Hi
Anyone know whether or how secure depending on a viewers IP is to then either get access to a restricted page or not?
I have a MYSQL table with up to date member IP's where in a php file I use this code to either enable access or deny it.
PHP Code:
// Declare IP Variable
$ip = $_SERVER['REMOTE_ADDR'];
// MYSQL Permission Check
$usercheck = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE ip='".$ip."' AND now()-session < 1800 AND (rank='9' || rank = '10' || rank='11')"));
if (empty($usercheck))
{
header("Location: denied.php");
}
if (!empty($usercheck))
{
mysql_query("UPDATE distags SET session=NOW() WHERE ip='".$ip."'");
}
So how secure is the above code? I have a few pages running it which I want restricted and all works well.
However, from a secure PHP point of view, is it possible for someone to fake the users ip, find it out, or just gain access to the restricted page without fufilling the requirement?
Thanks for any constructive advice.
Matt