Tutorial: PHP/mySQL Simple IP Banning
Today I am going to show you how to create an IP ban system. This does not include an IP manager, although if I receive enough requests, I will.
To start things off we need to create the page conf.inc.php. This page will be included in all the pages and contain the ban function and database details.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <?php $db_user = ""; // Username $db_pass = ""; // Password $db_database = ""; // Database Name $db_host = ""; // Server Hostname $db_connect = mysql_connect ($db_host, $db_user, $db_pass); // Connects the the database $db_select = mysql_select_db ($db_database); // Selects the DB we will be searching in. // IP Ban Check function is_banned($ip) { // Starts the is_banned function. $q = mysql_query("SELECT * FROM `ban` WHERE `ip` = '$ip'") or die(mysql_error()); // Searches the database for the users ip. $rows = mysql_num_rows($q); // Counts all the results found. if ($rows > 0) { // If more than 0 were found. $banned = true; // The user is banned. } else { $banned = false; // The user is not banned. } return $banned; } ?> |
Breakdown:
We 1st connect the the database in order to retrieve data.
Then we create the function called is_banned() to check if the users ip is in the ban list.
Now we will implement this code in index.php.
1 2 3 4 5 6 7 8 9 | <?php include("conf.inc.php"); // Include the database and function details. if (is_banned($_SERVER["REMOTE_ADDR"])) { // Start out function with the users ip. echo "Error: You have been banned from this website!"; // The user is banned. exit(); // Halts the rest of the script from performing. } else { echo "You have not been banned, congrats on not being one of the many assholes."; } ?> |
Now that script is not complex, but it is so you can build on it. I hope this was helpful to you. As always, if you have any questions, please feel free to ask.
I prefer to use:
die (‘Error: You have been banned from this website!’);
then
echo “Error: You have been banned from this website!”;
exit();
but everyone has their own choice, nice tutorial, shame I already knew how
well i was just checking in google for ban tutorials so i can improve my website’s ban script but this isn’t “simple” it’s more like “the simplest” and I do not recommend it to anyone who is going to do some serious project/website.
To: anonymous
This tutorial was not made to be used on a live site, but to show a beginner on where to start, so then they can expand on it.
Here is an other way to do it:
$banned_ip = array();
$banned_ip[] = ‘ip.goes.here’; // first IP
$banned_ip[] = ‘ip.goes.here’; // second IP
foreach($banned_ip as $banned) {
$ip = $_SERVER['REMOTE_ADDR'];
if($ip == $banned){
header(“Location: banned.html”);
exit();
}
}
:O Not Secure! Not Secure! Do Not Use!
To Third
As I have said before, this is not meant to be pasted into a live site, but more for a php beginner looking for a way to start a ban list.
Ty, work perfect. Respect
Instead of banning, I would like to allow only specific IPs. Would this be better achieved through the web server?
Thanks for the Authentication tutorial, and thanks for sharing your knowledge.
Robert
Stumbled upon this using Google. Nice job!
@Robert:
Not sure, but I think this might help you:
<?php
if $_SERVER["REMOTE_ADDR"] != (insert IP){
die(“Sorry, you are not permitted to access this area.”);
} else {
(insert code)
}
If you want to accept more than one IP, try this:
Unsure about this method, as I’ve never tested it before.
Sorry about that, just do the if over and over but use elseif instead, but like i said, i never tested it.
Couldn’t he just as easily stick the IPs that are allowed to view the content into an array? Would be far less coding than a bunch of elseifs.
why do i get Table ‘logintut.ban’ doesn’t exist? :S
Did you create the table in the db? And does the name match the db?
grt info