有效禁止使用php和mysql的IP?
Config.php有效禁止使用php和mysql的IP?,php,mysql,ip,Php,Mysql,Ip,Config.php CREATE TABLE `banned_ip` ( `id` INT( 25 ) NOT NULL AUTO_INCREMENT PRIMARY KEY , `ip` VARCHAR( 25 ) NOT NULL , `reason` TEXT NOT NULL ) Ban.php <?php // config $config['host'] = "localhost"; // host name of your mysql serv
CREATE TABLE `banned_ip` (
`id` INT( 25 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`ip` VARCHAR( 25 ) NOT NULL ,
`reason` TEXT NOT NULL )
Ban.php
<?php
// config
$config['host'] = "localhost"; // host name of your mysql server
$config['user'] = "username"; // your mysql username
$config['pass'] = "password"; // your mysql password
$config['db'] = "database"; // the database your table is in.
// the @ sign is an error supressor, meaning we can use our own error messages, this connects and selects db
@mysql_connect("$config[host]","$config[user]","$config[pass]")
or die("There was an error connecting to the database, MySql said:<br />".mysql_error()."");
@mysql_select_db("$config[db]")
or die("There was an error connecting to the database, MySql said:<br />".mysql_error()."");
?>
显然,您正在使用不同的表。您对禁用的ip执行select查询,以检查该ip是否被禁用。但是如果他没有被禁止,您将尝试插入用户表。通过这种方式,您可以记下所有被禁止的IP,但不会选择它们
此外,当您查询数据库时,执行SELECT*也是一种不好的行为。只选择您需要的值(在本例中,什么都不重要,因为您检查他是否找到ip的行)
没有一种百分之百确定的方法可以阻止未登录用户访问内容。如果你禁止一个IP,你可能会同时禁止几个人(比如学校)。使用cookie(以及会话)效率不够,因为cookie可以被删除
<?php
include("connect.php");
$ip = $_SERVER['REMOTE_ADDR'];
$find_ip = mysql_query("SELECT * FROM banned_ip WHERE ip='$ip'");
$ban = mysql_fetch_array($find_ip);
if($ip == $ban['ip']){
die("You are banned from this site!");
else {
echo "Your Were not Banned";
$sql = "INSERT INTO user(ip) VALUES('$ip')";
}
?>
不要通过IP进行禁止。这样做会导致学校、企业或家庭网络上的每个用户(通常都在NAT或出站防火墙后面)在用户被禁止时被阻止。不要通过IP禁止,只有在检测到重复滥用或禁止规避时才这样做。没有完全可靠的方法,但是,通过将用户代理与IP相结合,可以缩小范围。你选择的任何方法都可以被狡猾的用户绕过,除非你完全禁止他们的用户帐户。我的要求是禁止ip,只允许访问者一次访问。请给我一些代码帮助。顺便说一句,不再建议使用mysql_uu函数。请使用mysqli_uu或PDO。这不是一个你要求代码而人们开始为你工作的地方。您是否意识到必须设置一个数据库才能使此代码正常工作?如果没有相应的表格,这不会神奇地禁止IP。谢谢你指出。我无法理解你的答案。谢谢你的帮助,我的答案更新了。因为我不知道你的数据库实际上是什么样子,这只是猜测。看,只要确保你正在搜索的ip所在的表也是你在其中插入被禁止的ip的表。没什么大不了的。欢迎来到stackoverflow。谢谢你回答这个问题。我认为,如果你能详细阐述一下,用文字解释一下问题所在,以及应该采取哪些不同的做法,会更有帮助。
<?php
include("connect.php");
$ip = $_SERVER['REMOTE_ADDR'];
$find_ip = mysql_query("SELECT ip FROM banned_ip WHERE ip='$ip'");
$ban = mysql_fetch_array($find_ip);
if($ip == $ban['ip']){
die("You are banned from this site!");
else {
echo "Your Were not Banned";
$sql = "INSERT INTO banned_ip (ip) VALUES('$ip')";
}
?>
<?php> include "connect_to_mysql.php";
$proxy_headers = array(
'HTTP_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'HTTP_FORWARDED_FOR_IP',
'VIA',
'X_FORWARDED_FOR',
'FORWARDED_FOR',
'X_FORWARDED',
'FORWARDED',
'CLIENT_IP',
'FORWARDED_FOR_IP',
'HTTP_PROXY_CONNECTION'
);
foreach($proxy_headers as $x){
if (isset($_SERVER[$x])) die("You are using a proxy!");
}
$counter = 1873;
$MM_redirectLoginFailed = "sorry_search.php";
$MM_redirecttoReferrer = false;
$dynamicList="";
$dynamicListaa="";
$sql = mysql_query("SELECT * FROM ip WHERE ip LIKE '%54.36.%'");
$productCount = mysql_num_rows($sql); // count the output amount
if ($productCount > 0) {
// get all the product details
while($row = mysql_fetch_array($sql)){
$product_name = $row["ip"];
$counter++;
$sql2 = mysql_query("INSERT INTO bannedIp (bannedip_id, bannedip) VALUES ('".$counter."', '".$product_name."')") or die(mysql_error());
echo $sql2;
print($product_name);
}
} else {
header("Location: ". $MM_redirectLoginFailed );
}
$ip = $_SERVER['REMOTE_ADDR'];
$find_ip = mysql_query("SELECT * FROM bannedIp WHERE bannedip='$ip'");
$ban = mysql_fetch_array($find_ip);
if($ip == $ban['bannedip']){
die("You are banned from this site2!");
}
$ip_parts = explode (".", $_SERVER['REMOTE_ADDR']);
$parts = $ip_parts[0] . $ip_parts[1];
if($parts == 5436)
{
die("You are banned from this site1!");
}
<?>