[SOLVED] separate the good from the bad

[zhangy]

Hello,

 

I am trying to disallow form submissions from being processed based upon the users ip address.

 

As of now all forms are processed regardless of ip, Im just trying to figure out how to ad something like a $blockip variable that will basically stop the processing code from working if the ip address of the user matches said variable. Does anyone have an idea as to how I could perform this?

 

 

[haku]

Store blocked IPs in the database. When a user posts, check to see if their IP is in the database. If it is, don't let them post.

[zhangy]

If it can be done, id rather not store blocked ips in the database, but rather in an array.

[haku]

Arrays are only valid during the running of the script. So when the script ends, the array disappears.

 

Basically, you need to store the IP addresses somewhere. If you don't store them, then how will you know which ones to block? You can store it a few different ways:

 

* in the database

* in a file

* hard code the IPs directly into the script you are using

 

Whichever method you use, the testing is the same - see if the current IP is the same as one of the blocked IPs.

[zhangy]

yes, i was thinking code it into the script...

but dont know how  ???

[haku]

$uip = // insert the user's IP address here
$banned_ips = array('123.456.789.012', '1.1.1.1', '192.168.0.666'); // add as many ips as necessary

if(in_array($uip, $banned_ips))
{
  die("banned user");
}

[zhangy]

In this case should $uip = $_SERVER['REMOTE_ADDR'];?

or $uip = array('123.456.789.012', '1.1.1.1', '192.168.0.666');?

 

 

[haku]

$_SERVER['REMOTE_ADDR']

 

But that won't catch all IPs. Spend some time with google and find out how to get a user's IP. There are some more comprehensive scripts out there.

[zhangy]

Appreciate the help haku, thanks.