Skip to main content

How to block user IP address from your website in PHP

how to block your website user using their ip address

blocking users from your site

There are many reasons you may need to block an IP address from visiting your website.
For example, to prevent particular users doing malicious things with your website - trying to spam your web forms, or hack your shopping cart, etc. Using PHP, you can easily find your site visitors' website addresses and based on these addresses to redirect them to specific places on your site. If you use such IP ban protection on your website, you will also need to not only list individual addresses to be blocked but also IP masks and IP ranges.
In this tutorial I would show you how you can do that.But,it would be manual.i'd talk about manual and automatic way to do it.
Let's start! First, we will create an array to list all the IP addresses that we want to block. Besides single IP addresses, we will also use IP ranges such as 216.58.197.101-216.58.197.200 and IP masks 100.88.*.*. Here is the array
<?php

$ip_block = array(
'111.65.248.132',
'216.58.197.119',
'192.168.1.100',
'192.168.1.105',
'100.88.*.*',
'122.25.100.*',
'216.58.197.101-216.58.197.200',
'98.255.255.100-98.255.255.150' );
When a visitor comes to your website you will need to find their IP address and store it in a variable. You can find out the IP address using this piece of code:
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$client_ip = $_SERVER['HTTP_CLIENT_IP'];
} else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_X_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED'];
} else
if(isset($_SERVER['HTTP_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_FORWARDED'];
} else if(isset($_SERVER['REMOTE_ADDR'])) {
$client_ip = $_SERVER['REMOTE_ADDR']; }
The code above will check every possible variable which may hold information about visitor's IP address. Once it is executed, you will have visitor IP address stored in $client_ip variable. Now we will have to create a loop and match visitor's IP address against each IP address that we have in our $ip_block array. In the code below there are 3 IF cases 1) if($client_ip == $ip) - if visitor's IP addresses exactly matches the IP address defined in $ip_block array. If this is the case we set a variable $blocked to true and exit from the loop. 2) if(strpos($ip, '*') !== false) - if the blocked IP address has * or in other words if we use a mask to define the IP addresses that we need to block. If for example, you define 100.100.100.* this will block all visitors with IP addresses 100.100.100.1, 100.100.100.2, 100.100.100.3, 100.100.100...... 255. If we have to check visitors IP address against such mask we split the IP addresses by . and match each of the 4 parts of the IP address. If there is a match, then we consider the IP address to be blocked and exit the loop 3) if(strpos($ip, "-") !== false) - with the last IF case we check if the visitors IP address should be checked against IP range. In that case we convert the IP address to an integer using ip2long() function and compare that interger with the start and end IP addresses from the range.
$blocked = false;
foreach($ip_block as $ip)
{ if($client_ip == $ip)
{ $blocked = true;
break;
}else if(strpos($ip, '*') !== false){
$digits = explode(".", $ip);
$client_ip_digits = explode(".", $client_ip);
if($digits[1] == '*' && $digits[0] == $client_ip_digits[0])
{
$blocked = true;
break;
}else if($digits[2] == '*' && $digits[0] ==
$client_ip_digits[0] && $digits[1] == $client_ip_digits[1]){
$blocked = true;
break;
}else if($digits[3] == '*' && $digits[0] ==
$client_ip_digits[0] && $digits[1] == $client_ip_digits[1] && $digits[2] == $client_ip_digits[2]){
$blocked = true; break;
}
}else if(strpos($ip, "-") !== false){
list($start_ip, $end_ip) = explode("-", $ip);
$start_ip = preg_replace('/\s+/', '', $start_ip);
$end_ip = preg_replace('/\s+/', '', $end_ip);
$start_ip_long = ip2long($start_ip);
$end_ip_long = ip2long($end_ip);
if($client_ip_long >= $start_ip_long && $client_ip_long <= $end_ip_long)
{
$blocked = true;
break; }

}
}
At the end we will have a variable $blocked which if set to true means that visitors IP address is found in our list with blocked IP addresses and we should block it.
if($blocked == true)
{
header('Location: blocked-page.html');
}
You can redirect the user to another page or just print some message.
The above code is useful if you want to redirect different website visitors to different pages on your website. Using third party service you can find out location country for an IP address and knowing visitor's country to redirect them to specific language version of your website.
Now the reason why i called it a manual method is because we had to put in the users ip address manually.W hat if you had a large website running with hundred of millions of users .what would you do?? You would definitely need an automatic way to do this.A lthough i won't teach that but i can give you an idea of what you can do

Many dynamic websites that i know blocks ip addresses using rules.They write codes in their sites that helps them detects violations and the ip address of the user causing the violation is taken to a blocked user database were they are stored and blocked
Labels:

Comments

Post a Comment

Popular posts from this blog

Ecommerce single item cart with php checkoit

email otp sms How to create an ecommerce single item cart with checkout integrations Guys today i am going to teach you guys how to build an ecommerce site with checkout integration but only with a single product, you can add more to it So we are building it using my favorite PHP ,Ajax and JQuery. I have already created a simple shopping cart code in PHP with the product gallery.let's get this over with What are we building? I am not meant to show you this but i would to make you exited about it.And look at the cool checkout page and it really works!!. Single product UI with buy now and Checkout controls This is the code of the landing page created for this example. It includes PHP snippets at the beginning. After that, it has the HTML for displaying only one product tile to users. This tile has the “ Buy now ” button. On clicking it will show an HTML form to collect the customer details, name and email address. By submitting the customer details, it calls the
Post a Comment
Read more

Mobile SMS OTP

mobile otp sms How to build SMS otp for verification in php Today ,i am going to teach you something you cannot find easily on the web,which is sms otp . you can also learn email otp .You see that screenshot above? that's exactly what we are building,cool isn't it ? OTP is an effective way of validating users. This type of validation is widely followed by the banking applications, e-commerce software, and many more verticals. In this tutorial, we are going to see how to implement OTP SMS mobile number verification using PHP,isn't that fun?! There are various APIs available in the market for sending SMS via an application. In this code, I have used the Textlocal API for sending OTP SMS. Textlocal is one of the popular SMS services. It provides the SMS service for many programming languages. Download the API PHP class to integrate it into our application platform. For verifying a mobile number by sending OTP SMS with the use of Textlocal API, we need to create a Textlo
Post a Comment
Read more

Email OTP

email otp sms Email OTP Login with an OTP code is a secure method for the user authentication process. In this method, a one-time password is generated dynamically and sent to the user who attempts login. OTP can be sent to the user’s email or his mobile phone. When the user enters the OTP code then the application will authenticate the user via this code. In this tutorial, we are going to see an example to authenticate user login via an OTP code using email. You can check our mobile sms otp too!  In this example, when the registered user enters email to login, an OTP code is sent to the email address. Using this OTP code the user will be validated. Once the user uses this code then it will be invalid, meaning it cannot be used again. Also, this token will be valid for a day, then it will be expired. Login form with OTP The following code shows login form to the user to enter his email address. On entering email, it shows an input to enter the OTP code sent to his email addres
Post a Comment
Read more