-2

I am new in PHP and I am making a script. Can you help, where am I wrong? I would also like to understand it not only have the code because I am learning. It is an IP ban script (Or i want it to be :D )

<?php
mysql_connect('host', 'user', 'mypasss') or die(mysql_error()); 
mysql_select_db('databse')
$ip = (isset($_SERVER)) ? $_SERVER['REMOTE_ADDR'] : $HTTP_SERVER_VARS['REMOTE_ADDR']; 
echo "Your IP: ".$ip; 

$query = mysql_query("SELECT `ip` FROM `user` WHERE `ip` = '$ip'");
$row = mysql_fetch_array($query); 

$protocol = strpos(strtolower($_SERVER['SERVER_PROTOCOL']),'https') 
            === FALSE ? 'http' : 'https';

$host     = $_SERVER['HTTP_HOST'];

$script   = $_SERVER['SCRIPT_NAME'];
$params   = $_SERVER['QUERY_STRING'];

$currentUrl = $protocol . '://' . $host . $script . '?' . $params;


if ($row) {

   header("Location: $currentUrl/ban/ban.php"); 
   exit(); 
} else {
 $sql = mysql_query("INSERT  INTO user(ip) VALUES ('".$ip."') ");
 header("Location: $currentUrl/ban/ban.php");
}

?>

Thanks for your help :)

Lion
  • 18,729
  • 22
  • 80
  • 110
MLL
  • 11
  • 1
  • 4
  • 1
    Please be specific about the error that you might be getting. – Lion Mar 30 '13 at 19:36
  • 1
    Can you explain what exactly "is wrong" and give a proper explanation and title? – Tim Mar 30 '13 at 19:36
  • It just does not load. You can get it here http://malamut.hu/prog/bottracker/caught_bot/ – MLL Mar 30 '13 at 19:38
  • **You shouldn't use `mysql_*` functions in new code** ([why?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php)), they are [deprecated](https://wiki.php.net/rfc/mysql_deprecation). Use [PDO or MySQLi](http://php.net/manual/en/mysqlinfo.api.choosing.php) instead – kero Mar 30 '13 at 19:38
  • but I use mysql_connect in other projects, and those are working well. – MLL Mar 30 '13 at 19:40
  • So, you want to insert IP in the ban table, if the user is not already banned? Does it happen, no matter the blank page? Also you are checking if $row is true for some reason, should you extract the result and then check it? – Royal Bg Mar 30 '13 at 19:44
  • Yes. I wan to insert there if it is not banned. It is a bot tracker and it will be in a denied folder by robots.txt.. If the ip is there, I don't want to write in the database. that is $row – MLL Mar 30 '13 at 19:46
  • And I can also tell that it will be a bot banner script for me and some friends because I hate 3000 visitors on my site which is not really that big: http://malamut.hu – MLL Mar 30 '13 at 19:47
  • 1
    @MLL They're working well for now, but the MySQL extension is no longer maintained and will eventually go away entirely. – ceejayoz Mar 30 '13 at 19:47
  • okey, but I am not on that level to think of future. I would like to learn today :D if the script is wrking, then I will correct that – MLL Mar 30 '13 at 19:55
  • Okey guys, Thank you for help, The problem was very simple. I found it and it is on line 3. THe semicolon is missing Thanks for everyon's help – MLL Mar 30 '13 at 20:00

1 Answers1

0

I think the error_reporting is off and therefore you get no error like "Cannot modify header information – headers already sent" because you make an echo "Your IP: ".$ip; before the header()-call and this usually will cause an error. See http://www.php.net/manual/en/function.header.php

fr4nk
  • 176
  • 1
  • 13
  • Thank you, but I don't really understanded what is the problem here. I also looked up the link you showed – MLL Mar 30 '13 at 19:50
  • add `error_reporting(E_ALL);` at the very beginning in your script and comment the `echo` out, reload site, if there is an error, pls report – fr4nk Mar 30 '13 at 19:54
  • Okay, I found the problem it was the missing semicolon after mysql_select_db('database'); – MLL Mar 30 '13 at 19:59
  • so it seems that error_reporting is off at your server? maybe you should enable it via .htaccess while developing, helps a lot to find these kind of errors – fr4nk Mar 30 '13 at 20:03
  • I don't know. I will look after it – MLL Mar 30 '13 at 20:06
  • Do you know some good free SQL hosts? Because mine only listens to the calls from their own server – MLL Mar 30 '13 at 20:15