Posted by Jim Michaels on 03/02/06 08:59

"Arjen" <dont@mail.me> wrote in message
news:newscache$9e0wui$zn01$1@news.easynet.nl...
> Blackhawk@idonthaveone.com wrote:
>> I have a guest book and someone is raising hell with me on it. I must
>> receive 50 entries a day and all bogus. Don't know why they have
>> picked my site but I have to do something now to correct the on going
>> problem.
>>
>> I need a security feature for my guest book. I have seen some on other
>> boards where there is a series a letters and or numbers only the human
>> eye can pick out and enter in order to submit an entry into the guest
>> book. Can someone direct me to the source of this security script in
>> php, please!
>
> This is some really old code but it has been working for me for the last
> few years. I just blok their ip adress, ip range and geographical location
> :-) The mysql table only has 150 entries so im not really concerned with
> performace.
>
> $ip = $_SERVER["REMOTE_ADDR"];
>
> // override
> // once the user optionally confirms the emailadress allow is set to true
> if ($user[allow]=="false"){
>
> // statisch ip
> $sql = 'SELECT deny.id '
> .'FROM deny '
> .'WHERE deny.ip = "'.$ip.'" ';
> $query = mysql_query("$sql")
> or exit ("Ongeldige query " . mysql_error());
> if (mysql_num_rows($query)>0)
> {
> header("Location: geblokkeerd.php?r=statisch");
> exit;
> }
>
> // dynamisch ip
> $sql = 'SELECT deny.id '
> .'FROM deny '
> .'WHERE (begin<INET_ATON("'.$ip.'") AND INET_ATON("'.$ip.'")<eind)';
> $query = mysql_query("$sql")
> or exit ("Ongeldige query " . mysql_error());
> if (mysql_num_rows($query)>0)
> {
> header("Location: geblokkeerd.php?r=dynamisch");
> exit;
> }
>
> // geoip
> include ("../geoip/geoip.inc");
> $gi = geoip_open("$siteroot/geoip/GeoIP.dat",GEOIP_STANDARD);


I think you have to pay to get that database and code, don't you?
if anyone wants it, I have some code implemented that's free. it's only 97%
accurate. it uses geoip lite. I've turned it into an SQL db, and I can send
you the SQL and PHP scripts. the SQL DB is 7MB uncompressed (1MB
compressed).


>
> /* set up array of banned country codes via
> * http://www.maxmind.com/app/iso3166
> */
> $banned = array ('A1', 'AE', 'AF', 'AL', 'AP', 'BA',
> 'BD', 'BO', 'BR', 'BS', 'CD', 'CF', 'CN',
> 'CU', 'ES', 'FM', 'IN', 'KH', 'LV', 'MY',
> 'RO', 'KP', 'KR', 'SK', 'TR', 'TW',
> 'UA', 'UZ', 'RU', 'AZ', 'PL');
>
> $country_code = geoip_country_code_by_addr($gi, $ip);
> geoip_close($gi);
>
> if (in_array ($country_code, $banned))
> {
> header("Location: geblokkeerd.php?r=geoip");
> exit;
> }
>
>
>
> }

• Next in forum: Re: php form mail problem
• Prev in forum: Re: Any GUI to import/export MySQL?
• Thread view: Re: Security Needed!

[Reply to this message]