100 Web Space

[PHP] Logging IP Address/Security
Page 1 of 1

Author:  wilbue [ Wed Aug 23, 2006 6:49 am ]
Post subject:  [PHP] Logging IP Address/Security

I am trying to teach myself some php & mysql.

I am very interested in learning how to make php applications secure from hackers.

I just wrote this to do a simple log of ip addresses to a text file:

function writeip($arg) {
$ip = getenv("REMOTE_ADDR");
$log = "\n$ip";
$fa = fopen("/home/iplog/iplog", "a");
$login = "$log";
fwrite($fa, $login);
$date = date("M, j, Y");
$time = date("g:i a");
fwrite($fa, " $arg on $date at $time \r\n");

Notice how I try to use a path which is ABOVE my www, since I am told that such a location is harder to access and hack.

Today, I wrote this code to log IP addresses to a mysql table, and record how many attempts they have made. My idea is to detect unusual activity, and ban that ip address.



$conn = mysql_connect("$location","$username","$password");
if (!$conn) die ("Could not connect MySQL");
mysql_select_db($database,$conn) or die ("Could not open

$ip = getenv("REMOTE_ADDR");

$sql = "select * from iplog where ipaddress =\"$ip\" ";
$rs = mysql_query($sql,$conn) or die ("could not select database");

$num = mysql_numrows($rs);

if ($num == 0) {
$insert = "INSERT INTO iplog (ipaddress, logon, attempts, logoff, banned, prior1, prior2, prior3, prior4, prior5)
VALUES (\"$ip\", NOW(), 1, NOW(), \"N\", NOW(), NOW(), NOW(), NOW(), NOW() )";
mysql_query($insert) or die ("Could not add data to the table");

if ($num != 0) {
$sql = "update iplog set attempts = 0 where ipaddress = \"$ip\" and logon < date_add(curdate(), interval -1 day)";
mysql_query($sql, $conn) or die ("could not update attempts");

$sql = "update iplog set logon = now() where ipaddress = \"$ip\"";
mysql_query($sql, $conn) or die ("could not update attempts");

$sql = "update iplog set attempts = attempts + 1 where ipaddress = \"$ip\"";
mysql_query($sql, $conn) or die ("could not update attempts");



I am really a beginner in sql, so my sql is very simple-minded. In the sql above, I reset the number of attemps if the logon date is more than a day or so old. Eventually, I shall add code to shife the dates down, so there is a record of the last 6 dates. It seems to me that all sorts of things are possible if one impliments this sort of audit trail.

I would appreciate any tips, advice, criticism.

Notice how I use INCLUDE to pull in my password/connect info for mysql, and my include file is above the /www.

My other project was to experiment with the session id for cookieless sessions.

One book that is very helpful to me is PHP IN EASY STEPS by Mike McGrath by Barnes & Noble.

I have also been experimenting with password protection on folders.
It took me a while to figure out the paths to get the password file above the /www.

I would enjoy hearing from anyone who shares my interest in such recreational programming.

Author:  wilbue [ Wed Aug 23, 2006 12:40 pm ]
Post subject: 

Thanks so much for the fast reply and valuable feedback.

I know so little sql at this point, that numrows() was my lazy way of seeing that there is just ONE row matching the ip address.

I suppose I could do something like IF($rs) and IF(!$rs) to simply test for results.

I need to look up how to cycle through all the $rs, and access and process each field value, row by row. I used the lazy man's update/replace commands because I was in a hurry to see something work, and was not certain how to process each $rs field of each row.

Once I get a library of code snippets to do all the basic things I need to do, then I shall be on my way.

I would like to know enough about php mysql to one day do something for an actual small company, which they would use in their daily business, but I would need to be certain that it is not likely to be hacked.

It would be nice to see some audit trail of the number and kinds of hacks that are experienced by php apps on this host.

I am also searching in google for a "top 10" check list of security issues to cover (or safe techniques) for php and mysql.

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group