All geek questions in one place

PHP - Block IPs for 24 hours

I have a PHP file in which I want to collect people IP, and then prevent the continued operation of the PHP file if their IP address launched the file in the last 24 hours. I tried with cookies, but he continued to give me the error β€œcan’t change the header”. In addition, people could simply clear their cookies. Basically, it stores the IP address of everyone who runs the php file, and then if he tries to access it within 24 hours, it will "echo". You can access this again in 24 hours and not run the entire file. Do it again after 24 hours.

+4
source share
5 answers

Each time a page is viewed, check to see if the IP address is in the database table after deleting records that are longer than 24 hours.

// Purge records mysql_query("DELETE FROM ip_table WHERE access_date < DATE_SUB(CURDATE(), INTERVAL 24 HOUR)"); $ip = $_SERVER['REMOTE_ADDR']; $result = mysql_query("SELECT ip FROM ip_table WHERE ip = '$ip'"); if($result){ die("You can access this again in 24 hours"); } else { $result = mysql_query("INSERT INTO ip_table (ip, access_date) VALUES ('$ip', NOW())"); }

However, this will block all users using the shared connection. It is better to require a login, and then block access for each user.

+2
source

I think it will be much easier for you to have a table in which the last access time for each ip is stored, with a structure like:

 Access - id - int - ip_addr - int - last_access - datetime

you convert from an IP address in $_SERVER['SERVER_ADDR'] to an integer with inet_pton() and make a simple selection in this DB table

+1
source

Approaches I can see work more often than not:

IP ban

Pros:

  • Blocks all browsers with this IP address.
  • Pretty easy to set up

Minuses:

  • Many false positives may appear for people over NAT, etc.
  • The user can switch to another computer or otherwise change the IP (proxy)

Cookies

Pros:

  • You have a browser id that reports
  • Easy setup and deployment

Minuses:

  • Very easy to beat (delete cookie)

User Login

Pros:

  • Do you know which account is loading and when
  • Difficult to bypass account

Minuses:

  • Easy to get around if new accounts are easy to set up.

Note. $_SERVER is what contains the IP address and other request header information.

+1
source

You can just keep track of ip with the date that they accessed the php file, and update that date after 24 hours if they try to re-access.

Hope this helps.

0
source

Something like that:

 $_SESSION['REMOTE_ADDR'] can be stored in a database, compared against err s/SESSION/SERVER (rewriting session crap over here, have session on the brain)

Update: -

useful links

http://perishablepress.com/press/2007/07/03/how-to-block-ip-addresses-with-php/

http://forums.digitalpoint.com/showthread.php?t=67344

0
source

Source: https://habr.com/ru/post/1386035/

More articles:


All Articles