Jump to content

Archived

This topic is now archived and is closed to further replies.

Zoey

Help with Arrays and IP banning

Recommended Posts

I'm trying to create a simple IP ban script, just a little function that I can place in my webpages.  I dont want to modify my .htaccess pages or just put the IPs directly in the code, because I want some admins on my site who don't have access to the code to be able to add IPs as they see fit if/when I am unavailable.  I created a mysql table called bans, which has the field ip.  I have something set up so it will add IPs into the table, and its working.  However, when I try to check it against the IPs for the current user, its not working.  I've tried a BUNCH of different things, so I'm REALLY looking for some help.  Thanks so much.

The function, at present:

$addr = mysql_db_query("blah","SELECT ip FROM bans;",$database);
$ip = $_SERVER['REMOTE_ADDR'];
while ($ip = mysql_fetch_assoc($addr)) {
print ("Error Message");
exit;
}

Share this post


Link to post
Share on other sites
[code=php:0]
$myip = $_SERVER['REMOTE_ADDR'];

$addr = mysql_query("SELECT ip FROM bans");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

if(strstr($myip,$banned_ip))
{
  print ("Error Message");
  exit;
  }
}
[/code]

Share this post


Link to post
Share on other sites
Still not working. :(

Banned IPs are still gaining access to the site (I'm testing it out with a friend and her IP.. she's getting the non-error version).

Share this post


Link to post
Share on other sites
I also posted on the page print $_SERVER['REMOTE_ADDR']; so she can let me know if any changes happen when she refreshes.  So far no change in IP..

Share this post


Link to post
Share on other sites
function ip_check() {
$myip = $_SERVER['REMOTE_ADDR'];

$addr = mysql_query("SELECT ip FROM bans");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

if(strstr($myip,$banned_ip))
{
  print ("Error Message");
  exit;
  }
}

}


Like that? Yes, I tried.  And no, not working yet. :/

Share this post


Link to post
Share on other sites
Why in the world are you looping your result, just do it in the database, there is no need for a loop!

Please show your database table scheme, so I can see how your storing the ip! After I will show you how to check the IP or a certain IP range so you can ban by dotted range or the full IP.

Also some thing like below is better for getting the right IP!

[code=php:0]function get_ip ()
{
$ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : '';

$ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip;

if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $f ) )
{
foreach ( $f[0] AS $id )
{
if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) )
{
$ip = $id;
break;
}
}
}

$ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip;

return $ip;
}

echo get_ip ();[/code]

me!

Share this post


Link to post
Share on other sites
So I can still have admins enter IPs on the webpage itself?

I actually don't have access to the database, my webhost only gives me access to the code itself, so I just get to work with what I have.  All I know is the table is bans and the field is ip... would you need more information than that? :/

(But if you can't do it from what I have, the current way I have it works, so I'm okay either way :P)

========

That code you just added... so whole thing would take the place of $myip = $_SERVER['REMOTE_ADDR'];?

Sorry, I'm confused now :(

Share this post


Link to post
Share on other sites
Yes...

[code=php:0]$myip = get_ip ();[/code]


$_SERVER['REMOTE_ADDR'] <- will not always give you the correct ip, that's why it is always a good idea to check certain $_server variables so you get the correct ip. Like AOL users, $_SERVER['REMOTE_ADDR'] will give you the proxy ip not the client ip, which in the case of a AOL visitor would be found in  $_SERVER['HTTP_X_FORWARDED_FOR']! Many ISP(s) do different things, so you go through the most important first, then use the least important which gives you the basic ip when the real ip is not hidden by a proxy!

me!

Share this post


Link to post
Share on other sites
[code]function get_ip ()
{
$ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : '';

$ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip;

if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',

$_SERVER['HTTP_X_FORWARDED_FOR'], $f ) )
{
foreach ( $f[0] AS $id )
{
if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) )
{
$ip = $id;
break;
}
}
}

$ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip;

return $ip;
}

function ip_check() {
$myip = get_ip();

$addr = mysql_db_query("blah","SELECT ip FROM bans;");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

if(strstr($myip,$banned_ip))
{
  print ("Error message");
  exit;
  }
}
}[/code]

That's not working..

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.