Check IP when user logs in

[mariocesar]

I build a site that is use for sales reps. is all about prices and images of products we offer, they have to log in with their user name and password to get access to this site, the login PHP script keeps this site available from 9am to 6pm ,everything is working fine. now they asked me to match the IP address on each sales rep. computer in order for them to get access to the prices. that means they can only have access to the prices from the computer at work, any idea on how to do this.

 

thanks

 

Mario.

[revraz]

http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html

[Isityou]

You can try this, assuming IP's will ALWAYS be static, and you have their IP stored in a database.

 

1. Loop through the list of IPs in the database

2. Compare using $_SERVER['REMOTE_ADDR'] (PHP variable that contains clients IP address)

3. If a match is found there at work

4. Else the IP isn't in the database, so no access?

 

[schilly]

That would be assuming static IPs. It not (DHCP) then you could filter based on subnet which would be a little broader.

[GameYin]

You can try this, assuming IP's will ALWAYS be static, and you have their IP stored in a database.

 

1. Loop through the list of IPs in the database

2. Compare using $_SERVER['REMOTE_ADDR'] (PHP variable that contains clients IP address)

3. If a match is found there at work

4. Else the IP isn't in the database, so no access?

 

IP's are almost NEVER static. Their IP never stays the same.

[mariocesar]

thanks, i did it and works, but the IP changes all the time, is a dynamic one.

 

//transfer to shorter var

 

 

 

$n=$_POST['uname'];

$p=$_POST['upass'];

$ip=$_SERVER['REMOTE_ADDR'];

 

 

//connect to db

 

include('config.php');

 

 

 

$query="SELECT * FROM user WHERE uname = '".$_POST['uname']."' AND pw = PASSWORD('".$_POST[upass]."') AND ip='$ip' ";

$result=mysql_query($query);

$num=mysql_num_rows($result);

 

if($num>0 ){

//put in session vars

$mytime=time();

$mytime=date("H:i:s A",$mytime);

$_SESSION['time'] = $mytime;

$_SESSION['status'] = 'logged';

$_SESSION['username'] = $n;

 

this is a part of the script, please any other idea will be appreciate, thanks.

[schilly]

You could authenticate based on subnet or hostname which should be more constant.

[NL_Rosko]

You could authenticate based on subnet or hostname which should be more constant.

 

depending on where the site is hosted you could use separate domains or virtual hosts

1 is accessible only from intranet and the other from internet

then separate the code depending on the url request

 

just an idea out of the top of my head

[mariocesar]

Ho can I authenticate base on hostname?

[NL_Rosko]

Ho can I authenticate base on hostname?

 

$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);

 

valid hostnames can be in an array, from outside then not accessible.

 

maybe better, not sure what is better

<?PHP
echo GetHostByName($_SERVER['REMOTE_ADDR']);
echo "<br />";
echo  $_SERVER['X_HTTP_FORWARDED_FOR'];
echo "<br />";
echo $_SERVER['REMOTE_ADDR'];
?>

[mariocesar]

This one is the one that changes, in the morning was 72.88.158.150 and now is 71.172.139.2 now is working fine but later is going to change. any other way?

[schilly]

You could try by hostname if it's an internal address. Do you have a small network with everyone running DHCP off Verizon?

 

71.172.139.2 = pool-71-172-139-2.nwrknj.east.verizon.net

72.88.158.150 = pool-72-88-158-150.nwrknj.east.verizon.net

[redarrow]

This is a debate that goes on the internet for years,

you need to use the users id that the only way.............

[mariocesar]

What do you men with users id?

[revraz]

Your client needs to give you their IP scope.  How can you allow a IP range when they don't provide it to you.