Banning IP's

[Wolphie]

Okay, i'm pretty experienced with PHP scripting. Although this is the first time i've tried using arrays to ban IP addresses.

It says that the IP address is banned, but it still displays the form along with the ban message.

I only want it to display the ban message and not the form.

Any ideas?

 

$page = $_GET['do'];


$bannedip[0] = '127.0.0.1';
$bannedip[1] = '172.202.42.139';


foreach($bannedip as $value) {
if($_SERVER['REMOTE_ADDR'] != $value) {
	switch($page) {

		case "validate":
			@include("validate.php");

			echo '<title>Quiz Script - Add Question</title>';

			$question = $_POST['question'];
			$answer = $_POST['answer'];

			if($question == "" || $answer == "") {
				echo '<center><span style="font-size: 15px; font-family: Tahoma;"><u>You must fill in the feilds!</u></span></center>';
			} else {

				$sql = "INSERT INTO quiz (question, answer)
				VALUES ('$question', '$answer')";

				if (!mysql_query($sql, $con)) {
					die("Error: " . mysql_error());
				}	

				echo '<center><span style="font-size: 15px; font-family: Tahoma;"><u>Question Submitted Successfully!</u></span></center>';
			}

		default:

			echo '<title>Quiz Script - Add Question</title>';

			echo '<center><table width="15%" border="0" cellpadding="0" cellspacing="0" style="font-size: 11px; font-family: Tahoma;">';
			echo '<span style="font-size: 11px; font-family: Tahoma;">
			<h2>Add Question</h2><br /><br />Please do not abuse this feature. This database is checked constantly.</span><br /><br /><br />';
			echo '<form action="?do=validate" method="post" enctype="multipart/form-data">';
			echo '<tr><td width="100%">';

			include("modules/charleft.php");

			echo '</td></tr>';
			echo '<tr><td width="50%"><input type="submit" name="submit" value="Submit" style="font-family: Tahoma;" /><input type="reset" value="Reset" style="font-family: Tahoma; " />';
			echo '</td></tr></form></table></center>';

		break;


		case "game":
			@include("game.php");

			echo "Question 1";
			echo "\r\n";
			echo "Answer";

		break;	
	}
} else {

	switch($page) {

		default:
			echo '<title>Quiz Script - Add Question</title>';
			echo '<center><span style="font-size: 15px; font-family: Tahoma;">You are not authorised to view this page. <br />
			This is most likely because your IP [' . $_SERVER['REMOTE_ADDR'] . '] has been banned.<br />If you have any queries please email <a href="mailto:Wolphie_@Hotmail.com">
			Wolphie_@Hotmail.com</a><br /><br /></span></center>';
	}
}
}


echo '<br /><br /><br /><center><span style="font-size: 11px; font-family: Tahoma;">2007 ©Copyright PHUX Development. All Rights Reserved.</span></style>';


?>

[sneamia]

As long as their IP doesn't == all of the ip's on the banned list, it will still display the form.  And if you have more than 2 IP's on the list, it will echo the form multiple times.  Because you did a foreach.

 

You should have first checked all the IP's and die-d if it matched a value of the array, then displayed the form.

[Wolphie]

So basically i have to do

 

foreach($bannedip as $value){

if($_SERVER['REMOTE_ADDR'] == $value) {

die("You are not authorised to view this page);

} else {

 

(the rest)

 

}

}

[Fadion]

Or u can simply do:

 

$ip = $_SERVER['REMOTE_ADDR'];
if(in_array($ip, $bannedip)){
     die("Not authorised");
}

 

Instead of the die(), u can use "header('HTTP/1.1 401 Unauthorized')" which would be a nicer way then just a plain text message.

[sneamia]

Yes, that's what I was thinking of, in_array.  I couldn't think of the right function to use there.