Zoey Posted September 30, 2006 Share Posted September 30, 2006 I'm trying to create a simple IP ban script, just a little function that I can place in my webpages. I dont want to modify my .htaccess pages or just put the IPs directly in the code, because I want some admins on my site who don't have access to the code to be able to add IPs as they see fit if/when I am unavailable. I created a mysql table called bans, which has the field ip. I have something set up so it will add IPs into the table, and its working. However, when I try to check it against the IPs for the current user, its not working. I've tried a BUNCH of different things, so I'm REALLY looking for some help. Thanks so much.The function, at present:$addr = mysql_db_query("blah","SELECT ip FROM bans;",$database);$ip = $_SERVER['REMOTE_ADDR'];while ($ip = mysql_fetch_assoc($addr)) {print ("Error Message");exit;} Quote Link to comment Share on other sites More sharing options...
extrovertive Posted September 30, 2006 Share Posted September 30, 2006 [code=php:0]$myip = $_SERVER['REMOTE_ADDR'];$addr = mysql_query("SELECT ip FROM bans");while ($ip = mysql_fetch_assoc($addr)) {$banned_ip = $ip['ip']; if(strstr($myip,$banned_ip)) { print ("Error Message"); exit; }}[/code] Quote Link to comment Share on other sites More sharing options...
Zoey Posted September 30, 2006 Author Share Posted September 30, 2006 Still not working. :(Banned IPs are still gaining access to the site (I'm testing it out with a friend and her IP.. she's getting the non-error version). Quote Link to comment Share on other sites More sharing options...
extrovertive Posted September 30, 2006 Share Posted September 30, 2006 Maybe her IP has changed if it's dynamic.Try adding your current IP to the database now. Quote Link to comment Share on other sites More sharing options...
Zoey Posted September 30, 2006 Author Share Posted September 30, 2006 I also posted on the page print $_SERVER['REMOTE_ADDR']; so she can let me know if any changes happen when she refreshes. So far no change in IP.. Quote Link to comment Share on other sites More sharing options...
extrovertive Posted September 30, 2006 Share Posted September 30, 2006 Have you tried if(strstr($myip,$banned_ip))? Quote Link to comment Share on other sites More sharing options...
Zoey Posted September 30, 2006 Author Share Posted September 30, 2006 function ip_check() {$myip = $_SERVER['REMOTE_ADDR'];$addr = mysql_query("SELECT ip FROM bans");while ($ip = mysql_fetch_assoc($addr)) {$banned_ip = $ip['ip'];if(strstr($myip,$banned_ip)) { print ("Error Message"); exit; }}}Like that? Yes, I tried. And no, not working yet. :/ Quote Link to comment Share on other sites More sharing options...
extrovertive Posted September 30, 2006 Share Posted September 30, 2006 Ok, output your IP.And now output all the IPs in the loop. Quote Link to comment Share on other sites More sharing options...
Zoey Posted September 30, 2006 Author Share Posted September 30, 2006 Ohoh! Figured it out. Thanks SO much!Topic closed. Quote Link to comment Share on other sites More sharing options...
printf Posted September 30, 2006 Share Posted September 30, 2006 Why in the world are you looping your result, just do it in the database, there is no need for a loop!Please show your database table scheme, so I can see how your storing the ip! After I will show you how to check the IP or a certain IP range so you can ban by dotted range or the full IP.Also some thing like below is better for getting the right IP![code=php:0]function get_ip () { $ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : ''; $ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip; if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $f ) ) { foreach ( $f[0] AS $id ) { if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) ) { $ip = $id; break; } } } $ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip; return $ip; } echo get_ip ();[/code]me! Quote Link to comment Share on other sites More sharing options...
Zoey Posted September 30, 2006 Author Share Posted September 30, 2006 So I can still have admins enter IPs on the webpage itself?I actually don't have access to the database, my webhost only gives me access to the code itself, so I just get to work with what I have. All I know is the table is bans and the field is ip... would you need more information than that? :/(But if you can't do it from what I have, the current way I have it works, so I'm okay either way :P)========That code you just added... so whole thing would take the place of $myip = $_SERVER['REMOTE_ADDR'];?Sorry, I'm confused now :( Quote Link to comment Share on other sites More sharing options...
printf Posted September 30, 2006 Share Posted September 30, 2006 Yes...[code=php:0]$myip = get_ip ();[/code]$_SERVER['REMOTE_ADDR'] <- will not always give you the correct ip, that's why it is always a good idea to check certain $_server variables so you get the correct ip. Like AOL users, $_SERVER['REMOTE_ADDR'] will give you the proxy ip not the client ip, which in the case of a AOL visitor would be found in $_SERVER['HTTP_X_FORWARDED_FOR']! Many ISP(s) do different things, so you go through the most important first, then use the least important which gives you the basic ip when the real ip is not hidden by a proxy!me! Quote Link to comment Share on other sites More sharing options...
Zoey Posted September 30, 2006 Author Share Posted September 30, 2006 [code]function get_ip () { $ip = ! empty ( $_SERVER['CLIENT_IP'] ) ? $_SERVER['CLIENT_IP'] : ''; $ip = ! empty ( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : $ip; if ( ! empty ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && preg_match_all ( '#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $f ) ) { foreach ( $f[0] AS $id ) { if ( ! preg_match ( "#^(10|172\.16|192\.168)\.#", $id ) ) { $ip = $id; break; } } } $ip = ! empty ( $_SERVER['REMOTE_ADDR'] ) && empty ( $ip ) ? $_SERVER['REMOTE_ADDR'] : $ip; return $ip; }function ip_check() {$myip = get_ip();$addr = mysql_db_query("blah","SELECT ip FROM bans;");while ($ip = mysql_fetch_assoc($addr)) {$banned_ip = $ip['ip']; if(strstr($myip,$banned_ip)) { print ("Error message"); exit; }}}[/code]That's not working.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.