创建动态.htaccess禁令的问题

时间:2012-07-20 14:35:23

标签: php mysql .htaccess

我试图为自己使用一个小应用程序来读取从联系表单发送到我的数据库的数据,我希望能够禁止那些不受联系表单内容欢迎的用户, 等等。所以我,我有每个用户IP,与表单一起发送。但是,每次单击禁止按钮时,它只会保留对数据库的拒绝,并且我想知道原因。这是整个代码:

<?php
if(isset($_POST['submit'])) {
// Read the while file into a string $htaccess
$htaccess = file_get_contents('.htaccess');
// Stick the new IP just before the closing </files>
$new_htaccess = str_replace('allow from all', "deny from "."$unwanteduser"."\nallow from all", $htaccess);
// And write the new string back to the file
file_put_contents('.htaccess', $new_htaccess);
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Yhteydenottopyynnöt</title>
<style>
body{width:100%;}

tr:nth-child(even) { background: #ccc; }
</style>
</head>

<body>
<?php
$con = mysql_connect("localhost","user","pass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db", $con);

$result = mysql_query("SELECT * FROM wp_contactform");
$f = fopen(".htaccess", "a+");
$ip = $row['IP'];
    fwrite($ip , $f);
    fclose($f);

echo "<table border='1'>
<tr>
<th style='width:5%;'>ID</th>
<th style='width:10%;'>Nimi</th>
<th style='width:10%;'>Puhelin</th>
<th style='width:10%;'>Sposti</th>
<th style='width:40%;'>Viesti</th>
<th style='width:10%;'>P&auml;iv&auml;</th>
<th style='10%;'>IP</th>
<th style='5%;'>Ban</th>
</tr>";

$i = 0;
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td style='width:10%;'>" . $row['ID'] . "</td>";
  echo "<td style='width:10%;'>" . $row['Nimi'] . "</td>";
  echo "<td style='width:10%;'>" . $row['Puhelin'] . "</td>";
  echo "<td style='width:10%;'><a href='mailto:" . $row['Email'] . "'>" . $row['Email'] . "</a></td>";
  echo "<td style='width:40%;'>" . $row['Viesti'] . "</td>";
  echo "<td style='width:10%;' >" . $row['Day'] . "</td>";
  echo "<td style='width:10%;'>" . $row['IP'] . "</td>";
  $unwanteduser = $row['IP'];
  echo "<form action='thissamepage' method='post'><input type='hidden' value='$unwanteduser' name='gtfo'><input type='submit' name='submit' value='Ban'>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>
</body>
</html>

2 个答案:

答案 0 :(得分:1)

$ unwanteduser 在提交后未从表单中分配值

试试这个

<?php
if(isset($_POST['submit'])) {
// Read the while file into a string $htaccess
$htaccess = file_get_contents('.htaccess');
// Stick the new IP just before the closing </files>
$unwanteduser = $_POST['gtfo']; 
$new_htaccess = str_replace('allow from all', "deny from "."$unwanteduser"."\nallow from all", $htaccess);
// And write the new string back to the file
file_put_contents('.htaccess', $new_htaccess);
}
?>

信息:提交表单后,它似乎就像页面刷新一样,因此在提交表单之前您在$ unwanteduser上分配的内容将会丢失

我很困惑

$result = mysql_query("SELECT * FROM wp_contactform");
$f = fopen(".htaccess", "a+");
$ip = $row['IP'];

此时,$row['IP']的价值是多少?你试图追加什么?

答案 1 :(得分:0)

正如评论中所写,如果你将构成逻辑单元的那些部分放入其自身的功能中,事情会变得更加简单:

/**
 * add an ip to ban to a .htaccess file
 *
 * @param string $htaccess_file
 * @param string $ip
 * @return int Number of bytes that were written to the file, or FALSE on failure.
 */
function htaccess_add_ban_ip($htaccess_file, $ip)
{
    $htaccess_original = file_get_contents($htaccess_file);
    if (false === $htaccess_original) {
        return false;
    }
    $htaccess_changed = str_replace(
        'allow from all',
        "deny from $ip\nallow from all",
        $htaccess_original,
        $count
    );
    if ($count != 1) {
        return false;
    }
    return file_put_contents($htaccess_file, $htaccess_changed);
}

然后,您只需要在需要该功能的地方调用该功能:

$result = htaccess_add_ban_ip($file, '127.0.0.1');

检查返回值以控制是否正确,例如用于测试:

if (false === $result) {
    die(sprintf('Could not write .htaccess file "%s".', $file));
}

if ($result < 36) {
    die(sprintf('Very little bytes (%d) written to .htaccess file "%s", this makes no sense, please check.', $result, $file));
}

die(sprintf('Successfully wrote IP %s to .htaccess file "%s" (%d bytes written).', $ip, $file, $result));

将来您可以在函数内部引入所需的功能(如文件锁定),通常不能更改脚本的大部分内容。

如果您正在寻找一种简化连接和查询mysql数据库的方法,请参阅另一个问题的相关答案:

它包含一个MySql类/对象,另一个例子是如何使用/ create函数使代码更容易处理。