[SOLVED] Bann IP

[zhangy]

I was wondering if someone could explain the FOR statement in the following code:

 

<?php
$banip = array('127.0.0.1','127.0.0.2','?27.0.0.3');

$ip = $_SERVER['REMOTE_ADDR'];

for($i=0;$i<3;$i++){

if($ip == $banip[$i]) {
echo "You are currently banned from this website, sorry!";
exit();
} else {
echo "no match";
}
}
?>

[priti]

<?php

$banip = array('127.0.0.1','127.0.0.2','?27.0.0.3');  //THIS IS LIST OF IP TO WHICH SCRIPT WILL NOT BE SERVED

 

$ip = $_SERVER['REMOTE_ADDR']; //YOU GET THE IP FROM WHICH REQUEST IS MADE

 

for($i=0;$i<3;$i++){ //FOR LOOP TO LOOP IN YOUR $banip

 

if($ip == $banip[$i]) { //IF THE IP FROM WHERE REQUEST COMES AND IP IS SPECIFIED IN ARRAY $banip THEN YOU WILL SHOW THE MESSAGE.

echo "You are currently banned from this website, sorry!";

exit(); //LEAVE

} else {

echo "no match"; //IF NO MATCH FOUND THEN THIS MESSAGE WILL PRINT

}

}

?>

 

CAPS case is use to explain the logic part only.

 

Thank You

[zhangy]

Much thanks for the break down priti.

Although I still dont really understand whats going on in the FOR statement and how it applies to $banip. Would it need to be changed based on how many IP address' are being banned, or otherwise altered in some way based on some other factor?

[djsherbu]

$banip is obviously an array; the first ip address in the array is $banip[0], the next one is $banip[1], an so on; if the array has, let's say 120 ip addresses, the last one is $banip[119];

 

so, the FOR statement, for($i=0;$i<119;$i++) {if($ip == $banip[$i])....} means actually this:

 

  when $i=0 it verifies if $ip==$banip[0], if the ip is not found, $i is increased by one unit;

  when $i=1 it verifies if $ip==$banip[1], if the ip is not found, $i is increased by one unit;

 

and so on, untill either the ip is found in the banned ip,

or untill the last array element is verified $i=119 --> $ip==$banip[119] and the ip is not found.

 

you can find more here:

http://www.php.net/manual/en/control-structures.for.php

[nadeemshafi9]

basicaly

 

fill this up with ur banned ip's from the db

 

$banip = array('127.0.0.1','127.0.0.2','?27.0.0.3');

 

and in this

 

for($i=0;$i<3;$i++){

 

where it says 3 you have to replace it for a variable that is the amount of banned ip's

---------------------------------

so just do this

 

$ip = $_SERVER['REMOTE_ADDR'];

 

sql = get all the banned ips;

 

result = execute query;

 

while (banned_ip = mysql_fetch_array(result)){

   if($ip == $banned_ip['db field of banned ip's']) {

            echo "You are currently banned from this website, sorry!";

            //you may need an exit here if ur getting duplicate entries.

   }

}

 

banning ip's is a silly thing to do, it limits ur trafic, another person may use the same ip in dynamic ip, ur killing urself, you need to find there vandalism and destroy it on site yet let them come in better yet keep it and hide it

[PFMaBiSmAd]

In the version of the code that uses an array, you would not loop through every element of the array and test if the current value matches an entry. You would use an array search function like in_array.

 

For a database version of the code you would not query to retrieve all the entries in the table and loop through every row in the result and test if the current value matches an entry. You would form a query to directly find if the current value is in the table and test if the result set returned a matching row or you would use a sql count() in the query and test the count value returned by the query.

 

Also, if you did need to loop through an array, you would use the php count function to determine how many entries are in the array so that you don't need to hard-code the value in your loop or you would use a foreach loop to iterate over all the elements in the array.

[.josh]

http://www.phpfreaks.com/tutorial/php-loops

[nadeemshafi9]

In the version of the code that uses an array, you would not loop through every element of the array and test if the current value matches an entry. You would use an array search function like in_array.

 

too right

[nadeemshafi9]

For a database version of the code you would not query to retrieve all the entries in the table and loop through every row in the result and test if the current value matches an entry. You would form a query to directly find if the current value is in the table and test if the result set returned a matching row or you would use a sql count() in the query and test the count value returned by the query.

 

yes i am starting to do that stuff more and more mysql_num_rows

[zhangy]

nadeemshafi9, I like your idea about not banning and just keeping the vandalism but hiding it.

yet how to employ such a tactic?

[nadeemshafi9]

nadeemshafi9, I like your idea about not banning and just keeping the vandalism but hiding it.

yet how to employ such a tactic?

 

you have to learn regular expressions to search the text inside out

 

if(ereg(exp, string)) string = ereg_replace(exp, string) etc

[nadeemshafi9]

even in contact us spam u can let all emails forward but send the spammy ones only to urself, the table controler classes in ur application can be fixed whith a regular expression function on every function call in order to check the classes global variables for injection befcore they are submitted to sql, you can centralise a list of chars to check for in an global array .

[zhangy]

Ok, I'm gonna have to do a little more research on that.

I certainly appreciate the help though. Thanks!