Jump to content

Check IP when user logs in


mariocesar

Recommended Posts

I build a site that is use for sales reps. is all about prices and images of products we offer, they have to log in with their user name and password to get access to this site, the login PHP script keeps this site available from 9am to 6pm ,everything is working fine. now they asked me to match the IP address on each sales rep. computer in order for them to get access to the prices. that means they can only have access to the prices from the computer at work, any idea on how to do this.

 

thanks

 

Mario.

Link to comment
https://forums.phpfreaks.com/topic/90952-check-ip-when-user-logs-in/
Share on other sites

You can try this, assuming IP's will ALWAYS be static, and you have their IP stored in a database.

 

1. Loop through the list of IPs in the database

2. Compare using $_SERVER['REMOTE_ADDR'] (PHP variable that contains clients IP address)

3. If a match is found there at work

4. Else the IP isn't in the database, so no access?

 

You can try this, assuming IP's will ALWAYS be static, and you have their IP stored in a database.

 

1. Loop through the list of IPs in the database

2. Compare using $_SERVER['REMOTE_ADDR'] (PHP variable that contains clients IP address)

3. If a match is found there at work

4. Else the IP isn't in the database, so no access?

 

IP's are almost NEVER static. Their IP never stays the same.

thanks, i did it and works, but the IP changes all the time, is a dynamic one.

 

//transfer to shorter var

 

 

 

$n=$_POST['uname'];

$p=$_POST['upass'];

$ip=$_SERVER['REMOTE_ADDR'];

 

 

//connect to db

 

include('config.php');

 

 

 

$query="SELECT * FROM user WHERE uname = '".$_POST['uname']."' AND pw = PASSWORD('".$_POST[upass]."') AND ip='$ip' ";

$result=mysql_query($query);

$num=mysql_num_rows($result);

 

if($num>0 ){

//put in session vars

$mytime=time();

$mytime=date("H:i:s A",$mytime);

$_SESSION['time'] = $mytime;

$_SESSION['status'] = 'logged';

$_SESSION['username'] = $n;

 

this is a part of the script, please any other idea will be appreciate, thanks.

You could authenticate based on subnet or hostname which should be more constant.

 

depending on where the site is hosted you could use separate domains or virtual hosts

1 is accessible only from intranet and the other from internet

then separate the code depending on the url request

 

just an idea out of the top of my head

Ho can I authenticate base on hostname?

 

$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

 

valid hostnames can be in an array, from outside then not accessible.

 

maybe better, not sure what is better

<?PHP
echo GetHostByName($_SERVER['REMOTE_ADDR']);
echo "<br />";
echo  $_SERVER['X_HTTP_FORWARDED_FOR'];
echo "<br />";
echo $_SERVER['REMOTE_ADDR'];
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.