SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    IP Address & Proxy login

    I have a script that checks your ip address and logs you in automatically.

    But I am having an issue with a company who is behind a proxy. It works for some employees, but does not work for all.... which is weird.

    Normally the script would redirect them to a page like this:
    www.website.com/member.php

    But with the customer behind the proxy their url looks like this:
    http://nameprod22.corp.company.com:1889/member.php

    The error message that they are getting is that they are not logged in, which would lead me to assume that they are coming from the right ip address, but there is something wrong in my script.

    There are only two paths:
    1) The script recognizes you as a valid ip address, creates a session, and redirects you to member.php

    2) The script does not recognize your ip address, and redirects you to login.

    What is happening, Im sure is #1, where their ip is recognized and its redirecting them to the member page, however somehow the session is not being created, and the user is getting an "Error, you do not have permission to view this page", because the member.php page is wrapped in an if($_SESSION) script to authenticate them first


    Here is the login script:
    PHP Code:
    <?php


    $my_ip 
    getIPaddress();

    if(
    $my_ip == "XX.XXX.XX.XX"){
        
            
        
    session_start();
        
                
    $username "ripcurlksm";
                
    $_SESSION['valid_user'] = $username;
                
    $_SESSION['access'] = getAccess($username);
                
    $_SESSION['license_type'] = getLicense($username);
                
    $_SESSION['account_type'] = getAccountType($username);
                            
                            
    // the users are getting to this page, but the session above is not being set... only for some users
                
    header('Location: ../member.php');
                    
        
    } else {
        
        
    header('Location: login.php');
    }
    ?>
    Here is the ip address script
    PHP Code:
    function getIPaddress(){
        if (!empty(
    $_SERVER['HTTP_CLIENT_IP'])){   //check ip from share internet
        
            
    $ip=$_SERVER['HTTP_CLIENT_IP'];
        
        } else if (!empty(
    $_SERVER['HTTP_X_FORWARDED_FOR'])){   //to check ip is pass from proxy
        
            
    $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
        
        } else {
        
            
    $ip=$_SERVER['REMOTE_ADDR'];
        
        }
        
            return 
    $ip;


    Why is this working for some, and not for all?

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,156
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Just a wild guess, but maybe it has something to do with the port, i.e. ":1889" ??

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would do some debugging. Log the value of all variables to a file, along with enough data to let you know what the result of the request was.

    It's probably cookie related though.

  4. #4
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    interesting crmalibu, but with the $_SESSION i am using, i am not using cookies.... or am i?

  5. #5
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,156
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Unless you are passing it around in the URL

  6. #6
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions generally use cookies. In one way or another, the concept of a session requires that the server can identify the specific browser/computer/user. Usually, a cookie is automatically set with a unique id in it which the browser sends back to the server on each future page request. The id can also be passed through the url query string, or through forms, but cookies are by far the most common way.

    print_r($_COOKIE); to see what the value of the session cookie. There's a good chance the browser isn't always sending the cookie though, which means that on those page requests, you won't be able to access the session data. btw-If the domain/subdomain changes, the browser may not send the cookie. This is a common source of problems like this.

  7. #7
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    You know how easy this would be to break by sending an X-Forward-For header?
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  8. #8
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    You know how easy this would be to break by sending an X-Forward-For header?
    what do you recommend to be the best method to get a clients ip address?

  9. #9
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    I recommend not to do it at all, use username plus password.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  10. #10
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the company we are doing this for is a large company, and they have other services that offer IP recognition, because they have too many people accessing the data and forgetting passwords, etc.

    Are there secure ways to allow login with IP recognition?

  11. #11
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Depends on the environment but I would utilize single signons. If it is a Windows environment would utilize a Domain and Active Directory to facilitate that.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  12. #12
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well this is running on my apache server. Its a simple PHP/MySQL database.

    Users login with a user/pass, checks the database, if true: creates a session, forwards them to member page.

  13. #13
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok so I have pinpointed the issue. The client told me they are connecting through a proxy server. Example:

    Proxy Server IP: 111.111.111.123

    So the entire office is connecting through the proxy IP of 111.111.111.123.... HOWEVER my tests with a person in the office who can not connect is using the ip address 111.111.111.144. How is this possible when they all connect through a proxy?

    PHP Code:
    $my_ip $_SERVER['REMOTE_ADDR'];

    if(
    $my_ip == "111.111.111.123"){
    echo 
    "Success!";
    }{
    echo 
    "Failed!";

    Am I not getting the proxy address by using $_SERVER['REMOTE_ADDR']? Is there a way to allow the ip address by range? 111.111.111.XX?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •