Jump to content

Help with Arrays and IP banning


Zoey

Recommended Posts

I'm trying to create a simple IP ban script, just a little function that I can place in my webpages.  I dont want to modify my .htaccess pages or just put the IPs directly in the code, because I want some admins on my site who don't have access to the code to be able to add IPs as they see fit if/when I am unavailable.  I created a mysql table called bans, which has the field ip.  I have something set up so it will add IPs into the table, and its working.  However, when I try to check it against the IPs for the current user, its not working.  I've tried a BUNCH of different things, so I'm REALLY looking for some help.  Thanks so much.

The function, at present:

$addr = mysql_db_query("blah","SELECT ip FROM bans;",$database);
$ip = $_SERVER['REMOTE_ADDR'];
while ($ip = mysql_fetch_assoc($addr)) {
print ("Error Message");
exit;
}
Link to comment
Share on other sites

function ip_check() {
$myip = $_SERVER['REMOTE_ADDR'];

$addr = mysql_query("SELECT ip FROM bans");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

if(strstr($myip,$banned_ip))
{
  print ("Error Message");
  exit;
  }
}

}


Like that? Yes, I tried.  And no, not working yet. :/
Link to comment
Share on other sites

Why in the world are you looping your result, just do it in the database, there is no need for a loop!

Please show your database table scheme, so I can see how your storing the ip! After I will show you how to check the IP or a certain IP range so you can ban by dotted range or the full IP.

Also some thing like below is better for getting the right IP!

[code=php:0]function get_ip ()
{
$ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : '';

$ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip;

if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $f ) )
{
foreach ( $f[0] AS $id )
{
if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) )
{
$ip = $id;
break;
}
}
}

$ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip;

return $ip;
}

echo get_ip ();[/code]

me!
Link to comment
Share on other sites

So I can still have admins enter IPs on the webpage itself?

I actually don't have access to the database, my webhost only gives me access to the code itself, so I just get to work with what I have.  All I know is the table is bans and the field is ip... would you need more information than that? :/

(But if you can't do it from what I have, the current way I have it works, so I'm okay either way :P)

========

That code you just added... so whole thing would take the place of $myip = $_SERVER['REMOTE_ADDR'];?

Sorry, I'm confused now :(
Link to comment
Share on other sites

Yes...

[code=php:0]$myip = get_ip ();[/code]


$_SERVER['REMOTE_ADDR'] <- will not always give you the correct ip, that's why it is always a good idea to check certain $_server variables so you get the correct ip. Like AOL users, $_SERVER['REMOTE_ADDR'] will give you the proxy ip not the client ip, which in the case of a AOL visitor would be found in  $_SERVER['HTTP_X_FORWARDED_FOR']! Many ISP(s) do different things, so you go through the most important first, then use the least important which gives you the basic ip when the real ip is not hidden by a proxy!

me!

Link to comment
Share on other sites

[code]function get_ip ()
{
$ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : '';

$ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip;

if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s',

$_SERVER['HTTP_X_FORWARDED_FOR'], $f ) )
{
foreach ( $f[0] AS $id )
{
if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) )
{
$ip = $id;
break;
}
}
}

$ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip;

return $ip;
}

function ip_check() {
$myip = get_ip();

$addr = mysql_db_query("blah","SELECT ip FROM bans;");
while ($ip = mysql_fetch_assoc($addr)) {
$banned_ip = $ip['ip'];

if(strstr($myip,$banned_ip))
{
  print ("Error message");
  exit;
  }
}
}[/code]

That's not working..
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.