Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/65.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 以编程方式将ip地址从mysql表添加到.htaccess文件并阻止用户_Php_Mysql_.htaccess - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 以编程方式将ip地址从mysql表添加到.htaccess文件并阻止用户

Php 以编程方式将ip地址从mysql表添加到.htaccess文件并阻止用户

php mysql .htaccess

Php 以编程方式将ip地址从mysql表添加到.htaccess文件并阻止用户,php,mysql,.htaccess,Php,Mysql,.htaccess,嗨,我们的好编程朋友, 基于这个问题的主题,我在整个网站上搜索了关于这个主题的相关问题。但我还没有找到类似于从db表读取数据并将值解析到.htaccess文件的方法 任务是: 如果php记录了来自特定ip地址的3次失败登录尝试,则应调用.htaccess来阻止该用户的访问 这个任务可以在这个网站上找到。 但不可用的是以下几行: 1) 每次有人试图仅访问此文件夹中的所有文件时,都应调用.htaccess。 2) .htaccess应该读取mysql表,并将传入的ip与mysql表中的ip列表进行比

嗨,我们的好编程朋友, 基于这个问题的主题,我在整个网站上搜索了关于这个主题的相关问题。但我还没有找到类似于从db表读取数据并将值解析到.htaccess文件的方法

任务是:

如果php记录了来自特定ip地址的3次失败登录尝试,则应调用.htaccess来阻止该用户的访问

这个任务可以在这个网站上找到。 但不可用的是以下几行:

1) 每次有人试图仅访问此文件夹中的所有文件时,都应调用.htaccess。 2) .htaccess应该读取mysql表,并将传入的ip与mysql表中的ip列表进行比较。 3) 如果存在匹配,.htaccess应将用户重定向到自由输入位置

注意,我可以使用php和mysql select语句来检查文件夹内的文件。 但我不希望出现这种情况。我宁愿使用.htaccess文件

此处,.htaccess文件不会记录ip地址,但只会检查该ip是否已在表中

例如,psudo代码如下:

.htaccess file enabled = true
create a temporary variable ($ip) in .htaccess file
On user access to any .php pages in /test/ folder,
retrieve user's ip and temporarily store in $ip variable.

open connection on .php page
load login table having ip match as $ip.
if found then redirect
else continue to loading page
end if
close connection
end on
destroy the variable
请不要介意我的psudo代码。。。。尽管它看起来很愚蠢和幼稚。 这是一个概念,但我不知道如何写入或读取.htaccess文件,也不知道.htaccess编程使用什么编程语言

任何帮助都将被告知。。。
谢谢。

我在一个网站上找到了这个,但它似乎正是你想要的

<?php


// Get the IP address of the visitor so we can work with it later.
$ip = $_SERVER['REMOTE_ADDR'];

// This is where we pull the file and location of the htaccess file. If it's in
// the same directory as this php file, just leave it as is.
$htaccess = '.htaccess';

// This pulls the current contents of your htaccess file so we can search it later.
$contents = file_get_contents($htaccess, TRUE) 
          OR exit('Unable to open .htaccess');

// Lets search the htaccess file to see if there is already a ban in place.
$exists = !stripos($contents, 'deny from ' . $ip . "\n") 
          OR exit('Already banned, nothing to do here.');

// Here we just pull some details we can use later.
$date   = date('Y-m-d H:i:s');
$uri    = htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES);
$agent  = htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES);
$agent  = str_replace(array("\n", "\r"), '', $agent);

// If you would like to be emailed everytime a ban happens, put your email
// INSIDE the quotes below. (e.g. 'my@email.com')
$email = '';

// This is where we can whitelist IP's so they can never be banned. Simply remove 
// the //  from the front of one of the example IP addresses below and add the 
// address you wish to whitelist. Make sure that you leave the single quotes (') 
// intact and the comma at the end. Adding a person to the whitelist AFTER they 
// have been banned will NOT remove them. You must open the htaccess file and 
// locate their ban by hand and remove it.
$whitelist = array(
  // '123.123.123.123',
  // '123.123.123.123',
  // '123.123.123.123',
);


// This section prevents people from being sent to this script by mistake
// via a link, image, or other referer source. If you don't want to check
// the referer, you can remove the following line. Make sure you also
// remove the ending } at the very end of this script.
if (empty($_SERVER['HTTP_REFERER'])) {

// This section will write the IP address to the htaccess file and in turn
// ban the address. It will however check the whitelist above to see if
// should be banned.
  if (in_array($ip, $whitelist)) {

    // User is in whitelist, print a message and end script.
    echo "Hello user! Because your IP address ({$ip}) is in our whitelist,
    you were not banned for attempting to visit this page. End of line.";

  } else {

    // User is NOT in whitelist - we need to ban em...
    $ban =  "\n# The IP below was banned on $date for trying to access {$uri}\n";
    $ban .= "# Agent: {$agent}\n";
    $ban .= "Deny from {$ip}\n";

    file_put_contents($htaccess, $ban, FILE_APPEND) 
          OR exit('Cannot append rule to .htaccess');

    // Send email if address is specified
    if (!empty($email)) {
      $message = "IP Address: {$ip}\n";
      $message .= "Date/Time: {$date}\n";
      $message .= "User Agent: {$agent}\n";
      $message .= "URL: {$uri}";

      mail($email, 'Website Auto Ban: ' . $ip, $message);
    }

    // Send 403 header to browser and print HTML page
    header('HTTP/1.1 403 Forbidden', TRUE);
    echo '<html><head><title>Error 403 - Banned</title></head><body>
    <center><h1>Error 403 - Forbidden</h1>Hello user, you have been 
    banned from accessing our site. If you feel this ban was a mistake, 
    please contact the website administrator to have it removed.<br />
    <em>IP Address: '.$ip.'</em></center></body></html>';

  }

}
查看已接受的答案

你可以用你的php代码来更新blacklist.txt。这样更安全。听起来你对
htaccess的用例有点误入歧途。好吧,我希望你知道IP!=一个人。如果只是关于失败的登录尝试,您应该查看denyhosts,或者只在应用程序堆栈中执行。如果.htaccess能够完成所有这些,那么就不需要用任何web编程语言编写实际的业务逻辑。在发布此类问题之前,请仔细研究一下
.htaccess
及其限制。我不知道我问了什么,你为什么不高兴?如果你是一名教师,你就不会有学生。嗨,伙计们,我感谢你们的评论…但让我们更进一步。我已经编写了一个代码来检查失败的尝试,并将ip地址添加到mysql表中。现在,我需要调出表中的IP,并使用.htaccess文件来比较匹配的IP。这就是我需要做的。请多加评论。。。非常感谢。我已经看到了答案。。。。它是从一个txt文件中读取的。我在读取mysql数据库表时遇到问题。其次,在编写.htaccess代码、重写映射等时,是否需要打开.htaccess文件并编写代码?我在这里干什么?谢谢。你知道,如果一个黑客使用一个特定的系统尝试生成密码和用户名,在第三次尝试时,他的ip应该被阻止。所以,他必须继续尝试更多的系统。告诉我,他将购买多少个系统来继续尝试3倍于他生成的代码,以获得哈希密码和用户名?每个用户名和密码都是散列的。因此,这样的黑客需要一年的时间才能通过。这就是试图阻止ip地址背后的想法。

<FilesMatch 403.shtml>
Order Allow,Deny
Allow From All
</FilesMatch>



RewriteMap access txt:/path/to/blacklist.txt