Just Checking

Any questions involving matching text strings to patterns - the pattern is called a "regular expression."

Moderator: General Moderators

Post Reply
User avatar
Technocrat
Forum Contributor
Posts: 127
Joined: Thu Oct 20, 2005 7:01 pm

Just Checking

Post by Technocrat »

I want to block out people from getting into an admin area. I would like to do this by using ip addresses and ranges. I wrote the following code and it works, but I just want to make sure its done correctly (or if there is a better way maybe).

Code: Select all

$ips = array('192.168.15.1', '192.168.20', '192.168.19.55');
if(isset($ips) && is_array($ips)) {
	$ip_check = implode('|^',$ips);
	if (!preg_match("/^".$ip_check."/",$_SERVER['REMOTE_ADDR']))
    {
        die('Invalid IP<br />Access denied');
    }
}
Thanks
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

That looks like a clean way of doing it to me.

I'm not sure just how secure it is though.... $_SERVER['REMOTE_ADDR'] can be tainted quite easily I reckon so I'd bear that in mind. timvw has a snippet written in the code snippets forum here I believe which makes a fingerprint of the client based upon a number of factors which may be of interest :) I'd really have password restriction in place myself though.
User avatar
Technocrat
Forum Contributor
Posts: 127
Joined: Thu Oct 20, 2005 7:01 pm

Post by Technocrat »

Is there a better way to pull the IP that is more secure?

I found his snippet, umm....wow. I will have to try it out.
User avatar
Technocrat
Forum Contributor
Posts: 127
Joined: Thu Oct 20, 2005 7:01 pm

Post by Technocrat »

I guess I should add that this is just to add another level of security to it. There is already a password and such.
Post Reply