One last thing we should address is how to deal with
troublemakers. This is a particular problem if you
end up with a popular chat. It’s a sad fact we have
to face up to – people are frequently jerks. And
because of this we have to make sure that only the
right kind of people get into our chat room.
troublemakers. This is a particular problem if you
end up with a popular chat. It’s a sad fact we have
to face up to – people are frequently jerks. And
because of this we have to make sure that only the
right kind of people get into our chat room.
One idea is a login system. Store usernames and
passwords in a MySQL database and make users register
before they can access your chat. The other idea is
to log the IP of troublemakers and prevent that
IP posting.
passwords in a MySQL database and make users register
before they can access your chat. The other idea is
to log the IP of troublemakers and prevent that
IP posting.
This second system is flawed to a certain extent, in
that malicious users can switch between any number of
proxies to change their IP. And as most ISP’s assign
dynamic IP addresses, even the stupid ones can just
reconnect and get access to the chat.
that malicious users can switch between any number of
proxies to change their IP. And as most ISP’s assign
dynamic IP addresses, even the stupid ones can just
reconnect and get access to the chat.
Most “casual” troublemakers won’t be bothered about
going to all that effort just to put the wind up a
handful of individials. Once “banned” they’ll never
bother coming back.
going to all that effort just to put the wind up a
handful of individials. Once “banned” they’ll never
bother coming back.
So our “banned” IPs are logged in a file called
a newline character so as before we can use the
an array.
banned.ban. Each IP is terminated bya newline character so as before we can use the
file() function to read the file intoan array.
$banned_array = file("banned.ban");
Now we have the file we need to cross-reference it
with the
can tell if the user trying to post a message is
banned or not. Simplicity itself :
with the
$REMOTE_ADDR variable so wecan tell if the user trying to post a message is
banned or not. Simplicity itself :
<?php
for ($counter=0;$counter<sizeof($banned_array);$counter++) {
if ($banned_array[$counter] == $REMOTE_ADDR) {
print("<font color="red" face="arial" align="center">".
"You have been banned from this chat</font>");
exit;
}
}
?>
The
the execution of the script. Place your ban checks
before you start performing operations on the POSTed
variables and your banned user can’t use the chat.
exit command will stop immediatelythe execution of the script. Place your ban checks
before you start performing operations on the POSTed
variables and your banned user can’t use the chat.
With a mind to accounting in some way for the problem
of dynamic IP addresses, it’s probably an idea to
check the IP block the IP belongs to. A simple
function makes makes this easy.
of dynamic IP addresses, it’s probably an idea to
check the IP block the IP belongs to. A simple
function makes makes this easy.
<?php
function makeMask($ip) {
// remember to escape the . so PHP doesn't think it's a concatenation
$ip_array = explode(".", $ip);
$ip_mask = "$ip_array[0].$ip_array[1].$ip_array[2]";
return $ip_mask;
}
?>
Then we replace the looped
if with:
<?php
for ($counter=0;$counter<sizeof($banned_array);$counter++) {
if (makeMask($REMOTE_ADDR) == makeMask($banned_array[$counter])) {
print("<font color="red" face="arial" align="center">".
"You have been banned from this chat</font>");
exit;
}
}
?>
… we have some protection against dynamic IPs.
