0

I've setup a PHP IP Blacklist system and it works really well. I now want it to be able to take a reason from the txt file.

ip_blacklist.txt

1.2.4.5 , No Spamming Allowed
1.2.4.5 , No Spamming Allowed
1.2.4.5 , No Spamming Allowed

Now in PHP it get's the IP to compare it to the users IP being used, that's perfect. But if the IP matches the IP in the txt it will redirect you to a blacklist page. I want it to display the reason for their blacklisting.

How do I get the reason matching the IP in the txt file using PHP and then linking it to $reason?

Alireza Fallah
  • 4,609
  • 3
  • 31
  • 57
TimTims
  • 43
  • 9
  • 1
    Show the code you have for comparing the user's IP to the blacklist. – nickb Jan 17 '14 at 14:51
  • He said it's in a text file. But yeah, it'd probably be better to use a database for this, if one is being used for the site anyway. Either way, it shouldn't be difficult. You just need to get at the non-IP part of the string in the text document. PHP has plenty of string functions you can use to do this. And if you don't want to find a function, just loop through the line off the text doc that matches the IP and delete all the characters before the first comma in the line. – Obversity Jan 17 '14 at 14:58
  • 1
    Not using a DB is pretty dangerous. You might have your file overwritten by two concurrent requests. – kuroi neko Jan 17 '14 at 14:59
  • @kuroineko Sounds like it's a small operation and he's banning them manually. Could be wrong. – Obversity Jan 17 '14 at 15:00
  • @Obversity It might be so, but I thought it was worth mentioning just in case. – kuroi neko Jan 17 '14 at 15:03
  • Sidenotes: I should have phrased that as "Do it in `a` DB". Use `.htaccess` to protect your `.txt` if you're going to go that route. – Funk Forty Niner Jan 17 '14 at 15:04

3 Answers3

0

Edit: Edited to include preg_match method of getting result from file instead of db. This method would do the check if the user is in the blacklist as well as get the users reason.

You could simply store the users IP in your database along with a reason. Then when the check is run, if the user is in the blacklist, query the database for their ip, and return and display the reason. 

$ip = $_SERVER['REMOTE_ADDR'];

$sql = 'SELECT reason FROM blacklist WHERE ip = "' . $ip . '"';

Then run that sql against your database. Ofcourse that is a rough idea and has no protection against sql injection, so I would advise in using some form of excaping and validating that $ip is in the correct format for an ip address before running the query.

The overall process would be:

  1. Check if user is in blacklist by comparing ip to file.
  2. User is in blacklist.
  3. Get reason from database by the users ip.
  4. Display reason.

If you are just looking to do it all by file, then it would be a better of getting the file contents, finding the ip and reason and displaying the reason.

This could be done using preg_match.

$file = file_get_contents('path/to/blacklist/file');

$ip = $_SERVER['REMOTE_ADDR'];

$pattern = '#' . $ip . '\s,\s.*#';

if(preg_match($pattern, $file_contents, $matches)) {

    $match = $matches[0];

    $explode = explode(',', $match);

    $reason = $explode[1];

    echo $reason;
}

Note this is untested, but I think it would work.

Joe
  • 1,384
  • 10
  • 17
0

Or you could use explode:

$myTextFileLine = "1.2.4.5 , No Spamming Allowed";
$cutted = explode(",", $myTextFileLine);
echo "Ip blacklisted: ".$cutted[0].", reason: ".$cutted[1];
Hackerman
  • 12,139
  • 2
  • 34
  • 45
0

Like the answers above, I agree that the best way to solve this would be store the user's IP in a database, but if you still need to read a file for it, this code should do the job: 

<?php
//The file you will read
$file = fopen("ip_blacklist.txt", "r") or exit("Unable to open file!");
//Where we will store each ip as we read it
$ip = "";
$parts;
while(!feof($file))
  {
    //Split the line and save the parts
    $parts = explode(" , ", fgets($file));
    $ip = $parts[0];
    $reason = $parts[1];
    //And here you can compare it to the client's ip
    //The first one is the ip read from the file
    echo $ip."<br>";
    //And this is how you would get the client's ip
    echo $_SERVER['REMOTE_ADDR']."<br>";
  }
  //Close the file
fclose($file);
?>

Note that the way to get the client's IP I used is not the best by any means (since it can be spoofed really easily). For more information about that, read here How to get Client IP address in PHP?

-Edit-

And I just noticed you simply wanted to check the IP, compare it and get the reason. In that case, change the while to: 

while(!feof($file))
  {
    //Split the line and save the parts
    $parts = explode(" , ", fgets($file));
    $ip = $parts[0];
    if($_SERVER['REMOTE_ADDR'] == $ip)
        echo $parts[1];
  }
Community
  • 1
  • 1
Squirrel
  • 392
  • 7
  • 15