如何限制访问者的ip(PHPBB的代码)


Posted in PHP onOctober 09, 2006

如何限制访问者的ip(PHPBB的代码) Code:   <?php
/***************************************************************************
* admin_user_ban.php
* -------------------
* begin : Tuesday, Jul 31, 2001
* copyright : (C) 2001 The phpBB Group
* email : [email]support@phpbb.com[/email]
*
* $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/

/***************************************************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* by Tom Nitzschner ([email]tom@toms-home.com[/email])
* [url]http://bbtonuke.sourceforge.net[/url] (or [url]http://www.toms-home.com)[/url]
*
* As always, make a backup before messing with anything. All code
* release by me is considered sample code only. It may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on [url]http://bbtonuke.sourceforge.net[/url] first,
* then on my site. All original header code and copyright messages will be maintained
* to give credit where credit is due. If you modify this, the only requirement is
* that you also maintain all original copyright messages. All my work is released
* under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

define('IN_PHPBB', 1);

if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Users']['Ban_Management'] = $filename;

return;
}

//
// Load default header
//
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);

//
// Start program
//
if ( isset($HTTP_POST_VARS['submit']) )
{
$user_bansql = '';
$email_bansql = '';
$ip_bansql = '';

$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}

$user_list[] = $this_userdata['user_id'];
}

$ip_list = array();
if ( isset($HTTP_POST_VARS['ban_ip']) )
{
$ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);

for($i = 0; $i < count($ip_list_temp); $i++)
{
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
{
//
// Don't ask about all this, just don't ask ... !为什么
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];

while ( $ip_1_counter <= $ip_1_end )
{
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];

if ( $ip_2_counter == 0 && $ip_2_end == 254 )
{
$ip_2_counter = 255;
$ip_2_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.255.255.255");
}

while ( $ip_2_counter <= $ip_2_end )
{
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
$ip_3_end = ( $ip_2_counter < $ip_2_end
$ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];

if ( $ip_3_counter == 0 && $ip_3_end == 254 )
{
$ip_3_counter = 255;
$ip_3_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
}

while ( $ip_3_counter <= $ip_3_end )
{
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
$ip_4_end = ( $ip_3_counter < $ip_3_end
$ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];

if ( $ip_4_counter == 0 && $ip_4_end == 254 )
{
$ip_4_counter = 255;
$ip_4_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
}

while ( $ip_4_counter <= $ip_4_end )
{
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
$ip_4_counter++;
}
$ip_3_counter++;
}
$ip_2_counter++;
}
$ip_1_counter++;
}
}
else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
{
$ip = gethostbynamel(trim($ip_list_temp[$i]));

for($j = 0; $j < count($ip); $j++)
{
if ( !empty($ip[$j]) )
{
$ip_list[] = encode_ip($ip[$j]);
}
}
}
else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
{
$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
}
}
}

$email_list = array();
if ( isset($HTTP_POST_VARS['ban_email']) )
{
$email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);

for($i = 0; $i < count($email_list_temp); $i++)
{
//
// This ereg match is based on one by [email]php@unreelpro.com[/email]
// contained in the annotated php manual at php.com (ereg
// section)
//
if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
{
$email_list[] = trim($email_list_temp[$i]);
}
}
}

$sql = "SELECT *
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
}

$current_banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$kill_session_sql = '';
for($i = 0; $i < count($user_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];

$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
VALUES (" . $user_list[$i] . ")";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
}
}
}

for($i = 0; $i < count($ip_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
{
$kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
}
else
{
$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
}

$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;

$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
VALUES ('" . $ip_list[$i] . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
}
}
}

//
// Now we'll delete all entries from the session table with any of the banned
// user or IP info just entered into the ban table ... this will force a session
// initialisation resulting in an instant ban
//
if ( $kill_session_sql != '' )
{
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE $kill_session_sql";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
}
}

for($i = 0; $i < count($email_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
VALUES ('" . str_replace("'", "''", $email_list[$i]) . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
}
}
}

$where_sql = '';

if ( isset($HTTP_POST_VARS['unban_user']) )
{
$user_list = $HTTP_POST_VARS['unban_user'];

for($i = 0; $i < count($user_list); $i++)
{
if ( $user_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
}
}
}

if ( isset($HTTP_POST_VARS['unban_ip']) )
{
$ip_list = $HTTP_POST_VARS['unban_ip'];

for($i = 0; $i < count($ip_list); $i++)
{
if ( $ip_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
}
}
}

if ( isset($HTTP_POST_VARS['unban_email']) )
{
$email_list = $HTTP_POST_VARS['unban_email'];

for($i = 0; $i < count($email_list); $i++)
{
if ( $email_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
}
}
}

if ( $where_sql != '' )
{
$sql = "DELETE FROM " . BANLIST_TABLE . "
WHERE ban_id IN ($where_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
}
}

$message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);

}
else
{
$template->set_filenames(array(
'body' => 'admin/user_ban_body.tpl')
);

$template->assign_vars(array(
'L_BAN_TITLE' => $lang['Ban_control'],
'L_BAN_EXPLAIN' => $lang['Ban_explain'],
'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],
'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],
'L_EMAIL_ADDRESS' => $lang['Email_address'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],

'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
);

$template->assign_vars(array(
'L_BAN_USER' => $lang['Ban_username'],
'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
'L_BAN_IP' => $lang['Ban_IP'],
'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
'L_BAN_EMAIL' => $lang['Ban_email'],
'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
);

$userban_count = 0;
$ipban_count = 0;
$emailban_count = 0;

$sql = "SELECT b.ban_id, u.user_id, u.username
FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
WHERE u.user_id = b.ban_userid
AND b.ban_userid <> 0
AND u.user_id <> " . ANONYMOUS . "
ORDER BY u.user_id ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
}

$user_list = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$select_userlist = '';
for($i = 0; $i < count($user_list); $i++)
{
$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
$userban_count++;
}

if( $select_userlist == '' )
{
$select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';
}

$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

$sql = "SELECT ban_id, ban_ip, ban_email
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);
}

$banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$select_iplist = '';
$select_emaillist = '';

for($i = 0; $i < count($banlist); $i++)
{
$ban_id = $banlist[$i]['ban_id'];

if ( !empty($banlist[$i]['ban_ip']) )
{
$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
$ipban_count++;
}
else if ( !empty($banlist[$i]['ban_email']) )
{
$ban_email = $banlist[$i]['ban_email'];
$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
$emailban_count++;
}
}

if ( $select_iplist == '' )
{
$select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';
}

if ( $select_emaillist == '' )
{
$select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';
}

$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';

$template->assign_vars(array(
'L_UNBAN_USER' => $lang['Unban_username'],
'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],
'L_UNBAN_IP' => $lang['Unban_IP'],
'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
'L_UNBAN_EMAIL' => $lang['Unban_email'],
'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],
'L_USERNAME' => $lang['Username'],
'L_LOOK_UP' => $lang['Look_up_User'],
'L_FIND_USERNAME' => $lang['Find_username'],

'U_SEARCH_USER' => append_sid("search.$phpEx?mode=searchuser&popup=1&menu=1"),
'S_UNBAN_USERLIST_SELECT' => $select_userlist,
'S_UNBAN_IPLIST_SELECT' => $select_iplist,
'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
);
}

$template->pparse('body');

include('./page_footer_admin.'.$phpEx);

?>

PHP 相关文章推荐
PHP之变量、常量学习笔记
Mar 27 PHP
php access 数据连接与读取保存编辑数据的实现代码
May 12 PHP
PHP中session变量的销毁
Feb 27 PHP
PHP判断远程图片是否存在的几种方法
May 04 PHP
php实现refresh刷新页面批量导入数据的方法
Dec 23 PHP
php实现网站顶踩功能的完整前端代码
Jul 19 PHP
简述php环境搭建与配置
Dec 05 PHP
php 遍历目录,生成目录下每个文件的md5值并写入到结果文件中
Dec 12 PHP
yii插入数据库防并发的简单代码
May 27 PHP
PHP实现的数组和XML文件相互转换功能示例
Mar 15 PHP
PHP大文件切割上传功能实例分析
Jul 01 PHP
Thinkphp极验滑动验证码实现步骤解析
Nov 24 PHP
substr()函数中文版
Oct 09 #PHP
如何使用PHP中的字符串函数
Oct 09 #PHP
vBulletin Forum 2.3.xx SQL Injection
Oct 09 #PHP
PHP_Flame(Version:Progress)的原代码
Oct 09 #PHP
图形数字验证代码
Oct 09 #PHP
用PHP函数解决SQL injection
Oct 09 #PHP
session 的生命周期是多长
Oct 09 #PHP
You might like
php根据分类合并数组的方法实例详解
2013/11/06 PHP
PHP5各个版本的新功能和新特性总结
2014/03/16 PHP
让CodeIgniter数据库缓存自动过期的处理的方法
2014/06/12 PHP
php缩放gif和png图透明背景变成黑色的解决方法
2014/10/14 PHP
php创建和删除目录函数介绍和递归删除目录函数分享
2014/11/18 PHP
PHP7+Nginx的配置与安装教程详解
2016/05/10 PHP
兼容FireFox 的 js 日历 支持时间的获取
2009/03/04 Javascript
通过实例理解javascript中没有函数重载的概念
2015/06/03 Javascript
JavaScript各类型的关系图解
2015/10/16 Javascript
学习使用jQuery表单验证插件和日历插件
2017/02/13 Javascript
详解升级react-router 4 踩坑指南
2017/08/14 Javascript
创建Vue项目以及引入Iview的方法示例
2018/12/03 Javascript
简单了解JavaScript异步
2019/05/23 Javascript
详解微信小程序工程化探索之webpack实战
2020/04/20 Javascript
深入浅析JavaScript中的in关键字和for-in循环
2020/04/20 Javascript
django定期执行任务(实例讲解)
2017/11/03 Python
TensorFlow saver指定变量的存取
2018/03/10 Python
python模块smtplib实现纯文本邮件发送功能
2018/05/22 Python
django框架之cookie/session的使用示例(小结)
2018/10/15 Python
Python中时间datetime的处理与转换用法总结
2019/02/18 Python
Python选择网卡发包及接收数据包
2019/04/04 Python
Python爬虫学习之翻译小程序
2019/07/30 Python
Python对接支付宝支付自实现功能
2019/10/10 Python
解决pycharm不能自动补全第三方库的函数和属性问题
2020/03/12 Python
python3.9和pycharm的安装教程并创建简单项目的步骤
2021/02/03 Python
River Island美国官网:英国高街时尚品牌
2018/09/04 全球购物
Pop In A Box英国:Funko POP搪胶公仔
2019/05/27 全球购物
自主招生教师推荐信
2014/05/10 职场文书
企业承诺书格式
2014/05/21 职场文书
2014年银行工作总结范文
2014/11/12 职场文书
小学班主任评语
2014/12/29 职场文书
小学国庆节活动总结
2015/03/23 职场文书
杨善洲观后感
2015/06/04 职场文书
sqlserver2017共享功能目录路径不可改的解决方法
2021/04/16 SQL Server
Python中npy和mat文件的保存与读取
2022/04/24 Python
浅谈音视频 pts dts基本概念及理解
2022/08/05 数码科技