Banning by IP with php/mysql
Posted
by incrediman
on Stack Overflow
See other posts from Stack Overflow
or by incrediman
Published on 2010-06-06T22:23:51Z
Indexed on
2010/06/06
22:32 UTC
Read the original article
Hit count: 438
I want to be able to ban users by IP. My idea is to keep a list of IP's as rows in an BannedIPs table (the IP column would be an index).
To check users' IP's against the table, I will keep a session variable called $_SESSION['IP'] for each session. If on any request, $_SESSION['IP'] doesn't match $_SERVER['REMOTE_ADDR'], I will update $_SESSION['IP'] and check the BannedIPs table to see if the IP is banned. (A flag will also be saved as a session variable specifying whether or not the user is banned)
Here are the things I'm wondering:
- Does that sound like a good strategy with regards to speed and security (would someone be able to get around the IP ban somehow, other than changing IP's)?
- What's the best way to structure a mysql query that checks to see if a row exists? That is, what's the best way to query the db to see if a row with a certain IP exists (to check if it's banned)?
- Should I save the IP's as integers or strings?
Note that...
- I estimate there will be between 1,000-10,000 banned IP's stored in the database.
- $_SERVER['REMOTE_ADDR'] is the IP from which the current request was sent.
© Stack Overflow or respective owner