Page 1 of 1

compare $_SSSION['ip'] with real ip

Posted: Thu Sep 09, 2004 7:01 am
by Think Pink
hellow.
i have a login page where in login.php i have:

Code: Select all

<?php
$_SESSION['ip'] = $_POST['ip'];
?>
in auth.php I check to see

Code: Select all

<?php
$new_ip = getenv("REMOTE_ADDR"); 
if($_SESSION['ip'] != $new_ip)
{
   die ("Not logged in");
}
?>
the problem is that if the user is behind a proxy, I won't be able to see his real ip.
So for this I have the following function:

Code: Select all

<?php
function getIP() {
$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv("HTTP_X_FORWARDED_FOR");
else if(getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "UNKNOWN";
return $ip;
}
?>
my question is :
How can I check now in auth.php if $_SESSION['ip'] is the same with the ip provided by the function?

thx

Posted: Thu Sep 09, 2004 10:34 am
by jakobdoppler
What about that ?
_yak

Code: Select all

<?php
if($_SESSION['ip'] != getIP()) 
...
?>

compare $_SSSION['ip'] with real ip

Posted: Thu Sep 09, 2004 10:37 am
by Think Pink
i'm not that stupid
i tried that and is not wotking. i get a parse error.