IP Filtering/Matching by host mask with PHP & MySQL

Question

I'm wanting to do something similar to this: Matching an IP to a CIDR mask in PHP 5?

Except, I want to store a list of disallowed IP/Masks in a MySQL table and check for a match.

Just like the example in the link, something like '10.2.0.0/16' would be a row in the table and then I want to check the IP address of the current user ($_SERVER['REMOTE_ADDR']) and check if it matches or not.

Thanks a lot :)

Answer 1

A few options on the tables - you can store the IP as a human-readable string (4 dotted bytes) or in it's native long number that cidr_match uses. Assuming we've stuck with human readable (to reuse cidr_match from the linked page)

function testIP($ip=$_SERVER['REMOTE_ADDR']) {
    //Returns TRUE - valid, FALSE - denied

    /* Get the data from the database and return it in rows
     * this could be real-time retrieved, or pulled into an array
     * first
     * assumes: deny_ranges(ip VARCHAR(45) not null,mask INT not null default 0)
     * eg: $denyips= get "SELECT ip,mask FROM deny_ranges" from database
     */

    foreach($denyips as $row) {
        if ($row["mask"]==0) {
            //No need to use overhead of CIDR_MATCH
            //Exact match - reject
            if ($row["ip"]==$ip) return false;
        } elseif (cidr_match($ip,$row["ip"]."/".$row["mask"])==true) {
            //In denied range - reject
            return false;
        }
    }
    //Got through all rejected ranges+ips - it's good
    return true;
}

(You can find cird_match on the other post)

Answer 2

The php.net documentation for ip2long() has a good example of working code in the comments: http://www.php.net/manual/en/function.ip2long.php#86793