date && time && ip

**t0WL337** · Jun 8, 2007 11:26

Okay I just drew up a quick form and php script. I am trying to create a little registration script.
How would I go about getting the users ip adress and date time they registered?

Is my securing the password good enough?

Should I be using a mysql_real_escape_string function in places?

HTML Code:

<form action="registered.php">
<input type="hidden" name="ip" value="<?php 'their ip adress??' ?>" >
<input type="hidden" name="registered" value="<?php 'their registration date time??' ?>" >
Email address: <input type="text" name="username" value="">
Password: <input type="password" name="password" value="">
Confirm Password: <input type="password" name="password2" value="">
<input type="submit" name="submit" value="submit">
</form>

PHP Code:


<?php



if (isset['submit']) 

    {

    $username = $_POST['username'];

    $password = md5($_POST['password']);

    $ip = $_POST['ip'];

    $registered = $_POST['registered']



    $query = 'INSERT INTO '.$db->prefix.'users (username, password, registration_date, user_ip,) VALUES('.$username.', '.$password.', '.$registered.', '.$ip); 

    $result = mysql_query($query);

    }

?>

**stymiee** · Jun 8, 2007 11:28

IP: $_SERVER['REMOTE_ADDR']
Date: date()

Use mysql_real_escape_string() whenever you accept user input and on all strings. Remember, this is not a replacement for data validation.

**t0WL337** · Jun 8, 2007 11:29

What would I put between the brackets for date function?

**stymiee** · Jun 8, 2007 11:32

That depends on how you want it formatted. The php documentation page I linked to will tell you what your options are.

**t0WL337** · Jun 8, 2007 11:43

Okay, that was easy enough thanks!

I have something new that is much more complicated. Basically selecting all ips, and checking the last time when the viewed a certain page. Any ideas on that one?

I am thinking maybe, create a new table for this one? or maybe just a new field in the users table called last visit and base it only on that particular page?

**t0WL337** · Jun 8, 2007 12:40

Here is the updated script.. does the while loop look plausible?
I am trying to make it so that two people cannot register with the same name.

PHP Code:


<?php



require 'config.php';



$result = mysql_query('SELECT * FROM users') or die('Could not gather info: ' . mysql_error());





if (isset($_POST['submit'])) 

    {

    $username = $_POST['username'];

    $password = sha1($_POST['password']);

    $ip = $_SERVER['REMOTE_ADDR'];

    $registered = date("F j, Y, g:i a");  

    

    while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) 

            {

        if ($username != $line['username'])

        {

    $query = 'INSERT INTO users (username, password, registration_date, user_ip) VALUES('.$username.', '.$password.', '.$registered.', '.$ip.')';

    $result = mysql_query($query);

            }

        }

    } 

    

    else 

    {

        echo 'Die Hacking Attempt!';

    }



        

?>

New problem

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'localhost, root, ' (11004) in C:\Program Files\wamp\www\tyrant\config.php on line 8

Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Program Files\wamp\www\tyrant\config.php on line 9

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in C:\Program Files\wamp\www\tyrant\config.php on line 9
Could not select database

PHP Code:


<?php



$dbname = 'tyrant';

$dbuser = 'root';

$dbhost = 'localhost';

$dbpass = '';



    mysql_connect($dbhost.', '.$dbuser.', '.$dbpass);

    mysql_select_db($dbname) or die('Could not select database');

    

?>

Fixed problem

User Tag List

Thread: date && time && ip

Thread Tools

Display

date && time && ip

Bookmarks

Bookmarks

Posting Permissions