PHP Script, IP Banning/UnBanning

[Demantor]

YES; AGAIN >.> :P

I have coded a IP Banning and Unbanning some ages ago, so i release it..[ALSO Simple Script]

I will go to the steps, i believe all of you know what this is XD

Step 1:

Execute this on your Database via your MSSQL to create the Table IPBans:

Code:

USE [GunzDB]
GO
/****** Objekt:  Table [dbo].[IPBans]    Skriptdatum: 01/06/2010 20:32:53 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[IPBans](
	[ip] [varchar](64) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
	[AccountBan] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
	[Opened] [int] NOT NULL,
	[Reason] [varchar](max) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
	[banDate] [datetime] NULL,
	[StaffMemeber] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
	[StaffIP] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
	[UnBanReason] [varchar](max) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
	[UnBaningStaff] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
	[UnBanningStaffIP] [varchar](64) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY]

GO
SET ANSI_PADDING OFF

Step 2:

Open your GunzDB, and go to Saved Procedures.. Search if you have this Procedure "spGetLoginInfo" if yes edit or Execute this:

Code:

set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO


ALTER PROC [dbo].[spGetLoginInfo]
@UserID	 varchar(20)
AS
SET NOCOUNT ON
DECLARE @IP VARCHAR(40)
SELECT @IP=LastIP FROM LOGIN(NOLOCK) WHERE UserID=@UserID
DECLARE @IP2 VARCHAR(40)
SELECT @IP2=IP FROM IPBans(NOLOCK) WHERE IP=@IP and Opened = 1
IF @IP = @IP2
BEGIN
Update Account SET UGradeID = 253 WHERE UserID = @UserID
RETURN 1
END
SELECT AID, UserID, Password FROM Login(nolock) WHERE UserID = @UserID

Step 3:

Add to your Functions php file if you have or just add it to the file (for ip banning and unbanning):

PHP Code:

//from google.com and edited by Demantor

function validateIpAddress($ip)
{
  
  if(preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$ip))
  {
    
    $parts=explode(".",$ip);
    
    foreach($parts as $ip_parts)
    {
      if(intval($ip_parts)>255 || intval($ip_parts)<0)
      return false;
    }
    return $ip;
  }
  else
    return false;
}


function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

function clean_news($value)
{
        
        $check = $value;

        $search = array('chr(', 'chr=', 'chr%20', '%20chr', 'wget%20', '%20wget', 'wget(',
        'cmd=', '%20cmd', 'cmd%20', 'rush=', '%20rush', 'rush%20',
        'union%20', '%20union', 'union(', 'union=', 'echr(', '%20echr', 'echr%20', 'echr=',
        'esystem(', 'esystem%20', 'cp%20', '%20cp', 'cp(', 'mdir%20', '%20mdir', 'mdir(',
        'mcd%20', 'mrd%20', 'rm%20', '%20mcd', '%20mrd', '%20rm',
        'mcd(', 'mrd(', 'rm(', 'mcd=', 'mrd=', 'mv%20', 'rmdir%20', 'mv(', 'rmdir(',
        'chmod(', 'chmod%20', '%20chmod', 'chmod(', 'chmod=', 'chown%20', 'chgrp%20', 'chown(', 'chgrp(',
        'locate%20', 'grep%20', 'locate(', 'grep(', 'diff%20', 'kill%20', 'kill(', 'killall',
        'passwd%20', '%20passwd', 'passwd(', 'telnet%20', 'vi(', 'vi%20',
        'insert%20into', 'select%20', 'fopen', 'fwrite', '%20like', 'like%20',
        '$_request', '$_get', '$request', '$get', '.system', 'HTTP_PHP', '&aim', '%20getenv', 'getenv%20',
        'new_password', '&icq','/etc/password','/etc/shadow', '/etc/groups', '/etc/gshadow',
        'HTTP_USER_AGENT', 'HTTP_HOST', '/bin/ps', 'wget%20', 'uname\x20-a', '/usr/bin/id',
        '/bin/echo', '/bin/kill', '/bin/', '/chgrp', '/chown', '/usr/bin', 'g\+\+', 'bin/python',
        'bin/tclsh', 'bin/nasm', 'perl%20', 'traceroute%20', 'ping%20', '.pl', 'lsof%20',
        '/bin/mail', '.conf', 'motd%20', 'HTTP/1.', '.inc.php', 'config.php', 'cgi-', '.eml',
        'file\://', 'window.open', '<script>', 'javascript\://','img src', 'img%20src','.jsp','ftp.exe',
        'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell', 'nc.exe', '.htpasswd',
        'servlet', '/etc/passwd', 'wwwacl', '~root', '~ftp', '.js', '.jsp', 'admin_', '.history',
        'bash_history', '.bash_history', '~nobody', 'server-info', 'server-status', 'reboot%20', 'halt%20',
        'powerdown%20', '/home/ftp', '/home/www', 'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
        '<script', 'UPDATE', 'SELECT', 'DROP', '/robot.txt' ,'/perl' ,'mod_gzip_status', 'db_mysql.inc', '.inc', 'select%20from',
        'select from', 'drop%20', 'getenv', 'http_', '_php', 'php_', 'phpinfo()', '<?php', '?>', 'sql=');

        $value = str_replace($search, '', $value);

        $value = preg_replace(sql_regcase("/(update|select|declare|cast|exec|0x|union|insert|delete|drop table|show tables|'|#|\*|--|\\\\)/"),"",$value);
        $value = trim($value);
        $value = strip_tags($value);
        $value = addslashes($value);
        $value = str_replace("'", "''", $value);

if( $check != $value )
        {
        

//ipbansystem();

setmessage("Illegal Characters detected!", array("Please, check your entered data.", "You Entered: $check", "Allowed is: $value", "Please, Correct your data."));

$date = date("d-m-y - H:i:s");
    $logfile = fopen("logs/log.php","a+");
    $logtext = "[$date] IP: [{$_SERVER['REMOTE_ADDR']}] - ::: Data['$check'] - Staff['{$_SESSION[UserID]}'] - AID['{$_SESSION[AID]}']\r\n";
    fputs($logfile, $logtext);
    fclose($logfile);


   header("Location: index.php");

        die();
}
        return( $value );
}

    function CheckIP()
    {
        $ip = getRealIpAddr();
        $query = mssql_query("SELECT * FROM IPBans WHERE IP = '$ip' AND Opened = 1");

        if( mssql_num_rows($query) != 0 )
        {

            SetMessage("Your IP: $ip is Banned!", array("The access to CTGunz Servers is forbidden!", "If you see that this Ban is a mistake/incorrect; Please contact an Administrator or post your request on the Forums."));
            header("Location: index.php");
die();
  }
}

Step 4:

Add this to your created file (ipban.php or what ever, this is an example which works in the "do=", so edited it yourself if you haven't this working so, in this case it's(do=) name is: BanIP), about the form/design/whatever, you can create your own.. in this case i used the normal one from the website(Lambda) and used the Register Button(i can't even design my name in paint :D) :

PHP Code:

<?
//This Function was made by: Demantor.

if($_SESSION[UserID] == "")
{
    SetMessage("Message from System", array("Please login first to IPBAN a player Globally!"));
    SetURL("index.php?do=BanIP");
    header("Location: index.php?do=login");
    die();
}
$AID = Clean($_SESSION[AID]);
  $uGradex = mssql_query_logged("SELECT UGradeID FROM Account WHERE AID = '$AID'");
  $uGrade = mssql_fetch_assoc($uGradex);
if($uGrade[UGradeID] != 255 && $uGrade[UGradeID] != 254){
    
        SetMessage("Error!", array("You are not a staff member; You can't use this function!"));
        header("Location: index.php?do=index");
        die();
 }
 



SetTitle("CTGunz - IPBAN");

if(isset($_POST[submit]))
{
    $userx           = clean($_POST[userid]);
    $BannedIP        = clean($_POST[IP]);
    $ipcheck         = validateIpAddress($BannedIP);
    $myip             = getRealIpAddr();
    $Reasonx         = clean_news($_POST[Reason]);
    $staff           = clean($_SESSION[UserID]);



        if($userx == ""){

        SetMessage("IP Ban", array("You must Enter the Account Name of the IP to Ban!"));
        header("Location: index.php?do=BanIP");
        die();
}
        elseif($BannedIP == ""){

        SetMessage("IP Ban", array("You must Enter the IP to Ban!"));
        header("Location: index.php?do=BanIP");
        die();
}
       elseif($BannedIP != $ipcheck){

        setmessage("ERROR!", array("Incorrect Entered IP: $BannedIP", "This IP doesn't Exist in the Network!", "Please Check your entered IP"));
        header("Location: index.php?do=BanIP");
        die();
}
        elseif(mssql_num_rows(mssql_query_logged("SELECT * FROM IPBans(nolock) WHERE iP = '$BannedIP' AND Opened = '1'")) <> 0){

        SetMessage("IP Ban", array("IP: $BannedIP is Already Banned :)"));
        header("Location: index.php?do=BanIP");
        die();
}

        elseif($BannedIP == $myip){

        SetMessage("IP Ban", array("IP: $BannedIP is your own IP, you can't Ban yourself ROFL :)"));
        header("Location: index.php?do=BanIP");
        die();
}
        elseif(((mssql_num_rows(mssql_query_logged("SELECT * FROM Login(nolock) WHERE LastIP = '$BannedIP'"))) == 0) & (mssql_num_rows(mssql_query_logged("SELECT * FROM Account(nolock) WHERE RegisterIP = '$BannedIP'"))) == 0){

        SetMessage("IP Ban", array("The Entered IP: '$BannedIP' doesn't Exist in the Database Information!", "You can only ban IPs which belong to an Account(s) in CTGunZ"));
        header("Location: index.php?do=BanIP");
        die();
}
        elseif(mssql_num_rows(mssql_query_logged("SELECT * FROM Login(nolock) INNER JOIN Account(nolock) on Login.AID = Account.AID WHERE Login.LastIP = '$BannedIP' and ((Account.UGradeID = 255) or (Account.UGradeID = 254) or (Account.UGradeID = 252))")) <> 0){

        SetMessage("IP Ban", array("nah nah, Bad Boy. You can't ban a staff's IP = )", "Don't try."));
        header("Location: index.php?do=BanIP");
        die();
}


else{

if(mssql_num_rows(mssql_query("SELECT * FROM IPBans(nolock) WHERE iP = '$BannedIP' AND Opened = '0'")) == 1){

Mssql_query ("Update IPBans SET Opened = 1, AccountBan = '$userx', banDate = GETDATE(), Reason = '$Reasonx', StaffMemeber = '$staff', StaffIP = '$_SERVER[REMOTE_ADDR]' WHERE ip = '$BannedIP'");

}else{

Mssql_query_logged ("INSERT INTO IPBans(AccountBan, IP, banDate, Opened, Reason, StaffMemeber, 

StaffIP) VALUES ('$userx', '$BannedIP', GETDATE(), 1, '$Reasonx', '$staff', 

'$_SERVER[REMOTE_ADDR]')");
}    

        SetMessage("IP Ban", array("IP: $BannedIP successfully Banned :) ", "Log Written with: $staff" , "For Reason: $Reasonx"));
        header("Location: index.php?do=BanIP");
        die();
}


}else{
?>


<html>
<head>
</head>
<body onload="FP_preloadImgs(/*url*/'../images/btn_register_on.jpg')">
<table style="border-collapse: collapse;" border="0"
 width="100%">
  <tbody>
    <tr>
      <td valign="top" width="183">
      <div align="center"></div>
      </td>
      <td valign="top">
      <div align="center">
      <table style="border-collapse: collapse;" border="1"
 bordercolor="#000000" width="100%">
        <tbody>
          <tr>
            <td
 style="background-image: url(images/content_bar.jpg); background-repeat: no-repeat; background-position: center top;"
 background="http://forum.ragezone.com/images/content_bar.jpg" height="24">
            <div align="center"><font face="Tahoma"
 size="2"><b>CTGunZ Global IP Banning!</b></font></div>
            </td>
          </tr>
          <tr>
            <td bgcolor="#2c2a2a">
            <div align="center">
            <form method="post" action="index.php?do=BanIP"
 name="BanIP">
              <table style="border-collapse: collapse; float: left;"
 border="0" height="100%" width="408">
                <tbody>
                  <tr>
                    <td width="9">
                    <img src="http://forum.ragezone.com/images/mis_arrow.jpg" id="img13"
 border="0" height="9" width="5"></td>
                    <td align="left" width="183">
                    <div align="left">Banned Player's
Account</div>
                    </td>
                    <td align="left" width="183">
                    <input name="userid" size="19"
 class="textLogin" type="text"></td>
                    <td width="16">&nbsp;</td>
                  </tr>
                  <tr>
                    <td colspan="4" width="402">
                    <table
 style="border-collapse: collapse; float: left; width: 408px; height: 26px;"
 border="0">
                      <tbody>
                        <tr>
                          <td width="9"><img
 src="http://forum.ragezone.com/images/mis_arrow.jpg" id="img13" border="0"
 height="9" width="5"></td>
                          <td align="left" width="183">
                          <div align="left">IP to Ban</div>
                          </td>
                          <td align="left" width="183"><input
 name="IP" size="19" class="textLogin" type="text"></td>
                          <td width="16">&nbsp;</td>
                        </tr>
                        <tr>
                          <td><img src="http://forum.ragezone.com/images/mis_arrow.jpg"
 id="img13" border="0" height="9" width="5"></td>
                          <td>Reason</td>
                          <td><input name="Reason"
 size="19" class="textLogin" type="text"></td>
                          <td></td>
                        </tr>
                      </tbody>
                    </table>
                    </td>
                  </tr>
                  <tr>
                  </tr>
                  <tr>
                    <td width="9">&nbsp;</td>
                    <td colspan="2" width="366">
                    <p align="center"><input
 src="http://forum.ragezone.com/images/btn_register_off.jpg" name="img123"
 onmouseout="FP_swapImgRestore()"
 onmouseover="FP_swapImg(1,1,/*id*/'img123',/*url*/'images/btn_register_on.jpg')"
 border="0" height="22" type="image" width="136"></p>
                    </td>
                    <td width="16">&nbsp;</td>
                  </tr>
                  <tr>
                    <td width="9">&nbsp;</td>
                    <td width="183">&nbsp;</td>
                    <td width="183">&nbsp;</td>
                    <td width="16">&nbsp;</td>
                  </tr>
                </tbody>
              </table>
              <input name="submit" value="1"
 type="hidden"></form>
            </div>
            </td>
          </tr>
        </tbody>
      </table>
      </div>
      </td>
      <td valign="top" width="171">
      <div align="center"></div>
      </td>
    </tr>
  </tbody>
</table>
</body>
</html>
<? } ?>

Step 5:

Now you need an Unbanning Function, so create a new php, in this case the name(do=) is "UnBanIP" :

PHP Code:

<?
//This Function was made by: Demantor.

if($_SESSION[UserID] == "")
{
    SetMessage("Message from System", array("Please login first to UNBAN a player's IP!"));
    SetURL("index.php?do=UNBanIP");
    header("Location: index.php?do=login");
    die();
}
$AID = Clean($_SESSION[AID]);
  $uGradex = mssql_query_logged("SELECT UGradeID FROM Account WHERE AID = '$AID'");
  $uGrade = mssql_fetch_assoc($uGradex);
if($uGrade[UGradeID] != 255){
    
        SetMessage("Error!", array("You are not a staff member; You can't use this function!"));
        header("Location: index.php?do=index");
        die();
 }
 



SetTitle("CTGunz - UNBAN IP");

if(isset($_POST[submit]))
{
    $BannedIP        = clean($_POST[IP]);
    $ipcheck         = validateIpAddress($BannedIP);
    $Reasonx         = clean_news($_POST[Reason]);
    $staff           = clean($_SESSION[UserID]);


if($BannedIP == ""){

        SetMessage("IP Unbanning", array("You must Enter the IP to UnBan!"));
        header("Location: index.php?do=UnBanIP");
        die();
}
       elseif($BannedIP != $ipcheck){

        setmessage("ERROR!", array("Incorrect Entered IP: $BannedIP", "This IP doesn't Exist in the Network!", "Please Check your entered IP"));
        header("Location: index.php?do=UnBanIP");
        die();
}
        elseif(mssql_num_rows(mssql_query_logged("SELECT * FROM IPBans(nolock) WHERE iP = '$BannedIP' AND Opened = '1'")) == 0){

        SetMessage("IP Unbanning", array("IP: $BannedIP is not Banned :)"));
        header("Location: index.php?do=UnBanIP");
        die();
}

               

        elseif($Reasonx == ""){

        SetMessage("IP Unbanning", array("Please, Enter a Reason for UnBanning this IP from the Web Site!"));
        header("Location: index.php?do=UnBanIP");
        die();
}



else{

Mssql_query ("Update IPBans SET Opened = 0, UnBanReason = '$Reasonx', UnBaningStaff = '$staff', UnBanningStaffIP = '$_SERVER[REMOTE_ADDR]'  WHERE ip = '$BannedIP'");

       

        SetMessage("IP Unbanning", array("IP: $BannedIP successfully UnBanned :) ", "Log Written with: $staff" , "For Reason: $Reasonx"));
        header("Location: index.php?do=UnBanIP");
        die();
}


}else{
?>


<html>
<head>
</head>
<body onload="FP_preloadImgs(/*url*/'../images/btn_register_on.jpg')">
<table style="border-collapse: collapse;" border="0"
 width="100%">
  <tbody>
    <tr>
      <td valign="top" width="183">
      <div align="center"></div>
      </td>
      <td valign="top">
      <div align="center">
      <table style="border-collapse: collapse;" border="1"
 bordercolor="#000000" width="100%">
        <tbody>
          <tr>
            <td
 style="background-image: url(images/content_bar.jpg); background-repeat: no-repeat; background-position: center top;"
 background="http://forum.ragezone.com/images/content_bar.jpg" height="24">
            <div align="center"><font face="Tahoma"
 size="2"><b>CTGunZ Global IP Unbanning!</b></font></div>
            </td>
          </tr>
          <tr>
            <td bgcolor="#2c2a2a">
            <div align="center">
            <form method="post" action="index.php?do=UnBanIP"
 name="BanIP">
              <table style="border-collapse: collapse; float: left;"
 border="0" height="100%" width="408">
                <tbody>
                  
                  <tr>
                    <td colspan="4" width="402">
                    <table
 style="border-collapse: collapse; float: left; width: 408px; height: 26px;"
 border="0">
                      <tbody>
                        <tr>
                          <td width="9"><img
 src="http://forum.ragezone.com/images/mis_arrow.jpg" id="img13" border="0"
 height="9" width="5"></td>
                          <td align="left" width="183">
                          <div align="left">IP to UnBan</div>
                          </td>
                          <td align="left" width="183"><input
 name="IP" size="19" class="textLogin" type="text"></td>
                          <td width="16">&nbsp;</td>
                        </tr>
                        <tr>
                          <td><img src="http://forum.ragezone.com/images/mis_arrow.jpg"
 id="img13" border="0" height="9" width="5"></td>
                          <td>Reason</td>
                          <td><input name="Reason"
 size="19" class="textLogin" type="text"></td>
                          <td></td>
                        </tr>
                      </tbody>
                    </table>
                    </td>
                  </tr>
                  <tr>
                  </tr>
                  <tr>
                    <td width="9">&nbsp;</td>
                    <td colspan="2" width="366">
                    <p align="center"><input
 src="http://forum.ragezone.com/images/btn_register_off.jpg" name="img123"
 onmouseout="FP_swapImgRestore()"
 onmouseover="FP_swapImg(1,1,/*id*/'img123',/*url*/'images/btn_register_on.jpg')"
 border="0" height="22" type="image" width="136"></p>
                    </td>
                    <td width="16">&nbsp;</td>
                  </tr>
                  <tr>
                    <td width="9">&nbsp;</td>
                    <td width="183">&nbsp;</td>
                    <td width="183">&nbsp;</td>
                    <td width="16">&nbsp;</td>
                  </tr>
                </tbody>
              </table>
              <input name="submit" value="1"
 type="hidden"></form>
            </div>
            </td>
          </tr>
        </tbody>
      </table>
      </div>
      </td>
      <td valign="top" width="171">
      <div align="center"></div>
      </td>
    </tr>
  </tbody>
</table>
</body>
</html>
<? } ?>

Step 6:

To Check if the IP is banned or not, add this to the TOP of your site where you want the check to be, if you are using "do=", like: index.php?do=register, then you just need to add this to your index page:

PHP Code:

CheckIP(); 


Note:

Administrators & Developers can Ban IPs but, Administrators only can Unban IPs.


Good luck, hope this helps even if near to that function was released before. :)

[MentaL]

[ygoraugusto]

Very Nice!
tranks!
HUHHUH

[Joe9099]

Nice man, good job :)

[Number12]

Nice mate hehe

[Demantor]

I updated my post, because there was some .... asking me how check the IPs if banned or not :P

I edited the Functions php[Added CheckIP function) code and added Step 6.

[bounty-hunter]

nub get on teamviewer and help me with the quereys :P

[Demantor]

nub get on teamviewer and help me with the quereys :P

Your Internet is * lagging, stop some porn downloads then >.> xD

[pluke001]

very useful release. good job :)

[corrado]

Account > RegisterIP create column

[Demantor]

ah!... right click on the Account table, design, and add the column!

[MicroManiacs]

Thx mate.

[corrado]

ah!... right click on the Account table, design, and add the column!

Hard >_>
nice thx e.e

[hackerz10001]

Good job, very simple!

[Demantor]

very simple!

sure? xD

[scrip]

nice demanotr keep it up ^^