787c787,789
< 				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
---
>         $ban_item = str_replace(array(".*.*.*",".*.*"),".*",$ban_item);
>         // Reduces serial dotwildcards to one .*  - Simplifies later regex 
>         if (preg_match('#^(25[0-5]|2[0-4]\d|[01]?\d?\d)\.(25[0-5]|2[0-4]\d|[01]?\d?\d)\.(25[0-5]|2[0-4]\d|[01]?\d?\d)\.(25[0-5]|2[0-4]\d|[01]?\d?\d)[ ]*\-[ ]*(25[0-5]|2[0-4]\d|[01]?\d?\d)\.(25[0-5]|2[0-4]\d|[01]?\d?\d)\.(25[0-5]|2[0-4]\d|[01]?\d?\d)\.(25[0-5]|2[0-4]\d|[01]?\d?\d)$#', $ban_item, $ip_range_explode))
789c791
< 					// This is an IP range
---
> 					// This is an IP range validated for valid decimal ips with dash separator
796,797c798,821
< 						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
< 						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
---
>             if ($ip_1_counter == $ip_range_explode[1]) // if first counter octet is start ip first octet set other octet counters to input start ip octets
>             {
>               $ip_2_counter = $ip_range_explode[2]; 
>               $ip_3_counter = $ip_range_explode[3]; 
>               $ip_4_counter = $ip_range_explode[4]; 
>             }
>             else // else set other octet counters to 0
>             {
>               $ip_2_counter = 0; 
>               $ip_3_counter = 0; 
>               $ip_4_counter = 0; 
>             }
>             if ($ip_1_counter < $ip_1_end) // if first counter octet is not end ip first octet set other octet ends to 255 
>             {
>   						$ip_2_end = 255;
>   						$ip_3_end = 255;
>   						$ip_4_end = 255;
>             }
>             else // else set other octet ends to input end ip octets
>             {
>   						$ip_2_end = $ip_range_explode[6];
>   						$ip_3_end = $ip_range_explode[7];
>   						$ip_4_end = $ip_range_explode[8];
>             }
799c823,824
< 						if ($ip_2_counter == 0 && $ip_2_end == 254)
---
> 						if ($ip_2_counter == 0 && $ip_2_end == 255 && $ip_3_counter == 0 && $ip_3_end == 255 && $ip_4_counter == 0 && $ip_4_end == 255)
>             // if current 2nd, 3rd & 4th octet ranges are all 0-255 set wildcard after first octet
801,803c826,827
< 							$ip_2_counter = 256;
< 							$ip_2_fragment = 256;
< 
---
> 							$ip_2_counter = 256; // set high to force loop break
> 							// $ip_2_fragment = 256; // This variable isn't used elsewhere(?)
809,810c833,852
< 							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
< 							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
---
>              if ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) // as above but check both 1st & 2nd counter octets are same as start ip octets
>               {
>                 $ip_3_counter = $ip_range_explode[3]; 
>                 $ip_4_counter = $ip_range_explode[4]; 
>               }
>               else
>               {
>                 $ip_3_counter = 0; 
>                 $ip_4_counter = 0; 
>               }
>               if ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end)
>               {
>                 $ip_3_end = 255;
>                 $ip_4_end = 255;
>               }
>               else
>               {
>                 $ip_3_end = $ip_range_explode[7];
>                 $ip_4_end = $ip_range_explode[8];
>               }
812c854,855
< 							if ($ip_3_counter == 0 && $ip_3_end == 254)
---
> 							if ($ip_3_counter == 0 && $ip_3_end == 255 && $ip_4_counter == 0 && $ip_4_end == 255)
>               // if current 3rd & 4th octet ranges are all 0-255 set wildcard after second octet
815,816c858
< 								$ip_3_fragment = 256;
< 
---
>                 // $ip_3_fragment = 256; // This variable isn't used elsewhere(?)
822,823c864,880
< 								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
< 								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
---
>                 if ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1])
>                 // as above but check 1st, 2nd & 3rd counter octets are same as start ip octets
>                 {
>                   $ip_4_counter = $ip_range_explode[4];
>                 }
>                 else
>                 {
>                   $ip_4_counter = 0;
>                 }
>                 if ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end)
>                 {
>                   $ip_4_end = 255;
>                 }
>                 else
>                 {
>                   $ip_4_end = $ip_range_explode[8];
>                 }
825c882
< 								if ($ip_4_counter == 0 && $ip_4_end == 254)
---
> 								if ($ip_4_counter == 0 && $ip_4_end == 255) // if current 4th octet range is 0-255 set wildcard after 3rd octet
828,829c885
< 									$ip_4_fragment = 256;
< 
---
>                   // $ip_4_fragment = 256; // This variable isn't used elsewhere(?)
833c889
< 								while ($ip_4_counter <= $ip_4_end)
---
> 								while ($ip_4_counter <= $ip_4_end) // set non-wild card ips then increment and loop
845c901
< 				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
---
>         else if (preg_match('#^(25[0-5]|2[0-4]\d|[01]?\d?\d)(?:(?:\.(25[0-5]|2[0-4]\d|[01]?\d?\d)){3}|(?:\.(25[0-5]|2[0-4]\d|[01]?\d?\d)){0,2}\.\*)$#', $ban_item) || preg_match('#^[a-f0-9:]+\*?$#i', $ban_item))
847c903
< 					// Normal IP address
---
> 					// Normal IP address validated for correct decimal octet format with maximum one wildcard. Hex format not validated.