Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: .htaccess and MySQL

  1. #1
    Join Date
    Aug 2011
    Posts
    32
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default .htaccess and MySQL

    I want to pull a list of banned IP's from a MySQL database.

    And/or, how does forum software ban IP addresses, does it somehow insert into a .htaccess file?

    Orrr... Is there a way to ban users without using .htaccess, what I want to do is use a php file, to ban someone, I would put a link, that would be like this: http://mysite.com/xxxxxx/ban.php?ip=xx.xx.xx.xx
    Last edited by Techykid3; 08-28-2011 at 08:45 PM.

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    why ip banning is useless

    additionally, I would strongly recommend not using a url as your user interface. Anyone who knows (or discovers) the location of your banning script could start banning legitimate users from your site, without your knowledge.

    the internet is designed so that GET requests (in the url, after the ?) are solely for asking for info from a site. To make changes, you should be using forms and the POST request method.

    --------------------------
    now that that's cleared up, here's what you want to do:

    1. set up a database to hold the banned ip addresses.
    2. php can use $_SERVER['REMOTE_ADDR'] to get the ip address of the user.*
    3. check the current ip against those in the database. if there is a match, stop the script (or redirect, etc.).

    to add an address to your banned list:
    1. make a form where you can submit the ip address.
    2. add the address to your database.

    *_supposed_ ip address. read my first link above.

    forum software will all have different approaches, but they're all equally ineffective. it's pretty easy to find tutorials, though.

  3. #3
    Join Date
    Mar 2007
    Location
    New York, NY
    Posts
    557
    Thanks
    8
    Thanked 66 Times in 66 Posts

    Default

    I concur with everything Adrian just said, and I add that you should just modify your .htaccess file with PHP, and just ignore MySQL entirely. Not only does it make things much slower, it's also more elegant.
    - Josh

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    true, but if you go that route, make sure your script is very well-written, secure, with tight validation. one typo in .htaccess will kill your whole site. and an inserted line will give it to someone else.

  5. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    What do you mean by "give it to someone else. "?
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  6. #6
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    for example, if the script is poorly validated, a malicious user might figure out a way to insert entire lines in your htaccess file. issue redirects to a spoof site. password-protect it and lock you out, maybe.

    unlikely, but possible. and you can delete the file via ftp if you have to. but it's still a risk.

  7. #7
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Ah, yes. ".htaccess injection". That's a new one. Good point.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  8. #8
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    as I said, unlikely - it's far more likely you'll just break your site with a typo. but htaccess is _far_ more powerful than most people realize.

  9. #9
    Join Date
    Aug 2011
    Posts
    32
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    And how would I list the banned IP's on a website, if I did use PHP.

    And how do I use PHP to connect to the .htaccess file?

  10. #10
    Join Date
    Mar 2007
    Location
    New York, NY
    Posts
    557
    Thanks
    8
    Thanked 66 Times in 66 Posts

    Default

    You would open the file remotely, ensuring that only your server has read/write permission on the file. Then you would write to it, and close the file.

    Something like this:
    PHP Code:
    $ip "192.168.0.1";
    $dir "/home/directory/.htaccess";

    $htaccess fopen($dir);
    $contents file_get_contents($dir);

    fwrite($htaccess$contents."\nDENY FROM $ip");
    fclose($htaccess); 
    This is purely sample code for demonstration only. Please don't sue me.
    - Josh

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •