I'm trying to achieve a little app for my own use that reads the data sent to my database from contact form, and I want to be able to ban users that are not welcome by the contents of the contact form, and so on. So I, I have every users IP, that is sent with the form. But, it only saves deny from to database every time I click the ban button and I'm wondering why. Here's the whole code:

if(isset($_POST['submit'])) {
// Read the while file into a string $htaccess
$htaccess = file_get_contents('.htaccess');
// Stick the new IP just before the closing </files>
$new_htaccess = str_replace('allow from all', "deny from "."$unwanteduser"."nallow from all", $htaccess);
// And write the new string back to the file
file_put_contents('.htaccess', $new_htaccess);
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

tr:nth-child(even) { background: #ccc; }

$con = mysql_connect("localhost","user","pass");
if (!$con)
  die('Could not connect: ' . mysql_error());

mysql_select_db("db", $con);

$result = mysql_query("SELECT * FROM wp_contactform");
$f = fopen(".htaccess", "a+");
$ip = $row['IP'];
    fwrite($ip , $f);

echo "<table border='1'>
<th style='width:5%;'>ID</th>
<th style='width:10%;'>Nimi</th>
<th style='width:10%;'>Puhelin</th>
<th style='width:10%;'>Sposti</th>
<th style='width:40%;'>Viesti</th>
<th style='width:10%;'>P&auml;iv&auml;</th>
<th style='10%;'>IP</th>
<th style='5%;'>Ban</th>

$i = 0;
while($row = mysql_fetch_array($result))
  echo "<tr>";
  echo "<td style='width:10%;'>" . $row['ID'] . "</td>";
  echo "<td style='width:10%;'>" . $row['Nimi'] . "</td>";
  echo "<td style='width:10%;'>" . $row['Puhelin'] . "</td>";
  echo "<td style='width:10%;'><a href='mailto:" . $row['Email'] . "'>" . $row['Email'] . "</a></td>";
  echo "<td style='width:40%;'>" . $row['Viesti'] . "</td>";
  echo "<td style='width:10%;' >" . $row['Day'] . "</td>";
  echo "<td style='width:10%;'>" . $row['IP'] . "</td>";
  $unwanteduser = $row['IP'];
  echo "<form action='thissamepage' method='post'><input type='hidden' value='$unwanteduser' name='gtfo'><input type='submit' name='submit' value='Ban'>";
  echo "</tr>";
echo "</table>";



As written in a comment, if you put those parts that form a logical unit into a function of it's own, things turn out to become more simple:

 * add an ip to ban to a .htaccess file
 * @param string $htaccess_file
 * @param string $ip
 * @return int Number of bytes that were written to the file, or FALSE on failure.
function htaccess_add_ban_ip($htaccess_file, $ip)
    $htaccess_original = file_get_contents($htaccess_file);
    if (false === $htaccess_original) {
        return false;
    $htaccess_changed = str_replace(
        'allow from all',
        "deny from $ipnallow from all",
    if ($count != 1) {
        return false;
    return file_put_contents($htaccess_file, $htaccess_changed);

You then only need to call that function at the place where you need the functionality:

$result = htaccess_add_ban_ip($file, '');

Check the return value to control if things went right, e.g. for testing:

if (false === $result) {
    die(sprintf('Could not write .htaccess file "%s".', $file));

if ($result < 36) {
    die(sprintf('Very little bytes (%d) written to .htaccess file "%s", this makes no sense, please check.', $result, $file));

die(sprintf('Successfully wrote IP %s to .htaccess file "%s" (%d bytes written).', $ip, $file, $result));

In the future you then can introduce needed functionality (like file-locking) inside the function and you must normally not change most of the rest of your script.

If you are looking for a way to simplify connecting and querying your mysql database a little, see as well this related answer to a different question:

PHP file cannot enter some part of code

It contains a MySql class/object with another example how to use/create functions to make the code easier to deal with.


