PHP IF ELSE Based on IP ?

I want to allow myself a pass-thru to the Drupal login page.

Login page is at /user and my IP is the 69.

Here's part of the code. When i run it, I just get white page.

$ref = $_SERVER["HTTP_REFERER"];
if(!$user->uid) {
		$ip = $_SERVER['REMOTE_ADDR'] == 69.143.164.204)
		header ("https://navigator-dev.cap.gsa.gov/user");
		} else {
				if ($ref != 'https://hallways-dev.fas.gsa.gov/hallways/ITHardware')
				{
					drupal_goto("https://hallways-dev.fas.gsa.gov/hallways/homepage/welcome.html");
					exit();
				}else {
				$username=base64_decode($_GET['c']);
				if($username) {
				$myaccount = cas_user_load_by_name($username);
				if ($myaccount) {
				$user = user_load( $myaccount->uid);
					}
				}	
				}
			}
	}

Open in new window

sandshakimiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
You have an extra closing squiggly

And you need to wrap your IP in quotation marks

$ip = $_SERVER['REMOTE_ADDR'] == "69.143.164.204")
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
At a minimum you need to change these lines 3-4.  Deployed Drupal systems suppress error messages, so you may have some more work to do.  Perhaps you have an error_log file?
$ip = $_SERVER['REMOTE_ADDR'] == '69.143.164.204';
		header ("Location: https://navigator-dev.cap.gsa.gov/user");

Open in new window

0
Ray PaseurCommented:
Wow, or maybe I'm mistaken.  Can you just tell us in plain language what you want to achieve - looking at the code that doesn't work is kind of confusing to me.
0
gr8gonzoConsultantCommented:
I have some big concerns about your code snippet.

1. IP filtering is not safe. IPs can be spoofed. It's fine as an outer layer of security to simply exclude the basic riff-raff, but that should be it. Don't use it to allow any special access to your system.

2. Don't hardcode your own IP into a security system's code. You never know if your IP might change or you might be at a different location than you expected, and you could get locked out.

3. I see a base64_decode() on a $_GET parameter called "c" - and then that value is  passed into a function that loads a user by that username value and looks like it logs the person in. That looks REALLY sketchy. Anyone can encode/decode Base64 values extremely easily, so you not only run the risk of exposing usernames, but you might be exposing that user's information later on. Don't take values from $_GET without data sanitation and some checks to make sure that it's not been tampered with (use some simple hashing checksums).

4. Don't use HTTP_REFERER as part of your security. It can easily be spoofed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.