<?php

session_start();

// Get the user's IP address
$user_ip = $_SERVER['REMOTE_ADDR'];

// Get the URL of the current page
$current_url = $_SERVER['REQUEST_URI'];

// Check if the user has a browsing history
if (!isset($_SESSION['browsing_history'])) {
    // If not, create a new browsing history array and add the current page to it
    $_SESSION['browsing_history'] = array($current_url);
} else {
    // If yes, add the current page to the browsing history array
    array_push($_SESSION['browsing_history'], $current_url);
}

// Check if the user is suspicious based on their browsing history
$is_suspicious = false;

// Count the number of pages the user has visited
$num_pages_visited = count($_SESSION['browsing_history']);

if ($num_pages_visited > 10) {
    // If the user has visited more than 10 pages, mark them as suspicious
    $is_suspicious = true;
} else {
    // Check if the user has accessed any vulnerable pages
    foreach ($_SESSION['browsing_history'] as $page) {
        if (strpos($page, 'admin.php') !== false) {
            // If the user has accessed an admin page, mark them as suspicious
            $is_suspicious = true;
            break;
        }
    }
}

if ($is_suspicious) {
    // If the user is suspicious, block them from accessing the website
    header('HTTP/1.1 403 Forbidden');
    echo 'Access to this website is blocked.';
    exit();
}

// Display the rest of the page content
echo 'Welcome to my website!';

?>