How to restrict access to a web page by user's IP address?

How should i go about restricting access to a web page depending on user’s IP.
the reason being i don’t want to give access to some content on a page if user is not inside a intranet (with say 10...*) and if user is inside intranet then we’ll decide later if she is admin or not blah.blah.

so even if a user is admin and she is accessing a restricted page from outside the intranet then she is not allowed to.

i couldn’t figure out how to go about that.

Please Help

Probably best to use .htaccess. Add DENY XXX.XXX.XXX.XXX to the file! :slight_smile:

  • Mark

You might also just add a line to the top of your script (if you don’t want to get into maintaining the .htaccess file)


<?
if (substr($REMOTE_ADDR,0,3) != "10.") {
 echo "You are not allowed!";
 exit();
}

//.... rest of your code goes here ....
?>

Basically, if the first three characters of the IP address are not “10.” (i.e. 10.x.x.x), it will give an error (or whatever you want) and not process the rest of the script.

Hope that helps.

  • Trog

the thing is i have a configuration file and i won’t know which IP addresses are allowed.
so the configuration file would be something like this


$cfg['ipallowed']['10.*.*.*'] = 1;
$cfg['ipallowed']['290.*.*.*'] = 1;
$cfg['ipallowed']['141.142.143.143'] = 1;

so this file is used at run time and you’d have no cluse which IP addresses are allowed whether the whole class like 10...* or just on IP address 10.100.1.0
and same with not allowed which’d be a rare case like


$cfg['ipnotallowed']['1.*.*.*'] = 1;


if (substr($REMOTE_ADDR,0,3) != "10." || substr($REMOTE_ADDR,0,3) != "290." || $REMOTE_ADDR != "141.142.143.143") {
echo "You are not allowed!";
exit();
}

Well in your config file then change 10...* to 10. and so on if you want to allow the whole thing, then loop through the array, get the strlen of each ip, then use that value to check ip. something like this:



//loop through array. $value is the ip address
//if $value was 10. then strlen would be 3.

$count = strlen($value);
if (substr($REMOTE_ADDR,0,$count) != $value) {
echo "You are not allowed!";
exit();


Silly

AND i thought it was easy :smiley: . well back to drawing board.

Which part isnt easy? Just loop through the array. the main change is just to change how you store the ip in the array. Instead of ...* just stop at the block you want to allow. So instead of 10...*, use 10.

A one dim array would work perfectly:



$allow = array('10.','192.168.10.');
$current_ip = $_SERVER['REMOTE_ADDR'];

foreach($allow AS $value)
{

$count = strlen($value);
$block = substr($current_ip,0,$count);

if($block == $value)
{

//allow user in

}else
{

//scram

}

}


Silly

well what ya know …ITS WORKING hurray
thanks everybody.

What did you do to get it working?

Silly

just one thing. Copy and pasted your code :smiley:

i am gonna use that. thanks
but there is still something that i feel is not functional with this code
like say the allowed IP is


$cfg['ipallowed'][]='10.*.100.2';

Slight variation of SillySoft’s code, I just tried to make it a little cleaner. :wink:

 
  <?php
   $allow = array('10.','192.168.10.');
   $current_ip = $_SERVER['REMOTE_ADDR'];
   
   foreach($allow AS $value)
   {
   	$count = strlen($value);
   	$block = substr($current_ip,0,$count);
   
   	if($block != $value)
   	{
   		echo 'You\\'re not allowed here!';
   		exit();
   	}
   } 
   ?>
       

thanks CubitGuy
i have the script working wonderfully.
like i mentioned before the only problem is how do i go about allowing the following IP

$cfg[‘ipallowed’]=‘10.*.100.90’;

well its not actually the problem. i just want this more functionality IF POSSIBLE or else the script SillySoft gave me is perfect and its working already.

Proof of Concept (can’t say this works as is…)


 $current_ip = $_SERVER['REMOTE_ADDR'];
 
 $valid_ip = false;
 
 // Convert IPs to Regex
 foreach($cfg['ipallowed'] as $index=>$ip);
 {
    $ip = str_replace('.', '\\.', $ip);
    $ip = str_replace('*', '[0-9]|^1?\\d\\d$|2[0-4]\\d|25[0-5]');
    if (preg_match($ip, $current_ip)
    {
 	  $valid_up = true;
 	  break;
    }
 }
 
 if ($valid_ip)
 //...
 
 

yeeehah. lieut_data you did it
the following is just the corrected(just for syntax otherwise its perrrrrrfect) version of the lieut_data’s script
i tested it with the following and its working perfectly


    $cfg['ipallowed'][]='127.*.0.1';
    $cfg['ipallowed'][]='127.0.0.1';
    $cfg['ipallowed'][]='*.0.0.1';

	foreach($cfg['ipallowed'] as $ip)
	{
		$ip = str_replace('.', '\\.', $ip);
    	$ip = str_replace('*', '[0-9]|^1?\\d\\d$|2[0-4]\\d|25[0-5]',$ip);
		$ip = '/'.$ip.'/';
    	if (preg_match($ip, $userIp))
	    {
	      $valid_up = true;
    	  break;
	    }
		
	}


thanks lieut_data and thanks everybody for your time.