CodeIgniter Forums

Full Version: users bypassing IP ban
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I store in the DB a list of "bad" IPs, and in my controller for the sign up page I redirect users whose IP is found in the list of bad IPs using this code:

Code:
redirect(base_url('xxx'));

But a user was able to bypass it and register with a blocked IP. How is this possible? Even if the HTTP redirect could somehow be ignored, the "redirect" function terminates script execution (as explained here)

I'm using CI 3.0.4 is that helps.
Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.
(12-06-2016, 02:57 PM)Narf Wrote: [ -> ]Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.

yeah I have two separate URLs! I'll move the IP check to the URL receiving the data, thanks for the tip!