|
|
- <?php
- session_start();
- $ip_address = $_SERVER['REMOTE_ADDR'];
- $blacklist = file('blacklist.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
- $whitelist = file('whitelist.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
- $access_log = file('access_log.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
- // 检查是否在黑名单中
- if (in_array($ip_address, $blacklist)) {
- header('HTTP/1.1 403 Forbidden');
- exit('<h1>403 Forbidden: 您的IP地址已被列入黑名单。</h1>');
- }
- // 检查是否已经在白名单中
- $whitelisted = false;
- foreach ($whitelist as $entry) {
- list($ip, $timestamp) = explode('|', $entry);
- if ($ip === $ip_address) {
- $whitelisted = true;
- break;
- }
- }
- if (!$whitelisted) {
- // 记录访问
- file_put_contents('access_log.txt', $ip_address . '|' . time() . PHP_EOL, FILE_APPEND);
- // 检查访问次数
- $recent_attempts = 0;
- $one_minute_ago = time() - 60;
- foreach ($access_log as $log_entry) {
- list($log_ip, $log_time) = explode('|', $log_entry);
- if ($log_ip === $ip_address && $log_time > $one_minute_ago) {
- $recent_attempts++;
- }
- }
- $qps_threshold = 20; // QPS阈值
- if ($recent_attempts > $qps_threshold) {
- file_put_contents('blacklist.txt', $ip_address . PHP_EOL, FILE_APPEND);
- header('HTTP/1.1 403 Forbidden');
- exit('<h1>403 Forbidden: 请求次数过多。您的IP地址已被列入黑名单。</h1>');
- }
- }
- // 处理验证码验证
- if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- if (isset($_POST['captcha_code']) && $_POST['captcha_code'] === $_SESSION['captcha_code']) {
- file_put_contents('whitelist.txt', $ip_address . '|' . time() . PHP_EOL, FILE_APPEND);
- header('Location: index.php'); // 验证成功后重定向到本页以清除表单提交
- exit;
- } else {
- $message = '验证码验证失败。';
- }
- }
- // 生成验证码
- $captcha_code = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'), 0, 6);
- $_SESSION['captcha_code'] = $captcha_code;
- ?>
- <!DOCTYPE html>
- <html lang="zh">
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>访问保护页面</title>
- <style>
- body {
- font-family: Arial, sans-serif;
- text-align: center;
- background-color: #f4f4f4;
- padding: 50px;
- }
- h1 {
- color: #333;
- }
- .container {
- background: #fff;
- padding: 20px;
- border-radius: 5px;
- box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
- display: inline-block;
- }
- img {
- margin: 10px 0;
- }
- input[type="text"] {
- padding: 10px;
- margin: 10px 0;
- border: 1px solid #ccc;
- border-radius: 5px;
- }
- button {
- padding: 10px 20px;
- background-color: #28a745;
- border: none;
- color: #fff;
- border-radius: 5px;
- cursor: pointer;
- }
- button:hover {
- background-color: #218838;
- }
- .message {
- margin-top: 20px;
- color: #d9534f;
- }
- </style>
- </head>
- <body>
- <div class="container">
- <?php if (!$whitelisted): ?>
- <h1>请输入验证码以访问内容</h1>
- <form method="POST">
- <label>验证码:</label>
- <img src="captcha.php" alt="验证码">
- <input type="text" name="captcha_code" required>
- <button type="submit">提交</button>
- </form>
- <?php if (isset($message)): ?>
- <p class="message"><?php echo htmlspecialchars($message); ?></p>
- <?php endif; ?>
- <?php else: ?>
- <p>您已通过验证,可以访问页面内容。</p>
- <!-- 这里放置需要保护的页面内容 -->
- <?php endif; ?>
- </div>
- </body>
- </html>
|
|
发表于 2024-9-12 10:55:39