Menu
▾
▴
...
#148 Adding function for blocking IP
Hi,
I've implemented this currently for mysql only.
It is important to NOT let the blocked IP know that it has been blocked, otherwise a determoned hacker will try from another IP. So a blocked IP will also receive a simple message saying "the page is locked and cannot be edited"
At present there is no way of adding the IPs to the table from front end, i'm adding them directly to the table from the backend.
Create an additional table:
CREATE TABLE blockedip (
ip varchar(20) NOT NULL default '',
reason varchar(255) default NULL,
PRIMARY KEY (ip)
);
In lib/config.php define an additional table for mysql:
$BlockIPStore = "blockedip";
In lib/config.php define another global variable:
$remoteip = getenv('REMOTE_ADDR');
In lib/mysql.php add this function:
// check for blocked IP address, added by ali 09 Jan 07
function IsBlockedIP($dbi, $ip) {
global $BlockIPStore;
$res = mysql_query( "SELECT ip FROM $BlockIPStore WHERE ip='$ip'", $dbi["dbc"]);
if(mysql_num_rows($res)>0){
return true;
}
return false;
}
In lib/editpage.php modify the page lock check:
global $remoteip;
if (is_array($pagehash)) {
if ((($pagehash['flags'] & FLAG_PAGE_LOCKED) || IsBlockedIP($dbi, $remoteip)) && !defined('WIKI_ADMIN')) {
$html = "
";
$html .= gettext ("This page has been locked by the administrator and cannot be edited.");
$html .= "
";
...
In lib/savepage.php modify the page save check:
global $remoteip;
$isblocked=IsBlockedIP($dbi, $remoteip);
// if this page doesn't exist yet, now's the time!
if (! is_array($pagehash) && !$isblocked) {
$pagehash = array();
$pagehash['version'] = 0;
...
} else {
if ((($pagehash['flags'] & FLAG_PAGE_LOCKED) || $isblocked) && !defined('WIKI_ADMIN')) {
$html = "
" . gettext ("This page has been locked by the administrator and cannot be edited.") . "
";...
Thats it.
Regards,
Ali
PS. If you have a question please email me at d7@freepgs.com
Logged In: YES
user_id=13755
Originator: NO
I will have a look at it later. I thought it was for 1.3.x.