View Full Version : Guidance on IP Address User Authentication
I have created a simple user registration system for a client using Dreamweaver, PHP and MySQL. Everything works fine and everyone has been satisfied until recently.
My client markets her website to school districts and a very large school district has requested that they be able to access the site without going through the login. Instead they want to "authenticate via IP address for IP addresses that are inside the district"
Unfortunately this one is pretty far over my head. I have tried to research the topic on Google but I'm not getting anywhere.
I hate to cause my client to lose this very valuable school district.
Can anyone point me to a good resource to learn more about this topic?
6-11-06, 05:42 PM
It's actually pretty easy. In your .htaccess file, simply add the following lines:Deny From All
Allow From xxx.xxx.xxx.xxxReplace xxx.xxx.xxx.xxx with the IP address that you wish to allow access. Copy the last line as needed for the different IP addresses required.
Wow! Thanks for the quick reply.
I just want to clarify -- does this mean the ONLY way to access the members only area will be via IP authetication? Or can I set it up as a separate access method for this one school district since everyone else is fine with the login approach?
6-11-06, 06:02 PM
Right - this means that the login method should be done away with site-wide as authentication would be automatic via IP address.
Darn! That won't work for this project.
Even the school district that is requesting IP authentication wants the ability for their staff members to use the password system when logging in from outside the district. Plus the site has members worldwide and I don't think the IP approach is best for most users -- I was under the impression that many ISP's assign IP's with each separate sign-in, with AOL taking it even further. Plus many teachers do lesson prep from home and would need to be able to access the site.
Oh well, I was excited for a few minutes! If you can point me in a direction to research this further I'd be much obliged...
The way to get a user's IP address in PHP is
$whatever = $_SERVER['REMOTE_ADDR'];
Then you would want to check that the IP matches a specific address, or for a block of addresses, you could use substr() (http://us2.php.net/substr) or explode() (http://us2.php.net/manual/en/function.explode.php) to check that just the first portion of the IP matches. If it matches you'd bypass the normal username/password login and send them straight to the logged in page. (If it's a seperate PHP file, you can use header("Location: http://example.com/whatever.php"); to redirect.) On the logged in page you'd double-check that either the username/password is good, or the IP address is good.
It's hard to be more specific without knowing how your system works, but hopefully this puts you in the right direction. Good luck.
Thanks! That at least gives me a great starting point. I'm certainly no programmer, but so far I've been able to figure out most things if I just find the core concept and you've done that for me.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.