Page 1 of 1

Just Checking

Posted: Mon Nov 21, 2005 12:02 pm
by Technocrat
I want to block out people from getting into an admin area. I would like to do this by using ip addresses and ranges. I wrote the following code and it works, but I just want to make sure its done correctly (or if there is a better way maybe).

Code: Select all

$ips = array('192.168.15.1', '192.168.20', '192.168.19.55');
if(isset($ips) && is_array($ips)) {
	$ip_check = implode('|^',$ips);
	if (!preg_match("/^".$ip_check."/",$_SERVER['REMOTE_ADDR']))
    {
        die('Invalid IP<br />Access denied');
    }
}
Thanks

Posted: Mon Nov 21, 2005 1:24 pm
by Chris Corbyn
That looks like a clean way of doing it to me.

I'm not sure just how secure it is though.... $_SERVER['REMOTE_ADDR'] can be tainted quite easily I reckon so I'd bear that in mind. timvw has a snippet written in the code snippets forum here I believe which makes a fingerprint of the client based upon a number of factors which may be of interest :) I'd really have password restriction in place myself though.

Posted: Mon Nov 21, 2005 1:31 pm
by Technocrat
Is there a better way to pull the IP that is more secure?

I found his snippet, umm....wow. I will have to try it out.

Posted: Mon Nov 21, 2005 1:33 pm
by Technocrat
I guess I should add that this is just to add another level of security to it. There is already a password and such.