0

I'm trying to achieve a little app for my own use that reads the data sent to my database from contact form, and I want to be able to ban users that are not welcome by the contents of the contact form, and so on. So I, I have every users IP, that is sent with the form. But, it only saves deny from to database every time I click the ban button and I'm wondering why. Here's the whole code:

<?php
if(isset($_POST['submit'])) {
// Read the while file into a string $htaccess
$htaccess = file_get_contents('.htaccess');
// Stick the new IP just before the closing </files>
$new_htaccess = str_replace('allow from all', "deny from "."$unwanteduser"."\nallow from all", $htaccess);
// And write the new string back to the file
file_put_contents('.htaccess', $new_htaccess);
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Yhteydenottopyynnöt</title>
<style>
body{width:100%;}

tr:nth-child(even) { background: #ccc; }
</style>
</head>

<body>
<?php
$con = mysql_connect("localhost","user","pass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db", $con);

$result = mysql_query("SELECT * FROM wp_contactform");
$f = fopen(".htaccess", "a+");
$ip = $row['IP'];
    fwrite($ip , $f);
    fclose($f);

echo "<table border='1'>
<tr>
<th style='width:5%;'>ID</th>
<th style='width:10%;'>Nimi</th>
<th style='width:10%;'>Puhelin</th>
<th style='width:10%;'>Sposti</th>
<th style='width:40%;'>Viesti</th>
<th style='width:10%;'>P&auml;iv&auml;</th>
<th style='10%;'>IP</th>
<th style='5%;'>Ban</th>
</tr>";

$i = 0;
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td style='width:10%;'>" . $row['ID'] . "</td>";
  echo "<td style='width:10%;'>" . $row['Nimi'] . "</td>";
  echo "<td style='width:10%;'>" . $row['Puhelin'] . "</td>";
  echo "<td style='width:10%;'><a href='mailto:" . $row['Email'] . "'>" . $row['Email'] . "</a></td>";
  echo "<td style='width:40%;'>" . $row['Viesti'] . "</td>";
  echo "<td style='width:10%;' >" . $row['Day'] . "</td>";
  echo "<td style='width:10%;'>" . $row['IP'] . "</td>";
  $unwanteduser = $row['IP'];
  echo "<form action='thissamepage' method='post'><input type='hidden' value='$unwanteduser' name='gtfo'><input type='submit' name='submit' value='Ban'>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>
</body>
</html>
  • Write yourself some function like `htaccess_ban_ip($ip)` that does the job. Test the function isolated. If you see it works, continue with the next part of your application. See as well: http://stackoverflow.com/q/11575531/367456 – hakre Jul 20 '12 at 14:42
  • @hakre And what that function should contain.. I'm not that good with php. –  Jul 20 '12 at 19:01
  • Okay, well probably this name tells it better: `htaccess_add_ban_ip($htacess_file, $ip)` - It contains the code to add an IP to be banned to the given .htaccess file. That's basically part of the code you have got already but separated into a unit of it's own. – hakre Jul 21 '12 at 08:05

2 Answers2

1

$unwanteduser is not assigned the value from your form after submission

Try this

<?php
if(isset($_POST['submit'])) {
// Read the while file into a string $htaccess
$htaccess = file_get_contents('.htaccess');
// Stick the new IP just before the closing </files>
$unwanteduser = $_POST['gtfo']; 
$new_htaccess = str_replace('allow from all', "deny from "."$unwanteduser"."\nallow from all", $htaccess);
// And write the new string back to the file
file_put_contents('.htaccess', $new_htaccess);
}
?>

INFO : Once you submit the form , it seems to be like a page refresh , so what ever you assigned at the $unwanteduser before submitting the form will be lost

I am confused

$result = mysql_query("SELECT * FROM wp_contactform");
$f = fopen(".htaccess", "a+");
$ip = $row['IP'];

At this point , what is the value of $row['IP'] ? and what you are trying to append ??

Makesh
  • 1,236
  • 1
  • 11
  • 25
  • oh... It's a mistake... I was trying to achieve getting the desired IP, but so... –  Jul 20 '12 at 16:50
  • After figuring out, I tried this: `$ip = mysql_query("SELECT * FROM wp_contactform WHERE ID=$result"); `but it didn't actually do anything. It seems like that the $ip takes the last ip in the table. –  Jul 20 '12 at 19:13
0

As written in a comment, if you put those parts that form a logical unit into a function of it's own, things turn out to become more simple:

/**
 * add an ip to ban to a .htaccess file
 *
 * @param string $htaccess_file
 * @param string $ip
 * @return int Number of bytes that were written to the file, or FALSE on failure.
 */
function htaccess_add_ban_ip($htaccess_file, $ip)
{
    $htaccess_original = file_get_contents($htaccess_file);
    if (false === $htaccess_original) {
        return false;
    }
    $htaccess_changed = str_replace(
        'allow from all',
        "deny from $ip\nallow from all",
        $htaccess_original,
        $count
    );
    if ($count != 1) {
        return false;
    }
    return file_put_contents($htaccess_file, $htaccess_changed);
}

You then only need to call that function at the place where you need the functionality:

$result = htaccess_add_ban_ip($file, '127.0.0.1');

Check the return value to control if things went right, e.g. for testing:

if (false === $result) {
    die(sprintf('Could not write .htaccess file "%s".', $file));
}

if ($result < 36) {
    die(sprintf('Very little bytes (%d) written to .htaccess file "%s", this makes no sense, please check.', $result, $file));
}

die(sprintf('Successfully wrote IP %s to .htaccess file "%s" (%d bytes written).', $ip, $file, $result));

In the future you then can introduce needed functionality (like file-locking) inside the function and you must normally not change most of the rest of your script.

If you are looking for a way to simplify connecting and querying your mysql database a little, see as well this related answer to a different question:

It contains a MySql class/object with another example how to use/create functions to make the code easier to deal with.

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836