Consegui um script aparentemente simples na internet, mas descobri que ele é falho.
A função dele é simples: o usuário loga com seu usuário e email cadastrado no banco de dados e, se o login tiver sucesso, o script envia um query direto no banco de dados. Até ai tudo bem, mas esse login só é permitido a cada 12 horas e a contagem desse tempo é controlada por IP e não por login, o que permite que qualquer um reinicie sua conexão e execute a query quantas vezes a paciência deixar.
Então, gostaria de alterar esse script para que o controle do tempo fosse feito pelo login no lugar do IP e, se fosse possível, que fosse controlado pelos 2. Se aquele mesmo IP não tivesse sido usado em XX horas, a tela de login apareceria e, se o login já tivesse sido executado antes das 12 horas, retornar a mesma tela de tempo restante.
Aqui estão os scripts:
config.inc.php
<?php
////// Global parameters
$DBHost = "123.456.78.90"; // localhost or your IP
$DBUser = "root"; // Database user
$DBPassword = "123456"; // Database password
$DBName = "dbo"; // Database name
$ipLog='ipLogFile.txt'; // Your logfiles name here
$timeout='12'; // How many hours to block IP
?>
func.inc.php
<?php
//parsed global vars;
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $vis_ip = getenv(REMOTE_ADDR); else $vis_ip = $_SERVER['REMOTE_ADDR'];
////// Functions
function checkLog($vis_ip,$ipLog,$timeout)
{
global $valid;
global $timeleft;
$ip=$vis_ip;
$data=file("$ipLog"); $now=time();
$valid = true;
foreach ($data as $record)
{
$subdata=explode("][",$record);
if ($now < ($subdata[1]+3600*$timeout) && $ip == $subdata[0])
{
$valid=0;
$timeleft = parseTime(3600*$timeout - ($now - $subdata[1] ) );
break;
}
}
}
function recordData($vis_ip,$ipLog,$goHere)
{
$log=fopen("$ipLog", "a+");
fputs ($log,$vis_ip."][".time()."\n");
fclose($log);
}
function parseTime($t) {
$mn = ceil($t/60)%60;
$hr = ($t/3600);
$ts = (floor($hr)? floor($hr). ' hour'.(floor($hr)>1?'s':'').($mn>0? ' and '.$mn. ' minute'.(ceil($mn)>1?'s':'').'.':'.'): $mn. ' minutes.');
return $ts;
}
?>
<?php
include 'config.inc.php';
include 'func.inc.php';
$valid= true;
$timeleft = 0;
checkLog($vis_ip,$ipLog,$timeout);
?>
<html><head><title>Perfect World Romania Vote Reward System! </title></head>
<center>
<style type="text/css">
<!--
body {
background-color: #141414;
}
FONT {
FONT-SIZE: 10px;
COLOR: #FF0000;
FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;
}
A:link {
FONT-SIZE: 12px;
COLOR: #FF0000;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
A:visited {
FONT-SIZE: 12px;
COLOR: #808080;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
A:active {
FONT-SIZE: 12px;
COLOR: #FFFFFF;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
A:hover {
FONT-SIZE: 12px;
COLOR: #FF0000;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
-->
</style>
</head>
<body>
<font style="font-size:12px" face="gorgia">
<br><br><center><B>Perfect World Romania Vote Reward System!<br>
<?php
if(!$valid) {
?>
<br><br><br><br>
You can vote once every 12 hours.<br><br> Try again in <?php echo $timeleft ?>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<?php
}else{
?>
<br> Please login below. <br><br>Once logged in you will be taken to the voting site and upon completing the voting process, you will be granted 100 Cubi Gold.<BR>
<br>
You will be asked for 2 words to verify you are not a bot.
<br>Once you have voted, please make sure to find out server in the list and click on it.
<br>You get a vote for both an incoming and outgoing click and it helps our server!
<br><br><br>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1">
<tr>
<td colspan="3"><font style="font-size:12px"><strong>PW Romania Username and Email Login </strong></td>
</tr>
<tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr>
<tr>
<td width="78"><font style="font-size:12px"><b>UserName</td>
<td width="6">:</td>
<td width="294"><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td><font style="font-size:12px"><b>E-Mail</td>
<td>:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Vote"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<br>
<?php
}
?>
Clicking vote takes you to the following site to vote for us.<br><br><br>
<img src="http://www.xtremeTop100.com/votenew.jpg" border="0" alt="Perfect World"></a>
</center><font style="font-size:12px"><BR><BR>
Warning:<BR><BR>
Please note, that you MUST complete the entire voting process in order to have your gold delivered OR your vote count!! (Thank you for your support D3M3!)
</body>
</html>
checklogin.php
<?php
ob_start();
include 'config.inc.php';
include 'func.inc.php';
// Connect to server and select databse.
$Link = MySQL_Connect($DBHost, $DBUser, $DBPassword) or die ("Can't connect to MySQL");
MySQL_Select_Db($DBName, $Link) or die ("Database ".$DBName." dosent exist.");
// Define $myusername and $mypassword
$Name=$_POST['name'];
$Email=$_POST['email'];
// To protect MySQL injection (more detail about MySQL injection)
$Name = stripslashes($Name);
$Email = stripslashes($Email);
$Name = mysql_real_escape_string($Name);
$Email = mysql_real_escape_string($Email);
$Result = mysql_query("SELECT * FROM users WHERE name='$Name' and email='$Email'");
$count=mysql_num_rows($Result);
if($count==1)
{
//add record data in the ipLog file
recordData($vis_ip,$ipLog,$goHere);
$row2 = mysql_fetch_array( $Result );
$ID = $row2['ID'];
$TIME = $row2['creatime'];
MySQL_Query("INSERT INTO usecashnow (userid, zoneid, sn, aid, point, cash, status, creatime) VALUES ($ID, 1, -1, 1, 0, 10000, 0, '$TIME')");
session_register("name");
session_register("email");
header("location:login_success.php");
}
else {
?>
<html><head><title>Perfect World Romania Vote Reward System! </title></head>
<center>
<style type="text/css">
<!--
body {
background-color: #141414;
}
FONT {
FONT-SIZE: 10px;
COLOR: #FF0000;
FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;
}
A:link {
FONT-SIZE: 12px;
COLOR: #FF0000;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
A:visited {
FONT-SIZE: 12px;
COLOR: #808080;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
A:active {
FONT-SIZE: 12px;
COLOR: #FFFFFF;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
A:hover {
FONT-SIZE: 12px;
COLOR: #FF0000;
FONT-FAMILY: arial, helvetica, verdana, sans-serif;
TEXT-DECORATION: none;
}
-->
</style>
</head>
<body>
<font style="font-size:12px" face="gorgia">
<br><br><center><B>Perfect World Romania Vote Reward System!<br>
<br><br><br><br><br><br>
Wrong Username or E-mail
<br><br><br>
<a href="index.php" style="color:red;TEXT-DECORATION: underline;">Try again?</a>
<br><br><br><br><br><br><br><br><br><br><br>
Clicking vote takes you to the following site to vote for us.<br><br><br>
<img src="http://www.xtremeTop100.com/votenew.jpg" border="0" alt="Perfect World"></a>
</center><font style="font-size:12px"><BR><BR>
Warning:<BR><BR>
Please note, that you MUST complete the entire voting process in order to have your gold delivered OR your vote count!! (Thank you for your support D3M3!)
</body>
<?php
}
ob_end_flush();
define("DATE_FORMAT","d.m.Y - H : i : s");
define("LOG_FILE","log.html");
$logfileHeader='
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Visitors log</title>
<link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table cellpadding="0" cellspacing="1">
<tr><th>DATE</th><th>NAME</th><th>EMAIL</th><th>IP</th></tr>'."\n";
$userIp = (isset($_SERVER['REMOTE_ADDR']) && ($_SERVER['REMOTE_ADDR'] != "")) ? $_SERVER['REMOTE_ADDR'] : "Unknown";
$actualTime = date(DATE_FORMAT);
$logEntry = "<b>[ <tr><td>$actualTime</td> <td>$Name</td> <td>$Email</td> <td>$userIp</td> </tr>]</b><br> \n";
if (!file_exists(LOG_FILE)) {
$logFile = fopen(LOG_FILE,"w");
fwrite($logFile, $logfileHeader);
}
else {
$logFile = fopen(LOG_FILE,"a");
}
fwrite($logFile,$logEntry);
fclose($logFile);
?>
Agradeço desde já a atenção!
Editado por Jonathan Queiroz Remover palavra "help" do título conforme regra 3.6 (Jonathan)
Pergunta
ReadyGO!
Boa tarde, gente!
Estou com uma dificuldade aqui...
Consegui um script aparentemente simples na internet, mas descobri que ele é falho.
A função dele é simples: o usuário loga com seu usuário e email cadastrado no banco de dados e, se o login tiver sucesso, o script envia um query direto no banco de dados. Até ai tudo bem, mas esse login só é permitido a cada 12 horas e a contagem desse tempo é controlada por IP e não por login, o que permite que qualquer um reinicie sua conexão e execute a query quantas vezes a paciência deixar.
Então, gostaria de alterar esse script para que o controle do tempo fosse feito pelo login no lugar do IP e, se fosse possível, que fosse controlado pelos 2. Se aquele mesmo IP não tivesse sido usado em XX horas, a tela de login apareceria e, se o login já tivesse sido executado antes das 12 horas, retornar a mesma tela de tempo restante.
Aqui estão os scripts:
config.inc.php
func.inc.php<?php //parsed global vars; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) $vis_ip = getenv(REMOTE_ADDR); else $vis_ip = $_SERVER['REMOTE_ADDR']; ////// Functions function checkLog($vis_ip,$ipLog,$timeout) { global $valid; global $timeleft; $ip=$vis_ip; $data=file("$ipLog"); $now=time(); $valid = true; foreach ($data as $record) { $subdata=explode("][",$record); if ($now < ($subdata[1]+3600*$timeout) && $ip == $subdata[0]) { $valid=0; $timeleft = parseTime(3600*$timeout - ($now - $subdata[1] ) ); break; } } } function recordData($vis_ip,$ipLog,$goHere) { $log=fopen("$ipLog", "a+"); fputs ($log,$vis_ip."][".time()."\n"); fclose($log); } function parseTime($t) { $mn = ceil($t/60)%60; $hr = ($t/3600); $ts = (floor($hr)? floor($hr). ' hour'.(floor($hr)>1?'s':'').($mn>0? ' and '.$mn. ' minute'.(ceil($mn)>1?'s':'').'.':'.'): $mn. ' minutes.'); return $ts; } ?>logger.php<?php define("DATE_FORMAT","d.m.Y - H : i : s"); define("LOG_FILE","log.html"); $logfileHeader=' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <title>Visitors log</title> <link href="style/style.css" rel="stylesheet" type="text/css" /> </head> <body> <table cellpadding="0" cellspacing="1"> <tr><th>DATE</th><th>USER</th><th>EMAIL</th><th>IP</th><th>URI</th></tr>'."\n"; $userIp = (isset($_SERVER['REMOTE_ADDR']) && ($_SERVER['REMOTE_ADDR'] != "")) ? $_SERVER['REMOTE_ADDR'] : "Unknown"; $uri = (isset($_SERVER['REQUEST_URI']) && ($_SERVER['REQUEST_URI'] != "")) ? $_SERVER['REQUEST_URI'] : "Unknown"; $actualTime = date(DATE_FORMAT); $logEntry = "[ <tr><td>$actualTime</td> <td>$userIp</td> <td>$uri</td> </tr>]<br> \n"; if (!file_exists(LOG_FILE)) { $logFile = fopen(LOG_FILE,"w"); fwrite($logFile, $logfileHeader); } else { $logFile = fopen(LOG_FILE,"a"); } fwrite($logFile,$logEntry); fclose($logFile); ?>login_success.php<? session_start(); if(!session_is_registered(myusername)){ header("http://yourvotelink.com"); } ?> <html> <body> Login Successful </body> </html>index.php<?php include 'config.inc.php'; include 'func.inc.php'; $valid= true; $timeleft = 0; checkLog($vis_ip,$ipLog,$timeout); ?> <html><head><title>Perfect World Romania Vote Reward System! </title></head> <center> <style type="text/css"> <!-- body { background-color: #141414; } FONT { FONT-SIZE: 10px; COLOR: #FF0000; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; } A:link { FONT-SIZE: 12px; COLOR: #FF0000; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } A:visited { FONT-SIZE: 12px; COLOR: #808080; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } A:active { FONT-SIZE: 12px; COLOR: #FFFFFF; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } A:hover { FONT-SIZE: 12px; COLOR: #FF0000; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } --> </style> </head> <body> <font style="font-size:12px" face="gorgia"> <br><br><center><B>Perfect World Romania Vote Reward System!<br> <?php if(!$valid) { ?> <br><br><br><br> You can vote once every 12 hours.<br><br> Try again in <?php echo $timeleft ?> <br><br><br><br><br><br><br><br><br><br><br><br><br><br> <?php }else{ ?> <br> Please login below. <br><br>Once logged in you will be taken to the voting site and upon completing the voting process, you will be granted 100 Cubi Gold.<BR> <br> You will be asked for 2 words to verify you are not a bot. <br>Once you have voted, please make sure to find out server in the list and click on it. <br>You get a vote for both an incoming and outgoing click and it helps our server! <br><br><br> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1"> <tr> <form name="form1" method="post" action="checklogin.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1"> <tr> <td colspan="3"><font style="font-size:12px"><strong>PW Romania Username and Email Login </strong></td> </tr> <tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr> <tr> <td width="78"><font style="font-size:12px"><b>UserName</td> <td width="6">:</td> <td width="294"><input name="name" type="text" id="name"></td> </tr> <tr> <td><font style="font-size:12px"><b>E-Mail</td> <td>:</td> <td><input name="email" type="text" id="email"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Vote"></td> </tr> </table> </td> </form> </tr> </table> <br> <?php } ?> Clicking vote takes you to the following site to vote for us.<br><br><br> <img src="http://www.xtremeTop100.com/votenew.jpg" border="0" alt="Perfect World"></a> </center><font style="font-size:12px"><BR><BR> Warning:<BR><BR> Please note, that you MUST complete the entire voting process in order to have your gold delivered OR your vote count!! (Thank you for your support D3M3!) </body> </html>checklogin.php<?php ob_start(); include 'config.inc.php'; include 'func.inc.php'; // Connect to server and select databse. $Link = MySQL_Connect($DBHost, $DBUser, $DBPassword) or die ("Can't connect to MySQL"); MySQL_Select_Db($DBName, $Link) or die ("Database ".$DBName." dosent exist."); // Define $myusername and $mypassword $Name=$_POST['name']; $Email=$_POST['email']; // To protect MySQL injection (more detail about MySQL injection) $Name = stripslashes($Name); $Email = stripslashes($Email); $Name = mysql_real_escape_string($Name); $Email = mysql_real_escape_string($Email); $Result = mysql_query("SELECT * FROM users WHERE name='$Name' and email='$Email'"); $count=mysql_num_rows($Result); if($count==1) { //add record data in the ipLog file recordData($vis_ip,$ipLog,$goHere); $row2 = mysql_fetch_array( $Result ); $ID = $row2['ID']; $TIME = $row2['creatime']; MySQL_Query("INSERT INTO usecashnow (userid, zoneid, sn, aid, point, cash, status, creatime) VALUES ($ID, 1, -1, 1, 0, 10000, 0, '$TIME')"); session_register("name"); session_register("email"); header("location:login_success.php"); } else { ?> <html><head><title>Perfect World Romania Vote Reward System! </title></head> <center> <style type="text/css"> <!-- body { background-color: #141414; } FONT { FONT-SIZE: 10px; COLOR: #FF0000; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif; } A:link { FONT-SIZE: 12px; COLOR: #FF0000; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } A:visited { FONT-SIZE: 12px; COLOR: #808080; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } A:active { FONT-SIZE: 12px; COLOR: #FFFFFF; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } A:hover { FONT-SIZE: 12px; COLOR: #FF0000; FONT-FAMILY: arial, helvetica, verdana, sans-serif; TEXT-DECORATION: none; } --> </style> </head> <body> <font style="font-size:12px" face="gorgia"> <br><br><center><B>Perfect World Romania Vote Reward System!<br> <br><br><br><br><br><br> Wrong Username or E-mail <br><br><br> <a href="index.php" style="color:red;TEXT-DECORATION: underline;">Try again?</a> <br><br><br><br><br><br><br><br><br><br><br> Clicking vote takes you to the following site to vote for us.<br><br><br> <img src="http://www.xtremeTop100.com/votenew.jpg" border="0" alt="Perfect World"></a> </center><font style="font-size:12px"><BR><BR> Warning:<BR><BR> Please note, that you MUST complete the entire voting process in order to have your gold delivered OR your vote count!! (Thank you for your support D3M3!) </body> <?php } ob_end_flush(); define("DATE_FORMAT","d.m.Y - H : i : s"); define("LOG_FILE","log.html"); $logfileHeader=' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <title>Visitors log</title> <link href="style/style.css" rel="stylesheet" type="text/css" /> </head> <body> <table cellpadding="0" cellspacing="1"> <tr><th>DATE</th><th>NAME</th><th>EMAIL</th><th>IP</th></tr>'."\n"; $userIp = (isset($_SERVER['REMOTE_ADDR']) && ($_SERVER['REMOTE_ADDR'] != "")) ? $_SERVER['REMOTE_ADDR'] : "Unknown"; $actualTime = date(DATE_FORMAT); $logEntry = "<b>[ <tr><td>$actualTime</td> <td>$Name</td> <td>$Email</td> <td>$userIp</td> </tr>]</b><br> \n"; if (!file_exists(LOG_FILE)) { $logFile = fopen(LOG_FILE,"w"); fwrite($logFile, $logfileHeader); } else { $logFile = fopen(LOG_FILE,"a"); } fwrite($logFile,$logEntry); fclose($logFile); ?>Agradeço desde já a atenção!
Editado por Jonathan QueirozRemover palavra "help" do título conforme regra 3.6 (Jonathan)
Link para o comentário
Compartilhar em outros sites
2 respostass a esta questão
Posts Recomendados
Participe da discussão
Você pode postar agora e se registrar depois. Se você já tem uma conta, acesse agora para postar com sua conta.