mariocesar Posted February 13, 2008 Share Posted February 13, 2008 I build a site that is use for sales reps. is all about prices and images of products we offer, they have to log in with their user name and password to get access to this site, the login PHP script keeps this site available from 9am to 6pm ,everything is working fine. now they asked me to match the IP address on each sales rep. computer in order for them to get access to the prices. that means they can only have access to the prices from the computer at work, any idea on how to do this. thanks Mario. Quote Link to comment Share on other sites More sharing options...
revraz Posted February 13, 2008 Share Posted February 13, 2008 http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html Quote Link to comment Share on other sites More sharing options...
Isityou Posted February 13, 2008 Share Posted February 13, 2008 You can try this, assuming IP's will ALWAYS be static, and you have their IP stored in a database. 1. Loop through the list of IPs in the database 2. Compare using $_SERVER['REMOTE_ADDR'] (PHP variable that contains clients IP address) 3. If a match is found there at work 4. Else the IP isn't in the database, so no access? Quote Link to comment Share on other sites More sharing options...
schilly Posted February 13, 2008 Share Posted February 13, 2008 That would be assuming static IPs. It not (DHCP) then you could filter based on subnet which would be a little broader. Quote Link to comment Share on other sites More sharing options...
GameYin Posted February 14, 2008 Share Posted February 14, 2008 You can try this, assuming IP's will ALWAYS be static, and you have their IP stored in a database. 1. Loop through the list of IPs in the database 2. Compare using $_SERVER['REMOTE_ADDR'] (PHP variable that contains clients IP address) 3. If a match is found there at work 4. Else the IP isn't in the database, so no access? IP's are almost NEVER static. Their IP never stays the same. Quote Link to comment Share on other sites More sharing options...
mariocesar Posted February 18, 2008 Author Share Posted February 18, 2008 thanks, i did it and works, but the IP changes all the time, is a dynamic one. //transfer to shorter var $n=$_POST['uname']; $p=$_POST['upass']; $ip=$_SERVER['REMOTE_ADDR']; //connect to db include('config.php'); $query="SELECT * FROM user WHERE uname = '".$_POST['uname']."' AND pw = PASSWORD('".$_POST[upass]."') AND ip='$ip' "; $result=mysql_query($query); $num=mysql_num_rows($result); if($num>0 ){ //put in session vars $mytime=time(); $mytime=date("H:i:s A",$mytime); $_SESSION['time'] = $mytime; $_SESSION['status'] = 'logged'; $_SESSION['username'] = $n; this is a part of the script, please any other idea will be appreciate, thanks. Quote Link to comment Share on other sites More sharing options...
schilly Posted February 18, 2008 Share Posted February 18, 2008 You could authenticate based on subnet or hostname which should be more constant. Quote Link to comment Share on other sites More sharing options...
NL_Rosko Posted February 18, 2008 Share Posted February 18, 2008 You could authenticate based on subnet or hostname which should be more constant. depending on where the site is hosted you could use separate domains or virtual hosts 1 is accessible only from intranet and the other from internet then separate the code depending on the url request just an idea out of the top of my head Quote Link to comment Share on other sites More sharing options...
mariocesar Posted February 18, 2008 Author Share Posted February 18, 2008 Ho can I authenticate base on hostname? Quote Link to comment Share on other sites More sharing options...
NL_Rosko Posted February 18, 2008 Share Posted February 18, 2008 Ho can I authenticate base on hostname? $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); valid hostnames can be in an array, from outside then not accessible. maybe better, not sure what is better <?PHP echo GetHostByName($_SERVER['REMOTE_ADDR']); echo "<br />"; echo $_SERVER['X_HTTP_FORWARDED_FOR']; echo "<br />"; echo $_SERVER['REMOTE_ADDR']; ?> Quote Link to comment Share on other sites More sharing options...
mariocesar Posted February 18, 2008 Author Share Posted February 18, 2008 This one is the one that changes, in the morning was 72.88.158.150 and now is 71.172.139.2 now is working fine but later is going to change. any other way? Quote Link to comment Share on other sites More sharing options...
schilly Posted February 18, 2008 Share Posted February 18, 2008 You could try by hostname if it's an internal address. Do you have a small network with everyone running DHCP off Verizon? 71.172.139.2 = pool-71-172-139-2.nwrknj.east.verizon.net 72.88.158.150 = pool-72-88-158-150.nwrknj.east.verizon.net Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 18, 2008 Share Posted February 18, 2008 This is a debate that goes on the internet for years, you need to use the users id that the only way............. Quote Link to comment Share on other sites More sharing options...
mariocesar Posted February 19, 2008 Author Share Posted February 19, 2008 What do you men with users id? Quote Link to comment Share on other sites More sharing options...
revraz Posted February 19, 2008 Share Posted February 19, 2008 Your client needs to give you their IP scope. How can you allow a IP range when they don't provide it to you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.