Multiple IF and ELSE statements

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Multiple IF and ELSE statements

Post by Drachlen »

Howdy, I've been working on my website for the past few days and everything is going good so far. Im going to be using a PHPbb forum, and i'm sure eventually someone is going to be a lamer, so im using a script on my page so if they break some rules, i can ban them from viewing the entire site. But, when i try adding multiple IP's to the ban list, it kinda displays multiple messages.. Heres what i have:

Code: Select all

<?php 
if($_SERVER["REMOTE_ADDR"] == '111.111.11.111') { 

echo "Your IP is banned!"; 

	} else {

   echo "Welcome!";
	}

if($_SERVER["REMOTE_ADDR"] == '222.222.22.222') { 

echo "Your IP is banned!"; 

	} else {

   echo "Welcome!";
	}
?>
And i hope its in a readable format, if it's not, i would appreciate if you give me an example on how i should space parts out, and what parts should/shouldn't be spaced. Thanks
tr3s
Forum Newbie
Posts: 17
Joined: Mon May 19, 2003 10:29 am
Location: Philippines
Contact:

Post by tr3s »

Code: Select all

<?php 
if($_SERVER["REMOTE_ADDR"] == '111.111.11.111') { 

echo "Your IP is banned!"; 
   
} elseif($_SERVER["REMOTE_ADDR"] == '222.222.22.222') { 

echo "Your IP is banned!"; 

} else { 

   echo "Welcome!"; 
} 
?>
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

Thanks much man. it works. =)
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Do you want to hard code every banned IP? This lets you loop through an array of values and kills the script if you find a banned one.

Code: Select all

<?php 

foreach ($banned_IP as $value) {

    if($_SERVER["REMOTE_ADDR"] == $value) { 

         die ("Your IP is banned!"); 
   
     }

}

echo "Welcome!"; 

// ...etc

?>
Last edited by McGruff on Thu Aug 11, 2005 8:39 am, edited 1 time in total.
Drachlen
Forum Contributor
Posts: 153
Joined: Fri Apr 25, 2003 1:16 am

Post by Drachlen »

?? That didn't make sense.. And my website is ran on 1 document, if it ever got to the point that i had so many banned people i would just use include() and run that script on a seperate document. I'm not sure what you mean though? On your code i dont see anywhere where it decides if an IP is banned?
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Foreach loops through an array - in this case $banned_IP.

You would declare $banned_IP then run the check code.

For example, suppose you have a users table which lists name, pass and other details: if you could add a column for IP to each user row as well as a column to flag if the user is banned (say 0=OK, 1=banned). You could get an array of banned IPs with the query:

Code: Select all

<?php
$mysql = "SELECT IP_address from users WHERE banned='1'";
$query = mysql_query($mysql) or die('Cannot query the database.<br />' . mysql_error());
?>
..and then:

Code: Select all

<?php
$banned_IP = mysql_fetch_row($query);

// loop through array
foreach ($banned_IP as $value) { 

    // check for match against current visitor's IP
    IF ($_SERVER["REMOTE_ADDR"] == $value) { 

           // kill the script if a match is found
           die ("Your IP is banned!"); 
    
     } 

} 

echo "Welcome!"; 

// ...etc - rest of your script
?>
Doing it this way means you don't have to hard-code IP addresses into your script - that would work but it isn't a GOOD way to work.

Remember that not everybody has a static IP so you can't rely on banning by IP.

What I do is log IP at every user login. First I check if the IP is already stored - if so do nothing. If not, it gets added to the list.

If a user has a static IP, the column will show just one or two values (he may be using a couple of PCs or may have more than one ISP).

If it's a dynamic IP, the column will fill up with a whole range of values (you might want to limit its size) all with the same initial number string.

You can ban static IPs but you can't ban a user with a dynamic IP. You could possibly put a temporary ban on any IP matching the initial number sequence: that might just put off someone who isn't too determined but it potentially excludes many other legitimate visitors so you wouldn't want to leave it on for long. Might be useful on a quiet site, but never on a very busy one.

There isn't any foolproof method ban control method that I know of but you could possibly add to IP checking by attempting to set a "permanent" cookie on a banned users machine next time he visits, and check for that. You never know, they just might not be bright enough to realise it's there..

Oh and there are proxies to think about as well, but I'm getting slightly out of my depth here so I'll leave that for someone else.
Post Reply