1

I have the below simple code for inserting some failed login values in my database, but I have some problems:

1- The ip address is being saved in the database as zero no success whatever I do (going crazy on this). 2- I used current time stamp to get the date and time in a simple query, now that I use prepared statements it doesnt work with it, I am forced to use date('Y-m-d H:i:s'); which gives out the wrong time.

My code is:

<?php
    $username = $_SESSION['Name'];
    $ip_address = $_SERVER['REMOTE_ADDR'];
    $attempted = date('Y-m-d H:i:s');
    $query = "INSERT INTO failed_logins (username, ip_address, attempted) VALUES(?, ?, ?)"; 
    $failed = $conn->prepare($query);
    $failed->bindParam(1, $username);
    $failed->bindParam(2, $ip_address);
    $failed->bindParam(3, $attempted);
    $failed->execute();
?>

My ip_address row in the database is int(11) and it is unsigned.

Any suggestions would help thanks

UPDATE:

I did the below but still no luck:

I changed:

 $ip_address = $_SERVER['REMOTE_ADDR'];

to this:

 $ip_address = ip2long($_SERVER['REMOTE_ADDR']);
Serjio
  • 209
  • 2
  • 10

2 Answers2

2

I am forced to use date('Y-m-d H:i:s'); which gives out the wrong time.

Have you tried setting the date_default_timezone_set, i.e.:

date_default_timezone_set('America/Los_Angeles');

You cannot use an int to store a var containing dots ans colons. Change the DB ip_address row from

int(11)

to 

varchar(15); //ipv4

#

ALTER TABLE `sometable`
MODIFY COLUMN `ip_address` varchar(15);

Or 

varchar(45); //ipv6

#

ALTER TABLE `sometable`
MODIFY COLUMN `ip_address` varchar(45);

if you want to store ipv6 addresses

References:

Maximum length of the textual representation of an IPv6 address?

Pedro Lobito
  • 94,083
  • 31
  • 258
  • 268
  • my int is unsigned, and when I change to varchar database gives error, what should I change the attribute to? – Serjio Apr 26 '16 at 16:39
  • You cannot use an `int` to store a variable containing dots ans colons – Pedro Lobito Apr 26 '16 at 16:43
  • @ Pedro Lobito, ok I got that part well, now What should the attribute be for the varhcar here? – Serjio Apr 26 '16 at 16:45
  • @Serjio I'm not following you. Which attribute ? – Pedro Lobito Apr 26 '16 at 16:47
  • @Pedro Lobito, I mean the attributes part in the database for the ip_address row, when the type was int(11) the attribute was unsigned, but now that I changed to varchar it does not accept unsigned anymore, so what should the attribute be instead of unsigned? – Serjio Apr 26 '16 at 16:53
  • You don't need to assign anything. Check my updated answer. – Pedro Lobito Apr 26 '16 at 16:54
  • 1
    @PedroLobito, I got the date fixed, thanks man, I will up vote your answer for that, and I'll work in the ip now – Serjio Apr 26 '16 at 16:58
  • You're very welcome @Serjio. Your code will work as soon as you change the fields on the db. You may want to use a mysql editor with gui, here's a few options for windows http://www.techrepublic.com/blog/five-apps/manage-mysql-from-windows-with-these-five-apps/ .GL – Pedro Lobito Apr 26 '16 at 17:03
  • OK I will work on it, if works I will accept it as answer, thanks for the link. – Serjio Apr 26 '16 at 17:16
-1

Also maybe to get IP(ish):

(string)$ip_address = getRealIpAddr();

function getRealIpAddr() {
    (string)$ip='';
    if (array_key_exists('HTTP_CLIENT_IP', $_SERVER) && !empty($_SERVER['HTTP_CLIENT_IP'])) {   //check ip from share internet
      $ip .= filter_input(INPUT_SERVER, 'HTTP_CLIENT_IP');
    } elseif (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {   //to check ip is pass from proxy
      $ip .= filter_input(INPUT_SERVER, 'HTTP_X_FORWARDED_FOR');
    } else {
      $ip .= filter_input(INPUT_SERVER, 'REMOTE_ADDR');
    }
    return $ip;
}
bt3of4
  • 36
  • 6