and store the email that was removed from posting. That is the purpose in the email table. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now