How to limit IP access and submission times in PHP

This article mainly introduces the method of limiting IP access and submission times in PHP, involving PHP's acquisition and judgment of client IP addresses, and related operating techniques such as recording the number of IP access times combined with session. Friends in need can refer to the following

The example in this article describes the method of limiting IP access and submission times in PHP. Share it with everyone for your reference, the details are as follows:

1. Principle

The number of submissions must be written to the database. , for example, when a user logs in, when the user makes an error, forget to write the number of errors 1 to the database, and the error time, and write 2 if there is another error. When it reaches 5 times, it prompts that no more login is allowed. Please try again tomorrow, and then use DateDiff to calculate the error time. and now() time, if it is greater than 24, let him try again.

It is relatively simple to block the IP, especially to disconnect the IP.

Let’s first talk about the situation of opening the IP segment: first take out the IP that the customer accesses. For the convenience of explanation, IP192.168.6 is set .2

Now we want to open the IP segment 192.168.*.*, please give us a code that is easier to understand:

url=split(ip,".") '这里的ip为客户端IP
fsip="192.168.*.*"  '允许的段，可以从数据库取出，也可以这么定义
fip=split(fsip,".")
if fip(0)=url(0) and fip(1)=url(1) then
response.write "您的IP被封"
else response.write "可以通过"
end if

In fact, banning an IP is the same as the above method. Or simply take out the direct comparison between the IP and the client from the database.

Generally, the IP segment in the database is set to double precision, then these are needed:

if Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
IP=Request.ServerVariables("REMOTE_ADDR")
else
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
end if
sip=IP
cip=split(ip,".")
ip=256*256*256*cip(0)+256*256*cip(1)+256*cip(2)+cip(3)-1

The above situations are all In terms of database operations, cookies, etc. are not involved.

In fact, blocking IP is not very ideal and will affect innocent people. The relevant reason may be that dynamic IP escapes.

2. Encapsulation example

<?php
class IP{ //获取客户IP地址
  function getIpAdr(&$ip){
    $ip1=getenv("HTTP_X_FORWARDED_FOR");
    $ip2=getenv("HTTP_CLIENT_IP");
    $ip3=getenv("REMOTE_ADDR");
    if($ip1&&$ip1!=&#39;unknow&#39;)
      $ip=$ip1; else if($ip2&&$ip2!=&#39;unknow&#39;)
      $ip=$ip2; else if($ip3&&$ip3!=&#39;unknow&#39;)
      $ip=$ip3; else
      $ip=&#39;127.0.0.1&#39;;
  }
}
function get_netip($myip){ //只留客户IP地址的前三位
  $temp=explode(".",$myip);
  $netip.=$temp[0];
  $netip.=".";
  $netip.=$temp[1];
  $netip.=".";
  $netip.=$temp[2];
  return $netip;
}
$filename="test.ini";  //定义操作文件
$ip_lib=file($filename); //读取文件数据到数组中
$allow=0;
$IP=new IP;
$thisip="";
$IP->getIpAdr(&$thisip);
$thenetip=get_netip($thisip);
for ($i=0;$i<count($ip_lib);$i++){
  if(ereg($thenetip,$ip_lib[$i])){
    $allow=1;
    break;
  }
}
if ($allow==1)
{
  echo "验证通过";
} else {
  echo "<script>location.href=&#39;Error.php&#39;;</script>";
}

3. Limit the number of inputs

1. The page needs session_start() first; 2. Make a judgment when clicking to log in. If it is determined that the password entered by the user is wrong

if(用户的密码是错误的){
  if(!empty($_SESSION['login_error'])){
    if($_SESSION['login_error'] == 3){
      exit("这里已经是第三次了");
    } else{
      $_SESSION['login_error'] = $_SESSION['login_error']++;
    }
  } else{
    $_SESSION['login_error'] = 1;
  }
}

Related recommendations:

PHP implementation of limiting IP access and submission times code sharing

Share in php How to implement the method of limiting IP access and the number of submissions

phpHow to limit the IP address range

The above is the detailed content of How to limit IP access and submission times in PHP. For more information, please follow other related articles on the PHP Chinese website!