This script is login protected. So remember make sure you change the username, and password variables! This is commented code, so please read through it.
First of all we need our SQL code. This is a very simple table, containing only one field.
CREATE TABLE `banned` (
`ip` TEXT NOT NULL
) ENGINE = innodb;
Second we need to make our config.php file to handle our mysql connection, and admin username / admin password.
<?php
define("DB_HOST", "localhost"); #db host
define("DB_USER", "username"); #db username
define("DB_PASS", "password"); #db password
define("DB_NAME", "database"); #database name
$connection = mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME, $connection); #our mysql connection
$username = "admin"; #the admin username, MAKE SURE YOU CHANGE THIS!
$password = "admin"; #the admin password, MAKE SURE YOU CHANGE THIS!
?>
That is our config.php file. Again, make sure you change the $username, and $password variables.
Next we need our login.php file so that the admin can login securly
<?php
require("config.php"); #this is our config file that includes our admin username, and mysql connection
if($_POST['login'])
{ #if the Login! button is pushed, then process the form
$errors = array(); #store our errors in an array for easy handling
if($_POST['username'] != $username)
{
$errors[] = "The username you entered is invalid!";
} #if the username is incorrect, then echo back an error message
if($_POST['password'] != $password)
{
$errors[] = "The password you entered is invalid!";
} #if the password is incorrect, then echo back an error message
if(count($errors) > 0)
{
foreach($errors as $err)
{
echo"$err<br />";
}
} #if there is more than 0 errors, then echo them all on a new line
else
{
setcookie('logged_in', "logged", time() + 21*24*60*60); #this cookie lasts for three weeks, you can change that
setcookie('username', "$username", time() + 21*24*60*60); #this cookie lasts for three weeks, you can change that
echo"You are now logged in, you will be redirected.";
echo'<META HTTP-EQUIV="Refresh" CONTENT="2; URL=admin.php">';
} #if there are no errors, then set the cookies, and redirect the user to the admin panel
}
else
{
echo"<h3>Login</h3>
<form action='' name='login' method='POST'>
Username:<br />
<input type='text' name='username' />
<br /><br />
Password:<br />
<input type='password' name='password' />
<br /><Br />
<input type='submit' name='login' value='Login!' />";
}#if the login button wasn't pushed, then show the login form.
?>
Now that we have that out of the way, lets go to banned.php. This is the file that sees if a user is banned or not.
<?php
include("config.php"); #include our config file
$ip = $_SERVER['REMOTE_ADDR']; #get the users ip address
$getip = mysql_query("SELECT * FROM `banned` WHERE `ip` = '$ip'"); #select the IP from the database
if(mysql_num_rows($getip) > 0)
{
die("You are currently banned from viewing this site!");
} #if the user's ip address is in the database, then kill the script, and tell them that they are banned
?>
To make sure that the banned user gets banned from every page put the following code at the very top of all the pages that you would want the user banned from
<?php
include("banned.php");
?>
Now, lets get on the the ban.php file.
<?php
require("config.php"); #get our config file
if(!isset($_COOKIE['logged_in']) || $_COOKIE['username'] != $username)
{
echo"You are not currently logged in! <a href='login.php'>Login!</a>";
} #if the admin is not logged in, then echo an error message
else
{
if($_POST['ban']) #if the ban form is sent, then process it
{
if(empty($_POST['ip']))
{
echo"You did not enter an IP to ban, <a href='javascript:history.go(-1)'>back</a>";
} #if the admin did not specify an ip to ban, echo back an error message, and show a back link
else
{
$ip = $_POST['ip']; #store the IP in a variable
$sql = "INSERT INTO `banned`(`ip`) VALUES('$ip')";
$query = mysql_query($sql); #insert the IP into the database
if($query)
{
echo"Ip $ip has been banned.";
} #if the query was successful, then echo a success message
else
{
echo"There was an unexpected error, $ip has not been banned!";
} #if the IP couldn't be banned, echo an error message
}
}
else
{
echo"<h3>Ban an IP</h3><br /><br />
<form name='ban' action='' method='post'>
IP Address:<br />
<input type='text' name='ip' id='ip' /><br /><br />
Please enter the IP address you wish to ban above!<br /><br />
<input type='submit' name='ban' value='Ban!' />";
} #if the ban form was not submitted, then echo the actual form
}
?>
Now, time for unban.php.
<?php
require("config.php"); #require our config file
if(!isset($_COOKIE['logged_in']) || $_COOKIE['username'] != $username)
{
echo"You are not currently logged in! <a href='login.php'>Login</a>";
} #if the admin is not logged in, then echo an error message
else
{
if($_POST['unban']) #if the unban button is pressed, then process the form
{
if(empty($_POST['unban_ip']))
{
echo"You did not select an IP to unban, <a href='javascript:history.go(-1)'>back</a>";
} #echo an error message if the admin did not select an IP to unban, and show a back button
else
{
$unban_ip = $_POST['unban_ip']; #store the IP in a variable
$sql = "DELETE FROM `banned` WHERE `ip` = '$unban_ip'";
$query = mysql_query($sql) or die(mysql_error()); #delete the banned entry from the database, so the user won't be banned anymore
if($query)
{
echo"IP $unban_ip has been unbanned!";
} #if the IP was unbanned, show a success message
else
{
echo"There was an unexpected error, IP $unban_ip could not be removed from the ban list!";
} #if the IP couldn't be unbanned, show an error message
}
}
else
{
echo"<h3>Unban</h3><br /><br />
<form name='unban' action='' method='POST'>
Select an IP to unban:<br />
<select name='unban_ip'>";
$getips = mysql_query("SELECT * FROM `banned` ORDER BY `ip` ASC");
while($r = mysql_fetch_array($getips))
{
echo"<option value="$r[ip]">$r[ip]</option>";
}
echo"</select>
<br /><Br />
<input type='submit' name='unban' value='Unban!' />";
} #if the form wasn't submitted, then show the actual form
}
?>
Now, the next page is admin.php. This is just a page to show what options you have and to make those nice little ?action=whatever links that everyone likes so much.
<?php
include("config.php"); #include our config file
$page = $_GET['action']; #get the action variable from the address bar
if(!isset($_COOKIE['logged_in']) || $_COOKIE['username'] != $username)
{
echo"You currently not logged in, <a href='login.php'>login</a>";
} #if the admin is not logged in, show an error message
else
{
switch($page) #start a switch to make the cool little dynamic links, and to show an options list
{
default:
echo"<a href='admin.php?action=ban'>Ban an IP</a><br /><br />
<a href='admin.php?action=unban'>Unban an IP</a><br /><br />
<a href='admin.php?action=logout'>Logout</a><br /><Br />"; #these are the options that the admin can choose from -- they have options to ban, unban, and logout
break;
case "ban":
include("ban.php");
break; #this is the ban case, and if the action is set to ban, then this includes ban.php
case "unban":
include("unban.php");
break; #this is the unban case, and if the action is set to unban, then this includes unban.php
case "logout":
include("logout.php");
break; #this is the logout case, if the action is set to logout, then this logs out the admin
}
}
?>
This is the last file, logout.php
<?php
setcookie('logged_in', "logged_out", time() - 21*24*60*60); #subtract the three weeks from the logged_in cookie, and set its value to "loggout_out"
setcookie('username', "", time() - 21*24*60*60); #subtract the three weeks from the username cookie, and set its value blank
echo"You are now logged out!"; #echo to the admin that they are now logged out
?>
This script has been tested, and is working. Please, again make sure that you change the $username, and $password variables in the config.php file. If you don't, this could cause some serious security risks.
Thanks, hope you enjoyed the tutorial.