PHP - Quick Question

jcb33

jcb33

jcb33

Soldato
Joined
11 Apr 2003
Posts
4,208
Location
Notts
Hi all, I have a guestbook, as you probably already know from my posts! But I was just wondering if there is a way to log IP addresses, of only the people that make posts, so:

If a user makes a post, then the normal post details + their IP address will be stored into the guestbook table, but they will not know their IP has been stored.

I want to do this because I have had a few problems of people breaking my page continualy, being abusive etc.

I would like then to be able to ban them... But if this is to complicated I am happy with just logging posters IP's... Thanks!
 
$_SERVER["REMOTE_ADDR"]

just assign that to a variable and add it to the database.

i guess to ban someone you would have to configure the webserver to do that?

edit: unless you want to let them access the site but not be able to post then i guess you could use a php/mysql query???
 
Last edited:
marc2003 said:
$_SERVER["REMOTE_ADDR"]

just assign that to a variable and add it to the database.

i guess to ban someone you would have to configure the webserver to do that?

edit: unless you want to let them access the site but not be able to post then i guess you could use a php/mysql query???
Click to expand...
Thanks got it logging now :) Or at least it logged mine correctly!

What kind of a query would I have to use to ban the ip from posting?
 
jcb33 said:
Thanks got it logging now :) Or at least it logged mine correctly!

What kind of a query would I have to use to ban the ip from posting?
Click to expand...

Code: 
$banned_ips = array('123.456.7.8', '12.3.45.6');

if ( in_array($_SERVER['REMOTE_ADDR'], $banned_ips) )
    die("banned sry");
 
robmiller said:
Code: 
$banned_ips = array('123.456.7.8', '12.3.45.6');

if ( in_array($_SERVER['REMOTE_ADDR'], $banned_ips) )
    die("banned sry");
Click to expand...
How would I store the ips to an array when I have decided they are banned?
 
Code: 
function getIp() {
    $ip = false;
    if (array_key_exists('HTTP_CLIENT_IP', $_SERVER) && !empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $srcs = explode(', ', $_SERVER['HTTP_X_FORWARDED_FOR']);
        if ($ip) {
            array_unshift($srcs, $ip);
            $ip = false;
        }
        foreach ($srcs as $src) {
            if (preg_match('/^(10|172\.16|192\.168)\./', $src) == 0) {
                $ip = $src;
                break;
            }
        }
    }
    if (!$ip) {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

Slightly more reliable method of getting a viewers IP address, but even then it's not 100% as proxies can be configured to hide the address they're forwarding for.
 
You can also use a htaccess file to ban ips if your isp supports it. This would ban them from every page, without you having to modify the php.
 
I've always found IP banning pretty pointless. As mentioned you can just use a proxy to get around it or even spoof your IP (not difficult).

A much better way of handling users is to ensure people have to sign-up to post and then you can ban specific users, not just their IP.
 
Wimnat said:
I've always found IP banning pretty pointless. As mentioned you can just use a proxy to get around it or even spoof your IP (not difficult).

A much better way of handling users is to ensure people have to sign-up to post and then you can ban specific users, not just their IP.
Click to expand...
Ah, but that opens up a whole new kettle of fish, and I have no idea at all how I would manage a registration script, that checks for passwords etc
 
Well I have an idea of how to do it, but my php skills are very little atm, so im not certain, btw what does IIRC stand for?
 
jcb33 said:
Well I have an idea of how to do it, but my php skills are very little atm, so im not certain, btw what does IIRC stand for?
Click to expand...
Go for it - nice little project :cool:

Evolt.org have some great tutorials last time I looked :)

iirc means If I recall correctly...iirc :D
 
There is a LOT of example code out there for that sort of thing. It really isn't that difficult. Draw it out on paper and you will see there aren't many parts to the process. Plus, these forums are here if you get stuck.
 
PHP: 
$query = "SELECT * FROM `guest_bannedips`";
$result = mysql_query($query);
 while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
  if ($row['ip'] == $_SERVER['REMOTE_ADDR']) {
   die("You have been banned!!");
  }
 }

That should sort out banning :-)
 
Last edited:
Just before I tackle this im getting on with sorting my site out, im trying to make it so that if there are >6 posts on my main page, it creates another page to visit, like in my guestbook, but I cant get it working, this is the code I have so far...

*EDIT* Nm Sorted, Back to password system!
 
Last edited:
Jaffa_Cake said:
$query = "SELECT * FROM `guest_bannedips`";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
if ($row['ip'] == $_SERVER['REMOTE_ADDR']) {
die("You have been banned!!");
}
}

That should sort out banning :-)
Click to expand...

not very efficient is it.

$ip = $_SERVER["REMOTE_ADDR"];

$query = "SELECT $ip FROM guest_bannedips";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0) die('banned');
 
You must log in or register to reply here.
Back
Top Bottom