IP Banning and Range

[steveangelis]

I am trying to write a simple script to ban an IP range and I having a hell of a hard time getting it to work.

 

Here is my code:

 

$qban2 = mysql_query("select * from bans2");
while ($gban2 = mysql_fetch_array($qban2))
{
$ban_range_low=$gban2['ip_addy1']; 
$ban_range_up=$gban2['ip_addy2']; 
if (ip2long($ban_range_low) >= ip2long('HTTP_X_FORWARDED_FOR') && ip2long($ban_range_up) <= ip2long('HTTP_X_FORWARDED_FOR')) 
{
echo "You have been banned from this web site.";
exit();
}
else
{
if (ip2long($ban_range_low) >= ip2long('REMOTE_ADDR') && ip2long($ban_range_up) <= ip2long('REMOTE_ADDR')) 
{
echo "You have been banned from this web site.";
exit();
}

}
}

 

In short when I run the code with IP's in the database nothing happens.  I tried entering the IP's in manually instead of using database variables and it did not work so I know it is the code it's self.  This script is two tier.  The first part bans if there is a proxy and the second part bans if there is no proxy.  ip_addy1 is the low variable and ip_addy2 is the high variable.  Does anyone see where I am going wrong?

[Lamez]

what is ip2long? also change 'REMOTE_ADDR' to $_SERVER['REMOTE_ADDR']

[o3d]

Firstly I would use a function as below to determine the client's ip (this way you only need one table field for the ip):

function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

 

I did something similar but if the user came from a proxy, stored the "REMOTE_ADDR - HTTP_X_FORWARDED_FOR" as identifier for the client rather than REMOTE_ADDR and HTTP_X_FORWARDED_FOR in seperate fields.

 

Fyi - it would be difficult to ban an ip if the client is coming from an anonymous network (ie Tor) except if you block ip ranges from anonymous networks.

 

update - I don't take credit for the code - taken from http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html

[steveangelis]

$qban1 = mysql_query("select * from bans");
while ($gban1 = mysql_fetch_array($qban1))
{
if (ip2long('HTTP_X_FORWARDED_FOR') == $gban1['ip_addy']) 
{
echo "You have been banned from this web site.";
exit();
}
else
{
if (ip2long('REMOTE_ADDR') == $gban1['ip_addy'])
{
echo "You have been banned from this web site.";
exit();
}


}
}

 

That is the code I use to ban a single IP and it works perfectly fine.  I tested it out and I noticed no errors at all so I know the variables like "ip2long('REMOTE_ADDR')" are not the problem and it calls up the correct variables.  Please note the above code is from a similar ban I made except that it is for a single IP instead of a range and the one directly above works.  The one I need help with is in the original post.

[greatstar00]

did u printed out

ip2long('HTTP_X_FORWARDED_FOR')???

 

to see its value

[oni-kun]

That is the code I use to ban a single IP and it works perfectly fine.  I tested it out and I noticed no errors at all so I know the variables like "ip2long('REMOTE_ADDR')" are not the problem and it calls up the correct variables.  Please note the above code is from a similar ban I made except that it is for a single IP instead of a range and the one directly above works.  The one I need help with is in the original post.

 

Hm! Try running this code

echo ip2long('REMOTE_ADDR');

 

And it fails!

 

If you truly expect to convert a string into an IP, you're making no sense and may as well not even attempt to.

echo ip2long($_SERVER['REMOTE_ADDR']);

 

And oh look, it works

[oni-kun]

I tested it out and I noticed no errors at all

 

You greatly need to re-evaluate how a programming language functions. I'd recommend turning error reporting on, for the first place.

 

So "CRITICAL ERROR"s mean it's correct?