How to ban somebody who has done something wrong on your site

[asgsoft]

Well, first of all we need a form where you enter their IP address.

<p>Please enter the IP address you wish to ban:</p>
<form name="form1" method="post" action="banipproc.php">
  <input name="ip" type="text" id="ip">
  <input type="submit" name="Submit" value="Submit">
  <input type="reset" name="Submit2" value="Reset">
</form>

This will take you to a page called banipproc.php

There what we do is add the enetered IP address into a table:

<?php
mysql_connect("localhost", "root", "") or die(mysql_error()); //connect to db
mysql_select_db("dbname") or die(mysql_error()); 
$ip = $_POST['ip']; //get IP address
if(!empty($ip)){ // check it has been entered
mysql_query("INSERT INTO bannedip (ip) VALUES ('$ip')") or die(mysql_error()); //insert into table or give error
echo "<strong>IP Banned</strong><br>";//show success message
}else{
echo "Error, Please go back and fix it.";//otherwise show error message
}
?>

That was easy. Now you want to display a message to them. So we make a file named banmessage.php

<?php
mysql_connect("localhost", "root", "") or die(mysql_error()); 
mysql_select_db("dbname") or die(mysql_error());//connect to db 
$ip = $_SERVER['REMOTE_ADDR'];//get users IP address
$query = mysql_query("select * from bannedip where ip='$ip'");// see it it exists
$countbans = mysql_num_rows($query); //check its in the db
if($countbans > 0) {
die("You have been banned By The Administrator!");//show message in a "die"
}
?>

Now everyone has a sense of forgiveness and you might want to unban them.

Now you also make a form very simmilar to the one above:

<p>Please enter the IP address you wish to unban:</p>
<form name="form1" method="post" action="unbanipproc.php">
  <input name="ip" type="text" id="ip">
  <input type="submit" name="Submit" value="Submit">
  <input type="reset" name="Submit2" value="Reset">
</form>

This will take you to a page called unbanipproc.php. In there all we do is remove the entery. Like so:

<?php
mysql_connect("localhost", "root", "") or die(mysql_error()); 
mysql_select_db("dbname") or die(mysql_error()); //connect to db
$ip = $_POST['ip']; //get posted IP
if(!empty($ip)){//check something has been sent
mysql_query("DELETE FROM bannedip WHERE `ip` = '$ip'") or die(mysql_error()); //delete ip sent or give error
echo "<strong>IP Allowed Access AGAIN</strong><br>";//show success message
}else{
echo "Error, Please go back and fix it."; //show error message
}
?>

I hope you have found it easy to follow and find it useful.

 

[JuggernautH]

Thnx for this great tutorial, but i would go with banning the ip from cpanel or something like that.

BTW, can you ban people using htaccess?

 

[Eric]

Thnx for this great tutorial, but i would go with banning the ip from cpanel or something like that.

BTW, can you ban people using htaccess?

Order allow,deny
deny from ipaddress
allow from all

 

[sunken]

A warning though about banning IP addresses. Some people are on dynamic IP's that are shared with others, which may limit the other people who are unfortunate enough to get that IP the next time they log in to their ISP. Also some schools use a single IP to route all their traffic out of.

 

[nasaboy007]

also, make sure u keep those php files secure, because otherwise any random person could access it and go on an IP address banning spree X_X and we wudnt want that, now would we?

good tut neway!

 

[DNhub]

A warning though about banning IP addresses. Some people are on dynamic IP's that are shared with others, which may limit the other people who are unfortunate enough to get that IP the next time they log in to their ISP. Also some schools use a single IP to route all their traffic out of.

I agree, wouldn't help much next week they get a new IP.

 

[2knew]

For all of the reasons noted above, banning IP addresses is usually fruitless.

If you are going to ban IPs permanently, .HTACCESS is the efficient way to go, but I believe asgsoft's database driven solution is better for a 'soft' ban. Just timestamp the entry and purge after a certain period (IE 72 hours).
This way you get rid of the twit and minimize the number of innocents that get booted from your site.