如何限制访问者的ip(PHPBB的代码)

如何限制访问者的ip(PHPBB的代码)

Code:

<?php
/***************************************************************************
* admin_user_ban.php
* -------------------
* begin : Tuesday, Jul 31, 2001
* copyright : (C) 2001 The phpBB Group
* email : [email]support@phpbb.com[/email]
*
* $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/

/***************************************************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* by Tom Nitzschner ([email]tom@toms-home.com[/email])
* [url]http://bbtonuke.sourceforge.net[/url] (or [url]http://www.toms-home.com)[/url]
*
* As always, make a backup before messing with anything. All code
* release by me is considered sample code only. It may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on [url]http://bbtonuke.sourceforge.net[/url] first,
* then on my site. All original header code and copyright messages will be maintained
* to give credit where credit is due. If you modify this, the only requirement is
* that you also maintain all original copyright messages. All my work is released
* under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

define('IN_PHPBB', 1);

if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Users']['Ban_Management'] = $filename;

return;
}

//
// Load default header
//
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);

//
// Start program
//
if ( isset($HTTP_POST_VARS['submit']) )
{
$user_bansql = '';
$email_bansql = '';
$ip_bansql = '';

$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}

$user_list[] = $this_userdata['user_id'];
}

$ip_list = array();
if ( isset($HTTP_POST_VARS['ban_ip']) )
{
$ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);

for($i = 0; $i < count($ip_list_temp); $i++)
{
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
{
//
// Don't ask about all this, just don't ask ... !为什么
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];

while ( $ip_1_counter <= $ip_1_end )
{
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];

if ( $ip_2_counter == 0 && $ip_2_end == 254 )
{
$ip_2_counter = 255;
$ip_2_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.255.255.255");
}

while ( $ip_2_counter <= $ip_2_end )
{
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
$ip_3_end = ( $ip_2_counter < $ip_2_end
$ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];

if ( $ip_3_counter == 0 && $ip_3_end == 254 )
{
$ip_3_counter = 255;
$ip_3_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
}

while ( $ip_3_counter <= $ip_3_end )
{
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
$ip_4_end = ( $ip_3_counter < $ip_3_end
$ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];

if ( $ip_4_counter == 0 && $ip_4_end == 254 )
{
$ip_4_counter = 255;
$ip_4_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
}

while ( $ip_4_counter <= $ip_4_end )
{
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
$ip_4_counter++;
}
$ip_3_counter++;
}
$ip_2_counter++;
}
$ip_1_counter++;
}
}
else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
{
$ip = gethostbynamel(trim($ip_list_temp[$i]));

for($j = 0; $j < count($ip); $j++)
{
if ( !empty($ip[$j]) )
{
$ip_list[] = encode_ip($ip[$j]);
}
}
}
else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
{
$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
}
}
}

$email_list = array();
if ( isset($HTTP_POST_VARS['ban_email']) )
{
$email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);

for($i = 0; $i < count($email_list_temp); $i++)
{
//
// This ereg match is based on one by [email]php@unreelpro.com[/email]
// contained in the annotated php manual at php.com (ereg
// section)
//
if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
{
$email_list[] = trim($email_list_temp[$i]);
}
}
}

$sql = "SELECT *
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
}

$current_banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$kill_session_sql = '';
for($i = 0; $i < count($user_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];

$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
VALUES (" . $user_list[$i] . ")";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
}
}
}

for($i = 0; $i < count($ip_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
{
$kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
}
else
{
$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
}

$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;

$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
VALUES ('" . $ip_list[$i] . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
}
}
}

//
// Now we'll delete all entries from the session table with any of the banned
// user or IP info just entered into the ban table ... this will force a session
// initialisation resulting in an instant ban
//
if ( $kill_session_sql != '' )
{
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE $kill_session_sql";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
}
}

for($i = 0; $i < count($email_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
VALUES ('" . str_replace("'", "''", $email_list[$i]) . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
}
}
}

$where_sql = '';

if ( isset($HTTP_POST_VARS['unban_user']) )
{
$user_list = $HTTP_POST_VARS['unban_user'];

for($i = 0; $i < count($user_list); $i++)
{
if ( $user_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
}
}
}

if ( isset($HTTP_POST_VARS['unban_ip']) )
{
$ip_list = $HTTP_POST_VARS['unban_ip'];

for($i = 0; $i < count($ip_list); $i++)
{
if ( $ip_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
}
}
}

if ( isset($HTTP_POST_VARS['unban_email']) )
{
$email_list = $HTTP_POST_VARS['unban_email'];

for($i = 0; $i < count($email_list); $i++)
{
if ( $email_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
}
}
}

if ( $where_sql != '' )
{
$sql = "DELETE FROM " . BANLIST_TABLE . "
WHERE ban_id IN ($where_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
}
}

$message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);

}
else
{
$template->set_filenames(array(
'body' => 'admin/user_ban_body.tpl')
);

$template->assign_vars(array(
'L_BAN_TITLE' => $lang['Ban_control'],
'L_BAN_EXPLAIN' => $lang['Ban_explain'],
'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],
'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],
'L_EMAIL_ADDRESS' => $lang['Email_address'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],

'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
);

$template->assign_vars(array(
'L_BAN_USER' => $lang['Ban_username'],
'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
'L_BAN_IP' => $lang['Ban_IP'],
'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
'L_BAN_EMAIL' => $lang['Ban_email'],
'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
);

$userban_count = 0;
$ipban_count = 0;
$emailban_count = 0;

$sql = "SELECT b.ban_id, u.user_id, u.username
FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
WHERE u.user_id = b.ban_userid
AND b.ban_userid <> 0
AND u.user_id <> " . ANONYMOUS . "
ORDER BY u.user_id ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
}

$user_list = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$select_userlist = '';
for($i = 0; $i < count($user_list); $i++)
{
$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
$userban_count++;
}

if( $select_userlist == '' )
{
$select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';
}

$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

$sql = "SELECT ban_id, ban_ip, ban_email
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);
}

$banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$select_iplist = '';
$select_emaillist = '';

for($i = 0; $i < count($banlist); $i++)
{
$ban_id = $banlist[$i]['ban_id'];

if ( !empty($banlist[$i]['ban_ip']) )
{
$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
$ipban_count++;
}
else if ( !empty($banlist[$i]['ban_email']) )
{
$ban_email = $banlist[$i]['ban_email'];
$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
$emailban_count++;
}
}

if ( $select_iplist == '' )
{
$select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';
}

if ( $select_emaillist == '' )
{
$select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';
}

$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';

$template->assign_vars(array(
'L_UNBAN_USER' => $lang['Unban_username'],
'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],
'L_UNBAN_IP' => $lang['Unban_IP'],
'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
'L_UNBAN_EMAIL' => $lang['Unban_email'],
'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],
'L_USERNAME' => $lang['Username'],
'L_LOOK_UP' => $lang['Look_up_User'],
'L_FIND_USERNAME' => $lang['Find_username'],

'U_SEARCH_USER' => append_sid("search.$phpEx?mode=searchuser&popup=1&menu=1"),
'S_UNBAN_USERLIST_SELECT' => $select_userlist,
'S_UNBAN_IPLIST_SELECT' => $select_iplist,
'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
);
}

$template->pparse('body');

include('./page_footer_admin.'.$phpEx);

?>

(0)

相关推荐

  • php IP及IP段进行访问限制的代码

    192.168.1.1 单个IP 192.168.1.* 这样代理 192.168.1.1-192.168.1-255 192.158.1.2-20 这样是代表192.158.1.2-192.158.1.20 也可以这样写 192.168.1.[1|2|3] 嘿嘿-一个方法不知道想法是否周全,拿出来大家讨论 使用 以下是引用片段: $oBlock_ip = new block_ip(); $oBlock_ip->checkIP(); 以下是引用片段: 复制代码 代码如下: <?php clas

  • PHP 获取客户端真实IP地址多种方法小结

    经过复杂的判断与算是的获取IP地址函数 复制代码 代码如下: function getIP() { if (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); } elseif (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif (getenv('HTTP_X_FORWARDED')) { $ip = getenv('

  • php REMOTE_ADDR之获取访客IP的代码

    <?php $iipp=$_SERVER["REMOTE_ADDR"]; echo $iipp; ?>[/code][code]<?php $user_IP = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; $user_IP = ($user_IP) ? $user_IP : $_SER

  • PHP实现限制IP访问的方法

    本文实例讲述了PHP实现限制IP访问的方法.分享给大家供大家参考,具体如下: //获取客户端ip if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP"); else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv("HTTP_X_FORWARDED_FOR"); else if(getenv("REMOT

  • PHP实现的限制IP投票程序IP来源分析

    本文实例分析了PHP实现的限制IP投票程序.分享给大家供大家参考,具体如下: 接到一个投票活动的需求,需要做IP限制,每个IP限制一定的投票机会.我在搜索引擎上搜索了关键词:PHP客户端IP ,结果基本上都是以下内容: if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) { $onlineip = getenv('HTTP_CLIENT_IP'); } elseif(getenv('

  • PHP用星号隐藏部份用户名、身份证、IP、手机号等实例

    一.仿淘宝评论购买记录隐藏部分用户名,以下代码亲测可用. 复制代码 代码如下: function cut_str($string, $sublen, $start = 0, $code = 'UTF-8') {     if($code == 'UTF-8')     {         $pa = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|\xe0[\xa0-\xbf][\x80-\xbf]|[\xe1-\xef][\x80-\xbf][\x80-\xbf]|\

  • PHP实现限制IP访问及提交次数的方法详解

    本文实例讲述了PHP实现限制IP访问及提交次数的方法.分享给大家供大家参考,具体如下: 一.原理 提交次数是肯定要往数据库里写次数这个数据的,比如用户登陆,当用户出错时就忘数据库写入出错次数1,并且出错时间,再出错写2,当满比如5次时提示不允许再登陆,请明天再试,然后用DateDiff计算出错时和now()的时间,如果大于24就再开放让他试. 封IP的话特别是给IP断就比较简单了, 先说给IP段开放的情况:先取出客户访问的IP,为了解释方便,设有IP192.168.6.2 现要开放IP段为192

  • PHP准确取得服务器IP地址的方法

    本文实例讲述了PHP准确取得服务器IP地址的方法.分享给大家供大家参考.具体分析如下: 在php中,我们一般通过$_SERVER['HTTP_HOST']来活得URL中网站的域名或者ip地址. php手册中的解释如下: "HTTP_HOST" 当前请求的 Host: 头信息的内容. 一般来说,这样子不会遇到什么问题,在一些常见的php框架中,如PFC3和FLEA也是基于该预定义变量. 然而最近在做的一个项目,程序移交到客户手里测试时,竟然发现程序的跳转总是会出错. 最后找出原因:$_S

  • php限制ip地址范围的方法

    本文实例讲述了php限制ip地址范围的方法.分享给大家供大家参考.具体如下: 只有在限定范围内的ip地址才能访问 function get_real_ipaddress() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) { return $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { return $_SERVER['HTTP_X_FORWAR

  • 用php代码限制国内IP访问我们网站

    利用淘宝的IP接口来判断IP,是否是国内的ip,是国内(CN)的就不允许访问. $ip = $_SERVER['REMOTE_ADDR']; $content = file_get_contents('http://ip.taobao.com/service/getIpInfo.php?ip='.$ip); $banned = json_decode(trim($content), true); $lan = strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE']

  • PHP中限制IP段访问、禁止IP提交表单的代码

    我们只要在feedback.php中添加下面的代码进行判断就可以了. 注意:下边只是一个PHP限制IP的实例代码,如果您打算应用到CMS中,请自行修改,或者如果您正在使用DEDECMS,可以联系本站. 复制代码 代码如下: <?php //加IP访问限制 if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) { $userip = getenv('HTTP_CLIENT_IP')

随机推荐