May
28
Tutorial: PHP/mySQL Simple IP Banning
Posted by Pat
Today I am going to show you how to create an IP ban system. This does not include an IP manager, although if I receive enough requests, I will.
To start things off we need to create the page conf.inc.php. This page will be included in all the pages and contain the ban function and database details.
View Code PHP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <?php $db_user = ""; // Username $db_pass = ""; // Password $db_database = ""; // Database Name $db_host = ""; // Server Hostname $db_connect = mysql_connect ($db_host, $db_user, $db_pass); // Connects the the database $db_select = mysql_select_db ($db_database); // Selects the DB we will be searching in. // IP Ban Check function is_banned($ip) { // Starts the is_banned function. $q = mysql_query("SELECT * FROM `ban` WHERE `ip` = '$ip'") or die(mysql_error()); // Searches the database for the users ip. $rows = mysql_num_rows($q); // Counts all the results found. if ($rows > 0) { // If more than 0 were found. $banned = true; // The user is banned. } else { $banned = false; // The user is not banned. } return $banned; } ?> |
Breakdown:
We 1st connect the the database in order to retrieve data.
Then we create the function called is_banned() to check if the users ip is in the ban list.
Now we will implement this code in index.php.
View Code PHP
1 2 3 4 5 6 7 8 9 | <?php include("conf.inc.php"); // Include the database and function details. if (is_banned($_SERVER["REMOTE_ADDR"])) { // Start out function with the users ip. echo "Error: You have been banned from this website!"; // The user is banned. exit(); // Halts the rest of the script from performing. } else { echo "You have not been banned, congrats on not being one of the many assholes."; } ?> |
Now that script is not complex, but it is so you can build on it. I hope this was helpful to you. As always, if you have any questions, please feel free to ask.
June 24th, 2008 at 5:05 am
I prefer to use:
die (’Error: You have been banned from this website!’);
then
echo “Error: You have been banned from this website!”;
exit();
but everyone has their own choice, nice tutorial, shame I already knew how
June 28th, 2008 at 2:51 am
well i was just checking in google for ban tutorials so i can improve my website’s ban script but this isn’t “simple” it’s more like “the simplest” and I do not recommend it to anyone who is going to do some serious project/website.
July 7th, 2008 at 2:26 pm
To: anonymous
This tutorial was not made to be used on a live site, but to show a beginner on where to start, so then they can expand on it.
July 14th, 2008 at 12:48 am
:O Not Secure! Not Secure! Do Not Use!
July 14th, 2008 at 10:05 am
To Third
As I have said before, this is not meant to be pasted into a live site, but more for a php beginner looking for a way to start a ban list.
August 26th, 2008 at 5:07 am
Ty, work perfect. Respect
October 16th, 2008 at 11:07 am
Instead of banning, I would like to allow only specific IPs. Would this be better achieved through the web server?
Thanks for the Authentication tutorial, and thanks for sharing your knowledge.
Robert
November 18th, 2008 at 6:06 pm
Stumbled upon this using Google. Nice job!
@Robert:
Not sure, but I think this might help you:
<?php
if $_SERVER["REMOTE_ADDR"] != (insert IP){
die(”Sorry, you are not permitted to access this area.”);
} else {
(insert code)
}
If you want to accept more than one IP, try this:
Unsure about this method, as I’ve never tested it before.
November 18th, 2008 at 6:07 pm
Sorry about that, just do the if over and over but use elseif instead, but like i said, i never tested it.
February 25th, 2009 at 8:49 am
Couldn’t he just as easily stick the IPs that are allowed to view the content into an array? Would be far less coding than a bunch of elseifs.