miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Suggestions miniBB Support Forums / Suggestions /  
 

Prevent displaying only certain pages from banned IPs

 
Author tom322
Active Member
#1 | Posted: 12 Jan 2019 05:18 
I also have suggestion regarding banned IPs. I concluded that it's better not to block forum posts / main page etc. when an IP is blocked (IP can be shared by many people and some of them may be useful clicking on ads or something ;) So I'd suggest to change this:

if($user_id!=1 and db_ipCheck($thisIp,$thisIpMask,$user_id)) {
$banRes=db_ipCheck($thisIp,$thisIpMask,$user_id);
if($banRes===TRUE) $banRes='';
$title=$sitename.' - '.$l_forbidden;
echo ParseTpl(makeUp('main_access_denied')); exit;
}
to this below (to only ban unlogged users for 'registernew', 'authorize', 'sendirect' actions). That would make the site's content visible to banned IPs and prevent unregisterd abusers from posting (registered users can be blocked manually if needed).

if($user_id==0 and ($action=='registernew' or $action=='authorize' or $action=='senddirect') and db_ipCheck($thisIp,$thisIpMask,$user_id)) {
$banRes=db_ipCheck($thisIp,$thisIpMask,$user_id);
if($banRes===TRUE) $banRes='';
$title=$sitename.' - '.$l_forbidden;
echo ParseTpl(makeUp('main_access_denied')); exit;
}

Author Paul
Lead Developer 
#2 | Posted: 14 Jan 2019 16:20 
Thanks, this is an interesting suggestion.

But may be then it would be better to prevent just any incoming POST request from the execution? Users from banned IPs certainly should not be allowed to post anything, to login and to perform many other operations beyond those you suggest. Preventing any POST operation would also allow forum being displayed in the read-only mode.

Author tom322
Active Member
#3 | Posted: 14 Jan 2019 17:04 
Right, preventing _POST would be the best solution. How to implement it then? : ) Like this: ?

if(isset($_POST) and db_ipCheck($thisIp,$thisIpMask,$user_id)) {

Author Paul
Lead Developer 
#4 | Posted: 14 Jan 2019 20:41 
Please check the code below. $_POST is always present in PHP, but is empty if the POST data is not supplied. So the size of this array should be checked. Also, the code should not be executed for the logged admin only. The condition `$user_id==0` is wrong.

if($logged_admin!=1 and $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id) and isset($_POST) and sizeof($_POST)>0) {
if($banRes===TRUE) $banRes='';
$title=$sitename.' - '.$l_forbidden;
echo ParseTpl(makeUp('main_access_denied')); exit;
}
I've checked it on my side and it seems it still allows the login. But I suppose, it's not such a big deal, 'cause posting of messages and even updating the profile is not possible. Try on your side and let me know if it would work for you. I may add it in the official release as well, liked the idea of the "soft ban".

Author tom322
Active Member
#5 | Posted: 14 Jan 2019 20:51 
It works; yes, user can be logged in but if he cannot do $_POST then that's all that is needed to make the ban work. The only suggestion from me would be to put the $banRes query as last so that there's no unnecessary query if there's no $_POST and adding $isMod, so:

if(isset($_POST) and sizeof($_POST)>0 and $logged_admin!=1 and $isMod!=1 and $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id)) {

Author Paul
Lead Developer 
#6 | Posted: 14 Jan 2019 21:19 
Yes, adding $isMod is also useful, but both these:

$logged_admin!=1 and $isMod!=1
should come first. So if the script sees admin or moderator are logged in, it will not check the banned-IPs table at all. I.e. admin/moderator should be skipped from checking initially.

So most likely it could look like this:

if($logged_admin!=1 and $isMod!=1 and isset($_POST) and sizeof($_POST)>0 and $banRes=db_ipCheck($thisIp,$thisIpMask,$user_id)) {

Author tom322
Active Member
#7 | Posted: 14 Jan 2019 21:41 
OK it works too..

Suggestions miniBB Support Forums / Suggestions /
 Prevent displaying only certain pages from banned IPs
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Install the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑