Jump to content

Functions Conflicting


Go to solution Solved by Ch0cu3r,

Recommended Posts

Hi I found a very old outdated script for temporary banning people. But I'm having some problems running the functions.

 

First off here is my banning functions script named ip-ban-time-limit.php

 

 



    <?php
    // Published at: www.TakeTwoApps.com
    
    
    $ipLog='ip-log.txt'; // Your logfiles name here
    $timeout='0.01'; // How many hours to block IP
    $goHere='tik.php'; // Allowed pages name here
    
    
    $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $vis_ip = getenv(REMOTE_ADDR);
    else $vis_ip = $_SERVER['REMOTE_ADDR'];
    
    
    function recordData($vis_ip,$ipLog,$goHere)
    { 
        $log=fopen("$ipLog", "a+"); 
        fputs ($log,$vis_ip."][".time()."\n"); 
        fclose($log); 
     
        // The below header function was causing errors in apache 
        //so I changed it to echo the script tag. 
        //Header ("Location: $goHere"); exit(0);  
        echo "<?php include('$goHere')?>"; exit(0);
    } 
    function checkLog($vis_ip,$ipLog,$timeout) 
    {
        global $valid; $ip=$vis_ip;
        $data=file("$ipLog"); $now=time();
    
        foreach ($data as $record) 
        {
            $subdata=explode("][",$record);
            if ($now < ($subdata[1]+3600*$timeout) && $ip == $subdata[0]) 
            {
                $valid=0; echo "You have been banned from accessing this page. Try again in $timeout hours.";
                break;
            }
        }
    } 
    checkLog($vis_ip,$ipLog,$timeout);
    if ($valid!="0") recordData($vis_ip,$ipLog,$goHere); 
    
    ?>


 

I wanted to add the file tik.php which contains a form to post underneath a chat script if the person isn't banned with the above script. so I changed  the line

echo "<?php include('$goHere')?>"; exit(0);

from location.replace to the include function.

 

 

Then I added 

require_once ( 'ip-ban-time-limit.php' );

on my index page

 



    <?php
    require_once('common.php');
    
    
    
    
    checkUser();
    ?>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html>
    <head>
       <title>Galaxy Universe Chat</title>
       <link href="style/style.css" rel="stylesheet" type="text/css" />
    </head>
    <body><br>
        <div id="main">
          <div class="caption">Galaxy Universe Chat</div>
          <div id="icon"> </div>
          <div id="result">
    Hello <?php echo $_SESSION['userName']; ?> ! <br/>
    <div style="color:red"><b><p>Please keep it clean and in English or you will be banned!</p></b></div>
    <br>
    <?PHP
    
    include "./stringychat.inc.php";
    require_once ( 'ip-ban-time-limit.php' );
    
    ?>
    
    <br>
    
    
    <p><a href="index1.php">Refresh</a> | <a href="logout.php">Log Out</a></p>
     </div>
     <div id="source">Galaxy Wars chat @ cobusbo</div>
        </div>
    </body>   


 

But now I have the problem that every time I refresh my index page I'm getting banned as well. How can I change it so that I'm not getting banned every time I'm trying to refresh the page?

Link to comment
https://forums.phpfreaks.com/topic/290752-functions-conflicting/
Share on other sites

So why are you trying to use it? All of the above code needs to be thrown away.

Because it's the only example on how to implement timed banning I could find. I would have loved to add it to a MySQL table im not sure how to implement it. And with the above code it's basically standalone.

The problem with your code is you have not told it who to ban. It just blindly records every visitors ip and does not allow them to access the page again until 36 seconds have passed.  You need to alter the code so it only blocks the visitors who you want to ban.

The problem with your code is you have not told it who to ban. It just blindly records every visitors ip and does not allow them to access the page again until 36 seconds have passed.  You need to alter the code so it only blocks the visitors who you want to ban.

Ok I was trying to specify who to kick via this page and form for the administrator

 

<?
include "./emoticon_replace1.php";


  if ($_POST["DeletePost"]) {
    $id = $_POST["id"];
    $query = "DELETE FROM ".$dbTable." WHERE id='".$id."'"; 
    mysql_query($query);
    echo "ID removed from system: ".$id;
  }
  if ($_POST["BanIP"]) {
    $IP_To_Add = $_POST["ip"];
    if(eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $IP_To_Add))
    {
      $sql = "INSERT INTO ".$IPBanTable." (ip) VALUES (\"$IP_To_Add\")";
      $result = mysql_query($sql);
    } else {
      echo "Error: Not a valid IP: ".$IP_To_Add;
    }
  }
  if ($_POST["purge"]) {
    $query = "TRUNCATE TABLE ".$dbTable; 
    mysql_query($query);
    echo "StringyChat purged";
  }
  if(!$_POST["update"] || !$_POST["StringyChat_name"] || !$_POST["StringyChat_message"]) {
  } else {
    $id = $_POST["id"];
    $name = $_POST["StringyChat_name"];
    $message = $_POST["StringyChat_message"];


    include("emoticon_replace.php");


    $query = "UPDATE ".$dbTable." SET StringyChat_name='$name', StringyChat_message='$message' WHERE id='".$id."'";
    $result = mysql_query($query, $db) or die("Invalid query: " . mysql_error());
  }
  if ($_POST["EditPost"]) {
    $id = $_POST["id"];
    $result = mysql_query("SELECT * FROM ".$dbTable." WHERE id='".$id."'", $db); 
    $myrow = mysql_fetch_array($result);
?>
    <form name="StringyChat_form" method="POST" action="?mode=postman">
      Name:<br>
      <input name="StringyChat_name" class="StringyChatFrm" type="text" size="20" maxlength="<? echo $name_size; ?>" value="<? echo $myrow["StringyChat_name"]?>">
      <br>
      Message:<br>
      <textarea name="StringyChat_message" class="StringyChatFrm" cols="20" rows="4"><? echo $myrow["StringyChat_message"]?></textarea>
      <br>
      <input type="hidden" name="id" value="<? echo $id ?>">
      <input name="update" class="StringyChatFrm" type="submit" value="Update">
    </form>


<?
  }
?>


  <a href="<? echo $_SERVER['REQUEST_URI']; ?>&m=purge">Purge StringyChat</a><br>
    <br>


  <?
  // Load up the last few posts.  The number to load is defined by the "ShowPostNum" variable.
  $result = mysql_query("SELECT * FROM ".$dbTable." ORDER BY StringyChat_time DESC",$db);


  while ($myrow = mysql_fetch_array($result)) {
    $msg = $myrow["StringyChat_message"];


    $msg = strip_tags($msg);
    $msg = eregi_replace("im#([a-z]{3})", "<img src=\"/stringychat/images/\\1.gif\" alt=\"emoticon\">",$msg);


printf("<div class=\"StringyChatItem\"><h4>%s<br>\n", $myrow["StringyChat_name"]);
    printf("%s</h4>\n", date("H:i - d/m/y", $myrow["StringyChat_time"]));
    printf("%s</div>\n", $msg);
?>
    <form name="form<? echo $myrow["id"];?>" method="post" action="?mode=postman">
      <input name="id" type="hidden" value="<? echo $myrow["id"];?>">
      <input name="ip" type="hidden" value="<? echo $myrow["StringyChat_ip"];?>">
      <input name="EditPost" type="submit" id="EditPost" value="Edit">
      <input name="DeletePost" type="submit" id="DeletePost" value="Delete">
      <input name="BanIP" type="submit" id="BanIP" value="Ban <? echo $myrow["StringyChat_ip"];?>">
<input name="1" type="submit" id="1" value="Kick <? echo $myrow["StringyChat_ip"];?> for 1 hour ">
<input name="1d" type="submit" id="1d" value="Kick <? echo $myrow["StringyChat_ip"];?> for 24 hours ">
<input name="7d" type="submit" id="7d" value="Kick <? echo $myrow["StringyChat_ip"];?> for 7 days ">
    </form>
  <?
  }   
?>

via the input buttons 1, 1d, 7d since I want to make 3 different Banning option 1 hour, 1 day and 7 days. What should I do to change it?

The problem with your code is you have not told it who to ban. It just blindly records every visitors ip and does not allow them to access the page again until 36 seconds have passed.  You need to alter the code so it only blocks the visitors who you want to ban.

Ok I tried to do the following

 

in

 
<?php
// Published at: www.TakeTwoApps.com
   include("chat_code_header.php");
require_once('common.php');




$ipLog='ip-log.txt'; // Your logfiles name here
$timeout='0.01'; // How many hours to block IP
$goHere='tik.php'; // Allowed pages name here




$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $vis_ip = $k2;
else $vis_ip = $k2;




function recordData($vis_ip,$ipLog,$goHere)
{ 
    $log=fopen("$ipLog", "a+"); 
    fputs ($log,$vis_ip."][".time()."\n"); 
    fclose($log); 


    // The below header function was causing errors in apache 
    //so I changed it to echo the script tag. 
    //Header ("Location: $goHere"); exit(0);  
    echo "<?php include('$goHere')?>"; exit(0);
} 
function checkLog($vis_ip,$ipLog,$timeout) 
{
    global $valid; $ip=$vis_ip;
    $data=file("$ipLog"); $now=time();


    foreach ($data as $record) 
    {
        $subdata=explode("][",$record);
        if ($now < ($subdata[1]+3600*$timeout) && $ip == $subdata[0]) 
        {
            $valid=0; echo "You have been banned from accessing this page. Try again in $timeout hours.";
            break;
        }
    }
} 
checkLog($vis_ip,$ipLog,$timeout);
if ($valid!="0") recordData($vis_ip,$ipLog,$goHere); 


?>

I changed the lines


   $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $vis_ip = getenv(REMOTE_ADDR);
    else $vis_ip = $_SERVER['REMOTE_ADDR'];

to

$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $vis_ip = $k2;
else $vis_ip = $k2;

an in my admin script 

 

 

<?
include "./emoticon_replace1.php";


  if ($_POST["DeletePost"]) {
    $id = $_POST["id"];
    $query = "DELETE FROM ".$dbTable." WHERE id='".$id."'"; 
    mysql_query($query);
    echo "ID removed from system: ".$id;
  }
  if ($_POST["BanIP"]) {
    $IP_To_Add = $_POST["ip"];
    if(eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $IP_To_Add))
    {
      $sql = "INSERT INTO ".$IPBanTable." (ip) VALUES (\"$IP_To_Add\")";
      $result = mysql_query($sql);
    } else {
      echo "Error: Not a valid IP: ".$IP_To_Add;
    }
  }
  if ($_POST["purge"]) {
    $query = "TRUNCATE TABLE ".$dbTable; 
    mysql_query($query);
    echo "StringyChat purged";
  }
  if(!$_POST["update"] || !$_POST["StringyChat_name"] || !$_POST["StringyChat_message"]) {
  } else {
    $id = $_POST["id"];
    $name = $_POST["StringyChat_name"];
    $message = $_POST["StringyChat_message"];


    include("emoticon_replace.php");


    $query = "UPDATE ".$dbTable." SET StringyChat_name='$name', StringyChat_message='$message' WHERE id='".$id."'";
    $result = mysql_query($query, $db) or die("Invalid query: " . mysql_error());
  }
  if ($_POST["EditPost"]) {
    $id = $_POST["id"];
    $result = mysql_query("SELECT * FROM ".$dbTable." WHERE id='".$id."'", $db); 
    $myrow = mysql_fetch_array($result);
?>
    <form name="StringyChat_form" method="POST" action="?mode=postman">
      Name:<br>
      <input name="StringyChat_name" class="StringyChatFrm" type="text" size="20" maxlength="<? echo $name_size; ?>" value="<? echo $myrow["StringyChat_name"]?>">
      <br>
      Message:<br>
      <textarea name="StringyChat_message" class="StringyChatFrm" cols="20" rows="4"><? echo $myrow["StringyChat_message"]?></textarea>
      <br>
      <input type="hidden" name="id" value="<? echo $id ?>">
      <input name="update" class="StringyChatFrm" type="submit" value="Update">
    </form>


<?
  }
?>


  <a href="<? echo $_SERVER['REQUEST_URI']; ?>&m=purge">Purge StringyChat</a><br>
    <br>


  <?
  // Load up the last few posts.  The number to load is defined by the "ShowPostNum" variable.
  $result = mysql_query("SELECT * FROM ".$dbTable." ORDER BY StringyChat_time DESC",$db);


  while ($myrow = mysql_fetch_array($result)) {
    $msg = $myrow["StringyChat_message"];


    $msg = strip_tags($msg);
    $msg = eregi_replace("im#([a-z]{3})", "<img src=\"/stringychat/images/\\1.gif\" alt=\"emoticon\">",$msg);


printf("<div class=\"StringyChatItem\"><h4>%s<br>\n", $myrow["StringyChat_name"]);
printf("%s<p>\n",$myrow["StringyChat_ip"],"%s</p>\n");
    printf("%s</h4>\n", date("H:i - d/m/y", $myrow["StringyChat_time"]));
    printf("%s</div>\n", $msg);




if (isset($_POST['$k2'])) {
    echo $myrow["StringyChat_ip"]
    return;
}




?>
    <form name="form<? echo $myrow["id"];?>" method="post" action="?mode=postman">
      <input name="id" type="hidden" value="<? echo $myrow["id"];?>">
      <input name="ip" type="hidden" value="<? echo $myrow["StringyChat_ip"];?>">
      <input name="EditPost" type="submit" id="EditPost" value="Edit">
      <input name="DeletePost" type="submit" id="DeletePost" value="Delete">
      <input name="BanIP" type="submit" id="BanIP" value="Ban <? echo $myrow["StringyChat_ip"];?>">
<input name="$k2" type="submit" id="1" value="Kick <? echo $myrow["StringyChat_ip"];?> for 1 hour ">
<input name="1d" type="submit" id="1d" value="Kick <? echo $myrow["StringyChat_ip"];?> for 24 hours ">
<input name="7d" type="submit" id="7d" value="Kick <? echo $myrow["StringyChat_ip"];?> for 7 days ">
    </form>
  <?
  }   
?>


  

 i added the function

 

if (isset($_POST['$k2'])) {
    echo $myrow["StringyChat_ip"]
    return;
}

but still every time I refresh my index page I get banned...

 

Any help please...

 
  • Solution

The changes you made will have no effect because the form in your admin script is not being submitted to your  ip-ban-time-limit.php script!  

 

The changes you need to make to both scripts will be

 

In the admin script, when the ban form is submitted you need to an add a new entry containing the following information into the ip-log.txt file

  • the users ip address
  • and the timestamp for when the ban will be lifted. For example if the user is band for 1 hour use strtotime('+1 hour')  to generate the timestamp for when the ban is lifted. See strtotime for more info

The ip-ban-time-limit.php script will need to be written from scratch. The steps you need to take here are

  • get the user ip
  • check to see if the ip is listed in ip-log.txt
  • if it is found in the file. Check to see if the current time is greater than the recorded timestamp
  • restrict access if sufficient time has not passed.
  • only when sufficient time has passed you can remove the users ip from ip-log.txt
Edited by Ch0cu3r
  • Like 2

Before you jump to the technical details, I think the concept itself needs a reality check.

 

Do you honestly believe that anybody on the Internet will wait 7 days for you to unban their IP address? I don't think so. Chances are they're back in 7 seconds with a new IP. I mean, even the dumbest script kiddie knows how to use a proxy, use ToR or simply reset their router.

 

At the same time there's a huge risk of blocking legitimate users just because they happen to share their IP address with somebody else. If you hit a big proxy or VPN, you'll lock out hundreds or thousands of people who haven't done anything. Is your site so incredibly popular that you can live with that?

 

I understand why programmers like IP bans: They're easy, they're cheap, and they give you the illusion of “doing something”. But I fear they solve no problems while creating new ones.

 

I'm sure there's a better approach. What are you trying to do? Is this a public chat where you want to block certain participants? Then I'd use a cookie-like mechanism. Of course you shouldn't use actual cookies, because those are a bit too obvious. But if you search for Evercookie, you'll find a lot of more creative techniques.

 

Another interesting concept is the hellban: Instead of actually blocking the user, you just ignore their messages. So while they believe they're still taking part in the discussion, they cannot be seen by anybody.

 

Of course no technique is perfect. Anybody with a decent level of knowledge can circumvent any ban. What you can and should do, however, is keep the average troll busy without locking out half of the world's population.

  • Like 1

 

The changes you made will have no effect because the form in your admin script is not being submitted to your  ip-ban-time-limit.php script!  

 

The changes you need to make to both scripts will be

 

In the admin script, when the ban form is submitted you need to an add a new entry containing the following information into the ip-log.txt file

  • the users ip address
  • and the timestamp for when the ban will be lifted. For example if the user is band for 1 hour use strtotime('+1 hour')  to generate the timestamp for when the ban is lifted. See strtotime for more info

The ip-ban-time-limit.php script will need to be written from scratch. The steps you need to take here are

  • get the user ip
  • check to see if the ip is listed in ip-log.txt
  • if it is found in the file. Check to see if the current time is greater than the recorded timestamp
  • restrict access if sufficient time has not passed.
  • only when sufficient time has passed you can remove the users ip from ip-log.txt

 

 

Thank you I decided to move to MySQL database rather

Before you jump to the technical details, I think the concept itself needs a reality check.

 

Do you honestly believe that anybody on the Internet will wait 7 days for you to unban their IP address? I don't think so. Chances are they're back in 7 seconds with a new IP. I mean, even the dumbest script kiddie knows how to use a proxy, use ToR or simply reset their router.

 

At the same time there's a huge risk of blocking legitimate users just because they happen to share their IP address with somebody else. If you hit a big proxy or VPN, you'll lock out hundreds or thousands of people who haven't done anything. Is your site so incredibly popular that you can live with that?

 

I understand why programmers like IP bans: They're easy, they're cheap, and they give you the illusion of “doing something”. But I fear they solve no problems while creating new ones.

 

I'm sure there's a better approach. What are you trying to do? Is this a public chat where you want to block certain participants? Then I'd use a cookie-like mechanism. Of course you shouldn't use actual cookies, because those are a bit too obvious. But if you search for Evercookie, you'll find a lot of more creative techniques.

 

Another interesting concept is the hellban: Instead of actually blocking the user, you just ignore their messages. So while they believe they're still taking part in the discussion, they cannot be seen by anybody.

 

Of course no technique is perfect. Anybody with a decent level of knowledge can circumvent any ban. What you can and should do, however, is keep the average troll busy without locking out half of the world's population.

Thank You I saw I can use another Method to block people

[...] I understand why programmers like IP bans: They're easy, they're cheap, and they give you the illusion of “doing something”. But I fear they solve no problems while creating new ones.[...]

 

Yes, IP bans are not really working. If you think of the mobile phone network where a LOT of users share the same IP, you are asking for trouble.

 

The concept of keeping certain people out is nothing more than the concept of letting certain people in. With an upright registration process ((self-made) captcha, e-mail activation) and and good user management are the keys that you are looking for. Anonymous or in that case unregistered users should only have access where they can not inflict any damage on your project.

 

But keep in mind, that every security measure can be bypassed, set on the skill levels of the uninvited guest. So don't make it too hard for your upright users to use your project.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.