[improved] Ip Banning Script

B

Brandon

Guest
This is demosthenes705 script I have improved it to be password protected. Do everything demosthenes did except change your ipban.php to this

PHP:
<?php 
include "protect.php"; 
?> 
<?php
ob_start();

include ('db.php');
$result=mysql_query("SELECT * FROM `ip`");

// Count table rows
$count=mysql_num_rows($result);
?>
<table width="500" border="0" cellspacing="1" cellpadding="0">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="400%" border="0" cellspacing="1" cellpadding="0">


<tr>
<td align="center"><strong>Id</strong></td>
<td align="center"><strong>IP</strong></td>
<td align="center"><strong>Banned</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center"><? $id[]=$rows['id']; ?><? echo $rows['id']; ?></td>
<td align="center"><input name="ip[]" type="text" id="ip" value="<? echo $rows['ip']; ?>"></td>
<td align="center">Yes or No<input name="banned[]" type="text" id="banned" value="<? echo $rows['banned']; ?>"></td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
// Check if button name "Submit" is active, do this
if($Submit){
for($i=0;$i<$count;$i++){

$banned[$i] = strtolower($banned[$i]);
$sql1="UPDATE `ip` SET ip='$ip[$i]', banned='$banned[$i]'WHERE id='$id[$i]'";
$result1=mysql_query($sql1);

}
}

if($result1){
header("location:ipban.php");
}
mysql_close();
ob_end_flush();
?>

Now create a page called protect.php inside place this

PHP:
<?php

#	IP BANNING ADMIN PANEL
#	THIS WILL PROTECT PEOPLE FROM BANNING RANDOM IP'S


session_start();

$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) {
	
	if(isset($HTTP_POST_VARS['u_name'])) 
		$u_name = $HTTP_POST_VARS['u_name'];
	
	if(isset($HTTP_POST_VARS['u_password'])) 
		$u_password = $HTTP_POST_VARS['u_password'];
	
	if(!isset($u_name)) {
		?>
		<HTML>
		<HEAD>
		<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
		</HEAD>
		<BODY bgcolor=#ffffff>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD>
			 <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>
		<?php
		$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
		
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
		
		?>
		<form method=post action=<?php echo $form_to; ?>>
		<table border=0 width=350>
		<TR>
		<TD><font face=verdana size=2><B>User Name</B></font></TD>
		<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
		<TR>
		<TD><font face=verdana size=2><B>Password</B></font></TD>
		<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
		</TR>
		</table>
		<input type=submit value=Login></form>
		</center>
		</font>
		</BODY>
		</HTML>
		
		<?php
		exit;
	}
	else {
		
		function login_error($host,$php_self) {
			echo "<HTML><HEAD>
			<TITLE>$host :  Administration</TITLE>
			</HEAD><BODY bgcolor=#ffffff>
			<table border=0 cellspacing=0 cellpadding=0 width=100%>
				 <TR><TD align=left>
				 <font face=verdana size=2><B> &nbsp;You Need to log on to access this part of the site! </b> </font></td>
				 </tr></table>
			<P></P>
			<font face=verdana size=2>
			<center>";
						
			echo "Error: You are not authorized to access this part of the site!
			<B><a href=$php_self>Click here</a></b> to login again.<P>
			</center>
			</font>
			</BODY>
			</HTML>";
			session_unregister("adb_password");
			session_unregister("user");
			exit;
		}
		
		$user_checked_passed = false;
		
		
		if(isset($HTTP_SESSION_VARS['adb_password'])) {
			
			$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
			
			if($admin_password != $adb_session_password) 
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			else {
				$user_checked_passed = true;
			}
		}
		
		
		if($user_checked_passed == false) {
			
			if(strlen($u_name)< 2) 
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			
			if($admin_user_name != $u_name) //if username not correct
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);		
			
			if(isset($admin_password)) {
				
				if($admin_password == $u_password) {
					
					session_register("adb_password");
					session_register("user");
					
					$adb_password = $admin_password;
					$user = $u_name;
				}
				else { //password in-correct
					login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
				}
			}
			else {
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			}
				
			$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
			if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
			$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
			
			header ("Location: ". $page_location);
		}
	}
}
?>

demosthenes705 said:
Learn how to IP ban people Admin Section Included

Ok so first we need to do some things like creat a table for the ip's to be sent to. Use the flowing code

Code:
CREATE TABLE `ip` (
`id` BIGINT( 25 ) NOT NULL AUTO_INCREMENT ,
`ip` VARCHAR( 25 ) NOT NULL ,
`banned` ENUM( 'yes', 'no' ) DEFAULT 'no' NOT NULL ,
PRIMARY KEY ( `id` )
) TYPE = MYISAM ;

What that code does is create a table to store the IP addresses. You can modify the code if needed.
------------------------

Now we need to create a database connect page. It should look like the following:

name it db.php
PHP:
<?
/*  Database Information - Required!!  */
/* -- Configure the Variables Below --*/
$dbhost = '*****'; //Usually localhost
$dbusername = '*******';
$dbpasswd = '*******';
$database_name = '*******';

/* Database Stuff, do not modify below this line */

$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd")
	or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)
	or die("Couldn't select database.");
?>

Basically what that does is create a connection to the database.
------------------------

Next we need to create the IP page. That page should look like this:
name this ip.php
PHP:
<?php
include ('db.php');
$ip = $_SERVER['REMOTE_ADDR'];

$queryip = mysql_query("SELECT * FROM `ip` WHERE `ip` = '$ip'") or die (mysql_error());

$rows = mysql_num_rows($queryip);

if ($rows > 0) {
}else{

$insertip = mysql_query("INSERT INTO `ip` (`ip`, `banned`) VALUES ('$ip','no')") or die 
(mysql_error());

}

$row = mysql_fetch_array($queryip);
$banned=$row['banned'];

if (($banned)=='yes'){
echo "You were banned from this site.";
exit();
}else{
}
?>

What that code does above is get their IP and check if they were banned or not.
------------------------
Admin Panel Section
------------------------
Ok lets make the admin section of the IP banner

This page will let you edit the ips that need to be banned. It will also allow you to ban many at once.

name this page ipban.php
PHP:
<?php
ob_start();

include ('db.php');
$result=mysql_query("SELECT * FROM `ip`");

// Count table rows
$count=mysql_num_rows($result);
?>
<table width="500" border="0" cellspacing="1" cellpadding="0">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="400%" border="0" cellspacing="1" cellpadding="0">


<tr>
<td align="center"><strong>Id</strong></td>
<td align="center"><strong>IP</strong></td>
<td align="center"><strong>Banned</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center"><? $id[]=$rows['id']; ?><? echo $rows['id']; ?></td>
<td align="center"><input name="ip[]" type="text" id="ip" value="<? echo $rows['ip']; ?>"></td>
<td align="center">Yes or No<input name="banned[]" type="text" id="banned" value="<? echo $rows['banned']; ?>"></td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
// Check if button name "Submit" is active, do this
if($Submit){
for($i=0;$i<$count;$i++){

$banned[$i] = strtolower($banned[$i]);
$sql1="UPDATE `ip` SET ip='$ip[$i]', banned='$banned[$i]'WHERE id='$id[$i]'";
$result1=mysql_query($sql1);

}
}

if($result1){
header("location:ipban.php");
}
mysql_close();
ob_end_flush();
?>

------------------------
That is a simple banning script. I will post an update to this script making it so you can add reasons to why they were banned.


Note: This script may not be shared with out my consent. Umm. all that other legal mumbo gumbo here (c) Chris Sterling
 
Last edited by a moderator:
Top