PHP Ban by IP/Account

I need to organize an IP ban using PHP.
After browsing the forums, I found examples, they are implemented in one of two ways:

  1. Via array (store IP in array)
  2. File (store IP in text file)

I want to implement an IP ban, as well as an account ban.

I’m going to implement it through the database MySQL. I would like to know what are the disadvantages of my chosen method.
And how can I implement it better. Maybe ban by IPon files, and ban by accountin the database.

Seeking advice from those with experience!

Answer 1, authority 100%

At the level of accessing the blacklist, the ban system assumes that this very list will be read much more often than something will be written there. DBMSs use the most efficient algorithms to find information in indexed lists. This is especially important if the blacklist is very large.

Plus, I assume that the engine of your system works with MySQL, accounts are stored in the same way in the database. With the database, work has already been established, and it is most logical to screw the rest of the functionality there.

If the blacklist is not very large, then files can also be used. But, it is desirable to store it as a serialized array (function serialize()) will be processed faster. Plus, you work with files directly, and with the database through the DBMS.


UPD:MySQL has handy functions for working with IP INET_NTOA()and INET_ATON(). They convert a string from an IP to a number, and vice versa. A list of numbers is processed faster than a list of strings.

Answer 2

Alternately, add cookies

Answer 3

In my opinion, mysql is faster and where fertilizer

Answer 4

As an option: Javascript code is executed in browsers, and not executed anywhere else, dig in this direction. For example, on some unofficial sites of online games, a simple protection against dos is set: “Click on the picture to follow the link.” It is implemented like this:

<img src="img.jpg" onclick="gotolink()">

When an image is clicked, an onclick event will occur and execute our gotolink() function, here is one way to find out if a person (browser) or something else has entered the site, or in the same way we check if the code has executed – it means the browser has entered, not executed – it means not a browser. )

Answer 5

It seems to me that the best option would be to write the ip address in the cookie when entering, and do the check from the file where the list of ban addresses is located. The fewer queries to the database, the better, you understand.