Skip to content

Commit 398ce25

Browse files
komeyl-devkomeyl-dev
committed
Ip Check
1 parent 86cebd5 commit 398ce25

File tree

1 file changed

+113
-15
lines changed

1 file changed

+113
-15
lines changed

unzip.php

Lines changed: 113 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,32 @@
11
<?php
2-
ini_set('max_execution_time', 600); // 10 Minutes
3-
ini_set('upload_max_filesize','1024M');
42
session_start();
53
$username = 'vue';
64
$password = '123456';
7-
$maxWrongAttempts = 100;
8-
if (isset($_SESSION['wrong_attemtps_count']) && $_SESSION['wrong_attemtps_count'] > $maxWrongAttempts) {
9-
die('Too many attempts');
10-
}
115

126
$_SESSION['message'] ='';
137
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST) && isset($_POST['logout'])) {
148
session_destroy();
159
header('Location: ' . $_SERVER['REQUEST_URI']);
1610
die();
1711
}
12+
1813
if (isset($_POST) && isset($_POST['username']) && isset($_POST['password']))
1914
{
20-
if ($_POST['username'] == $username && $_POST['password'] == $password){
21-
$_SESSION['username'] = $username;
22-
} else {
23-
$_SESSION['message'] ='Username or password is wrong';
24-
if (!isset($_SESSION['wrong_attemtps_count'])) {
25-
$_SESSION['wrong_attemtps_count'] = 0;
26-
}
27-
$_SESSION['wrong_attemtps_count']++;
15+
if(ipChek(getIPAddress())) {
16+
if ($_POST['username'] == $username && $_POST['password'] == $password) {
17+
$_SESSION['username'] = $username;
18+
} else {
19+
$_SESSION['message'] = 'Username or password is wrong';
20+
21+
}
22+
}else{
23+
$_SESSION['message'] ='** Too many attempts Your IP has been blocked **';
2824
}
2925
}
3026

3127
if (isset($_POST) && isset($_FILES['zip']))
3228
{
29+
3330
if ($_SESSION['username'] != $username){
3431
session_destroy();
3532
$_SESSION['message'] ='You are not allowed to upload';
@@ -57,7 +54,8 @@
5754
}?>
5855

5956

60-
<?php if(! isset($_SESSION['username'])) { ?>
57+
<?php if(! isset($_SESSION['username'])) {
58+
?>
6159
<div class="container">
6260
<h3>Login</h3>
6361
<form class="form-container" action="" method="post">
@@ -201,3 +199,103 @@
201199
box-shadow: 0px 0px 6px 0px #4c1010;
202200
}
203201
</style>
202+
203+
204+
<!-- ips
205+
end-->
206+
207+
208+
209+
<?php
210+
211+
function ipChek($ipAddress): bool
212+
{
213+
$maxWrongAttempts = 10;
214+
$ips = findIps();
215+
if (! empty($ips)) {
216+
$found = false;
217+
foreach ($ips as $ip) {
218+
$ip = explode(',', $ip);
219+
$attempts = trim($ip['1']);
220+
if (trim($ip[0]) == $ipAddress) {
221+
$found = true;
222+
if ($attempts >= $maxWrongAttempts) {
223+
return false;
224+
}
225+
$attempts++;
226+
ipPush($ip[0], $attempts);
227+
}
228+
}
229+
if (!$found) {
230+
ipPush();
231+
}
232+
} else {
233+
ipPush();
234+
}
235+
236+
return true;
237+
}
238+
239+
function ipPush($ip = null, $attempts = 1): bool
240+
{
241+
if ($ip && $attempts) {
242+
$fh = fopen('./unzip.php', 'r+') or die($php_errormsg);
243+
$content = '';
244+
while (!feof($fh)) {
245+
$line = fgets($fh, 4096);
246+
if (preg_match('~' . $ip . '~', $line)) {
247+
continue;
248+
}
249+
$content .= $line;
250+
}
251+
file_put_contents('./unzip.php' , $content);
252+
fclose($fh);
253+
}
254+
$fh = fopen('./unzip.php', 'r+') or die($php_errormsg);
255+
$content = '';
256+
$pattern = '/<!-- ip';
257+
$added = false;
258+
while (!feof($fh)) {
259+
$line = fgets($fh, 4096);
260+
$content .= $line;
261+
if (!$added && preg_match($pattern.'s/' , $line)){
262+
$added = true;
263+
$content .= getIPAddress().', ' . $attempts.PHP_EOL;
264+
}
265+
}
266+
file_put_contents('./unzip.php' , $content);
267+
268+
return true;
269+
}
270+
271+
function getIPAddress() {
272+
//whether ip is from the share internet
273+
if(!empty($_SERVER['HTTP_CLIENT_IP'])) {
274+
$ip = $_SERVER['HTTP_CLIENT_IP'];
275+
}
276+
//whether ip is from the proxy
277+
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
278+
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
279+
}
280+
//whether ip is from the remote address
281+
else{
282+
$ip = $_SERVER['REMOTE_ADDR'];
283+
}
284+
return $ip;
285+
}
286+
287+
function findIps(): array
288+
{
289+
$ips = [];
290+
$fh = fopen('./unzip.php', 'r') or die($php_errormsg);
291+
$pattern = '/(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))/';
292+
while (!feof($fh)) {
293+
$line = fgets($fh, 4096);
294+
if (preg_match($pattern, $line)) {
295+
$ips[] = $line;
296+
}
297+
}
298+
fclose($fh);
299+
300+
return $ips;
301+
}

0 commit comments

Comments
 (0)