View Single Post
  #1  
Old 01-22-2009, 04:07 PM
m002.p's Avatar
m002.p m002.p is offline
 
Join Date: Jan 2007
Location: Worcester
Posts: 240
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Depend on IP to view restricted page?

Hi

Anyone know whether or how secure depending on a viewers IP is to then either get access to a restricted page or not?

I have a MYSQL table with up to date member IP's where in a php file I use this code to either enable access or deny it.

PHP Code:
// Declare IP Variable
$ip $_SERVER['REMOTE_ADDR'];

// MYSQL Permission Check

$usercheck mysql_fetch_array(mysql_query("SELECT * FROM members WHERE ip='".$ip."' AND now()-session < 1800 AND (rank='9' || rank = '10' || rank='11')"));

if (empty(
$usercheck))
{
header("Location: denied.php");
}

if (!empty(
$usercheck))
{
mysql_query("UPDATE distags SET session=NOW() WHERE ip='".$ip."'");

So how secure is the above code? I have a few pages running it which I want restricted and all works well.

However, from a secure PHP point of view, is it possible for someone to fake the users ip, find it out, or just gain access to the restricted page without fufilling the requirement?

Thanks for any constructive advice.

Matt
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01074 seconds
  • Memory Usage 1,766KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete