Posted By

mladoux on 09/21/10


Tagged

mysql php security ban


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

tux-world


PHP/MySQL IP Ban List


 / Published in: PHP
 

URL: http://mark.haktstudios.com/

IP Ban List that stores banned IP addresses in a MySQL Database. Supports both IPv4 and IPv6 simultaneously. SQL code is in the comments.

  1. <?php
  2. /******************************************************************************
  3.  
  4. --
  5. -- Table structure for table `blocked_ips`
  6. --
  7.  
  8. CREATE TABLE IF NOT EXISTS `blocked_ips` (
  9.   `ip` varchar(39) COLLATE utf8_bin NOT NULL DEFAULT '0.0.0.0',
  10.   PRIMARY KEY (`ip`)
  11. ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
  12.  
  13. /******************************************************************************/
  14.  
  15. $dbhost = 'localhost'; // hostname of the database server
  16. $dbuser = 'user'; // database username
  17. $dbpass = 'pass'; // database password
  18. $dbname = 'database'; // name of the database to use
  19. $admin_mail = 'admin@localhost'; // admin's email address
  20.  
  21. /******************************************************************************
  22.   get_ip() - Attempts to retrieve the most accurate IP possible from user.
  23. /******************************************************************************/
  24.  
  25. function get_ip()
  26. {
  27. if(isset($_SERVER['X_FORWARDED_FOR']))
  28. {
  29. if(strpos($_SERVER['X_FORWARDED_FOR'], ',') === false)
  30. {
  31. return $_SERVER['X_FORWARDED_FOR'];
  32. }
  33. return trim(reset(explode(',', $_SERVER['X_FORWARDED_FOR'])));
  34. }
  35. return $_SERVER['REMOTE_ADDR'];
  36. }
  37.  
  38. $ip = get_ip();
  39.  
  40. // connect to the database
  41. $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
  42.  
  43. // build query
  44. $sql = mysql_query("SELECT * FROM blocked_ips WHERE ip='$ip' LIMIT 1");
  45. $result = mysql_num_rows($sql);
  46.  
  47. if ( $result == "1" )
  48. {
  49. header("HTTP/1.1 403 Forbidden");
  50. echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  51. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  52. <html>
  53. <head>
  54. <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
  55. <title>ERROR: 403 Forbidden - You have been banned!</title>
  56. <style type="text/css">
  57. </style>
  58. </head>
  59. <body>
  60. <h1>ERROR: 403 FORBIDDEN</h1>
  61. <p>
  62. It appears that your IP ( '.$ip.' ) has been banned from accessing
  63. this sites content. If you feel that this banning is in error, feel
  64. free to contact the sites administrator to have it removed.
  65. </p>
  66. <p>Admin Contact: <a href="MAILTO:'.$admin_mail.'">'.$admin_mail.'</a></p>
  67. </body>
  68. </html>
  69. ';
  70. die();
  71. }
  72.  
  73. // clean up variables
  74. unset($ip,$sql,$query,$result,$con,$dbhost,$dbuser,$dbpass,$dbpass);
  75.  
  76. /* end of file */

Report this snippet  

You need to login to post a comment.