RedJumpsuit

jobberBase custom development and support

 

Code School

Deny IP address or IP block on job post or application

anti-spami haven’t posted in a while (months actually) but as a come back i am posting one of the most requested hack lately. this Deny IP Manger does the following:

denies IP address
denies IP block (using wildcard)
lets you add IP address or block
lets you delete address or block
can be set to either on or off
very straightforward IP deny function

please consider donating :)


Deny IP Link
anti-spam

Deny IP Manager
anti-spam

let’s begin.

first create the ip deny table:

CREATE TABLE IF NOT EXISTS `denyip` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `ip_address` varchar(255) NOT NULL,
  `created_on` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

1) /config.php

after line

require_once '_includes/smarty/libs/Smarty.class.php';

add

// deny IP class
require_once '_includes/class.DenyIP.php';

after line

define('CAPTCHA_PRIVATE_KEY', $settings['captcha_private_key']);

add

// set if ip deny is on
define('DENY_IP', 1);

this is where you set whether the deny ip function is on (1) or not (0)

2) /index.php

after lines

if(!isset($_SERVER['HTTP_REFERER'])) {
       $_SERVER['HTTP_REFERER'] = '';
    }

add below

$clientip = $_SERVER['REMOTE_ADDR'];
$ipclass = new DenyIP();

after line

case 'apply-online':

add below

if(DENY_IP == 1 && $ipclass->blockip($clientip))
{
    redirect_to(BASE_URL);
    exit;
}

this will block any online applications from your denied IP list

after lines

// create/edit a job post
case 'post':

add below

if(DENY_IP == 1 && $ipclass->blockip($clientip))
{
    redirect_to(BASE_URL);
    exit;
}

this will block any job posts from your denied IP list

3) /_includes/function.php

before the last

?>

add this

// musik at krapplack dot de
// 04-Jun-2006 12:52
function in_array_wildcard($needle, $haystack) {
    # this function allows wildcards in the array to be searched
    foreach ($haystack as $value) {
        if (true === fnmatch($value, $needle)) {
            return true;
        }
    }
    return false;
}

this is a modified in_array function that allows for searching needle (string) with wildcard on a haystack (list)

4) inside /_includes/, create a file called ‘class.DenyIP.php’ and copy code below

<?php
/**
 * jobber job board platform
 *
 * @author  RedJumpsuit <myredjumpsuit@gmail.com>
 * @web     http://www.redjumpsuit.net
 *
 * Deny IP class handles denying job post and applications by IP address
 */
 
class DenyIP
{
 
 
    public function __construct()
    { }
 
    public function addip($ip)
    {
        global $db;
        $sql1 = 'SELECT *
                       FROM '.DB_PREFIX.'denyip
                       WHERE ip_address = "'. $ip .'"';
        $result1 = $db->query($sql1);
        $row1 = $result1->fetch_assoc();          
        if (!$row1) {
            $sql = 'INSERT INTO '.DB_PREFIX.'denyip (ip_address, created_on)
                            VALUES ("'. $ip .'", NOW())';
            if ($db->query($sql)) {
                return true;
            } else {
                return false;
            }
        } else {
            return false;
        }
    }
 
    public function deleteip($ip)
    {   
        global $db;
        $sql = 'DELETE FROM '.DB_PREFIX.'denyip WHERE ip_address = "' . $ip .'"';
        if ($db->query($sql)) {
            return true;
        } else {
            return false;
        }
    }
 
    public function listip()
    {
        global $db;
        $ips = array();
        $sql = 'SELECT *
                       FROM '.DB_PREFIX.'denyip
                       ORDER BY created_on ASC';
        $result = $db->query($sql);
        while ($row = $result->fetch_assoc())
        {
            $ips[] = array('id' => $row['id'], 'ip_address' => $row['ip_address'], 'created_on' => $row['created_on']);
        }
        return $ips;
    }
 
    public function blockip($ip)
    {
 
        global $db;
        $deny = array();
        $sql = 'SELECT ip_address AS ip_address FROM '.DB_PREFIX.'denyip';
        $result = $db->query($sql);
        while ($row = $result->fetch_assoc())
        {
            $deny[] = trim($row['ip_address']);
        }
 
        if (in_array_wildcard($ip, $deny)) {
            return true;
        } else {
            return false;
        }
 
    }
}
?>

5) /admin/index.php, after the lines

case 'delete':
    if(!isset($_SESSION['AdminId']))
    {
        redirect_to(BASE_URL);
        exit;
    }
    require_once 'page_delete.php';
    $flag = 1;
    break;

add

case 'denyip':
    if(!isset($_SESSION['AdminId']))
    {
        redirect_to(BASE_URL);
        exit;
    }
    require_once 'page_denyip.php';
    $flag = 1;
    break;

6) inside /admin/, create a file called ‘page_denyip.php’ and copy code below

<?php
$ipclass = new DenyIP();
$smarty->assign('current_category', 'denyip');
 
if ($extra == 'remove')
{
    $ipclass->deleteip($id);
}
 
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (empty($_POST['ip_address'])) {
        $smarty->assign('error', 'The IP Address is empty. Please enter an IP Address.');
    } else {
        if ($ipclass->addip($_POST['ip_address'])) {
            $smarty->assign('success', 'IP Address has been added!');
        } else {
            $smarty->assign('error', 'The IP Address already exists.');
        }
    }
}
 
$smarty->assign('ips', $ipclass->listip());
$template = 'denyip.tpl';
?>

7) /admin/_templates/header.tpl

after the line

<li {if $current_category == 'settings'}class="selected"{/if}><a href="{$BASE_URL_ADMIN}settings/">Settings</a></li>

add below

<li {if $current_category == 'denyip'}class="selected"{/if}><a href="{$BASE_URL_ADMIN}denyip/">Deny IP</a></li>

8) inside /admin/_templates, create a file called ‘denyip.tpl’ and copy code below

{include file="header.tpl"}
<div id="content">
<h3 class="page-heading">Deny IP Manager</h3>
 
<form id="publish_form" action="{$smarty.server.REQUEST_URI}" method="post">
    <fieldset>
        <table cellspacing="2" cellpadding="2" border="0">
            {if $error}
            <tr>
                <td colspan="2">
                    <img src="{$BASE_URL_ADMIN}img/exclamation.png" alt="" /> {$error}
                </td>
            </tr>
            {/if}
            {if $success}
            <tr>
                <td colspan="2">
                    <img src="{$BASE_URL_ADMIN}img/icon_accept.gif" alt="" /> {$success}
                </td>
            </tr>
            {/if}
            <tr>
                <td>IP Address/Block:</td>
                <td><input type="ip_address" name="ip_address" size="30" /></td>
            </tr>
        </table>
    </fieldset>
    <p>
        <button type="submit" class="submit_button">Add IP Address</button>
    </p>
</form>
 
<h2>List of Denied IP Addresses</h2>
<table id="job-posts" class="job-posts" cellspacing="0">
<tr class="alt">
    <td>ID</td>
    <td>IP Address</td>
    <td>Date Added</td>
    <td>Action</td>                   
</tr>
{foreach from=$ips item=ips}
<tr>
    <td class="center">{$ips.id}</td>
    <td class="center">{$ips.ip_address}</td>
    <td class="center">{$ips.created_on}</td>
    <td class="center"><a href="{$BASE_URL_ADMIN}denyip/{$ips.id}/remove">Remove</a></td>
</tr>
{/foreach}
</table>
</form>
 
</div><!-- #content -->

{include file="footer.tpl"}
Tagged as: , ,

6 Comments

Code School

  1. Hi

    Do you know if anything has changed re: 1.9 if not I will try

    Thanks

  2. Hi very good

    It does not work. By adding an address and to access the page of the offer gives me this error:

    Fatal error: Call to undefined function fnmatch() in C:\AppServ\www\jobberbase\_includes\functions.php on line 486

    Someone knows how to fix?

  3. I tried to use this script but it doesn’t work, even in admin panel, when i click “Deny IP” link, i got the blank page.

  4. this works for 1.8, if you are using it for higher version you will need to convert the code

  5. I have successfully installed in v1.9. There is a bug in class.DenyIP.php since we cant remove the ip adress after adding.

    Please replace the code by this

    <?php
    /**
    * jobber job board platform
    *
    * @author RedJumpsuit
    * @web http://www.redjumpsuit.net
    *
    * Deny IP class handles denying job post and applications by IP address
    */

    class DenyIP
    {

    public function __construct()
    { }

    public function addip($ip)
    {
    global $db;
    $sql1 = ‘SELECT *
    FROM ‘.DB_PREFIX.’denyip
    WHERE ip_address = “‘. $ip .'”‘;
    $result1 = $db->query($sql1);
    $row1 = $result1->fetch_assoc();
    if (!$row1) {
    $sql = ‘INSERT INTO ‘.DB_PREFIX.’denyip (ip_address, created_on)
    VALUES (“‘. $ip .'”, NOW())’;
    if ($db->query($sql)) {
    return true;
    } else {
    return false;
    }
    } else {
    return false;
    }
    }

    public function deleteip($id)
    {
    global $db;
    $sql = ‘DELETE FROM ‘.DB_PREFIX.’denyip WHERE ip_address = “‘ . $id .'”‘;
    if ($db->query($sql)) {
    return true;
    } else {
    return false;
    }
    }

    public function listip()
    {
    global $db;
    $ips = array();
    $sql = ‘SELECT *
    FROM ‘.DB_PREFIX.’denyip
    ORDER BY created_on ASC’;
    $result = $db->query($sql);
    while ($row = $result->fetch_assoc())
    {
    $ips[] = array(‘id’ => $row[‘id’], ‘ip_address’ => $row[‘ip_address’], ‘created_on’ => $row[‘created_on’]);
    }
    return $ips;
    }

    public function blockip($ip)
    {

    global $db;
    $deny = array();
    $sql = ‘SELECT ip_address AS ip_address FROM ‘.DB_PREFIX.’denyip’;
    $result = $db->query($sql);
    while ($row = $result->fetch_assoc())
    {
    $deny[] = trim($row[‘ip_address’]);
    }

    if (in_array_wildcard($ip, $deny)) {
    return true;
    } else {
    return false;
    }

    }
    }
    ?>

Trackbacks

  1. Bundled Add-Ons for jobberBase 1.8 | RedJumpsuit

Leave a Response