Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: push array into array in a different file

  1. #1
    Join Date
    Dec 2011
    Posts
    49
    Thanks
    8
    Thanked 1 Time in 1 Post

    Default push array into array in a different file

    so i'm making a cms for some mods. i'm trying to make them a handy ip banning tool. rather than them having to deal with htaccess i wanted to block ips via php.

    from what i found out so far, i figure i'll make a form for the ip to be put on the ban list, then when submitted it will add the ip to the 'ban array'.
    this is what i found for checking to see if someone is on the banned list, i'm going to try and mod this and work with it:
    PHP Code:
    $banned = array('129.168.1.1');
    if(
    in_array($_SERVER['REMOTE_ADDR'], $banned))
    {
        die();

    i can just include a mod of this on every page i want the chosen ips banned from.

    for organization i want to have the array of banned ips in it's own php file. i can do the form and all, but my question is how can i push an array of the chosen ip into an array that's in a different file?

    i made the array in banned.php like so:
    PHP Code:
    <?php
    $banned 
    = array();
    ?>
    and the tool in a seperate file looks like this:
    PHP Code:
    <?php 

    include("banned.php"); 

    $ban_this $_POST["ip"]; //ip being the name of the text field from the form
    $stack = array($ban_this);
    array_push($banned$stack);
    ?>
    but when it uploads, the banned file is the same, empty :/ what am i doing wrong? should i put the tool's code in banned.php and just direct the form there? i feel like it's possible with this setup though.
    can anyone nudge me in the right direction?
    Last edited by baconDelta; 01-03-2012 at 06:20 AM. Reason: typo

  2. #2
    Join Date
    Dec 2011
    Posts
    49
    Thanks
    8
    Thanked 1 Time in 1 Post

    Default

    hm well i got it to work with a text file with this:
    PHP Code:
    if(!empty( $_POST )){
    $ban_this $_POST["ip"];
    $file 'banned.txt';
    $iplist file_get_contents($file);
    $iplist .= $ban_this;
    file_put_contents($file$iplist);

    but the next ip is just mooshed together with the previous one. too bad <br /> doesn't work in a text file x.x
    edit: k now i got them seperated by a space :/ still not very organized.

    so now the issues would be making the ip checker cross reference the user's ip with that text file :/ here goes nothing.
    Last edited by baconDelta; 01-03-2012 at 06:46 AM.

  3. #3
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    There are two problems with this method:
    1. If you get a very long list it will become inefficient and slow, then it will take up memory later. At the very least, using unset($banned) at the end of that file* would make things run a little faster later. .htaccess is better in this way.
    (If you need to include the array into the editor file so modify it, then you could put this in a conditional statement that is triggered by default but not by that editor, such as by adding a dummy variable ($editor=1) or a constant.)
    2. .htaccess is more powerful than PHP. If you're trying to block users from accessing PHP-based things, then PHP can work; but .htaccess can block access to the whole server including other files and potentially stop these users from wasting bandwidth/processing power with excessive requests. Your method won't do anything except not allow access to PHP-based content. It will work, but not as well as .htaccess.

    You could try to generate a .htaccess file with PHP, although you should be very cautious about this and make sure it's perfect before you use it actively or it will disable your whole site until you fix it manually. A typo in .htaccess often breaks the whole site, and that's not an exaggeration.


    Currently, you're not modifying the file, or anything along those lines at all. You're just using its contents. When you USE a PHP file, you're just using it; you're never modifying the original data in it. You could need to use fopen() and fwrite() to rewrite the contents of the PHP file. It's actually not that hard, though. Here's a quick (untested) example:
    PHP Code:
    $phpfile = '"<?php
    $banned 
    = array(" . implode("','"$banned) ."');
    if(in_array($_SERVER['
    REMOTE_ADDR'], $banned)) { die(); }
    ?>"
    The only thing tricky in there is that I manually added the first and last quotes rather than using array_map to do it in an extra step; implode() adds all the quotes (and commas) in the middle.


    Note: whenever you're working with files, you may run into file permission errors. Use chmod to make the files 755 or whatever gives PHP access to modify them. It's technically best to only do this for the files you will actually use, so that for security reasons other files can't be changed.



    EDIT: We posted at about the same time. This post is still relevant though.

    As for getting a line break in a file (which is irrelevant in PHP code, although it can make it easier to read), you can use one of the following methods:
    Use a REAL line break in the quotes:
    Code:
    $var = 'line
    break';
    Use a \n special character:
    Code:
    $var = "line\nbreak";
    Note that for \n to work, it MUST be in double quotes. In single quotes it will be ignored. And if you want literal \+n inside the double quotes, then you can use \\n.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  4. The Following User Says Thank You to djr33 For This Useful Post:

    baconDelta (01-03-2012)

  5. #4
    Join Date
    Dec 2011
    Posts
    49
    Thanks
    8
    Thanked 1 Time in 1 Post

    Default

    oh sank you dan you are most wise

    you make it sound as though after a couple thousand blocked ips in this text file it'll start to really bog things down D:

    so i guess i'll shoot for making a tool that modifies the htaccess file. it just scares me to think a mod will put in something other than an ip and it'll mess up the whole site. i'll have to put a bunch of checks and balances in :/ that's why i wanted to do it this way, seemed safer. but if you say htaccess is the way to go then i will do so.

    the other thing is i tried looking up how to write a tool to add ips to the htaccess file, but couldn't find any so i figured it was a no go. i will try my hardest to make it though >B(

    i didn't know the htaccess file is that much more efficient(capable of handling thousands or tens of thousands of blocked ips quickly?) ^_^ sank you once again dan.

    edit: the other thing is i wouldn't want to ban the user from the entire site, just the page where they can upload something. i hope i wouldn't have to generate a whole new htaccess file everytime a new ip needs to be banned. i figured i could keep the ip ban list at the bottom of htaccess, and just append in the new one whenever.
    Last edited by baconDelta; 01-03-2012 at 07:13 AM.

  6. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    .htaccess applies to a certain directory. So you could block them from /uploads but not the rest of the site.

    I'm not sure how efficient banning thousands of IPs would be, but it would be better in .htaccess than PHP. If you're doing that, it might be better to use a database, or to ban in ranges (if that applies you can ban 1.2.*.* rather than 1.2.3.4 and 1.2.3.5, etc).

    As for your mods making a mistake, that's a big problem. But luckily you can prevent that. Check the submitted IP using regex to be sure it's a valid IP pattern. If it is, continue. If not, just ignore it (and maybe give them an error/warning message).
    The third example on this page is an example of an IP:
    http://www.regular-expressions.info/examples.html
    For the PHP function to use this, check here:
    http://php.net/manual/en/function.preg-match.php
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  7. The Following User Says Thank You to djr33 For This Useful Post:

    baconDelta (01-05-2012)

  8. #6
    Join Date
    Dec 2011
    Posts
    49
    Thanks
    8
    Thanked 1 Time in 1 Post

    Default

    oh snap hellz yeah those will come in handy. you are ze man! ^_^

    well i made zis just now, doesn't do anything though, perhaps in needs permissions or something...
    PHP Code:
    <?php 
    if(!empty( $_POST )){
    $ban_this $_POST["ip"];
    $ban_this "deny from ".$ban_this;
    $oh_god fopen("../.htaccess""a");
    fwrite($oh_god$ban_this);
    fclose($oh_god);
    }  
    ?>
    and i thought about a db too..... you mean a db working with htaccess? sounds hard D:

    edit 2: oh snap nevermind it worked! well for now i'll just use this, and will setup the db asap. i do want the mods to see which ips are banned and all that jazz. wouldn't want them to have to see all the other crap in htaccess. i shall start working on the db. thanks a bunch dan ^_^ without your advice i'm sure this site would end up looking like swiss cheese, and running slow like some fatty with asthma.
    Last edited by baconDelta; 01-03-2012 at 07:44 AM. Reason: typo

  9. #7
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    No, a database would not work with .htaccess because .htaccess must be a "flat" text file-- can't be dynamically generated "on the fly" by PHP. So it would be like your original version, and that would be ok because you only want to block access to a certain page-- PHP can block PHP based content, just not everything else-- fine for what you're doing.
    I still suggest .htaccess if you can do it, but if you'd rather have the flexibility of a database (especially for 1000s of IPs), then look into a db.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  10. The Following User Says Thank You to djr33 For This Useful Post:

    baconDelta (01-05-2012)

  11. #8
    Join Date
    Dec 2011
    Posts
    49
    Thanks
    8
    Thanked 1 Time in 1 Post

    Default

    ok so far i've got this:

    PHP Code:
    <?php 

            
    if(!empty( $_POST )){
            
    $time date("y/m/d : H:i:s"time());
            
    $ban_this $_POST["ip"];
            
    $sql="INSERT INTO banned (IP, TIME)
                  VALUES('
    $ban_this', '$time')";
            if (!
    mysql_query($sql,$connection))
              {
              die(
    '<br />Error: ' mysql_error());
              }
              echo 
    "<br /><br />Successfully added!<br />";


    ?>  

    <?php 

           $query 
    "SELECT * 
                    FROM banned 
                    ORDER BY TIME DESC"
    ;
           
    $result mysql_query($query$connection);
           if (!
    $result) {
                die(
    "Database query failed: " mysql_error());
           }
           
           while (
    $row mysql_fetch_array($result)){
                echo 
    $row["IP"]."  -----------  ".$row["TIME"]."<br />";
           }
           

    ?>
    it can push an ip to the db, and read from it. and i'm working on getting preg_match to reject an attempted duplicate entry, although it seems like the wrong function for the job since it saves matches and stuff, i just need something to return true or false. i'll keep working on it perhaps i can do without a special function for that. i'm thinking i should use the fetch function to get the data from the row, then compare and approve or reject. my IP column is 'text'. i read somewhere that the choice of 'text' takes up the most space. but when i set it to 'int' it saves the ip without the periods, and not the entire ip.

    you think i'll be ok with using 'text'?
    Last edited by baconDelta; 01-04-2012 at 01:07 AM.

  12. #9
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    You could use text or blob. I think they take up the same space. Text is probably best. Int is just for numbers. An IP is not a number because it contains dots, and removing the dots is not possible-- you could have 1.23.4.5 or 12.3.4.5 and those would be different IPs. You could use varchar if you knew exactly how long each IP would be, but they can differ in length, so that won't help. So, yes, use text.

    preg_match is to check for a pattern in the input. It won't match one input compared to another (at least not how you're doing it).

    What you want to do is try to search for an existing IP in the database that is the same as the new input. If you find it, then you should skip putting the new one in. If you don't find it, then you can input the new one.
    PHP Code:
    $q mysql_query("SELECT * FROM `banned` WHERE `IP`='$newip'");
    if (
    mysql_num_rows($q)==0) { 
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  13. The Following User Says Thank You to djr33 For This Useful Post:

    baconDelta (01-05-2012)

  14. #10
    Join Date
    Dec 2011
    Posts
    49
    Thanks
    8
    Thanked 1 Time in 1 Post

    Default

    hm that worked! but i tried using the same style for a 'delete from the banned list' form and it's acting weird.

    PHP Code:
        if(!empty( $_POST['release'])) {
            
    $release_this $_POST["rel_ip"];
            
    $take "DELETE FROM `banned` WHERE `IP`='$release_this'";
            
    $taken mysql_query($take$connection);
            if (
    mysql_num_rows($taken)==0
                    {  
                        echo 
    "the ip has been released successfully.<br /><br />";
                        }
            else{
                            echo 
    "that IP is not on the banned list. <br /><br />";
                        }
        } 
    it removed the ip, but it also displays the echo. even if the ip is not there, it will say it was successfully removed. i don't quite understand the ==0 part of that mysql_num_rows line. i thought that is saying if no rows are returned(meaning the requested ip is NOT in the ban list), it would echo the first statement(i initially had 'ip is not found' there). but it echos that statement when it's successful...and even when the ip isn't on the ban list.

    edit: so bizarre, when i change that to ==1 it always echos the else statement.


    edit2: alright since that's confusing as hell i just used mysql_affected_rows()
    PHP Code:
        if(!empty( $_POST['release'])) {
            
    $release_this $_POST["rel_ip"];
            
    $take "DELETE FROM `banned` WHERE `IP`='$release_this'";
            
    $taken mysql_query($take$connection);
            echo 
    "IPs released: ".mysql_affected_rows()."<br />";   
        } 
    edit3: so yeah now it does what i want it to, does this look right? the reason i ask is because sometimes i'll write something that works, but it'll be completely unorthodox or outdated.
    PHP Code:
        if(!empty( $_POST['release'])) {
            
    $release_this $_POST["rel_ip"];
            
    $take "DELETE FROM `banned` WHERE `IP`='$release_this'";
            
    $taken mysql_query($take$connection);
            if(
    mysql_affected_rows()==1){
                echo 
    "the IP has been successfully released.<br />";
            } 
            else{
                echo 
    "that IP does not exist in the banned list.<br />";
            } 
    Last edited by baconDelta; 01-05-2012 at 08:12 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •