From owner-freebsd-questions  Fri Jan 12 16:13:57 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39])
	by hub.freebsd.org (Postfix) with ESMTP id 286BC37B402
	for <freebsd-questions@FreeBSD.ORG>; Fri, 12 Jan 2001 16:13:39 -0800 (PST)
Received: from nisser.com (roelof [10.0.0.2])
	by nisser.com (8.9.3/8.9.2) with ESMTP id BAA40430;
	Sat, 13 Jan 2001 01:13:29 +0100 (CET)
	(envelope-from roelof@nisser.com)
Message-ID: <3A5F9DA9.6D806ABC@nisser.com>
Date: Sat, 13 Jan 2001 01:13:29 +0100
From: Roelof Osinga <roelof@nisser.com>
Organization: Nisser - Nr. 1 in Veiligheid
X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; U)
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: "Paul M . Lambert" <plambert@plambert.net>
Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Limiting number of downloads per user in Apache??
References: <3A5E42FB.D728F40F@i-clue.de> <Pine.BSF.4.21.0101111843050.51405-100000@www.bellnetworks.net> <20010111155028.B316@pinky.plambert.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Paul M . Lambert" wrote:
> 
> ...
> It would seem so (and one doesn't need PHP to have access to the remote
> address, by the way).  Unfortunately, hundreds of thousands of people
> are behind internet proxies; AOL, for example, has many millions of
> members, but only a few hundred thousand ip addresses.  It's entirely
> possible that hundreds of different people using browsers on their
> own personal computers could have requests sent from the same IP
> address.  It's more than possible, but in fact quite common.
> 
> There is _no_ way to track users in a foolproof manner.  Sorry.

I'll give you that, but maybe the following will help a little:

   if (!$err) {
      //$ipnr = str_replace(".", "", $REMOTE_ADDR);
      if ($HTTP_CLIENT_IP > "") $ipnr = str_replace(".", "",
$HTTP_CLIENT_IP);
      else $ipnr = str_replace(".", "", $REMOTE_ADDR);

      DoSQL("select count(*) as count from enqvals where enq_pk =
$ENQ_ID and ip\
 = $ipnr;",
        "count", "count", 6);

      if ($count < $MAX_COUNT) {
        DoSQL("insert into enqvals (enq_pk, ip, keuze_pk) values
($ENQ_ID, $ipnr\
, $keuze);",
          "", "", 6);
      }
    }

Don't ask me why I did it this way, this is by now ancient code
building on legacy code <g>. You should leverage off the fact
that IP4 addresses are 32 bit unsigned ints. This code started
life as a Delphi 2.0 (beta release) DLL for IIS somewhere in
1996 or so. Very pre-millennium ;). When the D2 beta cycle was
done it was ported to PHP3 and, somehow, this string thing 
creeped in.

But like you said, nothing is foolproof. But it helps. Especially
with regular users going through nice proxy servers.

Roelof

-- 
Home is where the (@) http://eboa.com/ is.
Nisser home -- http://www.Nisser.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message