|
Create the perfect defence system and protect your files from external execution[/i] Well, this tutorial will be pretty simple, but it works a treat! there a several ways that you may use this code but i mainly use it for protecting my db connection files in my scripts to prevent people from just running the connection file and overloading my server. first off lets start with what we will be using in this code. $_SERVER['REMOTE_ADDR']; This is a global variable for any SERVER requests, there is a few things you may use this for, but for this tutorial we will concentrate on REMOTE_ADDR $_SERVER can also be called as $HTTP_SERVER_VARS in earlier versions of php that don't support the $_SERVER vars anyway, lets continue. the REMOTE_ADDR gets the IP of the user visiting that page and this is what we will be logging in the script. Now onto the next thing, the flat file, alot quicker and more space saving than a mysql database and can be alot more easier to work with if you are not that good with SQL. these are the functions we will be using for this tutorial fopen(); , fputs(); , flock(); , fclose();
firstly, we call the fopen function to open the file we wish to write to and the function is used in this way fopen(string filename, string mode, [bool use_include_path], [resource context])
when we start working with the code later in this tutorial you will see what i mean. we then call fputs which puts the data into the file we have just opened fputs(int fp, string str, int length); now we lock the file with flock (no its not a group of birds before you ask ) flock(resource fp, int operation, [int &wouldblock]);
and finally we close the file fclose(resource fp); phew! that was tiring... now finally we can get onto the code! ok so first we need to start the security system using a constant to do this we must define what the constant is (we will define it later now we just check if it is defined) if(!defined("SECURITY_SYS")) { // This starts the first line off and begins our code } now thats done, that will check to see if the file we are using this script in has the security sys defined. if its not it will log the ip. $log_file = "iplog.txt"; // This is where we will log the ips that defines the variable log_file so we can easily change where things are being logged. i will start to do a few lines at a time now $ip = $_SERVER['REMOTE_ADDR']; // grab the ip $fp = fopen("$log_file", 'a'); // open the file for writing Now we see the $_SERVER var come into action and also the fopen function fputs($fp, "$data"); // Put the data flock($fp, 3); // lock out the file fclose($fp); // close the file
pretty self explanatory eh? lol die('die message here'); finally the die stops all the rest of the script from working (anything under that script will not work thats why u must put this script in your headers of your script). and we are done.. the die message can be your little bit of fun to scare off anyone from trying to access that file again. Here's the full script <?php if(!defined("SECURITY_SYS")) { $log_file = "iplog.txt"; // This is where we will log the ips $ip = $_SERVER['REMOTE_ADDR']; // grab the ip $fp = fopen("$log_file", 'a'); // open the file for writing fputs($fp, "$data"); // Put the data flock($fp, 3); // lock out the file fclose($fp); // close the file die('You have tried to access a part of my website that is not allowed your ip '.$ip.' has been logged and will be used for checking further logs against you, if you continue to try to access this file you may be liable for legal action to be taken against you'); } ?>
NOW! how to use this script. you can put it in its own file and include it into all your headers of your script files. BUT! put it only in files you need it to be in! any files that use the files that the script is in need the security sys pass so before you include the file that has the script you must define it! use this code below to define the code! define("SECURITY_SYS", true); simple! and thats this tutorial finished! i hope you enjoyed it and happy coding! Regards, Neil
|
|
|
|
|
Good job. Might be helpfull for me.
|
Further Solutions :: Hosting :: Scripts :: Templates furthersolutions.com
v4 Studios - Coming soon
|
|
|
|
Never heard of the flock function, nice.
|
|
|
|
|
Most people don't know about the flock function because its not used that often. But it should be.
|
|
|
|