Jump to content


Photo

Help with Arrays and IP banning


  • Please log in to reply
12 replies to this topic

#1 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 09:41 PM

I'm trying to create a simple IP ban script, just a little function that I can place in my webpages.  I dont want to modify my .htaccess pages or just put the IPs directly in the code, because I want some admins on my site who don't have access to the code to be able to add IPs as they see fit if/when I am unavailable.  I created a mysql table called bans, which has the field ip.  I have something set up so it will add IPs into the table, and its working.  However, when I try to check it against the IPs for the current user, its not working.  I've tried a BUNCH of different things, so I'm REALLY looking for some help.  Thanks so much.

The function, at present:

$addr = mysql_db_query("blah","SELECT ip FROM bans;",$database);
$ip = $_SERVER['REMOTE_ADDR'];
while ($ip = mysql_fetch_assoc($addr)) {
print ("Error Message");
exit;
}

#2 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 30 September 2006 - 09:45 PM

$myip = $_SERVER['REMOTE_ADDR'];

$addr = mysql_query("SELECT ip FROM bans");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

 if(strstr($myip,$banned_ip))
 {
  print ("Error Message");
  exit;
  }
}


#3 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 09:49 PM

Still not working. :(

Banned IPs are still gaining access to the site (I'm testing it out with a friend and her IP.. she's getting the non-error version).

#4 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 30 September 2006 - 09:52 PM

Maybe her IP has changed if it's dynamic.

Try adding your current IP to the database now.

#5 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 09:52 PM

I also posted on the page print $_SERVER['REMOTE_ADDR']; so she can let me know if any changes happen when she refreshes.  So far no change in IP..

#6 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 30 September 2006 - 09:53 PM

Have you tried 

if(strstr($myip,$banned_ip))

?

#7 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 10:03 PM

function ip_check() {
$myip = $_SERVER['REMOTE_ADDR'];

$addr = mysql_query("SELECT ip FROM bans");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

if(strstr($myip,$banned_ip))
{
  print ("Error Message");
  exit;
  }
}

}


Like that? Yes, I tried.  And no, not working yet. :/

#8 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 30 September 2006 - 10:16 PM

Ok, output your IP.

And now output all the IPs in the loop.

#9 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 10:25 PM

Ohoh!  Figured it out.  Thanks SO much!

Topic closed.

#10 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 30 September 2006 - 10:26 PM

Why in the world are you looping your result, just do it in the database, there is no need for a loop!

Please show your database table scheme, so I can see how your storing the ip! After I will show you how to check the IP or a certain IP range so you can ban by dotted range or the full IP.

Also some thing like below is better for getting the right IP!

function get_ip ()
	{
		$ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : '';

		$ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip;

		if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $f ) )
		{
			foreach ( $f[0] AS $id )
			{
				if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) )
				{
					$ip = $id;
					break;
				}
			}
		}

		$ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip;

		return $ip;
	}

	echo get_ip ();

me!

#11 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 10:28 PM

So I can still have admins enter IPs on the webpage itself?

I actually don't have access to the database, my webhost only gives me access to the code itself, so I just get to work with what I have.  All I know is the table is bans and the field is ip... would you need more information than that? :/

(But if you can't do it from what I have, the current way I have it works, so I'm okay either way :P)

========

That code you just added... so whole thing would take the place of $myip = $_SERVER['REMOTE_ADDR'];?

Sorry, I'm confused now :(

#12 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 30 September 2006 - 10:57 PM

Yes...

$myip = get_ip ();


$_SERVER['REMOTE_ADDR'] <- will not always give you the correct ip, that's why it is always a good idea to check certain $_server variables so you get the correct ip. Like AOL users, $_SERVER['REMOTE_ADDR'] will give you the proxy ip not the client ip, which in the case of a AOL visitor would be found in  $_SERVER['HTTP_X_FORWARDED_FOR']! Many ISP(s) do different things, so you go through the most important first, then use the least important which gives you the basic ip when the real ip is not hidden by a proxy!

me!



#13 Zoey

Zoey
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 30 September 2006 - 11:01 PM

function get_ip ()
	{
		$ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : '';

		$ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip;

		if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', 

$_SERVER['HTTP_X_FORWARDED_FOR'], $f ) )
		{
			foreach ( $f[0] AS $id )
			{
				if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) )
				{
					$ip = $id;
					break;
				}
			}
		}

		$ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip;

		return $ip;
	}

function ip_check() {
$myip = get_ip();

$addr = mysql_db_query("blah","SELECT ip FROM bans;");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

 if(strstr($myip,$banned_ip))
 {
  print ("Error message");
  exit;
  }
}
}

That's not working..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users