Welcome to my advanced IP banning script tutorial, this script will also include
an admin panel to allow for easy ban addition and removal.
The first and formost step is making the mysql table, this will hold the bans.
Code:
Code:
CREATE TABLE `banned` (
`id` int(11) NOT NULL auto_increment,
`ip` varchar(255) NOT NULL default '',
`time` varchar(255) NOT NULL default '',
`long` varchar(255) NOT NULL default '',
`reason` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM;
First for the coding, we have to make the
config file: config.php
PHP Code:
Code:
<?php
// config
$config['host'] = "localhost"; // host name of your mysql server
$config['user'] = "username"; // your mysql username
$config['pass'] = "password"; // your mysql password
$config['db'] = "database"; // the database your table is in.
// the @ sign is an error supressor, meaning we can use our own error messages, this connects and selects db
@mysql_connect("$config[host]","$config[user]","$config[pass]") or die("There was an error connecting to the database, MySql said:<br />".mysql_error()."");
@mysql_select_db("$config[db]") or die("There was an error connecting to the database, MySql said:<br />".mysql_error()."");
?>
That has our variables, and connects the the database, now we need to do the functions, make a new file and
save it as func.ban.php
Code:
<?php
// func.ban.php
// checks the ip to see if it is banned
function checkban($ip)
{
// querys database
$q = mysql_query("SELECT * FROM `banned` WHERE `ip` = '$ip' LIMIT 1");
$get = mysql_num_rows($q);
// if found
if ($get == "1")
{
// deny user access
$r=mysql_fetch_array($q);
die("You have been banned from this website until $r[legnth]. If you feel this is in error, please contact the webmaster.");
}
}
// places a ban in the database
function addban($ip,$reason,$legnth)
{
// get current time
$time = time();
// inserts code into database
$insert = mysql_query("INSERT INTO `banned` (`ip`,`time`,`long`,`reason`) VALUES ('$ip', '$time', '$legnth', '$reason')") or die("Could not add ban.<br />".mysql.error()."");
echo "The ip address, $ip, has been added to the ban list.";
}
// deletes a ban from the database
function delban($id)
{
// runs a delete query
$delete = mysql_query("DELETE FROM `banned` WHERE `id` = '$id' LIMIT 1") or die("Could not remove ban.<br />".mysql.error()."");
echo "The ip address has been removed from the ban list.";
}
// lists the bans in the ban admin
function listbans()
{
// link to add ban
echo "<a href='banadmin.php?x=add'>Add Ban</a><p>";
// loop to show all band
$query = mysql_query("SELECT * FROM `banned` ORDER BY time DESC");
$num = mysql_num_rows($query);
if ($num)
{
while ($r=mysql_fetch_array($query))
{
echo "$r[ip] - $r[reason] - <a href='banadmin.php?x=delete&id=$r[id]'>Delete</a><br />";
}
}
}
?>
Now we have to do the admin panel to this, make sure to place this in a secure directory.
Save this file as banadmin.php
Code:
<?php
// banadmin.php
// include the files
include "config.php";
include "func.ban.php";
// switch statement to do pages in admin
switch ($_GET['x'])
{
// if no page show bans
default:
listbans();
break;
// if add ban, show the form
case "add":
// if posted, insert it
if ($_POST['add'])
{
$ip = $_POST['ip'];
if (!$ip)
{
echo "You must put an ip address at least";
}
addban($ip,$_POST[reason],$_POST[legnth]);
}
// otherwise show form
else
{
echo "Add a ban.<br />";
echo "<form method='post' action='banadmin.php?x=add'>";
echo "IP Address<br /><input type='text' name='ip'><br />";
echo "Reason<br /><input type='text' name='reason'><br />";
echo "Legnth<br /><input type='text' name='legnth'><br />";
echo "<input type='submit' name='add' value='Add Ban'>";
}
break;
// delete ban
case "delete":
// got the id, preform the action
if ($_GET['id'])
{
delban($_GET['id']);
}
// show error
else
{
echo "No ip selected to remove";
}
break;
}
?>
Now, add this code at the top of your page, before any content is displayed, and it will check for the bans.
Code:
<?
include "config.php";
include "func.ban.php";
checkban($_SERVER['REMOTE_ADDR']);
?>
I'm sorry, but no one blocks IPs anymore. There is now account registration.
Develop your site so that anyone can view certain data, but only registered users can view privileged data and interact with the site via forums, comments, polls, etc. Then if a user gets out of line, don't block their IP or a range of IPs that may punish other innocent visitors, block their account.
Make their account the gateway to your site, not their dynamic IP.
here is a little bit of a tiny add on that makes it easy to appeal to a false ban:
replace the checkbad with this version
PHP Code:
function checkban($ip)
{
global $admin_email;
// querys database
$q = mysql_query("SELECT * FROM `banned` WHERE `ip` = '$ip' LIMIT 1");
$get = mysql_num_rows($q);
// if found
if ($get == "1")
{
// deny user access
$r=mysql_fetch_array($q);
die("You have been banned from this website until $r[legnth]. If you feel this is in error, please contact the webmaster at <a href=\"mailto:$admin_email\">$admin_email</a>.");
}
}
and add
PHP Code:
$admin_email = "banappeal@mysite.com";
to the config
and if edits went well this should be a easy way for people to ban appeal
I'm sorry, but no one blocks IPs anymore. There is now account registration.
Develop your site so that anyone can view certain data, but only registered users can view privileged data and interact with the site via forums, comments, polls, etc. Then if a user gets out of line, don't block their IP or a range of IPs that may punish other innocent visitors, block their account.
Make their account the gateway to your site, not their dynamic IP.
sometimes you need to ban ips to prevent people from reregistering. what are you going to do then, emails are free to register at places like yahoo and you can keep making new email to register with. And your typical spammer will have no idea how to bypass most of this.
I just been working with this script today and found it to be very useful for what i need and i have been additions to it nothing big but would like to know if you can make a function like this
Code:
function addban($ip,$reason,$legnth)
{
// get current time
$time = time();
// inserts code into database
$insert = mysql_query("INSERT INTO `banned` (`ip`,`time`,`long`,`reason`) VALUES ('$ip', '$time', '$legnth', '$reason')") or die("Could not add ban.<br />".mysql.error()."");
echo "The ip address, $ip, has been added to the ban list.";
}
But to allow you to update database and also have a update form to go with it.
The update form would be using text box to make changes and the text box's would also display the current data in the database...
Hey krypto.
It doesn't mess up your css.
you just don't know how to embed it.
here's an example.
Let's take this part since this is the main focus when someone is banned.
<?php
// func.ban.php
// checks the ip to see if it is banned
function checkban($ip)
{
// querys database
$q = mysql_query("SELECT * FROM `banned` WHERE `ip` = '$ip' LIMIT 1");
$get = mysql_num_rows($q);
// if found
if ($get == "1")
{
// deny user access
$r=mysql_fetch_array($q);
die("You have been banned from this website until $r[legnth]. If you feel this is in error, please contact the webmaster.");
}
}
You must always code it with \" if they have any quotation marks, if you wish to not do that, then I suggest you use ' for now. ' does the same thing. now let's take the script and put in a css.
<?php
// func.ban.php
// checks the ip to see if it is banned
function checkban($ip)
{
// querys database
$q = mysql_query("SELECT * FROM `banned` WHERE `ip` = '$ip' LIMIT 1");
$get = mysql_num_rows($q);
// if found
if ($get == "1")
{
// deny user access
$r=mysql_fetch_array($q);
die("<LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"http://domain.com/Style.css\">You Are Now Banned!!!");
}
}
Now we if you are trying to go out side of the boundaries let's say you are trying to give the banadmin.php a look on it, then you just have to put your css on top before the <?php ?> or behind it. This will do the same thing because it's already reading your css.
now if your trying to give the func.ban.php a look from the bottom of the code, that is nearly impossible. It would duplicate your tables, links, codes and what not, so instead of having 1 complete layout, you would have a lot of layouts while trying to only get one.
If your just having troubles embeding the css into the banned section, then just do what I said. If it's something else, then you might have screwed it up yourself. I love this script cuz I love to ban people who violate my terms of service.
Before you post, read our: 
