Merge branch 'class-test' of andre/blacklister into master

action.php

@@ -0,0 +1,253 @@
+<?php
+class action {
+
+    public function __construct() {
+        $this->db = new db();
+    }
+
+    public function block($ip) {
+        $dbAction = $this->db->prepare("SELECT count FROM blocklist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($count);
+        $dbAction->fetch();
+        if($count > 3) {
+            $this->list($ip);
+            return true;
+        };
+        $dbAction = $this->db->prepare("INSERT INTO blocklist (ip) VALUES (?) ON DUPLICATE KEY UPDATE count = count + 1");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        return true;
+    }
+
+    public function adminBlock($ip) {
+        $dbAction = $this->db->prepare("INSERT IGNORE INTO blocklist (ip, count) VALUES (?, 4)");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        return true;
+    }
+
+    public function deBlockList($ip) {
+        $dbAction = $this->db->prepare("DELETE FROM blocklist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        $dbAction = $this->db->prepare("DELETE FROM list WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        return true;
+    }
+
+    public function getBlockedClients() {
+        $list = array();
+        $dbAction = $this->db->prepare("SELECT ip FROM blocklist WHERE count > 3 ORDER BY ip ASC");
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($ip);
+        while($dbAction->fetch()) {
+            array_push($list,$ip);
+        };
+        return $list;
+    }
+
+    public function getUser() {
+        $list = array();
+        $dbAction = $this->db->prepare("SELECT token, role, description FROM clients ORDER BY role ASC");
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($token,$role,$description);
+        while($dbAction->fetch()) {
+            array_push($list,[$token,$role,$description]);
+        };
+        return $list;
+    }
+
+    public function addUser($userid,$role,$description) {
+        $dbAction = $this->db->prepare("INSERT IGNORE INTO clients VALUES (?,?,?)");
+        $dbAction->bind_param('sss',$userid,$role,$description);
+        return $dbAction->execute();
+    }
+
+    public function delUser($userid) {
+        $dbAction = $this->db->prepare("DELETE FROM clients WHERE token = ?");
+        $dbAction->bind_param('s',$userid);
+        return $dbAction->execute();
+    }
+
+    public function getWhiteList() {
+        $list = array();
+        $dbAction = $this->db->prepare("SELECT ip FROM whitelist ORDER BY ip ASC");
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($ip);
+        while($dbAction->fetch()) {
+            array_push($list,$ip);
+        };
+        return $list;
+    }
+
+    public function getBlackList() {
+        $list = array();
+        $dbAction = $this->db->prepare("SELECT ip FROM blacklist ORDER BY ip ASC");
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($ip);
+        while($dbAction->fetch()) {
+            array_push($list,$ip);
+        };
+        return $list;
+    }
+
+    public function getList() {
+        $list = array();
+        $dbAction = $this->db->prepare("SELECT ip FROM list ORDER BY ip ASC");
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($ip);
+        while($dbAction->fetch()) {
+            array_push($list,$ip);
+        };
+        return $list;
+    }
+
+    public function getBlockList() {
+        $list = array();
+        $dbAction = $this->db->prepare("SELECT ip FROM list UNION SELECT ip FROM blacklist ORDER BY ip ASC");
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($ip);
+        while($dbAction->fetch()) {
+            array_push($list,$ip);
+        };
+        return $list;
+    }
+    
+    private function isListed($ip) {
+        $dbAction = $this->db->prepare("SELECT ip FROM list WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        $dbAction->store_result();
+        if($dbAction->num_rows() == 0) {
+            return false;
+        }
+        return true;
+    }
+
+    private function isBlackListed($ip) {
+        $dbAction = $this->db->prepare("SELECT ip FROM blacklist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        $dbAction->store_result();
+        if($dbAction->num_rows() == 0) {
+            return false;
+        }
+        return true;
+    }
+
+    public function isBlocked($ip) {
+        if($this->isListed($ip)||$this->isBlackListed($ip)) {
+            return true;
+        }
+        return false;
+    }
+
+    private function isWhiteListed($ip) {
+        $dbAction = $this->db->prepare("SELECT ip FROM whitelist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        $dbAction->store_result();
+        if($dbAction->num_rows() == 0) {
+            return false;
+        }
+        return true;
+    }
+
+    private function deListCount($ip) {
+        $dbAction = $this->db->prepare("SELECT count FROM delist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($count);
+        $dbAction->fetch();
+        return $count;
+    }
+
+    public function list($ip) {
+        if($this->isWhiteListed($ip)){
+            return false;
+        }
+        $dbAction = $this->db->prepare("INSERT IGNORE INTO list VALUES (?)");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        return true;
+    }
+
+    public function adminDeList($ip) {
+        //delist ip
+        $dbAction = $this->db->prepare("DELETE FROM list WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        //reset delist count
+        $dbAction = $this->db->prepare("DELETE FROM delist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        //remove from blacklist
+        $dbAction = $this->db->prepare("DELETE FROM blacklist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        return true;
+    }
+
+    public function deList($ip) {
+        if(!$this->isListed($ip)) {         //set true to avoid discovering
+            return true;
+        }
+        //check delisting count
+        if ($this->delistCount($ip) > 3){
+            echo "Fatal: ". long2ip($ip) . " delisted to often!\n";
+            return false;
+        }
+        //delist ip
+        $dbAction = $this->db->prepare("DELETE FROM list WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        //update delist count
+        $dbAction = $this->db->prepare("INSERT INTO delist (ip) VALUES (?) ON DUPLICATE KEY UPDATE count = count + 1");
+        $dbAction->bind_param('i',$ip);
+        $dbAction->execute();
+        return true;
+    }
+
+    public function blackList($ip) {
+        $this->deWhiteList($ip);
+        $this->deList($ip);
+        $dbAction = $this->db->prepare("INSERT IGNORE INTO blacklist VALUES (?)");
+        $dbAction->bind_param('i',$ip);
+        if($dbAction->execute()) {
+            $this->deWhiteList($ip);
+            $this->deList($ip);
+            return true;
+        };
+        return false;
+    }
+
+    public function deBlackList($ip) {
+        $dbAction = $this->db->prepare("DELETE FROM blacklist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        return $dbAction->execute();
+    }
+
+    public function whiteList($ip) {
+        $this->adminDeList($ip);
+        $dbAction = $this->db->prepare("INSERT IGNORE INTO whitelist VALUES (?)");
+        $dbAction->bind_param('i',$ip);
+        return $dbAction->execute();
+    }
+
+    public function deWhiteList($ip) {
+        $dbAction = $this->db->prepare("DELETE FROM whitelist WHERE ip = ?");
+        $dbAction->bind_param('i',$ip);
+        return $dbAction->execute();
+    }
+}

admin.php

@@ -0,0 +1,232 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Blacklister Admin</title>
+</head>
+<body>
+<div>
+<?php
+error_reporting(E_ALL);
+
+require_once 'action.php';
+require_once 'db.php';
+require_once 'token.php';
+require_once 'stats.php';
+
+if(!isset($_GET['token'])){
+    echo "<form action='admin.php'><input type='text' size='35' id='token' name='token'><input type='submit' value='send token'></form></div></body></html>";
+    exit;
+}
+if(isset($_GET['ip'])) {
+    $ip = ip2long(substr(trim($_GET['ip']),0,15));
+}
+if(isset($_GET['token'])) {
+    $token = substr(trim($_GET['token']),0,32);
+}
+if(isset($_GET['action'])) {
+    $action = substr(trim($_GET['action']),0,12);
+}
+if(isset($_GET['userid'])) {
+    $userid = substr(trim($_GET['userid']),0,32);
+}
+if(isset($_GET['role'])) {
+    $role = substr(trim($_GET['role']),0,8);
+}
+if(isset($_GET['description'])) {
+    $description = substr(trim($_GET['description']),0,40);
+}
+$clientIP = ip2long(substr(trim($_SERVER['REMOTE_ADDR']),0,15));
+$stats = true;
+
+$tok = new token;
+$act = new action;
+
+if($act->isBlocked($clientIP)) {
+    http_response_code(403);
+    exit;
+}
+
+if (!$tok->isAdmin($token)) {
+    $act->block($clientIP);
+    echo "admin access denied</div></body></html>";
+    exit;
+}
+if($stats == true) {
+    (new stats)->log($clientIP,$ip,$action,$token);
+}
+switch($action) {
+    case 'deluser':
+        if($act->delUser($userid)){
+            echo " user removed " . $userid ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'adduser':
+        if($act->addUser($userid,$role,$description)){
+            echo " user added, token:" . $userid . " role:" .$role . " description: " . $description . "\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'blacklist':
+        if($act->blackList($ip)){
+            echo " blacklisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'deblacklist':
+        if($act->deBlackList($ip)){
+            echo " deblacklisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'blocklist':
+        if($act->adminBlock($ip)){
+            echo " blocklisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'deblocklist':
+        if($act->deBlockList($ip)){
+            echo " deblocklisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'whitelist':
+        if($act->whiteList($ip)){
+            echo " whitelisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'dewhitelist':
+        if($act->deWhiteList($ip)){
+            echo " dewhitelisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'list':
+        if($act->list($ip)){
+            echo " listed " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+    case 'delist':
+        if($act->adminDeList($ip)){
+            echo " delisted " . long2ip($ip) ."\n";
+        } else {
+            echo " fehler\n";
+        };
+        break;
+}
+?>
+</div>
+<h3>Clients</h3>
+<table>
+<tr><th>Token</th><th>Role</th><th>Description</th><th></th></tr>
+<?php
+$userlist = $act->getUser();
+foreach($userlist as $user) {
+    echo "<tr><td>" . $user[0] . "</td><td>" . $user[1] . "</td><td>" . $user[2] . "</td><td><input type='button' id='deluser' value='remove' onclick='window.location.href=\"admin.php?token=" . $token . "&action=deluser&userid=" . $user[0] . "\"'></td></tr>";
+}
+?>
+<tr>
+    <form action="admin.php">
+    <input type="hidden" id="token" name="token" value="<?php echo $token; ?>">
+    <input type="hidden" id="action" name="action" value="adduser">
+    <td>
+        <input type='text' id='userid' name='userid' size='35' readonly value='<?php echo bin2hex(random_bytes(16)) ?>'>
+        <input type='button' id='createtoken' value='refresh' onclick='window.location.href="admin.php?token=<?php echo $token; ?>"'>
+    </td><td>
+        <input type='radio' id='reporter' name='role' value='reporter'>Reporter
+        <input type='radio' id='consumer' name='role' value='consumer'>Consumer
+        <input type='radio' id='admin' name='role' value='admin'>Admin
+    </td><td>
+        <input type='text' id='description' name='description'>
+    </td><td>
+        <input type='submit' value='add user'>
+    </td></form>
+</tr>
+</table>
+<h3>Clientblocklist</h3>
+Alle IP Adressen, die mehr als 5x unauthorisiert zugegriffen haben. 
+<table>
+<?php
+$blocklist = $act->getBlockedClients();
+foreach($blocklist as $blip) {
+    echo "<tr><td>" . long2ip($blip) . "</td><td><input type='button' id='deblocklist' value='remove' onclick='window.location.href=\"admin.php?token=" . $token . "&action=deblocklist&ip=" . long2ip($blip) . "\"'></td></tr>";
+}
+?>
+<tr>
+    <form action="admin.php">
+    <input type="hidden" id="token" name="token" value="<?php echo $token; ?>">
+    <input type="hidden" id="action" name="action" value="blocklist">
+    <td>
+        <input type='text' id='ip' name='ip'>
+    </td><td>
+        <input type='submit' value='add to blocklist'>
+    </form>
+    </td></tr>
+</table>
+<h3>Blacklist</h3>
+Manuell eingepflegte IP Adressen. Werden zusammen mit den automatischen Einträgen als Banliste ausgeliefert.
+<table>
+<?php
+$blacklist = $act->getBlackList();
+foreach($blacklist as $blip) {
+    echo "<tr><td>" . long2ip($blip) . "</td><td><input type='button' id='deblacklist' value='remove' onclick='window.location.href=\"admin.php?token=" . $token . "&action=deblacklist&ip=" . long2ip($blip) . "\"'></td></tr>";
+}
+?>
+<tr>
+    <form action="admin.php">
+    <input type="hidden" id="token" name="token" value="<?php echo $token; ?>">
+    <input type="hidden" id="action" name="action" value="blacklist">
+    <td>
+        <input type='text' id='ip' name='ip'>
+    </td><td>
+        <input type='submit' value='add to blacklist'>
+    </form>
+    </td></tr>
+</table>
+<h3>Whitelist</h3>
+Manuell eingepflegte IP-Adressen, welche nicht mehr in die automatische Liste eingetragen werden können.
+<table border="0">
+<?php
+$whitelist = $act->getWhiteList();
+foreach($whitelist as $wlip) {
+    echo "<tr><td>" . long2ip($wlip) . "</td><td><input type='button' id='dewhitelist' value='remove' onclick='window.location.href=\"admin.php?token=" . $token . "&action=dewhitelist&ip=" . long2ip($wlip) . "\"'></td></tr>";
+}
+?>
+<tr>
+    <form action="admin.php">
+    <input type="hidden" id="token" name="token" value="<?php echo $token; ?>">
+    <input type="hidden" id="action" name="action" value="whitelist">
+    <td>
+        <input type='text' id='ip' name='ip'>
+    </td><td>
+        <input type='submit' value='add to whitelist'>
+    </form>
+    </td></tr>
+</table>
+<h3>List</h3>
+Automatisch generierte Liste über alle via Reporter gemeldeter IP-Adressen.
+<table border="0">
+<?php
+$list = $act->getList();
+foreach($list as $lip) {
+    echo "<tr><td>" . long2ip($lip) . "</td>";
+    echo "<td><input type='button' id='delist' value='remove' onclick='window.location.href=\"admin.php?token=" . $token . "&action=delist&ip=" . long2ip($lip) . "\"'></td>";
+    echo "<td><input type='button' id='blacklist' value='blacklist' onclick='window.location.href=\"admin.php?token=" . $token . "&action=blacklist&ip=" . long2ip($lip) . "\"'></td>";
+    echo "<td><input type='button' id='whitelist' value='whitelist' onclick='window.location.href=\"admin.php?token=" . $token . "&action=whitelist&ip=" . long2ip($lip) . "\"'></td></tr>";
+}
+?>
+</table>
+</body>
+</html>

ban.sql

@@ -0,0 +1,68 @@
+--
+-- Table structure for table `blacklist`
+--
+
+DROP TABLE IF EXISTS `blacklist`;
+CREATE TABLE `blacklist` (
+  `ip` int(4) unsigned NOT NULL,
+  PRIMARY KEY (`ip`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `clients`
+--
+
+DROP TABLE IF EXISTS `clients`;
+CREATE TABLE `clients` (
+  `token` varchar(255) NOT NULL DEFAULT '',
+  `role` varchar(255) DEFAULT '',
+  `description` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`token`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `delist`
+--
+
+DROP TABLE IF EXISTS `delist`;
+CREATE TABLE `delist` (
+  `ip` int(4) unsigned NOT NULL,
+  `count` int(10) unsigned NOT NULL DEFAULT 1,
+  PRIMARY KEY (`ip`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `list`
+--
+
+DROP TABLE IF EXISTS `list`;
+CREATE TABLE `list` (
+  `ip` int(4) unsigned NOT NULL,
+  PRIMARY KEY (`ip`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `stats`
+--
+
+DROP TABLE IF EXISTS `stats`;
+CREATE TABLE `stats` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `time` datetime DEFAULT current_timestamp(),
+  `ip` int(4) unsigned NOT NULL,
+  `action` varchar(16) DEFAULT 'set',
+  `token` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `ip` (`ip`)
+) ENGINE=InnoDB AUTO_INCREMENT=205 DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `whitelist`
+--
+
+DROP TABLE IF EXISTS `whitelist`;
+CREATE TABLE `whitelist` (
+  `ip` int(4) unsigned NOT NULL,
+  PRIMARY KEY (`ip`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+

db.php

@@ -0,0 +1,15 @@
+<?php
+class db extends mysqli {
+    private $host = 'localhost';
+    private $user = 'ban';
+    private $pass = 'Blubb123-';
+    private $db   = 'ban';
+
+    public function __construct() {
+        @parent::__construct($this->host, $this->user, $this->pass, $this->db);
+        if($this->connect_errno){
+            die($this->connect_error);
+        }
+        $this->set_charset('utf8');
+    }
+}

index.php

@@ -1,109 +1,44 @@
 <?php
 error_reporting(E_ALL);
-$ip = trim($_GET['ip']);
-$token = trim($_GET['token']);
-$action = trim($_GET['action']);
-$db = new mysqli('localhost', 'ban', 'Blubb123-', 'ban');
-if ($db->connect_errno){
-    die($db->connect_error);
-}
-$db->set_charset('utf8');
 
-function checkToken($token,$db) {
-    $dbAction = $db->prepare("SELECT description FROM clients WHERE token = ?");
-    $dbAction->bind_param('s',$token);
-    $dbAction->execute();
-    $dbAction->store_result();
-    $dbAction->bind_result($desc);
-    $dbAction->fetch();
-    if ($dbAction->num_rows() == 1){
-        echo "Client " . $desc;
-        return true;
-    }
-    return false;
-}
+require_once 'action.php';
+require_once 'db.php';
+require_once 'token.php';
+require_once 'stats.php';
 
-function checkAdmin($token,$db) {
-    $dbAction = $db->prepare("SELECT description FROM clients WHERE token = ?");
-    $dbAction->bind_param('s',$token);
-    $dbAction->execute();
-    $dbAction->store_result();
-    $dbAction->bind_result($desc);
-    $dbAction->fetch();
-    if ($dbAction->num_rows() == 1){
-        if($desc == 'admin') {
-            return true;
-        }
-    }
-    return false;
-}
+$ip = ip2long(substr(trim($_GET['ip']),0,15));
+$token = substr(trim($_GET['token']),0,32);
+$action = substr(trim($_GET['action']),0,9);
+$clientIP = ip2long(substr(trim($_SERVER['REMOTE_ADDR']),0,15));
 
-function set($ip,$db) {
-    $dbAction = $db->prepare("INSERT IGNORE INTO list VALUES (?)");
-    $dbAction->bind_param('i',ip2long($ip));
-    return $dbAction->execute();
-}
+$stats = true;
+$act = new action;
 
-function islisted($ip,$db) {
-    $dbAction = $db->prepare("SELECT ip FROM list WHERE ip = ?");
-    $dbAction->bind_param('i',ip2long($ip));
-    $dbAction->execute();
-    $dbAction->store_result();
-    if($dbAction->num_rows() == 0) {
-        return false;
-    }
-    return true;
+if($act->isBlocked($clientIP)) {
+    http_response_code(403);
+    exit;
 }
 
-function delistCount($ip,$db) {
-    $dbAction = $db->prepare("SELECT count FROM delist WHERE ip = ?");
-    $dbAction->bind_param('i',ip2long($ip));
-    $dbAction->execute();
-    $dbAction->store_result();
-    $dbAction->bind_result($count);
-    $dbAction->fetch();
-    return $count;
+if (!(new token)->isReporter($token)) {
+    $act->block($clientIP);
+    echo "client access denied";
+    exit;
 }
-
-function delist($ip,$db) {
-    if(!islisted($ip,$db)) {
-        return false;
-    }
-    //check delisting count
-    if (delistCount($ip,$db) > 3){
-        echo "Fatal: ". $ip . " delisted to often!\n";
-        return false;
-    }
-    //delist ip
-    $dbAction = $db->prepare("DELETE FROM list WHERE ip = ?");
-    $dbAction->bind_param('i',ip2long($ip));
-    $dbAction->execute();
-    //update delist count
-    $dbAction = $db->prepare("INSERT INTO delist (ip) VALUES (?) ON DUPLICATE KEY UPDATE count = count + 1");
-    $dbAction->bind_param('i',ip2long($ip));
-    $dbAction->execute();
-    return true;
+if($stats == true) {
+    (new stats)->log($clientIP,$ip,$action,$token);
 }
 switch($action) {
     case 'delist':
-        if(delist($ip,$db)){
-            echo "$ip delisted\n";
+        if($act->delist($ip)){
+            echo long2ip($ip) . " delisted\n";
         } else {
-            echo "$ip not delisted\n";
+            echo long2ip($ip) . " not delisted\n";
         };
         break;
-    case 'blacklist':
-        break;
-    case 'whitelist':
-        break;
     default:
-        if (checkToken($token,$db)){
-            if(set($ip,$db)){
-                echo " inserted " . $ip ."\n";
-            } else {
-                echo " fehler\n";
-            };
+        if($act->list($ip)){
+            echo " inserted " . long2ip($ip) ."\n";
         } else {
-            echo "Client token " . $token . " not registered\n";
+            echo " fehler\n";
         };
 }

list.php

@@ -0,0 +1,26 @@
+<?php
+error_reporting(E_ALL);
+
+require_once 'action.php';
+require_once 'db.php';
+require_once 'token.php';
+
+$clientIP = ip2long(substr(trim($_SERVER['REMOTE_ADDR']),0,15));
+$token = substr(trim($_GET['token']),0,32);
+
+$act= new action;
+
+if($act->isBlocked($clientIP)) {
+    http_response_code(403);
+    exit;
+}
+
+if (!(new token)->isConsumer($token)) {
+    $act->block($clientIP);
+    echo "user access denied";
+    exit;
+}
+$list = $act->getBlockList();
+foreach($list as $ip) {
+    echo long2ip($ip) . PHP_EOL;
+}

stats.php

@@ -0,0 +1,14 @@
+<?php
+
+class stats {
+
+    public function __construct() {
+        $this->db = new db();
+    }
+
+    public function log($clientIP,$ip,$action,$token) {
+        $dbAction = $this->db->prepare("INSERT IGNORE INTO stats (clientip,ip,action,token) VALUES (?,?,?,?)");
+        $dbAction->bind_param('iiss',$clientIP,$ip,$action,$token);
+        return $dbAction->execute();
+    }
+}

token.php

@@ -0,0 +1,42 @@
+<?php
+class token {
+    private $db = null;
+
+    public function __construct() {
+        $this->db = new db();
+    }
+
+    private function getRole($token) {
+        $dbAction = $this->db->prepare("SELECT role FROM clients WHERE token = ?");
+        $dbAction->bind_param('s',$token);
+        $dbAction->execute();
+        $dbAction->store_result();
+        $dbAction->bind_result($role);
+        $dbAction->fetch();
+        if ($dbAction->num_rows() == 1){
+            return $role;
+        }
+        return false;
+    }
+
+    public function isAdmin($token) {
+        if($this->getRole($token) == 'admin') {
+            return true;
+        }
+        return false;
+    }
+
+    public function isReporter($token) {
+        if($this->getRole($token) == 'reporter') {
+            return true;
+        }
+        return false;
+    }
+
+    public function isConsumer($token) {
+        if($this->getRole($token) == 'consumer') {
+            return true;
+        }
+        return false;
+    }
+}