Jump to content

Recommended Posts

Hello Everyone,

 

I'm facing a problem and I would like to seek your help. I have downloaded a opensource php application to run on our company intranet. First I would like to provide my complete environment details.

 

WAMP Server 2.0i

Php V 5.2.7 (downgraded from 5.3.0 to get rid off ereg deprecated errors)

My SQL 5.1.36

OS - Windows Server 2003 R2

Port - 8080 (80 is used by IIS)

 

I have setup 3 applications on my wampserver(Timesheet/Joomla/Facility Booking) . All the three apps are running well on my server. I have created 3 different users and 3 different databases.

 

However, my Timesheet application is not running from other computer in our network. Well it's running but not able to connect to database. I mentioned the warnings and notices below. I'm able to login to the phpmyadmin from other computer to that database. So I feel the problem is with php source code. I have never worked on php before and your help is much appreciated.

 

I think there is no problem with apache or my sql as I don't see any errors related to this. These are from php error log which are displayed when I access the app.

Warnings and Notice

[14-Jan-2010 18:30:11] PHP Notice:  Undefined variable: dbexists in C:\wamp\www\timesheet\topmain.php on line 47

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\timesheet\leftmain.php on line 236

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in C:\wamp\www\timesheet\leftmain.php on line 236

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 243

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_free_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 266

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\timesheet\leftmain.php on line 330

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in C:\wamp\www\timesheet\leftmain.php on line 330

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 338

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_free_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 349

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\timesheet\timeclock.php on line 120

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in C:\wamp\www\timesheet\timeclock.php on line 120

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\display.php on line 54

 

[14-Jan-2010 18:30:11] PHP Warning:  mysql_free_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\display.php on line 320

 

 

I have attached all files related. Sorry for long post this thing is driving me nuts since a week. Thanks in advance. Have a great weekend.

 

[attachment deleted by admin]

Link to comment
https://forums.phpfreaks.com/topic/188551-access-denied-for-user-odbclocalhost/
Share on other sites

/* --- REQUIRED CHANGES --- */


/* mysql info
        --- $db_hostname is the hostname for your mysql server, default is localhost.
        --- $db_username is the mysql username you created during the install.
        --- $db_password is the mysql password for the username to the database.
        --- $db_name is the mysql database you created during the install. */

$db_hostname = "10.212.x.xx";
$db_username = "root";
$db_password = "";
$db_name = "timeclock";


/* --- RECOMMENDED CHANGES --- */


/* This adds a prefix to the tablenames in the database. This can be helpful if you
have an existing mysql database that you would like to use with PHP Timeclock.
If you are unaware of what is meant by "table prefix", then please leave this
option as is. Default is to leave it blank. */

$db_prefix = "";


/* Choose "yes" to restrict the ip addresses that can connect to PHP Timeclock. If
"yes" is chosen, you MUST input the allowed networks in the $allowed_networks
array below. Otherwise, choosing "yes" here and leaving $allowed_networks
blank will cause PHP Timeclock to reject everyone attempting to connect to it.
Default is "no". */

$restrict_ips = "no";


/* Insert the networks or ip addresses you wish to allow to connect to PHP Timeclock
into the $allowed_networks array below. There is not a limit on how many networks
or addresses that can be included in this array. This will currently only work for
ipv4 addresses, ipv6 may be supported in a future release. If $restrict_ips is
set to "no", this option is ignored.

* will work:
* xxx.xxx.xxx.xxx        (exact)
* xxx.xxx.xxx.[yyy-zzz]  (range)
* xxx.xxx.xxx.xxx/nn     (CIDR)
*
* will NOT work:
* xxx.xxx.xxx.xx[yyy-zzz]  (range, partial octets not supported)
* xxx.xxx.xxx.yyy - xxx.xxx.xxx.zzz (range, entire networks not supported).
* xxx.xxx. (range, less than 4 octets not supported).

example --> $allowed_networks = array("10.0.0.4","192.168.1.[11-20]","192.168.4.0/24","192.0.0.0/8");
*/

$allowed_networks = array();


/* Choose "yes" if you want to disable the Edit System Settings page within PHP
Timeclock. This page allows you to make *most* of your changes to the
config.inc.php file through the PHP Timeclock interface instead of editing
the config.inc.php file by hand. Many will view this as a possible security risk
and might would rather disable this functionality. Default is "no". */

$disable_sysedit = "no";


/* Choose whether to use encrypted passwords along with the usernames. Options are
"yes" or "no". If "yes" is chosen, users will be required to enter a password
whenever they change their status. Default is "no". */

$use_passwd = "no";


/* If you only want certain users to have the ability to view and run the reports,
change $use_reports_password to "yes". Default is "no"; */

$use_reports_password = "no";


/* Enable the option to log the ip addresses of the connecting computers when users
punch-in/out, or when a time is manually added, edited, or deleted. Default is
"yes". */

$ip_logging = "yes";


/* A management contact E-mail address to display in the footer of the timeclock.
Set it to "none" to ignore this option. */

$email = "none";


/* --- OPTIONAL CHANGES --- */


/* If you want to use normal connections to the database instead of persistent connects
   change $use_persistent_connection to "no". The default is "yes". */

$use_persistent_connection = "yes";


/* If you want a time edit admin to be able to edit times without providing a reason for
the changes change $require_admin_edit_reason to "no". The default is "yes". */

$require_time_admin_edit_reason = "yes";


/* Choose the way dates are displayed. DO NOT EDIT THESE DATE VARIABLES MANUALLY UNLESS YOU
KNOW WHAT YOU ARE DOING. Instead, change these date variables via the Edit System Settings
page in the Administration section of PHP Timeclock (sysedit.php). $datefmt default is
"n/j/y", $js_datefmt default is "M/d/yy", $tmp_datefmt default is "m/d/yy", and
$calendar_style default is "amer". You will need to choose date formats with matching
numbers, ie: if format number 10 is used for $datefmt, then format number 10 will need to
be used for $js_format and $tmp_format as well. "euro" will need to be chosen for date
format numbers 1-6, and "amer" will need to be chosen for date format numbers 7-12.
Again, if you are confused, i urge you to change these settings via the Edit System
Settings page in the Administration Section. Choosing mismatched options will lead to
much confusion and plenty of headaches later.

Possibilities for these variables are:

$calendar_style --> 1) amer
                    2) euro

   $datefmt --> 1) j.n.Y       $js_datefmt --> 1) d.M.yyyy       $tmp_datefmt --> 1) d.m.yyyy
                2) j/n/Y                       2) d/M/yyyy                        2) d/m/yyyy
                3) j-n-Y                       3) d-M-yyyy                        3) d-m-yyyy
                4) j.n.y                       4) d.M.yy                          4) d.m.yy
                5) j/n/y                       5) d/M/yy                          5) d/m/yy
                6) j-n-y                       6) d-M-yy                          6) d-m-yy
                7) n.j.Y                       7) M.d.yyyy                        7) m.d.yyyy
                 n/j/Y                        M/d/yyyy                         m/d/yyyy
                9) n-j-Y                       9) M-d-yyyy                        9) m-d-yyyy
                10) n.j.y                      10) M.d.yy                         10) m.d.yy
                11) n/j/y                      11) M/d/yy                         11) m/d/yy
                12) n-j-y                      12) M-d-yy                         12) m-d-yy */

$datefmt = "n/j/Y";
$js_datefmt = "M/d/yyyy";
$tmp_datefmt = "m/d/yyyy";
$calendar_style = "amer";


/* Choose the way times are displayed. Default is "g:i a".

Possibilities for this variable are:

$timefmt -->    1) G:i
                2) H:i
                3) g:i A
                4) g:i a
                5) g:iA
                6) g:ia    */

$timefmt = "g:i a";


/* Display only activity for the the current day instead of the last entry from each user.
Default is "no". */

$display_current_users = "no";


/* Show a Display Name instead of a Username for each user on the main page.
Default is "no". */

$show_display_name = "yes";


/* Display punch-in/out times for only a certain office on the main page of the application.
Replace "all" with the office you wish to display below. Default is "all". */

$display_office = "all";


/* Display punch-in/out times for only a certain group on the main page of the application.
Replace "all" with the group you wish to display below. Default is "all". */

$display_group = "all";


/* Display a column on the main page that shows the office each person is affiliated with.
Default is "no". */

$display_office_name = "no";


/* Display a column on the main page that shows the group each person is affiliated with.
Default is "no". */

$display_group_name = "no";


/* A logo or graphic, this is displayed in the top left of each page.
Set it to "none" to ignore this option. */

$logo = "images/logos/homeshieldlogo.gif";


/* This sets the refresh rate (in seconds) for index.php. If the application is kept open,
it will refresh every $refresh seconds to display the most current info. Default
is 300. Set it to "none" to ignore this option. */

$refresh = "300";


/* Sets if the display page should display the name of the users logged in. Default is "yes". */

$display_name = "yes";


/* Sets if the display page should display the status of the users logged in. Default is "yes". */

$display_status = "yes";


/* Sets how the display page should display the status of the users logged in. Options are
"icon", "text", or "both". Default is "both". */

$display_status_option = "both";


/* Sets if the display page should display the date of the users logged in. Default is "yes". */

$display_date = "yes";


/* Sets if the display page should display the time of the users logged in. Default is "yes". */

$display_time = "yes";


/* Sets if the display page should display the notes of the users logged in. Default is "yes". */

$display_notes = "yes";


/* This creates a clickable date in the top right of each page. By Default, it links to
"This Day in History" on the historychannel.com website. Set it to "none" to ignore this option. */

$date_link = "http://www.historychannel.com/tdih";


/* These are alternating row colors for the main page and for reports. */

$color1 = "#EFEFEF";
$color2 = "#FBFBFB";


/* Insert/change/delete below the ACTUAL links to websites you wish to display in the
topleft side of each page (leftmain.php). These links can link to anything you want
them to -- websites, other web-based applications, etc. Default number of links is 6.
Set $links to "none" to ignore this option. Ex: $links = "none"; */

$links = array("http://www.semc.funurl.com","http://mysinghealth/");


/* Insert/change/delete below the display names for the links you inserted above.
If $links is set to "none", this option is ignored. */

$display_links = array("SEMC Portal","SingHealth Intranet");


/* The message of the day to display to all employee's. Set to "none" to disable. */

$message_of_the_day = "Using PhpTimeClock two times a day keeps the doctor away.";


/* --- REPORTING INFO --- */


/* The settings in this section are simply default settings. They can easily be changed each
time you run a report. */

/* Choose whether to paginate the Hours Worked report or not. Setting this option to "yes"
will print the totals for each user on their own page. Default is "yes". */

$paginate = "yes";


/* Choose whether to show the punch-in/out details for each punch for each user on the
Hours Worked report or not. Default is "yes". */

$show_details = "yes";


/* Choose how to round the time worked within the Hours Worked report for each user. This
simply tells the report how to format the total hours worked for the Hours Worked Report.
Default is "0".

Possibilities for this variable are:

$round_time --> 0) Do not round.
                1) Round to the nearest 5 minutes.
                2) Round to the nearest 10 minutes.
                3) Round to the nearest 15 minutes.
                4) Round to the nearest 20 minutes.
                5) Round to the nearest 30 minutes. */

$round_time = "0";


/* The two variables below, $report_start_time and $report_end_time, are designed to work with
the Hours Worked report. They are there to give you a starting time to go along with the
starting date, and an ending time to go along with the ending date for the dates specified
when the report is run. Default is 00:00 (12:00am) for $report_start_time and
23:59 (11:59pm) for $report_end_time. 12 hour and 24 hour formats are supported. */

$report_start_time = "00:00";
$report_end_time = "23:59";


/* Setting this variable to "yes" will display a single dropdown box containing usernames
to choose from when running the reports. Setting this variable to "no" will instead
display a triple dropdown box containing offices, groups, and usernames to choose from
when running the reports. A single dropdown box works well if there are just a few
usernames in the system, and a triple dropdown works well if multiple offices and/or
groups are in the system. Default is "no". */

$username_dropdown_only = "no";


/* Choose whether to print displaynames or usernames for each user when reports are run.
Options for this variable are "user" and "display". Default is "user". */

$user_or_display = "display";


/* Choose whether to include in the reports the ip addresses of the systems that connect to
sign-in/out into PHP Timeclock or not. This option is useful for auditing purposes. The
ip_logging option must be set to "yes" in order for this option to work as expected.
Default is "yes". */

$display_ip = "yes";


/* Reports can be exported to a comma delimited file (.csv). Setting this to "yes" will
export the reports to .csv files. Default is "no" */

$export_csv = "no";


/* Sets the number of hours after which are considered overtime. Setting the number to
If $cover_time is set to 0 then it disables all overtime calculations. Default is "0" */

$over_time_hour = "0";


/* --- TIMEZONE INFO --- */


/* If you have users who are in different timezones, you may wish to display the punch-in/out
times according to the timezone they are currently in. Setting this option to "yes" will
display the punch-in/out times in the timezone of their connecting systems. The timezone
info is pulled from the web browser of the user via javascript and stored in a cookie on their
system. The default setting is "no". */

$use_client_tz = "no";


/* To display the punch-in/out times in the timezone of the web server, leave this option set
to "yes". Setting this option to "no" AND setting the above $use_client_tz option to "no",
will display the punch-in/out times in GMT. Default is "yes". */

$use_server_tz = "yes";


/* --- WEATHER INFO ---  */


/* Include local weather info on the left side of the main page just below the Submit button.
If you would like to include this feature, set $display_weather to "yes". Default is "no". */

$display_weather = "no";


/* ICAO (International Civil Aviation Organization) for your local airport. This is the
unique four letter international ID for the airport. METAR reports are created at
roughly 4500 airports from around the world, so you probably live near one of them.
The airports make a report once or twice an hour, and these reports are stored at the
National Weather Service and are publicly available via HTTP or FTP. Visit
https://pilotweb.nas.faa.gov/qryhtml/icao/ to find a corresponding ICAO near you. If
$display_weather is set to "no", this option is ignored. If $display_weather is set to
"yes", you MUST provide an ICAO here. */

$metar = "KJAN";


/* This is the city and country (or can be city and state) of the airport for
the ICAO used above. The max length for this field is 100 characters.
If $display_weather is set to "no", this option is ignored. */

$city = "Jackson, Mississippi";


/* The name of the company whose hours are being tracked. */

$company_name = "Singhealth Experimental Medicine Centre";


/* Sets the title in the header. This is what the page will be named by default when you
make a "favorite" or "bookmark" in your browser. Change as you see fit. */

$title = "$company_name Timeclock";


/* --- DO NOT CHANGE ANYTHING BELOW THIS LINE!!! --- */


/* The current version of the database structure */

$dbversion = "1.4";


/* Application version. */

$app_version = "1.1.0";
?>

Well obviously those setting aren't getting passed around properly....

 

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Would indicate php's defaults.

 

You might want to look for a different script because to be honest, the small examples you have posted are terrible examples of programming. Has this application ever worked for you ?

Yes the settings are passed locally but they are not passed when tried from different PC.

 

I had a chance to speak with the application guy. He said the problem might be because of my proxy settings. If thats the case all my other applications shouldn't work too right ? He suggested to create a self signed SSL and try https:

 

When you say about replace script, could you say in which page ? header.php ?

Yes the settings are passed locally but they are not passed when tried from different PC.

 

Are you installing this application on different machines? If so... why? PHP applications are normally installed on one central server and then accessed from anywhere. If that is the case (which is the norm) then php has no knowledge of where your accessing the application from, nor does it matter.

 

When you say about replace script, could you say in which page ? header.php ?

 

I'm not sure what you mean exactly.

The following is the offending code from the header.php file (and I do mean that script contains some offensive programming) -

 

// grab the connecting IP address. //
$connecting_ip = get_ipaddress();
if (empty($connecting_ip)) {
    return FALSE;
}

 

That return statement causes the code in the included file to abort and continue execution in the main script. This skips making the connection to the database and the creation of the $dbexists variable, but no errors are reported or outputted as to why the script took this action.

 

Whatever get_ipaddress() does (it is probably defined in the functions.php file) does not work when you access the script from a non-local address (I suspect is it checking optional headers that simply don't exist.)

 

That script looks like it was written by someone who got a C- grade in a programming class.

 

Edit:

I had a chance to speak with the application guy. He said the problem might be because of my proxy settings. If thats the case all my other applications shouldn't work too right ? He suggested to create a self signed SSL and try https:

Is that the person who wrote this code? Because while the comment about the proxy might be relavant to the problem (depedning on how badly coded the get_ipaddress() function is), the suggested solution of using SSL/https has absolutely no relevance.

 

 

Are you installing this application on different machines? If so... why? PHP applications are normally installed on one central server and then accessed from anywhere. If that is the case (which is the norm) then php has no knowledge of where your accessing the application from, nor does it matter.

 

Nope I installed the application on a test server(windows 2003) with WAMPSERVER. The application is working really good on my test server. But, when I try to access the application from client computer. The database is not connected. The application is a multi user application so I tested it on other client machines.

 

 

PFMaBiSmAd,

 

Thank you so much for the reply. Almost everyone I showed the code say its really crap.

 

Yes, that was the same guy who wrote code for the program suggesting https as solution. Actually he also mentioned that he could host the system with no errors for some fee per user per month  >:(

 

The function get_ipaddress is defined as below

function get_ipaddress() {

    if (empty($REMOTE_ADDR)) {
        if (!empty($_SERVER) && isset($_SERVER['REMOTE_ADDR'])) {
            $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
        }
        else if (!empty($_ENV) && isset($_ENV['REMOTE_ADDR'])) {
            $REMOTE_ADDR = $_ENV['REMOTE_ADDR'];
        }
        else if (@getenv('REMOTE_ADDR')) {
            $REMOTE_ADDR = getenv('REMOTE_ADDR');
        }
    }
    if (empty($HTTP_X_FORWARDED_FOR)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            $HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) {
            $HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR'];
        }
        else if (@getenv('HTTP_X_FORWARDED_FOR')) {
            $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
        }
    }
    if (empty($HTTP_X_FORWARDED)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) {
            $HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) {
            $HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED'];
        }
        else if (@getenv('HTTP_X_FORWARDED')) {
            $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
        }
    }
    if (empty($HTTP_FORWARDED_FOR)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) {
            $HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) {
            $HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
        }
        else if (@getenv('HTTP_FORWARDED_FOR')) {
            $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
        }
    }
    if (empty($HTTP_FORWARDED)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) {
            $HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) {
            $HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
        }
        else if (@getenv('HTTP_FORWARDED')) {
            $HTTP_FORWARDED = getenv('HTTP_FORWARDED');
        }
    }
    if (empty($HTTP_VIA)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) {
            $HTTP_VIA = $_SERVER['HTTP_VIA'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_VIA'])) {
            $HTTP_VIA = $_ENV['HTTP_VIA'];
        }
        else if (@getenv('HTTP_VIA')) {
            $HTTP_VIA = getenv('HTTP_VIA');
        }
    }
    if (empty($HTTP_X_COMING_FROM)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) {
            $HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) {
            $HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
        }
        else if (@getenv('HTTP_X_COMING_FROM')) {
            $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
        }
    }
    if (empty($HTTP_COMING_FROM)) {
        if (!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) {
            $HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
        }
        else if (!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) {
            $HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
        }
        else if (@getenv('HTTP_COMING_FROM')) {
            $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
        }
    }

    // Gets the default ip sent by the user //

    if (!empty($REMOTE_ADDR)) {
        $direct_ip = $REMOTE_ADDR;
    }

    // Gets the proxy ip sent by the user //

    $proxy_ip     = '';
    if (!empty($HTTP_X_FORWARDED_FOR)) {
        $proxy_ip = $HTTP_X_FORWARDED_FOR;
    } else if (!empty($HTTP_X_FORWARDED)) {
        $proxy_ip = $HTTP_X_FORWARDED;
    } else if (!empty($HTTP_FORWARDED_FOR)) {
        $proxy_ip = $HTTP_FORWARDED_FOR;
    } else if (!empty($HTTP_FORWARDED)) {
        $proxy_ip = $HTTP_FORWARDED;
    } else if (!empty($HTTP_VIA)) {
        $proxy_ip = $HTTP_VIA;
    } else if (!empty($HTTP_X_COMING_FROM)) {
        $proxy_ip = $HTTP_X_COMING_FROM;
    } else if (!empty($HTTP_COMING_FROM)) {
        $proxy_ip = $HTTP_COMING_FROM;
    }

    // Returns the true IP if it has been found, else FALSE //

    if (empty($proxy_ip)) {
        // True IP without proxy
        return $direct_ip;
    } else {
        $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs);
        if ($is_ip && (count($regs) > 0)) {
            // True IP behind a proxy
            return $regs[0];
        } else {
            // Can't define IP: there is a proxy but we don't have
            // information about the true IP
            return FALSE;
        }
    }
}

 

Any help to clean this code would be really appreciated. 

You are doing this on a local network/Intranet? Are there any local proxy servers (caching servers) involved in the network that one or more users will connect to the server through?

 

That code is attempting to find the 'real' IP address of the client computer. If all your client computers are connecting to the server without going through a proxy server, then I would just put the following line of code -

        return $direct_ip;

 

Immediately before the following line of code -

 

    if (empty($proxy_ip)) {

 

I'm setting up this on our company intranet. Yes ! We do have proxy server in place which has to be used by several users.

 

BTW, I did test connecting client machine to my server via lan cable disconnecting from our company intranet. And I assigned different IP address for both client and server. The application was running good.

 

So I think the problem is with proxy. In that case what would be the possible changes I can make to the code ?

 

 

 

 

The other code has a section where you can restrict access to a specific range or list of IP addresses. I don't know if the script uses the IP for anything more specific (such as identifying users...), so the following may or may not work -

 

If it is acceptable that anyone who is allowed to connect through the proxy (and its' IP) address is also allowed to use this script, then the change I posted above would return the proxy's IP address for all those users.

 

Otherwise, you would need to find out which, if any, of the HTTP_X_ headers are being supplied by the proxy and troubleshoot why the code is not outputting the actual IP address of the client.

Yes there is code to restrict ip

if ($restrict_ips == "yes") {
    for ($x = 0; $x < count($allowed_networks); $x++) {
        $is_allowed = ip_range($allowed_networks[$x], $connecting_ip);
        if (! empty($is_allowed)) {
            $allowed = TRUE;
        }
    }
    if (! isset($allowed)) {
        echo "You are not authorized to view this page.";
        exit;
    }
}

 

The function is defined as

 

function ip_range($network, $ip) {

/**
* Based on IP Pattern Matcher
* Originally by J.Adams <jna@retina.net>
* Found on <http://www.php.net/manual/en/function.ip2long.php>
* Modified by Robbat2 <robbat2@users.sourceforge.net>
*
* Matches:
* xxx.xxx.xxx.xxx        (exact)
* xxx.xxx.xxx.[yyy-zzz]  (range)
* xxx.xxx.xxx.xxx/nn     (CIDR)
*
* Does not match:
* xxx.xxx.xxx.xx[yyy-zzz]  (range, partial octets not supported)
*
* @param   string   string of IP range to match
* @param   string   string of IP to test against range
*
* @return  boolean    always true
*
* @access  public
*/

   $result = TRUE;

   if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $network, $regs)) {
       // performs a mask match
       $ipl    = ip2long($ip);
       $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]);

       $maskl  = 0;

       for ($i = 0; $i < 31; $i++) {
           if ($i < $regs[5] - 1) {
               $maskl = $maskl + pow(2, (30 - $i));
           }
       }

       if (($maskl & $rangel) == ($maskl & $ipl)) {
           return TRUE;
       } else {
           return FALSE;
       }
   } else {
       // range based
       $maskocts = explode('.', $network);
       $ipocts   = explode('.', $ip);

       // perform a range match
       for ($i = 0; $i < 4; $i++) {
            if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
                if (($ipocts[$i] > $regs[2])
                    || ($ipocts[$i] < $regs[1])) {
                    $result = FALSE;
                } // end if
            } else {
                if ($maskocts[$i] <> $ipocts[$i]) {
                    $result = FALSE;
                }
            }
       }
   }
   return $result;
}

 

 

I will test this tomorrow and keep you posted. Thanks again for your help. Have a great weekend !  :D

 

// grab the connecting IP address. //
$connecting_ip = get_ipaddress();
if (empty($connecting_ip)) {
    return FALSE;
}

 

If I change return FALSE to TRUE do you think it should work ? I don't have access to the environment now, so did not get a chance to test

I have made following changes to the code. Please leave your valuable feedback whether it's good enough or not to solve the issue.

 

header.php

 

// grab the connecting IP address. //
$connecting_ip = get_ipaddress();
if (empty($connecting_ip)) {
    echo "Could not determine IP address.";
    exit;

}

// Determine if connecting IP address is allowed to connect to 

PhpTimeClock
    if ($restrict_ips == "yes") {
        $size = count($allowed_networks);
for ($x = 0; $x < $size; $x++) {
            $is_allowed = ip_range($allowed_networks[$x], 

$connecting_ip);
            if ($is_allowed) {
                break;
            }
        }


if (! $is_allowed) {
        echo "You are not authorized to view this page.";
        exit;

        }

        unset($x);
        unset($size);
        unset($is_allowed);
    }

 

Function defined in functions.php

 

function get_ipaddress() {
    if (! empty($_SERVER['REMOTE_ADDR'])) {
        $direct_ip  = $_SERVER['REMOTE_ADDR'];
    } else {
        $direct_ip  = '';
    }

    if (! empty($_SERVER['HTTP_X_FORWARDED'])) {
        $proxy_ip = $_SERVER['HTTP_X_FORWARDED'];
    } elseif (! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $proxy_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (! empty($_SERVER['HTTP_FORWARDED'])) {
        $proxy_ip = $_SERVER['HTTP_FORWARDED'];
    } elseif (! empty($_SERVER['HTTP_X_FORWARDED'])) {
        $proxy_ip = $_SERVER['HTTP_X_FORWARDED'];
    } else {
        $proxy_ip  = '';
    }



// Returns the true IP if it has been found, else false //
    if (! empty($proxy_ip)) {
        $is_ip = preg_match('/'.VALID_IP_ADDRESS_REGEX.'/', $proxy_ip, $regs);
        if ($is_ip and (count($regs) > 0)) {



// True IP behind a proxy
            return $regs[0];
        } else {
            

// Can't define IP: there is a proxy but we don't have information about the true IP
            return false;
        }
    }


// True IP without proxy
    return $direct_ip;
}

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.