The forums have permanently moved to forum.kirupa.com. This forum will be kept around in read-only mode for archival purposes. To learn how to continue using your existing account on the new forums, check out this thread.


Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Banning a user with cookies

  1. #1

    Banning a user with cookies

    Hi!

    I need some help.

    Can anyone tell me how I would go about coding a PHP system in which I can give a user a cookie (if they register, etc.), and the system checks if that cookie exists. If it does, the system displays a ban message. I would also like to know if it is possible to check for the cookie, and if it exists, also ban by IP. Or, if a user has a certain banned IP give them a ban cookie too.

    I hope I didn't make it too confusing to understand, but if anyone can help me I would appreciate it.

  2. #2
    People would just delete the cookie.
    Member #2 of the "I wont critique Timmytot's designs anymore" club.

  3. #3
    Use htaccess to ban people.
    Assuming you are on linux.
    Or do a combination of cookies, sessions and htaccess IP banning.
    You will never be able to keep someone out unless you password protect every page.
    Web Design and Web Development blog
    Designer Notice: Browser List for design compatibility

  4. #4
    Yeah... I am kind of aware of that, I'm asking how its done.

  5. #5
    It doesn't matter if the user deletes the cookie or if it isn't the most secure method...

    Does anyone know how to actually ban a user with a cookie...?

  6. #6
    Set a cookie, check if it is set. If so redirect them to google or something.
    Member #2 of the "I wont critique Timmytot's designs anymore" club.

  7. #7
    Which do you want to do? Cookie banning is pointless mate.
    This is the .htaccess ban code:
    Code:
    order allow,deny
    deny from xxx.xx.x.x
    allow from all
    Web Design and Web Development blog
    Designer Notice: Browser List for design compatibility

  8. #8
    I'm not stupid.. I will have this system:

    User is banned from logging in with his account.
    User is cookie banned.
    User is IP banned.

    All together...

    Can someone confirm this code is solid/secure... It works... ( I didn't include my variables )

    PHP Code:
    if(!isset($_COOKIE[$c_name])) {
      
    setrawcookie($c_name$c_val_deny);
      
    header("Location: cookie.php");
    }

    if(isset(
    $_GET['ban'])) {
      if(
    $_GET['ban'] == "yes") {
        
    setrawcookie($c_name$c_val_deny);
        
    header("Location: cookie.php");
      }
      elseif(
    $_GET['ban'] == "no") {
          
    setrawcookie($c_name$c_val_allow);
          
    header("Location: cookie.php");
      }
      elseif(
    $_GET['ban'] == "end") {
          
    setrawcookie($c_name""time() - 3600);
          
    header("Location: cookie.php");
      }
    }

    if(isset(
    $_COOKIE[$c_name])) {
      if(
    $_COOKIE[$c_name] == $c_val_deny) {
        print 
    "Denied";
      } 
      elseif(
    $_COOKIE[$c_name] == $c_val_allow) {
        print 
    "Allowed";
      }

    Don't mind the fact I used $_GET, thats just for testing if the cookies are working..
    Last edited by webreforms; December 29th, 2007 at 05:45 PM.

  9. #9
    You'll want to add an exit() after "denied".
    Also see if you can fwrite the IP to .htaccess
    Web Design and Web Development blog
    Designer Notice: Browser List for design compatibility

  10. #10
    It'd probably be better to just write the IP to a database.. simpler anyway. Call all the IPs into an array, do an in_array, then exit.
    got pwnt?

  11. #11
    Thats the plan harish

    Think the 3 layer banning is secure enough ?

  12. #12
    Quote Originally Posted by webreforms View Post
    Thats the plan harish

    Think the 3 layer banning is secure enough ?
    Nope. People can just stop your site from setting cookies or they could change the cookie.
    Member #2 of the "I wont critique Timmytot's designs anymore" club.

  13. #13
    Why not add the banned IP/user to a database, then do a query,
    which will determine what the banned users have been resticted to.

  14. #14
    the cookie method is really unsafe.
    You should use the .htaccess method or if easier for you; put the ip into a database and run a query
    My Photography
    Twitter

    K-Emmys-06: Best "Newbie"

  15. #15
    biznuge's Avatar
    1,136
    posts
    Use the Fork Luke...
    using htaccess could get messy for apache pretty quickly on a well used site though i'd suppose.

    since htaccess rules will need to be checked against each and every request that comes in, slowing down the process as the amount of deny rules increases.

    plus, I, like many other internet users, have a roving IP. so if you try and .ht me today, screw you, cos i'll just come back tomorrow, when my new ip is in place...

    Authenticated user access would seem to be the only method that really works I'd say. Even using the db lookup method could eventually get pretty clogged up, as soon as a lot of deny IP's are stored.

    oh, and... blah blah, happy new year...!
    before you judge someone, you should walk a mile in their shoes. That way, when you judge them, you're a mile away, and you have their shoes...
    "A lack of planning on your part does not constitute an emergency on mine" - Danonthemoon
    She asked for a double entendre, so I gave her one...
    "screw ie. it can lick my balls" - A.J. Cates

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012