Page 1 of 1
Take on PAYING client tomorrow, I must get this working!
Posted: Sun Oct 07, 2007 12:28 pm
by valajio
Hi, my name is brandon i own a website thats serves images to other sites and did not expect to start charging till january 08, last week a very large website contacted us and we took them on as a paying client... I have set up a dedicated account and at first setup thier account to block other websites that may try to use thier account based on the domain (hostname) that the request comes from!
They contacted me and said they have a white list of ip addresses to thier servers that they will be making requests from...
I need to block any website that tries to use thier account based on these ip addresses...
basically if the request comes in and doesn't match the ip addresses listed on the clients account it will return an image that shows,"Domain does not match client, IP address has been recorded, mywebsite.com!"
Im using PHP Version 4.2.3, System Windows NT 5.1 build 2600, Build Date Oct 5 2002 15:06:37, Server API Apache Virtual Directory Support enabled Configuration File (php.ini) Path C:\WINDOWS\php.iniDebug Build noThread Safety enabled
Heres some code im using to try to get the block to work below :
Code: Select all
$ip = gethostbyname($_SERVER['HTTP_HOST']);
if (trim($ip) == '') { $ip = $_SERVER['HTTP_CLIENT_IP']; }
if (trim($ip) == '') { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; }
if ($ip != '68.178.254.126' or $ip != '76.121.38.240') {
sorry();
} else {
start();
}
Posted: Sun Oct 07, 2007 12:37 pm
by Michael A
An easier way might be to use
.htaccess.
Also, you should read the forum guidelines and post all php code with the
Posted: Sun Oct 07, 2007 1:23 pm
by Zoxive
Code: Select all
$IPS = array(
'192.168.0.102', '127.0.0.1'
);
// Can then Use External List, or Database List
if(!in_array($USER_IP,$IPS)){
sorry();
}else{
start();
}
doesn't work
Posted: Sun Oct 07, 2007 1:52 pm
by valajio
i tried the code above and that doesn't seem to work either... its almost like the variable $ip is getting lost in the if statement, loses value???
I've tried adding the acceptable ip addresses from the client to a field in the database and check the incoming ip address against those and that isn't working either... basically everything i've tried that "should work" isnt.... very frustrating....
ok wierd stuff going on here
Posted: Sun Oct 07, 2007 2:38 pm
by valajio
i've got it to work using mysql database added list of acceptable ip addresses to client table in dbase... but instead of validating the ip address of the domain the request came from it is validating it and showing the image based on my websites ip address???
Do not understand how this is possible but sure enough... this is what its doing here is the code below!
There are two ip address currently in the address field my website and the website ip im trying to block or allow, but is showing the image based on my ip address????
Code: Select all
$USER_IP=gethostbyname($_SERVER['HTTP_HOST']);
if (trim($USER_IP) == '') { $USER_IP = $_SERVER['HTTP_CLIENT_IP']; }
if (trim($USER_IP) == '') { $USER_IP = $_SERVER['HTTP_X_FORWARDED_FOR']; }
$host = "localhost";
$user = "username";
$pass = "password";
$dbname = "customer";
$connection = mysql_connect($host,$user,$pass) or die (mysql_errno().": ".mysql_error()."<BR>");
mysql_select_db($dbname);
$ckey = '$a143ab3848a9';
$query = "SELECT * FROM ipaccept WHERE ckey = '$ckey'";
$result= mysql_query($query);
$num_results = mysql_num_rows($result);
for ($i=0; $i < $num_results; $i++) {
$row = mysql_fetch_array($result);
}
if ($row["address"] == $USER_IP) {
start();
} else {
sorry();
}
mysql_close($connection);
Posted: Sun Oct 07, 2007 3:12 pm
by feyd
You're using HTTP_HOST.. that's the server's domain name.
the domain ip address is what i want the variable $USER_IP
Posted: Sun Oct 07, 2007 4:21 pm
by valajio
the domain (hostname) ip address is what i want the variable $USER_IP to be, people are going to try to use client accounts to request images from thier website to try to work around using our free service after they have reached thier limit (hits), i want to block other websites from using client account based on the ipaddress of thierwebsite.com, and if it doesn't match the clients ip addresses on file they get an image back saying "Domain does not match client, IP Address has been recorded, mywebsite.com"
get ip address of domain from incoming request
Posted: Sun Oct 07, 2007 4:24 pm
by valajio
is there a more accurate way to grab the ip address as a variable of the domain that the image request came from than the code i am using above???
Code: Select all
$requestedurl = parse_url($_SERVER['HTTP_REFERER']);
$site = $requestedurl['host'];
$site = str_replace( 'www.', '', $site);
$USER_IP = "{$_SERVER['$site ']}";
something like the above code maybe, i know this wont work above but you understand what im trying to do right???
i think i finally figured out not sure if stable or 100% acc
Posted: Sun Oct 07, 2007 4:52 pm
by valajio
i think i finally figured out not sure if stable or 100% accurate, but when i change the ip address in the database and make it differ from the domain ip the request came from, it fails which is what its supposed to do!!!! yay!
and when i change it back to the exact domain ip address it displays the image!!!! yay!
we'll heres all the crap code i wrote to get it working sorry so sloppy! But all we care about is that it freakin works right! RIGHT!
Code: Select all
$requestedurl = parse_url($_SERVER['HTTP_REFERER']);
$site = $requestedurl['host'];
$site = str_replace( 'www.', '', $site);
$USER_IP=gethostbyname($site);
if (trim($USER_IP) == '') { $USER_IP = $_SERVER['HTTP_CLIENT_IP']; }
if (trim($USER_IP) == '') { $USER_IP = $_SERVER['HTTP_X_FORWARDED_FOR']; }
$host = "localhost";
$user = "username";
$pass = "password";
$dbname = "customer";
$connection = mysql_connect($host,$user,$pass) or die (mysql_errno().": ".mysql_error()."<BR>");
mysql_select_db($dbname);
$ckey = '$a143ab3848a9';
$query = "SELECT * FROM ipaccept WHERE ckey = '$ckey'";
$result= mysql_query($query);
$num_results = mysql_num_rows($result);
for ($i=0; $i < $num_results; $i++) {
$row = mysql_fetch_array($result);
}
if ($row["address"] == $USER_IP) {
start();
} else {
sorry();
}
mysql_close($connection);
hallelujah!
nevermind code above does not work???
Posted: Sun Oct 07, 2007 4:54 pm
by valajio
so thought the CODE ABOVE would work but no, i think mysql dbase is having issues
only works if there is one row with the clients one ip address and client key
not multiple ip addresses and client key??? gettin smurfed.
Posted: Sun Oct 07, 2007 9:00 pm
by John Cartwright
Code: Select all
<img src="/path/to/image/script.php?image=foobar.jpg">
Assuming you are passing the images through a script to return the image contents, as shown above, the IP address will not be of the client but of the server requesting it (which is what you want). This way, you can validate several different ways, ip address is one, checking for session variables that are produced on other pages are another, etc.
Also, you might want to make use of the edit button. Very little reason to have four posts in a row.
P.S. This was in reference to your first post in the series of four.