Solved

PHP IF ELSE Based on IP ?

Posted on 2014-10-07
4
162 Views
Last Modified: 2014-10-10
I want to allow myself a pass-thru to the Drupal login page.

Login page is at /user and my IP is the 69.

Here's part of the code. When i run it, I just get white page.

$ref = $_SERVER["HTTP_REFERER"];
if(!$user->uid) {
		$ip = $_SERVER['REMOTE_ADDR'] == 69.143.164.204)
		header ("https://navigator-dev.cap.gsa.gov/user");
		} else {
				if ($ref != 'https://hallways-dev.fas.gsa.gov/hallways/ITHardware')
				{
					drupal_goto("https://hallways-dev.fas.gsa.gov/hallways/homepage/welcome.html");
					exit();
				}else {
				$username=base64_decode($_GET['c']);
				if($username) {
				$myaccount = cas_user_load_by_name($username);
				if ($myaccount) {
				$user = user_load( $myaccount->uid);
					}
				}	
				}
			}
	}

Open in new window

0
Comment
Question by:sandshakimi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 167 total points
ID: 40367079
You have an extra closing squiggly

And you need to wrap your IP in quotation marks

$ip = $_SERVER['REMOTE_ADDR'] == "69.143.164.204")
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 167 total points
ID: 40367089
At a minimum you need to change these lines 3-4.  Deployed Drupal systems suppress error messages, so you may have some more work to do.  Perhaps you have an error_log file?
$ip = $_SERVER['REMOTE_ADDR'] == '69.143.164.204';
		header ("Location: https://navigator-dev.cap.gsa.gov/user");

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40367094
Wow, or maybe I'm mistaken.  Can you just tell us in plain language what you want to achieve - looking at the code that doesn't work is kind of confusing to me.
0
 
LVL 35

Assisted Solution

by:gr8gonzo
gr8gonzo earned 166 total points
ID: 40367289
I have some big concerns about your code snippet.

1. IP filtering is not safe. IPs can be spoofed. It's fine as an outer layer of security to simply exclude the basic riff-raff, but that should be it. Don't use it to allow any special access to your system.

2. Don't hardcode your own IP into a security system's code. You never know if your IP might change or you might be at a different location than you expected, and you could get locked out.

3. I see a base64_decode() on a $_GET parameter called "c" - and then that value is  passed into a function that loads a user by that username value and looks like it logs the person in. That looks REALLY sketchy. Anyone can encode/decode Base64 values extremely easily, so you not only run the risk of exposing usernames, but you might be exposing that user's information later on. Don't take values from $_GET without data sanitation and some checks to make sure that it's not been tampered with (use some simple hashing checksums).

4. Don't use HTTP_REFERER as part of your security. It can easily be spoofed.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question