Publishing System Settings Logout Login Register
IP Banning System w/Admin Panel
TutorialCommentsThe AuthorReport Tutorial
Tutorial Avatar
Rating
Add to Favorites
Posted on May 13th, 2007
5571 views
PHP Coding
This script is login protected.  So remember make sure you change the username, and password variables!  This is commented code, so please read through it.


First of all we need our SQL code.  This is a very simple table, containing only one field.
CREATE TABLE `banned` (
`ip` TEXT NOT NULL
) ENGINE = innodb;

Second we need to make our config.php file to handle our mysql connection, and admin username / admin password.
<?php

define("DB_HOST", "localhost"); #db host
define("DB_USER", "username"); #db username
define("DB_PASS", "password"); #db password
define("DB_NAME", "database"); #database name

$connection = mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME, $connection); #our mysql connection


$username = "admin"; #the admin username, MAKE SURE YOU CHANGE THIS!
$password = "admin"; #the admin password, MAKE SURE YOU CHANGE THIS!

?>

That is our config.php file.  Again, make sure you change the $username, and $password variables.


Next we need our login.php file so that the admin can login securly
<?php

require("config.php"); #this is our config file that includes our admin username, and mysql connection

if($_POST['login'])
{ #if the Login! button is pushed, then process the form
    $errors = array(); #store our errors in an array for easy handling
   
    if($_POST['username'] != $username)
    {
        $errors[] = "The username you entered is invalid!";
    } #if the username is incorrect, then echo back an error message
    if($_POST['password'] != $password)
    {
        $errors[] = "The password you entered is invalid!";
    } #if the password is incorrect, then echo back an error message
    if(count($errors) > 0)
    {
        foreach($errors as $err)
        {
            echo"$err<br />";
        }
    } #if there is more than 0 errors, then echo them all on a new line
    else
    {
        setcookie('logged_in', "logged", time() + 21*24*60*60); #this cookie lasts for three weeks, you can change that
        setcookie('username', "$username", time() + 21*24*60*60); #this cookie lasts for three weeks, you can change that
       
        echo"You are now logged in, you will be redirected.";
        echo'<META HTTP-EQUIV="Refresh" CONTENT="2; URL=admin.php">';
    } #if there are no errors, then set the cookies, and redirect the user to the admin panel
}
else
{
    echo"<h3>Login</h3>
    <form action='' name='login' method='POST'>
    Username:<br />
    <input type='text' name='username' />
    <br /><br />
    Password:<br />
    <input type='password' name='password' />
    <br /><Br />
    <input type='submit' name='login' value='Login!' />";
}#if the login button wasn't pushed, then show the login form.
   
?>

Now that we have that out of the way, lets go to banned.php.  This is the file that sees if a user is banned or not.
<?php
include("config.php"); #include our config file

$ip = $_SERVER['REMOTE_ADDR']; #get the users ip address

$getip = mysql_query("SELECT * FROM `banned` WHERE `ip` = '$ip'"); #select the IP from the database
if(mysql_num_rows($getip) > 0)
{
    die("You are currently banned from viewing this site!");
} #if the user's ip address is in the database, then kill the script, and tell them that they are banned

?>

To make sure that the banned user gets banned from every page put the following code at the very top of all the pages that you would want the user banned from
<?php
include("banned.php");
?>

Now, lets get on the the ban.php file.
<?php
require("config.php"); #get our config file

if(!isset($_COOKIE['logged_in']) || $_COOKIE['username'] != $username)
{
    echo"You are not currently logged in! <a href='login.php'>Login!</a>";
} #if the admin is not logged in, then echo an error message
else
{
    if($_POST['ban']) #if the ban form is sent, then process it
    {
        if(empty($_POST['ip']))
        {
            echo"You did not enter an IP to ban, <a href='javascript:history.go(-1)'>back</a>";
        } #if the admin did not specify an ip to ban, echo back an error message, and show a back link
        else
        {
            $ip = $_POST['ip']; #store the IP in a variable
           
            $sql = "INSERT INTO `banned`(`ip`) VALUES('$ip')";
            $query = mysql_query($sql); #insert the IP into the database
           
            if($query)
            {
                echo"Ip $ip has been banned.";
            } #if the query was successful, then echo a success message
            else
            {
                echo"There was an unexpected error, $ip has not been banned!";
            } #if the IP couldn't be banned, echo an error message
        }
    }
    else
    {
        echo"<h3>Ban an IP</h3><br /><br />
        <form name='ban' action='' method='post'>
        IP Address:<br />
        <input type='text' name='ip' id='ip' /><br /><br />
        Please enter the IP address you wish to ban above!<br /><br />
        <input type='submit' name='ban' value='Ban!' />";
    } #if the ban form was not submitted, then echo the actual form
}
?>

Now, time for unban.php. 
<?php
require("config.php"); #require our config file

if(!isset($_COOKIE['logged_in']) || $_COOKIE['username'] != $username)
{
    echo"You are not currently logged in! <a href='login.php'>Login</a>";
} #if the admin is not logged in, then echo an error message
else
{
    if($_POST['unban']) #if the unban button is pressed, then process the form
    {
        if(empty($_POST['unban_ip']))
        {
            echo"You did not select an IP to unban, <a href='javascript:history.go(-1)'>back</a>";
        } #echo an error message if the admin did not select an IP to unban, and show a back button
        else
        {
            $unban_ip = $_POST['unban_ip']; #store the IP in a variable
           
            $sql = "DELETE FROM `banned` WHERE `ip` = '$unban_ip'";
            $query = mysql_query($sql) or die(mysql_error()); #delete the banned entry from the database, so the user won't be banned anymore
            
            if($query)
            {
                echo"IP $unban_ip has been unbanned!";
            } #if the IP was unbanned, show a success message
            else
            {
                echo"There was an unexpected error, IP $unban_ip could not be removed from the ban list!";
            } #if the IP couldn't be unbanned, show an error message
        }
    }
    else
    {
        echo"<h3>Unban</h3><br /><br />
        <form name='unban' action='' method='POST'>
        Select an IP to unban:<br />
        <select name='unban_ip'>";
        $getips = mysql_query("SELECT * FROM `banned` ORDER BY `ip` ASC");
        while($r = mysql_fetch_array($getips))
        {
            echo"<option value="$r[ip]">$r[ip]</option>";
        }
        echo"</select>
        <br /><Br />
        <input type='submit' name='unban' value='Unban!' />";
    } #if the form wasn't submitted, then show the actual form
}           
?>

Now, the next page is admin.php.  This is just a page to show what options you have and to make those nice little ?action=whatever links that everyone likes so much.
<?php
include("config.php"); #include our config file

$page = $_GET['action']; #get the action variable from the address bar

if(!isset($_COOKIE['logged_in']) || $_COOKIE['username'] != $username)
{
    echo"You currently not logged in, <a href='login.php'>login</a>";
} #if the admin is not logged in, show an error message
else
{
    switch($page) #start a switch to make the cool little dynamic links, and to show an options list
    {
        default:
            echo"<a href='admin.php?action=ban'>Ban an IP</a><br /><br />
                     <a href='admin.php?action=unban'>Unban an IP</a><br /><br />
                     <a href='admin.php?action=logout'>Logout</a><br /><Br />"; #these are the options that the admin can choose from -- they have options to ban, unban, and logout
        break;
   
        case "ban":
            include("ban.php");
        break; #this is the ban case, and if the action is set to ban, then this includes ban.php
   
        case "unban":
            include("unban.php");
        break; #this is the unban case, and if the action is set to unban, then this includes unban.php
       
        case "logout":
            include("logout.php");
        break; #this is the logout case, if the action is set to logout, then this logs out the admin
    }
}
?>

This is the last file, logout.php
<?php
setcookie('logged_in', "logged_out", time() - 21*24*60*60); #subtract the three weeks from the logged_in cookie, and set its value to "loggout_out"
setcookie('username', "", time() - 21*24*60*60); #subtract the three weeks from the username cookie, and set its value blank

echo"You are now logged out!"; #echo to the admin that they are now logged out
?>

This script has been tested, and is working.  Please, again make sure that you change the $username, and $password variables in the config.php file.  If you don't, this could cause some serious security risks.

Thanks, hope you enjoyed the tutorial.
Dig this tutorial?
Thank the author by sending him a few P2L credits!

Send
Chris.

This author is too busy writing tutorials instead of writing a personal profile!
View Full Profile Add as Friend Send PM
Pixel2Life Home Advanced Search Search Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Pixel2life Homepage Submit a Tutorial Publish a Tutorial Join our Forums P2L Marketplace Advertise on P2L P2L Website Hosting Help and FAQ Topsites Link Exchange P2L RSS Feeds P2L Sitemap Contact Us Privacy Statement Legal P2L Facebook Fanpage Follow us on Twitter P2L Studios Portal P2L Website Hosting Back to Top