easy way to ban ip's, a whole span of um.

VooDooRT

I'm looking for the EASIEST way to bad a whole span of IPs that I set in a database.

Would preg_match work, or would there be a better way?

diego25

Take a look at ip2long. You can use that to convert IPs to long, and then just use simple number comparisons.

Diego

VooDooRT

Never heard of ip2long, I take it that's a php function that take an IP and makes it:

123456789012

right?

what if I want to compare that to 123456?

RedDragon

my solution:

store the ips in the database as 172.123.12.*
asteriks can be used to ban ranges

then use

if(getenv(HTTP_CLIENT_IP)) {
	$ip = getenv(HTTP_CLIENT_IP);
} elseif(getenv(HTTP_X_FORWARDED_FOR)) {
	$ip = getenv(HTTP_X_FORWARDED_FOR);
} else {
	$ip = getenv(REMOTE_ADDR);
}
$ips= explode(".", $ips);
//query to banned table
$regip = explode(".", $query);
if(($regip[0] == $ips[0] || $regip[0] == "*") && ($regip[1] == $ips[1] || $regip[1] == "*") && ($regip[2] == $ips[2] || $regip[2] == "*") && ($regip[3] == $ips[3] || $regip[3] == "*")) {
echo "You are banned";
}

diego25

what if I want to compare that to 123456?

That's ok, they are just numbers, so you can use the < and > operators. An example of my approach:

// to ban from 192.168.0.1 to 192.168.0.255:

$ip = "192.168.0.5"; // the ip in question
i$ip_long = ip2long($ip);
if ($ip_long > ip2long('192.168.0.1') && $ip_long < ip2long('192.168.0.255')) {
// ban ip
}

Obviously, you can do store the IPs like 192.168.0.1 and 192.168.0.255 in a database and use a loop to check each range...

Diego

VooDooRT

Originally posted by RedDragon
my solution:

store the ips in the database as 172.123.12.*
asteriks can be used to ban ranges

then use

if(getenv(HTTP_CLIENT_IP)) {
	$ip = getenv(HTTP_CLIENT_IP);
} elseif(getenv(HTTP_X_FORWARDED_FOR)) {
	$ip = getenv(HTTP_X_FORWARDED_FOR);
} else {
	$ip = getenv(REMOTE_ADDR);
}
$ips= explode(".", $ips);
//query to banned table
$regip = explode(".", $query);
if(($regip[0] == $ips[0] || $regip[0] == "*") && ($regip[1] == $ips[1] || $regip[1] == "*") && ($regip[2] == $ips[2] || $regip[2] == "*") && ($regip[3] == $ips[3] || $regip[3] == "*")) {
echo "You are banned";
}

[/B]

Should I use a WHERE ip=$ip? Or just retreive the whole array?

MtPHP2

Erm
It would be much easier just to loop through your db and pull out all the ips
then do
if($_SERVER['REMOTE_ADDR'] == "$var")
{
print "SHIT YOU CAN'T COME HERE";
} else
// ya script
}

RedDragon

does this support banning ranges with asteriks?

VooDooRT

Ok, I'm still having problems with this darn thing...

Here is what I have: I know it's ugly coding, but I'm working things out one line at a time and it's not helping me...ugh

function ipban($ip){
  global $fontString, $fontString2, $headString, $myrow;

$ips= explode(".", $ips);
$query = "SELECT * FROM security WHERE ipaddress = '$ips'";
$result = mysql_query($query) or die(mysql_error());
$regip = explode(".", $result);
if(($regip[0] == $ips[0] || $regip[0] == "*") && ($regip[1] == $ips[1] || $regip[1] == "*") && ($regip[2] == $ips[2] || $regip[2] == "*") && ($regip[3] == $ips[3] || $regip[3] == "*")) {
echo "$fontString You have been banned from them website!  Please contact the <a href=mailto:$myrow2[admin_email]>Webmaster</a>.";
}
}

RedDragon

here is the complete code, you need to modify it to mach your db!

//get the actual ip
if(getenv(HTTP_CLIENT_IP)) {
	$ip = getenv(HTTP_CLIENT_IP);
} elseif(getenv(HTTP_X_FORWARDED_FOR)) {
	$ip = getenv(HTTP_X_FORWARDED_FOR);
} else {
	$ip = getenv(REMOTE_ADDR);
}
$ips = explode(".", $ip);

//get the banned ips
$getbannedppl = mysql_query("SELECT * FROM ".$prefix."banned");
while($check = mysql_fetch_array($getbannedppl)) {
$regip = explode(".", $check[value]);
if(($regip[0] == $ips[0] || $regip[0] == "*") && ($regip[1] == $ips[1] || $regip[1] == "*") && ($regip[2] == $ips[2] || $regip[2] == "*") && ($regip[3] == $ips[3] || $regip[3] == "*")) {
$banned++;
}