miniBB

^®
Support Forums

| Start | Register | Search | Statistics | File Bank | Manual |

	miniBB Support Forums / Suggestions /
	Prevent displaying only certain pages from banned IPs

	tom322 Active Member	#1 \| Posted: 12 Jan 2019 05:18
		I also have suggestion regarding banned IPs. I concluded that it's better not to block forum posts / main page etc. when an IP is blocked (IP can be shared by many people and some of them may be useful clicking on ads or something ;) So I'd suggest to change this: if($user_id!=1 and db_ipCheck($thisIp,$thisIpMask,$user_id)) { $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id); if($banRes===TRUE) $banRes=''; $title=$sitename.' - '.$l_forbidden; echo ParseTpl(makeUp('main_access_denied')); exit; } to this below (to only ban unlogged users for 'registernew', 'authorize', 'sendirect' actions). That would make the site's content visible to banned IPs and prevent unregisterd abusers from posting (registered users can be blocked manually if needed). if($user_id==0 and ($action=='registernew' or $action=='authorize' or $action=='senddirect') and db_ipCheck($thisIp,$thisIpMask,$user_id)) { $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id); if($banRes===TRUE) $banRes=''; $title=$sitename.' - '.$l_forbidden; echo ParseTpl(makeUp('main_access_denied')); exit; }

	Paul Lead Developer	#2 \| Posted: 14 Jan 2019 16:20
		Thanks, this is an interesting suggestion. But may be then it would be better to prevent just any incoming POST request from the execution? Users from banned IPs certainly should not be allowed to post anything, to login and to perform many other operations beyond those you suggest. Preventing any POST operation would also allow forum being displayed in the read-only mode.

	tom322 Active Member	#3 \| Posted: 14 Jan 2019 17:04
		Right, preventing _POST would be the best solution. How to implement it then? : ) Like this: ? if(isset($_POST) and db_ipCheck($thisIp,$thisIpMask,$user_id)) {

	Paul Lead Developer	#4 \| Posted: 14 Jan 2019 20:41
		Please check the code below. $_POST is always present in PHP, but is empty if the POST data is not supplied. So the size of this array should be checked. Also, the code should not be executed for the logged admin only. The condition `$user_id==0` is wrong. if($logged_admin!=1 and $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id) and isset($_POST) and sizeof($_POST)>0) { if($banRes===TRUE) $banRes=''; $title=$sitename.' - '.$l_forbidden; echo ParseTpl(makeUp('main_access_denied')); exit; } I've checked it on my side and it seems it still allows the login. But I suppose, it's not such a big deal, 'cause posting of messages and even updating the profile is not possible. Try on your side and let me know if it would work for you. I may add it in the official release as well, liked the idea of the "soft ban".

	tom322 Active Member	#5 \| Posted: 14 Jan 2019 20:51
		It works; yes, user can be logged in but if he cannot do $_POST then that's all that is needed to make the ban work. The only suggestion from me would be to put the $banRes query as last so that there's no unnecessary query if there's no $_POST and adding $isMod, so: if(isset($_POST) and sizeof($_POST)>0 and $logged_admin!=1 and $isMod!=1 and $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id)) {

	Paul Lead Developer	#6 \| Posted: 14 Jan 2019 21:19
		Yes, adding $isMod is also useful, but both these: $logged_admin!=1 and $isMod!=1 should come first. So if the script sees admin or moderator are logged in, it will not check the banned-IPs table at all. I.e. admin/moderator should be skipped from checking initially. So most likely it could look like this: if($logged_admin!=1 and $isMod!=1 and isset($_POST) and sizeof($_POST)>0 and $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id)) {

	tom322 Active Member	#7 \| Posted: 14 Jan 2019 21:41
		OK it works too..

	miniBB Support Forums / Suggestions /
	Prevent displaying only certain pages from banned IPs Share Topic's Link


	Home Features Requirements Demo Download Showcase Gallery of Arts Compiler Premium Extensions Premium Support License Contact Us

Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.

⇑