Authenticating multiple IP addresses

Anon

Hello,

I am the web manager for a small liberal arts college.
I have a script set up to validate by IP address users that are on campus.
Our IT department now tells me that the students' computers on campus are not behind the firewall (from which I was getting my static IP). So I need to add those IP addresses.

I can't for the life of me figure out how to authenticate multiple IP addresses. I tried doing

if($userIP =="IP address1" or "IP address 2" or "IP address3" or "IP address4" or "IP address5")

//display the page

else{
//prompt for username and password
}

but it gave me access to the page even when my IP was different from the ones listed in the "if" statement.

Can anyone point me in the right direction?

THANKS

soulreaver

I've found that multiple options in IF statements are a bit flaky sometimes. This is how I do what you are trying to

<?
$ip = getenv ("REMOTE_ADDR");
$ip=explode(".",$ip);
$x=$ip[0].$ip[1];
$y=$ip[0].$ip[1].$ip[2];
$z=$ip[0].$ip[1].$ip[2].$ip[3];
if($z=='1020910310'){
header("Location:http://SERVER NAME/baa/login.php");
}elseif($y=='1921681'){
header("Location:http://SERVER NAME/bbrpl/start1.htm");
}elseif($x=="138248"){
header("Location:http://SERVER NAME/bbrpl/start1.htm");
}elseif($x=="10209"){
header("Location:http://SERVER NAME/bbrpl/start1.htm");
}else{
header("Location:http://SERVER NAME/baa/login.php");
}
?>

This option gives you multiple ways of testing the IP range depending on how exact you want to be.

Hope it helps

amcgrath

Just an observation: if you are not finding the IP address and sending them to a login page, why not check for a valid login (via session, etc)? Then, you won't have to struggle with changing IP's dropped IP's, etc....

PS: If you go with the above example, I'd use a switch statment instead of multiple if/elseif ....

raveman

Allen,

Good to hear from you again!

The thing is, we have one static IP address (the firewall) and then there are the IP addresses of the students machines (which are in the thousands). I don't want to create a database to read off of, so that's why I'm going with IP.
And then, if the IP doesn't match one in the list, then the user is given a login page.

I make sense to myself, but do you understand what I'm saying? :-)

Dave

amcgrath

OK, so basically if an IP address is in a given "authorized" list, you want to let them through, otherwise force them to login? Does this mean authorized IP addresses do not have to login, while others do (say student's off campus)?

Are the authorized IP's in a certain range? ie 192.11.XXX.XXX? if so, can you check on that, so you can scan a range, rather then on full IP address?

I assume, also, that you are checking for valid login data (a la cookie) so that an "unauthorized" user, who has logged in, doesn't keep getting thrown back to login.

Lastly, wouldn't just having all users log in, regardless of their IP address, in some fashion solve your situation?

raveman

Allen,

I'm going to answer these per question...

Allen McGrath wrote:

OK, so basically if an IP address is in a given "authorized" list, you want to let >them through, otherwise force them to login? Does this mean authorized IP >addresses do not have to login, while others do (say student's off campus)?

Yes, exactly.

Are the authorized IP's in a certain range? ie 192.11.XXX.XXX? if so, can you >check on that, so you can scan a range, rather then on full IP address?

One of the IP's never changes (the firewall), the rest are in a range and I do (I think) have it set up for the entire range of those IP addresses. Not sure if my syntax is correct, but it seems to work.

I assume, also, that you are checking for valid login data (a la cookie) so that >an "unauthorized" user, who has logged in, doesn't keep getting thrown back to >login.

Now you know what happens when you assume...No, I haven't implemented that yet. Most people who will access this are on campus and the few that aren't and have to login won't care.

Lastly, wouldn't just having all users log in, regardless of their IP address, in >>some fashion solve your situation?

It would, but you're talking about a constantly changing database of students, and well, there's only one of me doing absolutely everything with the website.
I'm not lazy, there's just not enough time in the day to do everything the way it should be done. You know?

Dave

amcgrath

No, I totally understand, jus tthought I'd toss out a few things, that's all, not meaning to be critical. This "constantly changeing database of students..." can you run jobs whenever new info is added/deleted, like send password, access directions, etc automatically? Either way, good luck...