Jump to content

Trouble Authenticating Users

idontknowphp

By idontknowphp
in PHP Coding Help

Recommended Posts

idontknowphp Member

idontknowphp

Posted
Posted

My issue is I have a login system that works just fine, but, it was something that was an easy install script...

 

What i am trying to do is use this function to bypass logging in with an array of ip's or a single ip...(i have a static ip):

 

function bypass_login() {
$allowed_ips = array("123.456.789.1");
if(in_array($_SERVER['REMOTE_ADDR'], $allowed_ips)) {
} 
   // authenticate here
{

 

 

My login script is in the following block:

<?

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();

session_start();

//clear session variables
session_unset();

//require the functions file
require ("config.php");
require ("functions.php");

//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{

$username = $_POST[username];
$password = $_POST[password];

}else{

$username = $lr_user;
$password = $lr_pass;

}

//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password)) 
{

header("Location:$base_dir/errorlogin.php");
exit;
}

//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}

if ($_POST[activate] == "Yes")
{
	//make the connection to the database
	$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
	$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

	//build and issue the query
	$sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
	$result = @mysql_query($sql,$connection) or die(mysql_error());
}

//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);

//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.php";
}

//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.php";
}

//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());

while ($sql = mysql_fetch_object($result)) 
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
	{
		include ('banned.php');
		exit;
	}
}

$last_log = last_login();

//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());

if (($_SESSION[redirect] != "$base_dir/errorlogin.php") && ($log_login == "1"))
{
include('loglogin.php');
}

//redirects the user	
header("Location:$_SESSION[redirect]");

?>

 

Thanks in advance, you guys are awesome!

Link to comment
https://forums.phpfreaks.com/topic/242706-trouble-authenticating-users/
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
Posted

Yes. That is correct...

 

You can simply do something like this

 

<?php
$ip_address = "";

if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
        $ip_address=$_SERVER['HTTP_X_FORWARDED_FOR'];

} else{

$ip_address=$_SERVER['REMOTE_ADDR'];
} 

$allow_ip = array('192.134.5.32','193.455.3.1','193.345.532.1');

if(in_array($ip_address,$allow_ip)){

   if(isset($_SESSION['bypass']) && $_SESSION['bypass'] != ""){
    
   // user has access
  
  }else{

      $_SESSION['bypass'] = $ip_address;

  }

}else{

// Needs to Login

}
?>

idontknowphp Member

idontknowphp

Posted
  • Author
Posted

Ok, but in order to display the hidden content for the page wouldn;t i need to set the session variables? 

 

Like have a dedicated username/password set aside and have it use that? I don't understand how to let the page know that a user is logged in...

 

yhanks for the assistance, i greatly appreciate it...

phpSensei Advanced Member

phpSensei

Posted
Posted

Ok, but in order to display the hidden content for the page wouldn;t i need to set the session variables? 

 

Like have a dedicated username/password set aside and have it use that? I don't understand how to let the page know that a user is logged in...

 

yhanks for the assistance, i greatly appreciate it...

 

The script checks if the user's ip matches the one in the array, if it does, then it tried to see if the bypass session is assigned with a value, if it is then you can redirect to the hidden content page, otherwise it will register the session ...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.