REMOTE_ADDR comparison

danielftl

I have often used a piece of code on the top of my pages such as:

<?
if (strcasecmp($REMOTE_ADDR,"10.10.10.10") != 0)
{
header("Location: http://www.ratio.net/");
exit;
}

to block users from accessing certain php pages.

Currently, I have this code on php pages installed on a Linux machine running PHP 3.x as you can see at http://www.consumersadvantage.com/phpinfo.php. We're migrating content to a new machine running PHP 4.06. You can see this at http://annapolis.hostastic.com/phpinfo.php. Now, when accessing this code on a page on the old machine it works great, but accessing it on the new machine, it doesn't work at all.

This code is intended to block users not of the hard-coded IP address (used in combination with authentication, but that is not important here).

I have tried the following:

echoing $REMOTE_ADDR in the title of the html page (IT DOES DISPLAY THE CORRECT IP OF THE USER accessing the page)

using $ipaddress = getenv("$REMOTE_ARR") and doing a strcasecmp on $ipaddress and the hard-coded address as follows:

$ipaddress = getenv("$REMOTE_ADDR");
if (strcasecmp($ipaddress,"10.10.10.10") != 0
{
...
}

comparing this way:

if ($REMOTE_ADDR != "10.10.10.10")
{
...
}

it doesn't work that way either

So, on the new machine, aside from authentication, it lets everyone in if just that code (that I pasted at the beginning of this message) is used.

So, if you know what might be causing this problem. Let me know.

Anon

using $ipaddress = getenv("$REMOTE_ARR")
and doing a strcasecmp on $ipaddress and

just in case this was a copy-paste from your code, you misspelled remote_addr.

However, I doubt you did copy-paste, so I would advice, you try $GLOBALS['REMOTE_ADDR'] in stead of getenv. I have had problem before with getenv, like that it only works after reloading a page. Worth a shot.

-jens

danielftl

Thank you. I have fixed the problem with the following:

$ipaddress = getenv($REMOTE_ADDR);
if ($ipaddress != "10.10.10.10")
{
header("Location: http://www.ratio.net/");
exit;
}

Apparently, removing the quotes from the getenv works. Although I might add that the www.php.net manual shows usage of the quotes around the $REMOTE_ADDR.

http://www.php.net/manual/en/function.getenv.php

mithril

Ah yes, but the manual example isn't using the $REMOTE_ADDR variable..... it's using getenv() to grab the REMOTE_ADDR value from the envar table by specifying "REMOTE_ADDR" as string argument. Your example failed because you were trying to use the variable.

This should also work just fine, and saves the memory needed to create the $ipaddress variable.

  if (getenv("REMOTE_ADDR") != "10.10.10.10") {

    header("Location: http://www.ratio.net/");
    exit();
  }

geoff