0

I want to ban IP address to block user from accessing the website. I have this code for banning IP address.

$deny = array("111.111.111", "222.222.222", "333.333.333");
if(in_array ($_SERVER['REMOTE_ADDR'], $deny)){
   die("Your IP has been banned from accessing the website");
}

Now if I have comma separated values in database I can easily code this out by fetching the data and exploding it. But I have stored it as one IP every row. Now how can I make check that in array here?

  • If you're using Apache, `.htaccess` files can do IP blocking much easier: http://www.htaccess-guide.com/deny-visitors-by-ip-address/ – Lincoln Bergeson Jun 12 '17 at 17:05
  • Also, read this on spoofing `$_SERVER` values: https://stackoverflow.com/questions/5092563/how-to-fake-serverremote-addr-variable – Lincoln Bergeson Jun 12 '17 at 17:06
  • Why would you want to use in_array if you have one IP per row in your DB . Can't you just do a select and check whether $_SERVER['REMOTE_ADDR'] is present in your ban_list table? – GullDe Jun 12 '17 at 17:09
  • Build a query so you get a row back if the passed ip address is in the database. Also, why are you trying to block these ip addresses? There are much better tools for doing this like iptables (or even user friendly stuff like ufw). Depending on why you are banning the ips, it could be completely useless to do so. – Jonathan Kuhn Jun 12 '17 at 17:10

3 Answers3

2

You don't need an array or a loop or anything to achieve this. Just try to select the IP address from your table. If it doesn't exist, you know that the IP is not banned.

<?php
    $ip = $_SERVER['REMOTE_ADDR'];
    $sql = "SELECT * FROM banned_ips WHERE ip_address = '$ip'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        die("Your IP has been banned from accessing the website");
    }
?>
Hasan Aslam
  • 789
  • 6
  • 14
-1

You can get ip address through $_SERVER[REMOTE_ADDR] and then get data from the table with group_concat clause , if the ip address present into array then block the access else allowed.

$query = "select group_concat('ipaddress') bannedAddress from iptable limit 0,1";
$result = mysql_fetch_array(mysql_query($query));


if(in_array ($_SERVER['REMOTE_ADDR'], $result[0]['bannedAddress'])){
     die("Your IP has been banned from accessing the website");
}
Deepak Patil
  • 23
  • 5
  • Why would you join the rows just to explode them back out? Why not just loop over multiple rows in the result and add them to an array. Or better yet, use a where clause and select only count(*) `WHERE ip=:ipaddress` – Jonathan Kuhn Jun 12 '17 at 17:12
-1

You can do that by selecting every row from that table and then pushing it in an array, like this (here I am using mysqli, but it works with normal mysql as well. You just have to modify the code a tiny bit):

$deny = array();
$sql = "SELECT * FROM `banned_addresses`";
$result = $mysqli->query($sql);

while ($row = $result->fetch_assoc()) {
    array_push($deny, $row["address"];
}

if(in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
    die("Your IP has been banned from accessing the website");
}

But there are better ways to ban IPs. You can, for example, just check whether an entry for that IP address exists in the table. This is much faster:

$sql = "SELECT * FROM `banned_addresses`";
$result = $mysqli->query($sql);

if(mysql_fetch_array($result) !== false) {
    die("Your IP has been banned from accessing the website");
}

For many servers, there are also ways to ban IP addresses directly. For Apache, there is this guide.

StuntHacks
  • 457
  • 3
  • 15
  • 1
    This can be costly. Instead of getting ALL IP, he can use the WHERE clause and search if one exists in the database. – Ibu Jun 17 '17 at 05:09