Banning Users By IP

Place to place any code snippets, completed games, or even uncompleted games for IR users to use.
Post Reply
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Banning Users By IP

Post by Epiales »

I didn't see a lot on here about banning users, so I thought I would share at least one way that you can do it. It's the way I do it, so hopefully someone can get some benefit from this. I've been here a bit and wanted to share something, considering all the help I've received. You all are great.

First of all we are going to need to have a way to get the persons IP address and store it into the database. So let's look at the database. Quite simple.

In your users table, just add an extra field called ip. That's all you need. Just make it text...nothing else.

Now on your registration page, where you insert their information into the database with your query, you just add the ip in the query. But we will need to define the ip address as well. So make your query similar to what I have below:

Code: Select all

$insertdb= mysql_query("INSERT INTO `user` (`username`,`password`,`email`, `ip`) VALUES ('$username','".md5($password)."','$email', '$ip')") or die(mysql_error());
Now you will need to define what the ip is before the query.

Code: Select all

$ip = $_SERVER['REMOTE_ADDR'];
$long = ip2long($ip);
Now when the user registers, it will put their real IP address into the database, like so: 192.548.222.111

Okay, done with the database and registration. Let's make a function to be able to retrieve a persons IP when they go to your homepage.

Code: Select all

function getUserIP(){
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}
Now what I do, is I already have a functions.php file, so I just added this function in that file, and then it's included in all my pages as an include.

Okay, now that the function is done, we will need something to grab that IP and check it upon arriving at your homepage or any page in your site. I created just an empty php page and called it banusers.php. Then you include that file in all your pages, just as the functions.php.

banusers.php only needs the below; nothing more/less.

Code: Select all

<?php

// These are the IP addresses that you put from the database when a user needs banned. //
$denied_ips = array(
'127.0.0.1',
'7.225.199.34',
'2.3.*',
);


//This will check the user for their IP address and get it from the function we created.//
$visitorIp = getUserIP();

// This is where it will search the IP to see if it is blacklisted.//
$status = array_search($visitorIp, $denied_ips);

// This checks to see if it's blacklisted: TRUE, or if it's not: FALSE
if($status !== false){
    header("Location: banusertext.php");
    // exit; 
} 
?>
And just add your location to the php page that you will have your message to the user that is banned.

That about sums it up. When you need to blacklist a user from your site... Go to your database, get their IP and just add it to the banusers.php and it will ban them from every page in your site as long as you have included the banusers.php at the top of each file.

Example:

Code: Select all


<?php
session_start();
include("functions.php");
include("header.php");
include("banusers.php");

 
I'm sure there are easier ways or better ways, but I hope this helps someone ;) ;)
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Banning Users By IP

Post by Jackolantern »

Don't ban users by IP! The majority of private users today have dynamic IP addresses, meaning they have a new one every time they turn their modem off and back on. So it doesn't really keep them out long-term at best, and at worst you may be preventing legitimate, unbanned users from entering the site if they take the IP of someone who was banned.
The indelible lord of tl;dr
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Banning Users By IP

Post by Epiales »

Jackolantern wrote:Don't ban users by IP! The majority of private users today have dynamic IP addresses, meaning they have a new one every time they turn their modem off and back on. So it doesn't really keep them out long-term at best, and at worst you may be preventing legitimate, unbanned users from entering the site if they take the IP of someone who was banned.
I can see where that can happen.
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Chris
Posts: 1580
Joined: Wed Sep 30, 2009 7:22 pm

Re: Banning Users By IP

Post by Chris »

I'd do that at Apache level. You should also read http://en.wikipedia.org/wiki/Botnet and http://en.wikipedia.org/wiki/Proxy_server.
Fighting for peace is declaring war on war. If you want peace be peaceful.
Post Reply

Return to “Code Sharing”