2 
CREATE TABLE `banned_ip` (
  `id` INT( 25 ) NOT NULL AUTO_INCREMENT PRIMARY KEY , 
  `ip` VARCHAR( 25 ) NOT NULL , 
  `reason` TEXT NOT NULL )

配置文件

    <?php
// config
$config['host'] = "localhost"; // host name of your mysql server
$config['user'] = "username"; // your mysql username
$config['pass'] = "password"; // your mysql password
$config['db'] = "database"; // the database your table is in.

// the @ sign is an error supressor, meaning we can use our own error messages, this connects and selects db
@mysql_connect("$config[host]","$config[user]","$config[pass]") 
    or die("There was an error connecting to the database, MySql said:<br />".mysql_error()."");
@mysql_select_db("$config[db]") 
    or die("There was an error connecting to the database, MySql said:<br />".mysql_error()."");
?>

禁止.php

<?php 
include("connect.php"); 
$ip = $_SERVER['REMOTE_ADDR']; 
$find_ip = mysql_query("SELECT * FROM banned_ip WHERE ip='$ip'"); 
$ban = mysql_fetch_array($find_ip); 
if($ip == $ban['ip']){ 
    die("You are banned from this site!");
else {
    echo "Your Were not Banned";
    $sql = "INSERT INTO user(ip) VALUES('$ip')";
} 
?>

我正在做的是检查我的数据库中的 ip 是否被禁止。如果没有被禁止,向他显示消息“你没有被禁止”并禁止他。

将他的IP存储在数据库中。然后如果他再次出现在网站上,将会显示“你被禁止进入这个网站!”

这样,我只给每个 ip 一次访问我的内容的权限。这个脚本是否足够有效?这个脚本不适合我。它没有禁止我的 ip ,而是不断向我展示我的内容。

4

2 回答 2

3

您显然正在使用不同的表格。您对banned_ip 进行选择查询,以检查该IP 是否被禁止。但是如果他没有被禁止,你尝试插入到用户表中。这样您就可以记下所有被禁止的 IP,但您不会选择它们。

此外,当您查询数据库时,执行 SELECT * 是不好的行为。只选择您需要的值(在这种情况下,它甚至无关紧要,因为您检查他是否找到了 ip 的行)。

从来没有 100% 确定的方法可以防止未登录的用户访问内容。如果您禁止某个 IP,您可能会同时禁止多个人(例如学校)。使用 cookie(以及 Sessions)效率不够,因为 cookie 可以被删除。

<?php 
include("connect.php"); 
$ip = $_SERVER['REMOTE_ADDR']; 
$find_ip = mysql_query("SELECT ip FROM banned_ip WHERE ip='$ip'"); 
$ban = mysql_fetch_array($find_ip); 
if($ip == $ban['ip']){ 
    die("You are banned from this site!");
else {
    echo "Your Were not Banned";
    $sql = "INSERT INTO banned_ip (ip) VALUES('$ip')";
} 
?>
于 2012-05-06T12:38:48.580 回答
0 
<?php> include "connect_to_mysql.php";
$proxy_headers = array(
    'HTTP_VIA',
    'HTTP_X_FORWARDED_FOR',
    'HTTP_FORWARDED_FOR',
    'HTTP_X_FORWARDED',
    'HTTP_FORWARDED',
    'HTTP_CLIENT_IP',
    'HTTP_FORWARDED_FOR_IP',
    'VIA',
    'X_FORWARDED_FOR',
    'FORWARDED_FOR',
    'X_FORWARDED',
    'FORWARDED',
    'CLIENT_IP',
    'FORWARDED_FOR_IP',
    'HTTP_PROXY_CONNECTION'
   );
   foreach($proxy_headers as $x){
    if (isset($_SERVER[$x])) die("You are using a proxy!");
   }

     $counter = 1873;
    $MM_redirectLoginFailed = "sorry_search.php";
   $MM_redirecttoReferrer = false;

 $dynamicList="";
 $dynamicListaa="";
 $sql = mysql_query("SELECT * FROM ip WHERE ip LIKE '%54.36.%'");
 $productCount = mysql_num_rows($sql); // count the output amount
 if ($productCount > 0) {
    // get all the product details
    while($row = mysql_fetch_array($sql)){ 
         $product_name = $row["ip"];
        $counter++;

  $sql2 = mysql_query("INSERT INTO bannedIp (bannedip_id, bannedip) VALUES ('".$counter."', '".$product_name."')") or die(mysql_error());
  echo $sql2;
   print($product_name);

     }

     } else {
     header("Location: ". $MM_redirectLoginFailed );
     }


 $ip = $_SERVER['REMOTE_ADDR']; 
$find_ip = mysql_query("SELECT * FROM bannedIp WHERE bannedip='$ip'"); 
$ban = mysql_fetch_array($find_ip); 
if($ip == $ban['bannedip']){ 
 die("You are banned from this site2!");
 }

$ip_parts = explode (".", $_SERVER['REMOTE_ADDR']);
$parts = $ip_parts[0] . $ip_parts[1];
if($parts == 5436)
{
 die("You are banned from this site1!");
 }
 <?>
于 2019-09-26T23:48:58.660 回答