need help with a basic php script

[xc0n]

hey guys im new to php so dont laugh,

 

i cant get the following code to work

 

<?php $user_ip == "110.00.00.00" || $user_ip == "110.00.00.00"; ?>

 

another file requires $user_ip to be one of the above, it works with just one ip but i want to have multiple ips without having to have $user_ip2 i want $user_ip to have multiple ip's. Hope this makes sense!

[WebStyles]

I'm not sure what you mean, you want to check the users IP and decide if it's allowed to do something?

 

try something  like:

 

// list all allowed IP's
$allowedIPS = array('192.168.1.1','192.168.1.2');
// get current user's IP
$userIP = $_SERVER['REMOTE_ADDR'];
// check if it's in ALLOWED list
if(in_array($userIP,$allowedIPS){
// ALLOW
}else{
// DENY
}

 

hope this helps

[xc0n]

hey thanks it helped a bit but im getting a syntax error on this line >>

if(in_array($userIP,$allowedIPS);{

[WebStyles]

sorry, typo. there's a closing parentisis missing, should be:

if(in_array($userIP,$allowedIPS)){
// ALLOW
}else{
// DENY
}

[xc0n]

ahh yes i see, great it worked thanks alot for that !!! how hard would it be for me to request the allowed ip's from a database so its more secure? ill put my whole code below

 

<?php $validate_ip = ($_SERVER['REMOTE_ADDR']);
$user_ip = array('110.33.251.66','110.33.251.50');
if(in_array($validate_ip,$user_ip)){
?>
	you are allowed	  
<?php
} else {
?>
go away your not allowed
<?php } ?>

[WebStyles]

with something like.... (assuming you have a table like id,ipAddress)

$usersIP = $_SERVER['REMOTE_ADDR'];
$conn = DatabaseConnection(); // your database connection function
$q = mysql_query("select `id` from `allowedIPS` where `ipAddress` = '$usersIP' limit 1",$conn);
$r = mysql_fetch_assoc($q);
@mysql_close($conn);
if(!empty($r)){
// ALLOW
}else{
// DENY
}

 

P.S. this is a pretty basic example, but it should work.

[Nodral]

Really straightforward.

 

Set up your db table (data) with a column called ip_addresses

Then retrieve them all and populate array

$sql="SELECT ip_addresses FROM data";
$sql=mysql_query($sql);
while($row=mysql_fetch_array($sql)){
$ip_array[]=$row['ip_addresses'];
}

 

You now have an array containing all allowed ip addresses. ($ip_array)

Now if you run a test

if(in_array($user_ip)){
echo"IP is fine";
}
else
{
echo"get lost!!!"
}

[WebStyles]

Nodral's example should work too, but if each user has only ONE ip address, what would be the point of reading ALL of them out of the database and then checking if it's valid, when you can check directly in the database for a single ip?

what would happen if you had several thousand addresses in the database?

 

also, if you only have a bunch full, that don't need upating too often, why not just put the array in a separate file and use include_once() ?

[xc0n]

yea i was going to include the ip's in a file but i thought using a database was more secure? is this true or am i better off just leaving the ip's in a included file? also if i do use a database where would i add in the connection settings eg: localhost user pass and db name? and is it hard to use md5 to encrypt the ips

[WebStyles]

You don't need to encrypt IP addresses, they will not be seen by anyone unless you specifically output them to a page.

but, if you still feel you should, md5 is easy to use:

$encryptedIP = md5($_SERVER['REMOTE_ADDR']);

[xc0n]

ok thats easy!

 

but i cant connect to my database

 

<?php
$user_ip = $_SERVER['REMOTE_ADDR'];
$conn = mysql_connect("localhost", "user name", "database pass")or die("cannot connect to database"); // your database connection function
mysql_select_db("database name")or die("cannot select DB");
$q = mysql_query("select `id` from `ips` where `validate_ip` = '$user_ip' limit 1",$conn);
$r = mysql_fetch_assoc($q);
@mysql_close($conn);
if(!empty($r)){
// ALLOW
echo "welcome";
}else{
// DENY
echo "go away";
}
?>

[Nodral]

What error do you get?

[xc0n]

i get a white page saying "cannot select DB"

[Nodral]

Use this as a seperate file saved as connect.php, then just put

 

include_once('connect.php');

at the top of every file where you need a connection

 

<?php
$link = mysql_connect(localhost, 'user_name', 'password');
if (!$link)
{
echo'1Unable to connect to the database server.';
echo mysql_errno($link) . ": " . mysql_error($link). "\n";


exit();
}

if (!mysql_set_charset('utf8', $link))
{
echo'2Unable to connect to the database server.';
echo mysql_errno($link) . ": " . mysql_error($link). "\n";


exit();
}

if(!mysql_select_db('db_name, $link))
{
echo'3Unable to connect to the database server.';
echo mysql_errno($link) . ": " . mysql_error($link). "\n";


exit();
}

?>

[WebStyles]

instead of this:

$conn = mysql_connect("localhost", "user name", "database pass")or die("cannot connect to database");
mysql_select_db("database name")or die("cannot select DB");

try this:

$conn = mysql_connect("localhost", "user name", "database pass")or die("cannot connect to database");
mysql_select_db("database name",$conn)or die("cannot select DB");

[xc0n]

ok now its connecting i guess but im getting this error

 

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/jswebmed/public_html/SecureIT/v2/mysql.php on line 6

 

my code is below

 

<?php
$user_ip = $_SERVER['REMOTE_ADDR'];
$conn = mysql_connect("localhost", "user", "pass")or die("cannot connect to database"); // your database connection function
mysql_select_db("database",$conn)or die("cannot select DB");
$q = mysql_query("select `id` from `allowed_ips` where `validate_ip` = '$user_ip' limit 1",$conn);
$r = mysql_fetch_assoc($q);
@mysql_close($conn);
if(!empty($r)){
// ALLOW
echo "welcome";
}else{
// DENY
echo "go away";
}
?>

 

and my sql is

 

--
-- Database: `jswebmed_test`
--

-- --------------------------------------------------------

--
-- Table structure for table `allowed_ips`
--

CREATE TABLE IF NOT EXISTS `allowed_ips` (
  `id` int(11) NOT NULL auto_increment,
  `ips` varchar(200) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `allowed_ips`
--

[WebStyles]

well, if you created a table with id, ips,

 

then you need to use:

select `id` from `validate_ips` where `ips` = '$userIP'

 

also, IP addresses can only be XXX.XXX.XXX.XXX (i.e. 15 characters in length) why is your database field varchar 200 ?

 

 

[Nodral]

This line needs a bit of concatenation and once you're connected, you don't need to redeclare it.

 

$q = mysql_query("select `id` from `allowed_ips` where `validate_ip` = '. $user_ip .' limit 1");

 

 

[WebStyles]

Nodral, you're wrong.

the string is enclosed in double quotes, so:

$q = mysql_query("select `id` from `allowed_ips` where `validate_ip` = '$user_ip' limit 1");

will work fine,

 

your example will not.

[xc0n]

im still getting this error i tryed both ways to connect?

 

error: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/jswebmed/public_html/SecureIT/v2/mysql.php on line 6

[WebStyles]

since you've made changes and not posted your code again, I have no idea what to say. Post the code please.

[xc0n]

ok below is the php

 

<?php
$user_ip = $_SERVER['REMOTE_ADDR'];
$conn = mysql_connect("localhost", "user", "pass")or die("cannot connect to database"); // your database connection function
$q = mysql_query("select `id` from `allowed_ips` where `validate_ip` = '$user_ip' limit 1");
mysql_select_db("database")or die("cannot select DB");
$r = mysql_fetch_assoc("$q");
@mysql_close($conn);
if(!empty($r)){
// ALLOW
echo "welcome";
}else{
// DENY
echo "go away";
}
?>

 

and below is database export

 

--
-- Database: `jswebmed_test`
--

-- --------------------------------------------------------

--
-- Table structure for table `allowed_ips`
--

CREATE TABLE IF NOT EXISTS `allowed_ips` (
  `id` int(11) NOT NULL auto_increment,
  `ips` varchar(20) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

 

can you test it and post the correct php and mysql for me to use?

 

ps: thanks for all the help!!!

[WebStyles]

you need to pay attention... I'm trying to help, but if you're not going to read what I write, you are just wasting your (and my) time. I have said this before:

 

where you have:

`validate_ip` = '$user_ip' limit 1

 

should be

`ips` = '$user_ip' limit 1

since your database does not have a field called `validate_ip`

 

 

[xc0n]

yes but either way i still get the error: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/jswebmed/public_html/SecureIT/v2/mysql.php on line 6

 

i get this error it has nothing to do with the database connection it has to do with: $r = mysql_fetch_assoc("$q");

 

so why does: $r = mysql_fetch_assoc("$q"); get the warning php error?

[WebStyles]

$q is a variable with the select statement.

when you call it in $r = mysql_fetch_assoc($q); it gets evaluated, so if there's an error in $q, it will only show up when you try to use that variable in $r = mysql_fetch_assoc($q);