Block ip

hiphopbettsyv1 · February 13, 2010, 1:38pm

I found the following code on the web and i was tryin to implement it into my website. I have a simple log in page with a connection check and a successful log in. For the script you have to create a database to store the ip address of a user and the number of login attempts. I was wondering whether i add this code to one of my existing files or create it as a seperate one. Has anyone got any thoughts, im new to this php stuff so im unsure what to do. Here is the code:

<?php
function confirmIPAddress($value) {

$q = "SELECT attempts, (CASE when lastlogin is not NULL and DATE_ADD(LastLogin, INTERVAL “.TIME_PERIOD.
" MINUTE)>NOW() then 1 else 0 end) as Denied FROM “.TBL_ATTEMPTS.” WHERE ip = ‘$value’”;

$result = mysql_query($q, $this->connection);
$data = mysql_fetch_array($result);

//Verify that at least one login attempt is in database

if (!$data) {
return 0;
}
if ($data[“attempts”] >= ATTEMPTS_NUMBER)
{
if($data[“Denied”] == 1)
{
return 1;
}
else
{
$this->clearLoginAttempts($value);
return 0;
}
}
return 0;
}

function addLoginAttempt($value) {

//Increase number of attempts. Set last login attempt if required.

$q = “SELECT * FROM “.TBL_ATTEMPTS.” WHERE ip = ‘$value’”;
$result = mysql_query($q, $this->connection);
$data = mysql_fetch_array($result);

if($data)
{
$attempts = $data[“attempts”]+1;

 if($attempts==3) {
   $q = "UPDATE ".TBL_ATTEMPTS." SET attempts=".$attempts.", lastlogin=NOW() WHERE ip = '$value'";
   $result = mysql_query($q, $this-&gt;connection);
 }
 else {
   $q = "UPDATE ".TBL_ATTEMPTS." SET attempts=".$attempts." WHERE ip = '$value'";
   $result = mysql_query($q, $this-&gt;connection);
 }

}
else {
$q = “INSERT INTO “.TBL_ATTEMPTS.” (attempts,IP,lastlogin) values (1, ‘$value’, NOW())”;
$result = mysql_query($q, $this->connection);
}
}

function clearLoginAttempts($value) {
$q = “UPDATE “.TBL_ATTEMPTS.” SET attempts = 0 WHERE ip = ‘$value’”;
return mysql_query($q, $this->connection);
}
?>

system · February 13, 2010, 1:53pm

What’s the question anyway?
Does this code work or not?
I am sorry, I don’t have PHP interpreter incorporated in my head to run this code and see results online.

Using

 tag would be mighty appreciated too.

hiphopbettsyv1 · February 13, 2010, 1:59pm

Sorry people on the site where i got the code from said it works. I was just wondering where i am supposed to place the code. Because there is already a log in check which checks your details with that which is in the database, do i place it in there or have it as a seperate file and just include it with the connection file? sorry if this is all confusing i could post my other code files if you want so you can see what im talkin about

SpacePhoenix · February 14, 2010, 2:21am

Remember that IPs alone can’t be be always trusted as people can use proxy servers or may be use a ISP which gives dynamic IPs to their customers (if their connection drops out they will get a new IP).