PHP Limiting access based on IP address

[dprichard]

I am working on a dev site for my company and want to limit access based on the IP Address and was wondering if this script would do the job or if there were other ways people could get around this. 

 

<?php 
function ipauthorize() {
$ipaddress = $_SERVER['REMOTE_ADDR'];
if(
	$ipaddress == 'IP ADDRESS GOES HERE') 
{
	//Action for allowed IP Addresses
	echo 'you are authorized here'; 
	echo "<br />IP ADDRESS: ".$_SERVER['REMOTE_ADDR'];
} 
else 
{
	//Action for all other IP Addresses
	echo 'you are not authorized here'; 
	echo "<br />IP ADDRESS: ".$_SERVER['REMOTE_ADDR'];
	exit;
}
}
?>

[trq]

Banning by ip address, theres always aways around it.

[chriscloyd]

Proxy can get around it and what not the best best would to have a login script I can help you with

[chriscloyd]

if you create a database make a table called users

 

then make these fields

username

uid

password

email

do it that way then you can enter the information you want and try to login by fetching the info from the database

[dprichard]

I am going to add a username and password as well and have a script for that, but thank you.  I just have never tried to restrict via IP address.  So, this will keep out the casual user, but not someoen really wanting to get in?  Would they just have to guess the IP Addresses you are letting have access?

[dprichard]

Actually I am not banning one address, but all addresses except those specified.  So, they would have to know the IP Address and spoof it to get in right?

[chriscloyd]

well that could work yes and they could get the ip address if they know your the one

[dprichard]

So, unless they know the allowed IP Address they couldn't get around this?  Would there be a way for them to get these from the script at all? 

[chriscloyd]

if they crack in yes

[PFMaBiSmAd]

For your original question -

I am working on a dev site for my company and want to limit access based on the IP Address

If someone has a static IP address, so that no one else can dynamically be assigned the same IP, and they are not behind a router, where everyone appears to have the same public IP address, then yes, using $_SERVER['REMOTE_ADDR'] will limit access to a specific person(s) (you can also use a .htaccess file with an "deny from all/allow from ip_address_here" statement so that you don't need to have test code in with the actual real code.

[discomatt]

Spoofing a static IP over the 'net can be tricky.

 

I may have this completely wrong, but changing the source IP in outgoing packets is fairly easy for someone that knows what they're doing... the annoying part is getting responses from the victim (as they will naturally go to the 'spoofed' source). It's possible (bearing certain circumstances), but EXTREMELY difficult to intercept the responses, so unless the attacker knows exactly what packets to send to get the desired result, you're fairly safe.

 

Adding a secure connection to the mix ( assuming your data is THAT important ) will make things even more difficult.

[jonsjava]

because I'm CDO (that's OCD in the proper order), I wrote it so you could have more than one allowed IP address. What you have works, I'm just crazy....*watches pretty purple elephant on his monitor*

 

<?php 
function ipauthorize() {
$allowed_ip = array("127.0.0.1", "127.0.0.2"); //populate the array with allowed IP Addresses
$ipaddress = $_SERVER['REMOTE_ADDR'];
if(in_array($ipaddress, $allowed_ip)) 
{
	//Action for allowed IP Addresses
	echo 'you are authorized here'; 
	echo "<br />IP ADDRESS: ".$_SERVER['REMOTE_ADDR'];
} 
else 
{
	//Action for all other IP Addresses
	echo 'you are not authorized here'; 
	echo "<br />IP ADDRESS: ".$_SERVER['REMOTE_ADDR'];
	exit;
}
}
?>

[dprichard]

very kewl, thank you jonsjava