Hi,
I've implemented this currently for mysql only.
It is important to NOT let the blocked IP know that it has been blocked, otherwise a determoned hacker will try from another IP. So a blocked IP will also receive a simple message saying "the page is locked and cannot be edited"
Create an additional table:
CREATE TABLE blockedip (
ip varchar(20) NOT NULL default '',
reason varchar(255) default NULL,
PRIMARY KEY (ip)
);
In lib/config.php define an additional table for mysql:
In lib/config.php define another global variable:
In lib/mysql.php add this function:
// check for blocked IP address, added by ali 09 Jan 07
function IsBlockedIP($dbi, $ip) {
global $BlockIPStore;
$res = mysql_query( "SELECT ip FROM $BlockIPStore WHERE ip='$ip'", $dbi["dbc"]);
if(mysql_num_rows($res)>0){
return true;
}
return false;
}
In lib/editpage.php modify the page lock check:
global $remoteip;
if (is_array($pagehash)) {
if ((($pagehash['flags'] & FLAG_PAGE_LOCKED) || IsBlockedIP($dbi, $remoteip)) && !defined('WIKI_ADMIN')) {
$html = "
";
$html .= gettext ("This page has been locked by the administrator and cannot be edited.");
$html .= "
";
...
In lib/savepage.php modify the page save check:
global $remoteip;
$isblocked=IsBlockedIP($dbi, $remoteip);
// if this page doesn't exist yet, now's the time!
if (! is_array($pagehash) && !$isblocked) {
$pagehash = array();
$pagehash['version'] = 0;
...
} else {
if ((($pagehash['flags'] & FLAG_PAGE_LOCKED) || $isblocked) && !defined('WIKI_ADMIN')) {
$html = "
" . gettext ("This page has been locked by the administrator and cannot be edited.") . "
";Thats it.
Regards,
Ali
PS. If you have a question please email me at d7@freepgs.com
Logged In: YES
user_id=13755
Originator: NO
I will have a look at it later. I thought it was for 1.3.x.