如何限制访问者的ip(PHPBB的代码)


Posted in PHP onOctober 09, 2006

如何限制访问者的ip(PHPBB的代码) Code:   <?php
/***************************************************************************
* admin_user_ban.php
* -------------------
* begin : Tuesday, Jul 31, 2001
* copyright : (C) 2001 The phpBB Group
* email : [email]support@phpbb.com[/email]
*
* $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/

/***************************************************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* by Tom Nitzschner ([email]tom@toms-home.com[/email])
* [url]http://bbtonuke.sourceforge.net[/url] (or [url]http://www.toms-home.com)[/url]
*
* As always, make a backup before messing with anything. All code
* release by me is considered sample code only. It may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on [url]http://bbtonuke.sourceforge.net[/url] first,
* then on my site. All original header code and copyright messages will be maintained
* to give credit where credit is due. If you modify this, the only requirement is
* that you also maintain all original copyright messages. All my work is released
* under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

define('IN_PHPBB', 1);

if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Users']['Ban_Management'] = $filename;

return;
}

//
// Load default header
//
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpEx);

//
// Start program
//
if ( isset($HTTP_POST_VARS['submit']) )
{
$user_bansql = '';
$email_bansql = '';
$ip_bansql = '';

$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
}

$user_list[] = $this_userdata['user_id'];
}

$ip_list = array();
if ( isset($HTTP_POST_VARS['ban_ip']) )
{
$ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);

for($i = 0; $i < count($ip_list_temp); $i++)
{
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
{
//
// Don't ask about all this, just don't ask ... !为什么
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];

while ( $ip_1_counter <= $ip_1_end )
{
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];

if ( $ip_2_counter == 0 && $ip_2_end == 254 )
{
$ip_2_counter = 255;
$ip_2_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.255.255.255");
}

while ( $ip_2_counter <= $ip_2_end )
{
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
$ip_3_end = ( $ip_2_counter < $ip_2_end
$ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];

if ( $ip_3_counter == 0 && $ip_3_end == 254 )
{
$ip_3_counter = 255;
$ip_3_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
}

while ( $ip_3_counter <= $ip_3_end )
{
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
$ip_4_end = ( $ip_3_counter < $ip_3_end
$ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];

if ( $ip_4_counter == 0 && $ip_4_end == 254 )
{
$ip_4_counter = 255;
$ip_4_fragment = 255;

$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
}

while ( $ip_4_counter <= $ip_4_end )
{
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
$ip_4_counter++;
}
$ip_3_counter++;
}
$ip_2_counter++;
}
$ip_1_counter++;
}
}
else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
{
$ip = gethostbynamel(trim($ip_list_temp[$i]));

for($j = 0; $j < count($ip); $j++)
{
if ( !empty($ip[$j]) )
{
$ip_list[] = encode_ip($ip[$j]);
}
}
}
else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
{
$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
}
}
}

$email_list = array();
if ( isset($HTTP_POST_VARS['ban_email']) )
{
$email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);

for($i = 0; $i < count($email_list_temp); $i++)
{
//
// This ereg match is based on one by [email]php@unreelpro.com[/email]
// contained in the annotated php manual at php.com (ereg
// section)
//
if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
{
$email_list[] = trim($email_list_temp[$i]);
}
}
}

$sql = "SELECT *
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
}

$current_banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$kill_session_sql = '';
for($i = 0; $i < count($user_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];

$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
VALUES (" . $user_list[$i] . ")";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
}
}
}

for($i = 0; $i < count($ip_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
{
$kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
}
else
{
$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
}

$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;

$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
VALUES ('" . $ip_list[$i] . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
}
}
}

//
// Now we'll delete all entries from the session table with any of the banned
// user or IP info just entered into the ban table ... this will force a session
// initialisation resulting in an instant ban
//
if ( $kill_session_sql != '' )
{
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE $kill_session_sql";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
}
}

for($i = 0; $i < count($email_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
{
$in_banlist = true;
}
}

if ( !$in_banlist )
{
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
VALUES ('" . str_replace("'", "''", $email_list[$i]) . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
}
}
}

$where_sql = '';

if ( isset($HTTP_POST_VARS['unban_user']) )
{
$user_list = $HTTP_POST_VARS['unban_user'];

for($i = 0; $i < count($user_list); $i++)
{
if ( $user_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
}
}
}

if ( isset($HTTP_POST_VARS['unban_ip']) )
{
$ip_list = $HTTP_POST_VARS['unban_ip'];

for($i = 0; $i < count($ip_list); $i++)
{
if ( $ip_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
}
}
}

if ( isset($HTTP_POST_VARS['unban_email']) )
{
$email_list = $HTTP_POST_VARS['unban_email'];

for($i = 0; $i < count($email_list); $i++)
{
if ( $email_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
}
}
}

if ( $where_sql != '' )
{
$sql = "DELETE FROM " . BANLIST_TABLE . "
WHERE ban_id IN ($where_sql)";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
}
}

$message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);

}
else
{
$template->set_filenames(array(
'body' => 'admin/user_ban_body.tpl')
);

$template->assign_vars(array(
'L_BAN_TITLE' => $lang['Ban_control'],
'L_BAN_EXPLAIN' => $lang['Ban_explain'],
'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],
'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],
'L_EMAIL_ADDRESS' => $lang['Email_address'],
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],

'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
);

$template->assign_vars(array(
'L_BAN_USER' => $lang['Ban_username'],
'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
'L_BAN_IP' => $lang['Ban_IP'],
'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
'L_BAN_EMAIL' => $lang['Ban_email'],
'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
);

$userban_count = 0;
$ipban_count = 0;
$emailban_count = 0;

$sql = "SELECT b.ban_id, u.user_id, u.username
FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
WHERE u.user_id = b.ban_userid
AND b.ban_userid <> 0
AND u.user_id <> " . ANONYMOUS . "
ORDER BY u.user_id ASC";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
}

$user_list = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$select_userlist = '';
for($i = 0; $i < count($user_list); $i++)
{
$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
$userban_count++;
}

if( $select_userlist == '' )
{
$select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';
}

$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

$sql = "SELECT ban_id, ban_ip, ban_email
FROM " . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);
}

$banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);

$select_iplist = '';
$select_emaillist = '';

for($i = 0; $i < count($banlist); $i++)
{
$ban_id = $banlist[$i]['ban_id'];

if ( !empty($banlist[$i]['ban_ip']) )
{
$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
$ipban_count++;
}
else if ( !empty($banlist[$i]['ban_email']) )
{
$ban_email = $banlist[$i]['ban_email'];
$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
$emailban_count++;
}
}

if ( $select_iplist == '' )
{
$select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';
}

if ( $select_emaillist == '' )
{
$select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';
}

$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';

$template->assign_vars(array(
'L_UNBAN_USER' => $lang['Unban_username'],
'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],
'L_UNBAN_IP' => $lang['Unban_IP'],
'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
'L_UNBAN_EMAIL' => $lang['Unban_email'],
'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],
'L_USERNAME' => $lang['Username'],
'L_LOOK_UP' => $lang['Look_up_User'],
'L_FIND_USERNAME' => $lang['Find_username'],

'U_SEARCH_USER' => append_sid("search.$phpEx?mode=searchuser&popup=1&menu=1"),
'S_UNBAN_USERLIST_SELECT' => $select_userlist,
'S_UNBAN_IPLIST_SELECT' => $select_iplist,
'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
);
}

$template->pparse('body');

include('./page_footer_admin.'.$phpEx);

?>

PHP 相关文章推荐
解决GD中文乱码问题
Feb 14 PHP
PHP教程之PHP中shell脚本的使用方法分享
Feb 23 PHP
PHP IE中下载附件问题解决方法
Jan 07 PHP
php表单敏感字符过滤类
Dec 08 PHP
Yii使用smsto短信接口的函数demo示例
Jul 13 PHP
php实现页面纯静态的实例代码
Jun 21 PHP
PHP弱类型语言中类型判断操作实例详解
Aug 10 PHP
基于Laravel实现的用户动态模块开发
Sep 21 PHP
支持汉转拼和拼音分词的PHP中文工具类ChineseUtil
Feb 23 PHP
PHP7如何开启Opcode打造强悍性能详解
May 11 PHP
php使用curl模拟多线程实现批处理功能示例
Jul 25 PHP
laravel框架语言包拓展实现方法分析
Nov 22 PHP
substr()函数中文版
Oct 09 #PHP
如何使用PHP中的字符串函数
Oct 09 #PHP
vBulletin Forum 2.3.xx SQL Injection
Oct 09 #PHP
PHP_Flame(Version:Progress)的原代码
Oct 09 #PHP
图形数字验证代码
Oct 09 #PHP
用PHP函数解决SQL injection
Oct 09 #PHP
session 的生命周期是多长
Oct 09 #PHP
You might like
基于PHP Socket配置以及实例的详细介绍
2013/06/13 PHP
教你如何解密 “ PHP 神盾解密工具 ”
2014/06/20 PHP
destoon实现会员商铺中指定会员或会员组投放广告的方法
2014/08/21 PHP
php中session_id()函数详细介绍,会话id生成过程及session id长度
2015/09/23 PHP
php实现大文件断点续传下载实例代码
2019/10/01 PHP
jquery利用ajax调用后台方法实例
2013/08/23 Javascript
jquery 鼠标滑动显示详情应用示例
2014/01/24 Javascript
JavaScript操作XML/HTML比较常用的对象属性集锦
2015/10/30 Javascript
基于Jquery代码实现手风琴菜单
2015/11/19 Javascript
AngularJS ng-template寄宿方式用法分析
2016/11/07 Javascript
Bootstrap3 图片(响应式图片&amp;图片形状)
2017/01/04 Javascript
js实现旋转木马效果
2017/03/17 Javascript
JS实现预加载视频音频/视频获取截图(返回canvas截图)
2017/10/09 Javascript
详解vue 数组和对象渲染问题
2018/09/21 Javascript
JavaScript队列结构Queue实现过程解析
2020/03/07 Javascript
在Vuex中Mutations修改状态操作
2020/07/24 Javascript
[44:15]国士无双DOTA2 6.82版本详解(上)
2014/09/28 DOTA
Python+matplotlib绘制不同大小和颜色散点图实例
2018/01/19 Python
pandas创建新Dataframe并添加多行的实例
2018/04/08 Python
Python基于递归实现电话号码映射功能示例
2018/04/13 Python
python使用RNN实现文本分类
2018/05/24 Python
Python中pandas dataframe删除一行或一列:drop函数详解
2018/07/03 Python
Python 调用 zabbix api的方法示例
2019/01/06 Python
如何使用python3获取当前路径及os.path.dirname的使用
2019/12/13 Python
Django 自定义权限管理系统详解(通过中间件认证)
2020/03/11 Python
CSS3绘制超炫的上下起伏波动进度加载动画
2016/04/21 HTML / CSS
美国高端医师级美容产品电商:BeautifiedYou.com
2017/04/17 全球购物
意大利奢侈品多品牌集合店:TheDoubleF
2019/08/24 全球购物
新郎新娘婚礼答谢词
2014/01/11 职场文书
《石榴》教学反思
2014/03/02 职场文书
教师作风整改措施思想汇报
2014/10/12 职场文书
报名委托书
2015/01/29 职场文书
优秀英文求职信范文
2015/03/19 职场文书
python-for x in range的用法(注意要点、细节)
2021/05/10 Python
浅谈python数据类型及其操作
2021/05/25 Python
webpack介绍使用配置教程详解webpack介绍和使用
2022/06/25 Javascript