PHP implements code sharing to limit IP access and submission times

This article mainly introduces to you the method of limiting IP access and submission times in PHP, which involves PHP's acquisition and judgment of the client's visiting IP, as well as related operation skills such as recording the number of IP accesses combined with the session. Friends in need can refer to it. I hope Can help everyone.

1. Principle

The number of submissions must be written to the database. For example, when a user logs in, when the user makes an error, Forget that the number of database writing errors is 1, and the time of the error, write 2 again. When it reaches 5 times, it prompts that no more login is allowed. Please try again tomorrow, and then use DateDiff to calculate the time between the error and now(). If it is greater than 24 Just open it up and let him try.

It is relatively simple to block the IP, especially to disconnect the IP.

Let’s first talk about the situation of opening the IP segment: first take out the IP that the customer accesses. For the convenience of explanation, IP192.168.6 is set .2

Now we want to open the IP segment of 192.168.*.*. Let’s give a code that is easier to understand:

url=split(ip,".") '这里的ip为客户端IP
fsip="192.168.*.*"  '允许的段，可以从数据库取出，也可以这么定义
fip=split(fsip,".")
if fip(0)=url(0) and fip(1)=url(1) then
response.write "您的IP被封"
else response.write "可以通过"
end if

In fact, it is forbidden A certain IP is the same as the above method. Or simply take out the direct comparison between the IP and the client from the database.

Generally, the IP segment in the database is set to double precision, then these are needed:

if Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
IP=Request.ServerVariables("REMOTE_ADDR")
else
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
end if
sip=IP
cip=split(ip,".")
ip=256*256*256*cip(0)+256*256*cip(1)+256*cip(2)+cip(3)-1

The above situations are all in the database operation In terms of aspects, cookies, etc. are not involved.

In fact, blocking IP is not very ideal and will affect innocent people. The relevant reason may be that dynamic IP escapes.

2. Encapsulation example

<?php
class IP{ //获取客户IP地址
  function getIpAdr(&$ip){
    $ip1=getenv("HTTP_X_FORWARDED_FOR");
    $ip2=getenv("HTTP_CLIENT_IP");
    $ip3=getenv("REMOTE_ADDR");
    if($ip1&&$ip1!=&#39;unknow&#39;)
      $ip=$ip1; else if($ip2&&$ip2!=&#39;unknow&#39;)
      $ip=$ip2; else if($ip3&&$ip3!=&#39;unknow&#39;)
      $ip=$ip3; else
      $ip=&#39;127.0.0.1&#39;;
  }
}
function get_netip($myip){ //只留客户IP地址的前三位
  $temp=explode(".",$myip);
  $netip.=$temp[0];
  $netip.=".";
  $netip.=$temp[1];
  $netip.=".";
  $netip.=$temp[2];
  return $netip;
}
$filename="test.ini";  //定义操作文件
$ip_lib=file($filename); //读取文件数据到数组中
$allow=0;
$IP=new IP;
$thisip="";
$IP->getIpAdr(&$thisip);
$thenetip=get_netip($thisip);
for ($i=0;$i<count($ip_lib);$i++){
  if(ereg($thenetip,$ip_lib[$i])){
    $allow=1;
    break;
  }
}
if ($allow==1)
{
  echo "验证通过";
} else {
  echo "<script>location.href=&#39;Error.php&#39;;</script>";
}

3. Limit the number of inputs

1. The page needs session_start() first; 2. Make a judgment when clicking to log in. If it is determined that the password entered by the user is wrong

if(用户的密码是错误的){
  if(!empty($_SESSION['login_error'])){
    if($_SESSION['login_error'] == 3){
      exit("这里已经是第三次了");
    } else{
      $_SESSION['login_error'] = $_SESSION['login_error']++;
    }
  } else{
    $_SESSION['login_error'] = 1;
  }
}

Related recommendations ：

PHP restricts IP access. Only allows specified IP access. Allows * wildcard to filter IP_PHP tutorial

The above is the detailed content of PHP implements code sharing to limit IP access and submission times. For more information, please follow other related articles on the PHP Chinese website!