htaccess

mark_kccs

At present I have a site that uses htaccess with both password and allow IP's for different clients. I want to convert this to a DB based login but still maintain the allowing of certain IP's to have access to the protected areas without having to login using a script to handle the process. My concern is the allow IP section. Is the vunerability the same for both methods (htaccess or a script) and is there any filtering that I can add to the scipt to sanitise the IP's or perhaps an encrypted token of some sort?

Many thanks

kbc1

Can you not store the static IP of your client against the login account details in the database, and then when the user logs in, firstly check the login details are correct and then secondly check that the IP address they are coming from matches the one in the database?

Not totally sure why you are restricting access to IP's only. Surely if someone has login details then they should be allowed access regardless of their IP?

mark_kccs

Thanks for the reply

Sorry but maybe I did not make this clear that some clients have to login whilst others are allowed in from selected IP address's but not both.

Thanks

NogDog

$_SERVER['REMOTE_ADDR'] should have the IP address.

mark_kccs

Thanks for the reply

My question is more to the security side of things if that makes sense.

Thanks