IP Span Ban

VooDooRT

This is only picking the first out of the database...I'm tired, and brainfarting like mad, so I Can't de-big it...

Ideas?

function ipban($ip){
  global $fontString, $fontString2, $headString, $myrow;
  	$query = "SELECT * FROM security";
	$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
	echo("$row[ipaddress]");
	if(preg_match("$row['ipaddress']", "$ip")){
		print" $fontString You have been banned from this website!  Please contact the <a href=mailto:$myrow2[admin_email]>Webmaster</a>.";
     exit;
	}
	else{
		return 1;
	}
}

//file that checks it all
if(ipban($REMOTE_ADDR) == 1) {
//do or show some stuff
}

laserlight

Your while loop only runs once.
Immediately after the preg_match() test, either page execution exits, or the function returns 1, implying return of control from the function to the main script.

This is my suggestion:

function ipban($ip){ 
	global $fontString, $fontString2, $headString, $myrow;
	$query = "SELECT ipaddress FROM security";
	$result = mysql_query($query) or die(mysql_error());
	while ($row = mysql_fetch_assoc($result)) {
		echo $row['ipaddress'];
		if (preg_match("/" . $row['ipaddress'] . "/", $ip)) {
			exit($fontString . 'You have been banned from this website! Please contact the <a href="mailto:" . $myrow2['admin_email'] . '">Webmaster</a>'); 
		}
	}
	return 1;
}

//file that checks it all 
if(ipban($_SERVER['REMOTE_ADDR']) == 1) {
	//do or show some stuff 
}

Conversely, you could simply use:
$query = "SELECT * FROM security WHERE ipaddress='$ip'";
then if no rows are returned it is ok.

EDIT:
actually, are you checking for IP addresses or IPs like:
1.2.3.* ?
If you're only checking for the IP address itself, then you shouldnt use regex, === will do.

trooper

where are you getting the IP addresses from

My guess is that you're using $_SERVER['HTTP_REFERER'] is that a correct guess?

laserlight

Read the code, VooDooRT used $REMOTE_ADDR