Create the perfect defence system and protect your files from external execution
[/i]
Well, this tutorial will be pretty simple, but it works a treat! there a several ways that you may use this code but i mainly use it for protecting my db connection files in my scripts to prevent people from just running the connection file and overloading my server. first off lets start with what we will be using in this code.

$_SERVER['REMOTE_ADDR'];
This is a global variable for any SERVER requests, there is a few things you may use this for, but for this tutorial we will concentrate on REMOTE_ADDR $_SERVER can also be called as $HTTP_SERVER_VARS in earlier versions of php that don't support the $_SERVER vars anyway, lets continue. the REMOTE_ADDR gets the IP of the user visiting that page and this is what we will be logging in the script. Now onto the next thing, the flat file, alot quicker and more space saving than a mysql database and can be alot more easier to work with if you are not that good with SQL. these are the functions we will be using for this tutorial

fopen(); , fputs(); , flock(); , fclose();
firstly, we call the fopen function to open the file we wish to write to and the function is used in this way

fopen(string filename, string mode, [bool use_include_path], [resource context])
when we start working with the code later in this tutorial you will see what i mean. we then call fputs which puts the data into the file we have just opened

fputs(int fp, string str, int length);
now we lock the file with flock (no its not a group of birds before you ask )

flock(resource fp, int operation, [int &wouldblock]);
and finally we close the file

fclose(resource fp);
phew! that was tiring... now finally we can get onto the code! ok so first we need to start the security system using a constant to do this we must define what the constant is (we will define it later now we just check if it is defined)

if(!defined("SECURITY_SYS")) { // This starts the first line off and begins our code }
now thats done, that will check to see if the file we are using this script in has the security sys defined. if its not it will log the ip.

$log_file = "iplog.txt"; // This is where we will log the ips
that defines the variable log_file so we can easily change where things are being logged. i will start to do a few lines at a time now

$ip = $_SERVER['REMOTE_ADDR']; // grab the ip
$fp = fopen("$log_file", 'a'); // open the file for writing
Now we see the $_SERVER var come into action and also the fopen function

fputs($fp, "$data"); // Put the data
flock($fp, 3); // lock out the file
fclose($fp); // close the file
pretty self explanatory eh? lol

die('die message here');
finally the die stops all the rest of the script from working (anything under that script will not work thats why u must put this script in your headers of your script). and we are done.. the die message can be your little bit of fun to scare off anyone from trying to access that file again. Here's the full script

<?php
if(!defined("SECURITY_SYS")) {
$log_file = "iplog.txt"; // This is where we will log the ips
$ip = $_SERVER['REMOTE_ADDR']; // grab the ip
$fp = fopen("$log_file", 'a'); // open the file for writing
fputs($fp, "$data"); // Put the data
flock($fp, 3); // lock out the file
fclose($fp); // close the file die('You have tried to access a part of my website that is not allowed your ip '.$ip.' has been logged and will be used for checking further logs against you, if you continue to try to access this file you may be liable for legal action to be taken against you');
}
?>

NOW! how to use this script. you can put it in its own file and include it into all your headers of your script files. BUT! put it only in files you need it to be in! any files that use the files that the script is in need the security sys pass so before you include the file that has the script you must define it! use this code below to define the code!

define("SECURITY_SYS", true);

simple! and thats this tutorial finished! i hope you enjoyed it and happy coding!

Regards,

Neil