PHP Classes

One Question

Recommend this page to a friend!

      PHP Flood Protection  >  All threads  >  One Question  >  (Un) Subscribe thread alerts  
Subject:One Question
Summary:can it also by possible to save the timestamp in a session?
Messages:5
Author:I. Gaffling
Date:2019-11-12 13:55:07
 

  1. One Question   Reply   Report abuse  
Picture of I. Gaffling I. Gaffling - 2019-11-12 13:55:07
or are there any reasons that this will not work?

Nice Class - Best Regards

  2. Re: One Question   Reply   Report abuse  
Picture of Melanie Wehowski Melanie Wehowski - 2019-11-12 17:00:28 - In reply to message 1 from I. Gaffling
Hello Gaffling,
an attacker may ignore the session cookie, so the session could be generated for a new session id on every request.
So the script would the every attackers request as it hits the page for the first time.

You may use additional security methods relying on session, e.g. a captcha or something else.

mfg



  3. Re: One Question   Reply   Report abuse  
Picture of I. Gaffling I. Gaffling - 2019-11-13 06:49:44 - In reply to message 2 from Melanie Wehowski
Hello Till,

Thanks for the detailed answer

Best Regards

  4. Re: One Question (addendum)   Reply   Report abuse  
Picture of I. Gaffling I. Gaffling - 2019-11-13 07:53:29 - In reply to message 3 from I. Gaffling
What do you think about such a function to get the IP of an user?

function ip(){
switch(true){
case (!empty($_SERVER['HTTP_X_REAL_IP'])) : return $_SERVER['HTTP_X_REAL_IP'];
case (!empty($_SERVER['HTTP_CLIENT_IP'])) : return $_SERVER['HTTP_CLIENT_IP'];
case (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) : return $_SERVER['HTTP_X_FORWARDED_FOR'];
case ($_SERVER['REMOTE_ADDR']== '::1') : return '127.0.0.1';
default : return $_SERVER['REMOTE_ADDR'];
}
}

Is it better than only $_SERVER['REMOTE_ADDR'] ?

  5. Re: One Question   Reply   Report abuse  
Picture of Melanie Wehowski Melanie Wehowski - 2019-11-13 11:57:55 - In reply to message 4 from I. Gaffling
Hi Gaffling,
I would say it depends on your implementation. If you focus on the clients IP or the proxy.

X-Forwarded-For is just a http header, it may depend on the proxy if you rely on it.

stackoverflow.com/questions/1145293 ...

So I'm not quite sure.