Limit access to page to only local ip (192.168.1.xx)

[farkewie]

Hi i need to restrict access to a page so only people connected to my router can access them,

 

here is my code but it just always says not ok.

PS: the "echo" is just for testing purpose

 

<?php
echo $_SERVER['REMOTE_ADDR'];

if (($_SERVER['REMOTE_ADDR']) == '192.168.1.\255'){
echo "ok";
}
else {
echo "not ok";
}
?>

 

also i include 2 php files in my main page how do i stop people accessing them directly?

[phpQuestioner]

You can accurately rely on the ip address; because it can be forged - I suggest a user login.

[lur]

if (substr($_SERVER['REMOTE_ADDR'], 0, 10) !== '192.168.1.') exit();

if (!preg_match('/^192\.168\.1\./', $_SERVER['REMOTE_ADDR'])) exit();

if (0 !== strpos($_SERVER['REMOTE_ADDR'], '192.168.1.')) exit();

[farkewie]

Its not a massive security issue,

 

i just dont want to login from home when its set as my homepage, and at the same time i dont want to have too easy access from outside,

 

i dont have a registered domain or anything at home so noone should "stumble" apon it.

 

 

[revraz]

If you are behind a router and use NAT (which you do), they can't even get to that address if they tried.

[farkewie]

they can because i have forwarded port 80 so i can access it from work and stuff.

 

the above code works.. i think ill have to wait until i get to work to check..

 

thank you.

[PFMaBiSmAd]

@phpQuestioner

 

The 'REMOTE_ADDR' comes from the TCP/IP packet and cannot be faked. It is the address that the web server will send the response back to.

 

You can easily get a different IP address or go through a web proxy to hide your real IP address, but the IP address in the TCP/IP packet is a true address at the time the pack was created.