PHP implements IP blocking function [original]_PHP tutorial

2008-01-24 00:00:00

//

This article is original from this website: www.drise.cn

Author: www.drise.cn

Please indicate when reprinting: from www.drise.cn

qq:271728967

//

When I woke up early in the morning, I suddenly saw that someone was doing disgusting things on my website. In order to prevent this kind of thing, I thought of a way to block the user's IP.

Let’s build the database on the homepage:

CREATE TABLE `su_lockip` (
`id` int(4) NOT NULL auto_increment,
`lockip` varchar(1024) default NULL,
PRIMARY KEY (`id`)
)

The next page is to create a page for sealing files. The main thing is that the user writes IPs separated by "|". I won't write much more on this page. I will simply write it, the storage code $UlockIp=$_POST[' z']?$_POST['z']:'';
if(empty($UlockIp)){
exit("<script>alert('Sorry, the information you entered is wrong!');history.back();</script>");
}
$sql="update su_lockip set lockip='$UlockIp'";
if(mysql_query($sql)){
exit("<script>alert('Locked successfully!');history.back();</script>");
}else{
exit("<script>alert('Sorry, the information you entered is wrong!');history.back();</script>");
}

It’s that simple. The final step is to lock it. The following code is based on whether the user IP is stored in the data. If so, it will prompt that the user has been killed. The code is as follows:

function lock_user_ip(){
$Usql =mysql_query("select * from su_lockip");
$Urs =mysql_fetch_array($Usql);
$UlockIp=$Urs['lockip'];
$ClockIp=$this->get_real_ip();
$Iplist =explode('|',$UlockIp);
if(in_array($ClockIp,$Iplist)){
exit('sorry system lock your IP');
}
}

function get_real_ip(){//This code comes from the Internet.
$ip=false;
if(!empty($_SERVER["HTTP_CLIENT_IP"])){
$ip = $_SERVER["HTTP_CLIENT_IP"];
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']);
If ($ip) { array_unshift($ips, $ip); $ip = FALSE; }
for ($i = 0; $i < count($ips); $i++) {
If (!eregi ("^(10|172.16|192.168).", $ips[$i])) {
$ip = $ips[$i];
        break;
}
}
}
Return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
}

Haha, it’s that simple after I finished writing, without any security filtering.