WWW_9hub_Net Posted January 15, 2010 Share Posted January 15, 2010 Hello Everyone, I'm facing a problem and I would like to seek your help. I have downloaded a opensource php application to run on our company intranet. First I would like to provide my complete environment details. WAMP Server 2.0i Php V 5.2.7 (downgraded from 5.3.0 to get rid off ereg deprecated errors) My SQL 5.1.36 OS - Windows Server 2003 R2 Port - 8080 (80 is used by IIS) I have setup 3 applications on my wampserver(Timesheet/Joomla/Facility Booking) . All the three apps are running well on my server. I have created 3 different users and 3 different databases. However, my Timesheet application is not running from other computer in our network. Well it's running but not able to connect to database. I mentioned the warnings and notices below. I'm able to login to the phpmyadmin from other computer to that database. So I feel the problem is with php source code. I have never worked on php before and your help is much appreciated. I think there is no problem with apache or my sql as I don't see any errors related to this. These are from php error log which are displayed when I access the app. Warnings and Notice [14-Jan-2010 18:30:11] PHP Notice: Undefined variable: dbexists in C:\wamp\www\timesheet\topmain.php on line 47 [14-Jan-2010 18:30:11] PHP Warning: mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\timesheet\leftmain.php on line 236 [14-Jan-2010 18:30:11] PHP Warning: mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in C:\wamp\www\timesheet\leftmain.php on line 236 [14-Jan-2010 18:30:11] PHP Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 243 [14-Jan-2010 18:30:11] PHP Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 266 [14-Jan-2010 18:30:11] PHP Warning: mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\timesheet\leftmain.php on line 330 [14-Jan-2010 18:30:11] PHP Warning: mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in C:\wamp\www\timesheet\leftmain.php on line 330 [14-Jan-2010 18:30:11] PHP Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 338 [14-Jan-2010 18:30:11] PHP Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\leftmain.php on line 349 [14-Jan-2010 18:30:11] PHP Warning: mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\timesheet\timeclock.php on line 120 [14-Jan-2010 18:30:11] PHP Warning: mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in C:\wamp\www\timesheet\timeclock.php on line 120 [14-Jan-2010 18:30:11] PHP Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\display.php on line 54 [14-Jan-2010 18:30:11] PHP Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\timesheet\display.php on line 320 I have attached all files related. Sorry for long post this thing is driving me nuts since a week. Thanks in advance. Have a great weekend. [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
trq Posted January 15, 2010 Share Posted January 15, 2010 It would seem you username and password have not been properly setup within config.inc.php. Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 As I mentioned I'm able to access phpmyadmin from other computer. And I don't have any issue accessing the application from my server. I have tried all possible settings with the config.inc.php No luck ! Quote Link to comment Share on other sites More sharing options...
trq Posted January 15, 2010 Share Posted January 15, 2010 Post config.inc.php. Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 /* --- REQUIRED CHANGES --- */ /* mysql info --- $db_hostname is the hostname for your mysql server, default is localhost. --- $db_username is the mysql username you created during the install. --- $db_password is the mysql password for the username to the database. --- $db_name is the mysql database you created during the install. */ $db_hostname = "10.212.x.xx"; $db_username = "root"; $db_password = ""; $db_name = "timeclock"; /* --- RECOMMENDED CHANGES --- */ /* This adds a prefix to the tablenames in the database. This can be helpful if you have an existing mysql database that you would like to use with PHP Timeclock. If you are unaware of what is meant by "table prefix", then please leave this option as is. Default is to leave it blank. */ $db_prefix = ""; /* Choose "yes" to restrict the ip addresses that can connect to PHP Timeclock. If "yes" is chosen, you MUST input the allowed networks in the $allowed_networks array below. Otherwise, choosing "yes" here and leaving $allowed_networks blank will cause PHP Timeclock to reject everyone attempting to connect to it. Default is "no". */ $restrict_ips = "no"; /* Insert the networks or ip addresses you wish to allow to connect to PHP Timeclock into the $allowed_networks array below. There is not a limit on how many networks or addresses that can be included in this array. This will currently only work for ipv4 addresses, ipv6 may be supported in a future release. If $restrict_ips is set to "no", this option is ignored. * will work: * xxx.xxx.xxx.xxx (exact) * xxx.xxx.xxx.[yyy-zzz] (range) * xxx.xxx.xxx.xxx/nn (CIDR) * * will NOT work: * xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported) * xxx.xxx.xxx.yyy - xxx.xxx.xxx.zzz (range, entire networks not supported). * xxx.xxx. (range, less than 4 octets not supported). example --> $allowed_networks = array("10.0.0.4","192.168.1.[11-20]","192.168.4.0/24","192.0.0.0/8"); */ $allowed_networks = array(); /* Choose "yes" if you want to disable the Edit System Settings page within PHP Timeclock. This page allows you to make *most* of your changes to the config.inc.php file through the PHP Timeclock interface instead of editing the config.inc.php file by hand. Many will view this as a possible security risk and might would rather disable this functionality. Default is "no". */ $disable_sysedit = "no"; /* Choose whether to use encrypted passwords along with the usernames. Options are "yes" or "no". If "yes" is chosen, users will be required to enter a password whenever they change their status. Default is "no". */ $use_passwd = "no"; /* If you only want certain users to have the ability to view and run the reports, change $use_reports_password to "yes". Default is "no"; */ $use_reports_password = "no"; /* Enable the option to log the ip addresses of the connecting computers when users punch-in/out, or when a time is manually added, edited, or deleted. Default is "yes". */ $ip_logging = "yes"; /* A management contact E-mail address to display in the footer of the timeclock. Set it to "none" to ignore this option. */ $email = "none"; /* --- OPTIONAL CHANGES --- */ /* If you want to use normal connections to the database instead of persistent connects change $use_persistent_connection to "no". The default is "yes". */ $use_persistent_connection = "yes"; /* If you want a time edit admin to be able to edit times without providing a reason for the changes change $require_admin_edit_reason to "no". The default is "yes". */ $require_time_admin_edit_reason = "yes"; /* Choose the way dates are displayed. DO NOT EDIT THESE DATE VARIABLES MANUALLY UNLESS YOU KNOW WHAT YOU ARE DOING. Instead, change these date variables via the Edit System Settings page in the Administration section of PHP Timeclock (sysedit.php). $datefmt default is "n/j/y", $js_datefmt default is "M/d/yy", $tmp_datefmt default is "m/d/yy", and $calendar_style default is "amer". You will need to choose date formats with matching numbers, ie: if format number 10 is used for $datefmt, then format number 10 will need to be used for $js_format and $tmp_format as well. "euro" will need to be chosen for date format numbers 1-6, and "amer" will need to be chosen for date format numbers 7-12. Again, if you are confused, i urge you to change these settings via the Edit System Settings page in the Administration Section. Choosing mismatched options will lead to much confusion and plenty of headaches later. Possibilities for these variables are: $calendar_style --> 1) amer 2) euro $datefmt --> 1) j.n.Y $js_datefmt --> 1) d.M.yyyy $tmp_datefmt --> 1) d.m.yyyy 2) j/n/Y 2) d/M/yyyy 2) d/m/yyyy 3) j-n-Y 3) d-M-yyyy 3) d-m-yyyy 4) j.n.y 4) d.M.yy 4) d.m.yy 5) j/n/y 5) d/M/yy 5) d/m/yy 6) j-n-y 6) d-M-yy 6) d-m-yy 7) n.j.Y 7) M.d.yyyy 7) m.d.yyyy n/j/Y M/d/yyyy m/d/yyyy 9) n-j-Y 9) M-d-yyyy 9) m-d-yyyy 10) n.j.y 10) M.d.yy 10) m.d.yy 11) n/j/y 11) M/d/yy 11) m/d/yy 12) n-j-y 12) M-d-yy 12) m-d-yy */ $datefmt = "n/j/Y"; $js_datefmt = "M/d/yyyy"; $tmp_datefmt = "m/d/yyyy"; $calendar_style = "amer"; /* Choose the way times are displayed. Default is "g:i a". Possibilities for this variable are: $timefmt --> 1) G:i 2) H:i 3) g:i A 4) g:i a 5) g:iA 6) g:ia */ $timefmt = "g:i a"; /* Display only activity for the the current day instead of the last entry from each user. Default is "no". */ $display_current_users = "no"; /* Show a Display Name instead of a Username for each user on the main page. Default is "no". */ $show_display_name = "yes"; /* Display punch-in/out times for only a certain office on the main page of the application. Replace "all" with the office you wish to display below. Default is "all". */ $display_office = "all"; /* Display punch-in/out times for only a certain group on the main page of the application. Replace "all" with the group you wish to display below. Default is "all". */ $display_group = "all"; /* Display a column on the main page that shows the office each person is affiliated with. Default is "no". */ $display_office_name = "no"; /* Display a column on the main page that shows the group each person is affiliated with. Default is "no". */ $display_group_name = "no"; /* A logo or graphic, this is displayed in the top left of each page. Set it to "none" to ignore this option. */ $logo = "images/logos/homeshieldlogo.gif"; /* This sets the refresh rate (in seconds) for index.php. If the application is kept open, it will refresh every $refresh seconds to display the most current info. Default is 300. Set it to "none" to ignore this option. */ $refresh = "300"; /* Sets if the display page should display the name of the users logged in. Default is "yes". */ $display_name = "yes"; /* Sets if the display page should display the status of the users logged in. Default is "yes". */ $display_status = "yes"; /* Sets how the display page should display the status of the users logged in. Options are "icon", "text", or "both". Default is "both". */ $display_status_option = "both"; /* Sets if the display page should display the date of the users logged in. Default is "yes". */ $display_date = "yes"; /* Sets if the display page should display the time of the users logged in. Default is "yes". */ $display_time = "yes"; /* Sets if the display page should display the notes of the users logged in. Default is "yes". */ $display_notes = "yes"; /* This creates a clickable date in the top right of each page. By Default, it links to "This Day in History" on the historychannel.com website. Set it to "none" to ignore this option. */ $date_link = "http://www.historychannel.com/tdih"; /* These are alternating row colors for the main page and for reports. */ $color1 = "#EFEFEF"; $color2 = "#FBFBFB"; /* Insert/change/delete below the ACTUAL links to websites you wish to display in the topleft side of each page (leftmain.php). These links can link to anything you want them to -- websites, other web-based applications, etc. Default number of links is 6. Set $links to "none" to ignore this option. Ex: $links = "none"; */ $links = array("http://www.semc.funurl.com","http://mysinghealth/"); /* Insert/change/delete below the display names for the links you inserted above. If $links is set to "none", this option is ignored. */ $display_links = array("SEMC Portal","SingHealth Intranet"); /* The message of the day to display to all employee's. Set to "none" to disable. */ $message_of_the_day = "Using PhpTimeClock two times a day keeps the doctor away."; /* --- REPORTING INFO --- */ /* The settings in this section are simply default settings. They can easily be changed each time you run a report. */ /* Choose whether to paginate the Hours Worked report or not. Setting this option to "yes" will print the totals for each user on their own page. Default is "yes". */ $paginate = "yes"; /* Choose whether to show the punch-in/out details for each punch for each user on the Hours Worked report or not. Default is "yes". */ $show_details = "yes"; /* Choose how to round the time worked within the Hours Worked report for each user. This simply tells the report how to format the total hours worked for the Hours Worked Report. Default is "0". Possibilities for this variable are: $round_time --> 0) Do not round. 1) Round to the nearest 5 minutes. 2) Round to the nearest 10 minutes. 3) Round to the nearest 15 minutes. 4) Round to the nearest 20 minutes. 5) Round to the nearest 30 minutes. */ $round_time = "0"; /* The two variables below, $report_start_time and $report_end_time, are designed to work with the Hours Worked report. They are there to give you a starting time to go along with the starting date, and an ending time to go along with the ending date for the dates specified when the report is run. Default is 00:00 (12:00am) for $report_start_time and 23:59 (11:59pm) for $report_end_time. 12 hour and 24 hour formats are supported. */ $report_start_time = "00:00"; $report_end_time = "23:59"; /* Setting this variable to "yes" will display a single dropdown box containing usernames to choose from when running the reports. Setting this variable to "no" will instead display a triple dropdown box containing offices, groups, and usernames to choose from when running the reports. A single dropdown box works well if there are just a few usernames in the system, and a triple dropdown works well if multiple offices and/or groups are in the system. Default is "no". */ $username_dropdown_only = "no"; /* Choose whether to print displaynames or usernames for each user when reports are run. Options for this variable are "user" and "display". Default is "user". */ $user_or_display = "display"; /* Choose whether to include in the reports the ip addresses of the systems that connect to sign-in/out into PHP Timeclock or not. This option is useful for auditing purposes. The ip_logging option must be set to "yes" in order for this option to work as expected. Default is "yes". */ $display_ip = "yes"; /* Reports can be exported to a comma delimited file (.csv). Setting this to "yes" will export the reports to .csv files. Default is "no" */ $export_csv = "no"; /* Sets the number of hours after which are considered overtime. Setting the number to If $cover_time is set to 0 then it disables all overtime calculations. Default is "0" */ $over_time_hour = "0"; /* --- TIMEZONE INFO --- */ /* If you have users who are in different timezones, you may wish to display the punch-in/out times according to the timezone they are currently in. Setting this option to "yes" will display the punch-in/out times in the timezone of their connecting systems. The timezone info is pulled from the web browser of the user via javascript and stored in a cookie on their system. The default setting is "no". */ $use_client_tz = "no"; /* To display the punch-in/out times in the timezone of the web server, leave this option set to "yes". Setting this option to "no" AND setting the above $use_client_tz option to "no", will display the punch-in/out times in GMT. Default is "yes". */ $use_server_tz = "yes"; /* --- WEATHER INFO --- */ /* Include local weather info on the left side of the main page just below the Submit button. If you would like to include this feature, set $display_weather to "yes". Default is "no". */ $display_weather = "no"; /* ICAO (International Civil Aviation Organization) for your local airport. This is the unique four letter international ID for the airport. METAR reports are created at roughly 4500 airports from around the world, so you probably live near one of them. The airports make a report once or twice an hour, and these reports are stored at the National Weather Service and are publicly available via HTTP or FTP. Visit https://pilotweb.nas.faa.gov/qryhtml/icao/ to find a corresponding ICAO near you. If $display_weather is set to "no", this option is ignored. If $display_weather is set to "yes", you MUST provide an ICAO here. */ $metar = "KJAN"; /* This is the city and country (or can be city and state) of the airport for the ICAO used above. The max length for this field is 100 characters. If $display_weather is set to "no", this option is ignored. */ $city = "Jackson, Mississippi"; /* The name of the company whose hours are being tracked. */ $company_name = "Singhealth Experimental Medicine Centre"; /* Sets the title in the header. This is what the page will be named by default when you make a "favorite" or "bookmark" in your browser. Change as you see fit. */ $title = "$company_name Timeclock"; /* --- DO NOT CHANGE ANYTHING BELOW THIS LINE!!! --- */ /* The current version of the database structure */ $dbversion = "1.4"; /* Application version. */ $app_version = "1.1.0"; ?> Quote Link to comment Share on other sites More sharing options...
trq Posted January 15, 2010 Share Posted January 15, 2010 Well obviously those setting aren't getting passed around properly.... Access denied for user 'ODBC'@'localhost' (using password: NO) Would indicate php's defaults. You might want to look for a different script because to be honest, the small examples you have posted are terrible examples of programming. Has this application ever worked for you ? Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 Yes the settings are passed locally but they are not passed when tried from different PC. I had a chance to speak with the application guy. He said the problem might be because of my proxy settings. If thats the case all my other applications shouldn't work too right ? He suggested to create a self signed SSL and try https: When you say about replace script, could you say in which page ? header.php ? Quote Link to comment Share on other sites More sharing options...
trq Posted January 15, 2010 Share Posted January 15, 2010 Yes the settings are passed locally but they are not passed when tried from different PC. Are you installing this application on different machines? If so... why? PHP applications are normally installed on one central server and then accessed from anywhere. If that is the case (which is the norm) then php has no knowledge of where your accessing the application from, nor does it matter. When you say about replace script, could you say in which page ? header.php ? I'm not sure what you mean exactly. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 15, 2010 Share Posted January 15, 2010 The following is the offending code from the header.php file (and I do mean that script contains some offensive programming) - // grab the connecting IP address. // $connecting_ip = get_ipaddress(); if (empty($connecting_ip)) { return FALSE; } That return statement causes the code in the included file to abort and continue execution in the main script. This skips making the connection to the database and the creation of the $dbexists variable, but no errors are reported or outputted as to why the script took this action. Whatever get_ipaddress() does (it is probably defined in the functions.php file) does not work when you access the script from a non-local address (I suspect is it checking optional headers that simply don't exist.) That script looks like it was written by someone who got a C- grade in a programming class. Edit: I had a chance to speak with the application guy. He said the problem might be because of my proxy settings. If thats the case all my other applications shouldn't work too right ? He suggested to create a self signed SSL and try https: Is that the person who wrote this code? Because while the comment about the proxy might be relavant to the problem (depedning on how badly coded the get_ipaddress() function is), the suggested solution of using SSL/https has absolutely no relevance. Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 Are you installing this application on different machines? If so... why? PHP applications are normally installed on one central server and then accessed from anywhere. If that is the case (which is the norm) then php has no knowledge of where your accessing the application from, nor does it matter. Nope I installed the application on a test server(windows 2003) with WAMPSERVER. The application is working really good on my test server. But, when I try to access the application from client computer. The database is not connected. The application is a multi user application so I tested it on other client machines. Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 PFMaBiSmAd, Thank you so much for the reply. Almost everyone I showed the code say its really crap. Yes, that was the same guy who wrote code for the program suggesting https as solution. Actually he also mentioned that he could host the system with no errors for some fee per user per month The function get_ipaddress is defined as below function get_ipaddress() { if (empty($REMOTE_ADDR)) { if (!empty($_SERVER) && isset($_SERVER['REMOTE_ADDR'])) { $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; } else if (!empty($_ENV) && isset($_ENV['REMOTE_ADDR'])) { $REMOTE_ADDR = $_ENV['REMOTE_ADDR']; } else if (@getenv('REMOTE_ADDR')) { $REMOTE_ADDR = getenv('REMOTE_ADDR'); } } if (empty($HTTP_X_FORWARDED_FOR)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR']; } else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) { $HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR']; } else if (@getenv('HTTP_X_FORWARDED_FOR')) { $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR'); } } if (empty($HTTP_X_FORWARDED)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) { $HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED']; } else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) { $HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED']; } else if (@getenv('HTTP_X_FORWARDED')) { $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED'); } } if (empty($HTTP_FORWARDED_FOR)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR']; } else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR']; } else if (@getenv('HTTP_FORWARDED_FOR')) { $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR'); } } if (empty($HTTP_FORWARDED)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) { $HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED']; } else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) { $HTTP_FORWARDED = $_ENV['HTTP_FORWARDED']; } else if (@getenv('HTTP_FORWARDED')) { $HTTP_FORWARDED = getenv('HTTP_FORWARDED'); } } if (empty($HTTP_VIA)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) { $HTTP_VIA = $_SERVER['HTTP_VIA']; } else if (!empty($_ENV) && isset($_ENV['HTTP_VIA'])) { $HTTP_VIA = $_ENV['HTTP_VIA']; } else if (@getenv('HTTP_VIA')) { $HTTP_VIA = getenv('HTTP_VIA'); } } if (empty($HTTP_X_COMING_FROM)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) { $HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM']; } else if (!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) { $HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM']; } else if (@getenv('HTTP_X_COMING_FROM')) { $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM'); } } if (empty($HTTP_COMING_FROM)) { if (!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) { $HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM']; } else if (!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) { $HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM']; } else if (@getenv('HTTP_COMING_FROM')) { $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM'); } } // Gets the default ip sent by the user // if (!empty($REMOTE_ADDR)) { $direct_ip = $REMOTE_ADDR; } // Gets the proxy ip sent by the user // $proxy_ip = ''; if (!empty($HTTP_X_FORWARDED_FOR)) { $proxy_ip = $HTTP_X_FORWARDED_FOR; } else if (!empty($HTTP_X_FORWARDED)) { $proxy_ip = $HTTP_X_FORWARDED; } else if (!empty($HTTP_FORWARDED_FOR)) { $proxy_ip = $HTTP_FORWARDED_FOR; } else if (!empty($HTTP_FORWARDED)) { $proxy_ip = $HTTP_FORWARDED; } else if (!empty($HTTP_VIA)) { $proxy_ip = $HTTP_VIA; } else if (!empty($HTTP_X_COMING_FROM)) { $proxy_ip = $HTTP_X_COMING_FROM; } else if (!empty($HTTP_COMING_FROM)) { $proxy_ip = $HTTP_COMING_FROM; } // Returns the true IP if it has been found, else FALSE // if (empty($proxy_ip)) { // True IP without proxy return $direct_ip; } else { $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs); if ($is_ip && (count($regs) > 0)) { // True IP behind a proxy return $regs[0]; } else { // Can't define IP: there is a proxy but we don't have // information about the true IP return FALSE; } } } Any help to clean this code would be really appreciated. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 15, 2010 Share Posted January 15, 2010 You are doing this on a local network/Intranet? Are there any local proxy servers (caching servers) involved in the network that one or more users will connect to the server through? That code is attempting to find the 'real' IP address of the client computer. If all your client computers are connecting to the server without going through a proxy server, then I would just put the following line of code - return $direct_ip; Immediately before the following line of code - if (empty($proxy_ip)) { Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 I'm setting up this on our company intranet. Yes ! We do have proxy server in place which has to be used by several users. BTW, I did test connecting client machine to my server via lan cable disconnecting from our company intranet. And I assigned different IP address for both client and server. The application was running good. So I think the problem is with proxy. In that case what would be the possible changes I can make to the code ? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 15, 2010 Share Posted January 15, 2010 The other code has a section where you can restrict access to a specific range or list of IP addresses. I don't know if the script uses the IP for anything more specific (such as identifying users...), so the following may or may not work - If it is acceptable that anyone who is allowed to connect through the proxy (and its' IP) address is also allowed to use this script, then the change I posted above would return the proxy's IP address for all those users. Otherwise, you would need to find out which, if any, of the HTTP_X_ headers are being supplied by the proxy and troubleshoot why the code is not outputting the actual IP address of the client. Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 15, 2010 Author Share Posted January 15, 2010 Yes there is code to restrict ip if ($restrict_ips == "yes") { for ($x = 0; $x < count($allowed_networks); $x++) { $is_allowed = ip_range($allowed_networks[$x], $connecting_ip); if (! empty($is_allowed)) { $allowed = TRUE; } } if (! isset($allowed)) { echo "You are not authorized to view this page."; exit; } } The function is defined as function ip_range($network, $ip) { /** * Based on IP Pattern Matcher * Originally by J.Adams <jna@retina.net> * Found on <http://www.php.net/manual/en/function.ip2long.php> * Modified by Robbat2 <robbat2@users.sourceforge.net> * * Matches: * xxx.xxx.xxx.xxx (exact) * xxx.xxx.xxx.[yyy-zzz] (range) * xxx.xxx.xxx.xxx/nn (CIDR) * * Does not match: * xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported) * * @param string string of IP range to match * @param string string of IP to test against range * * @return boolean always true * * @access public */ $result = TRUE; if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $network, $regs)) { // performs a mask match $ipl = ip2long($ip); $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]); $maskl = 0; for ($i = 0; $i < 31; $i++) { if ($i < $regs[5] - 1) { $maskl = $maskl + pow(2, (30 - $i)); } } if (($maskl & $rangel) == ($maskl & $ipl)) { return TRUE; } else { return FALSE; } } else { // range based $maskocts = explode('.', $network); $ipocts = explode('.', $ip); // perform a range match for ($i = 0; $i < 4; $i++) { if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) { if (($ipocts[$i] > $regs[2]) || ($ipocts[$i] < $regs[1])) { $result = FALSE; } // end if } else { if ($maskocts[$i] <> $ipocts[$i]) { $result = FALSE; } } } } return $result; } I will test this tomorrow and keep you posted. Thanks again for your help. Have a great weekend ! Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 16, 2010 Author Share Posted January 16, 2010 // grab the connecting IP address. // $connecting_ip = get_ipaddress(); if (empty($connecting_ip)) { return FALSE; } If I change return FALSE to TRUE do you think it should work ? I don't have access to the environment now, so did not get a chance to test Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 16, 2010 Share Posted January 16, 2010 No, because the code needs to get an IP address into $connecting_ip so that the rest of the code in that file will work. Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 16, 2010 Author Share Posted January 16, 2010 In the function defined get ip address and restrict IP. I see the code contains preg_match. But currently I downgraded php to 5.2.x. Does php 5.2.x handle preg_match ? Shouldn't it be replaced with ereg ? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 16, 2010 Share Posted January 16, 2010 http://php.net/preg_match Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 16, 2010 Author Share Posted January 16, 2010 I have made following changes to the code. Please leave your valuable feedback whether it's good enough or not to solve the issue. header.php // grab the connecting IP address. // $connecting_ip = get_ipaddress(); if (empty($connecting_ip)) { echo "Could not determine IP address."; exit; } // Determine if connecting IP address is allowed to connect to PhpTimeClock if ($restrict_ips == "yes") { $size = count($allowed_networks); for ($x = 0; $x < $size; $x++) { $is_allowed = ip_range($allowed_networks[$x], $connecting_ip); if ($is_allowed) { break; } } if (! $is_allowed) { echo "You are not authorized to view this page."; exit; } unset($x); unset($size); unset($is_allowed); } Function defined in functions.php function get_ipaddress() { if (! empty($_SERVER['REMOTE_ADDR'])) { $direct_ip = $_SERVER['REMOTE_ADDR']; } else { $direct_ip = ''; } if (! empty($_SERVER['HTTP_X_FORWARDED'])) { $proxy_ip = $_SERVER['HTTP_X_FORWARDED']; } elseif (! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $proxy_ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (! empty($_SERVER['HTTP_FORWARDED'])) { $proxy_ip = $_SERVER['HTTP_FORWARDED']; } elseif (! empty($_SERVER['HTTP_X_FORWARDED'])) { $proxy_ip = $_SERVER['HTTP_X_FORWARDED']; } else { $proxy_ip = ''; } // Returns the true IP if it has been found, else false // if (! empty($proxy_ip)) { $is_ip = preg_match('/'.VALID_IP_ADDRESS_REGEX.'/', $proxy_ip, $regs); if ($is_ip and (count($regs) > 0)) { // True IP behind a proxy return $regs[0]; } else { // Can't define IP: there is a proxy but we don't have information about the true IP return false; } } // True IP without proxy return $direct_ip; } Quote Link to comment Share on other sites More sharing options...
WWW_9hub_Net Posted January 18, 2010 Author Share Posted January 18, 2010 PFMaBiSmAd, Thank you so much. The problem is fixed. I really appreciate for identifying the issue right at first sight. You are my hero Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.