I have a script that checks your ip address and logs you in automatically.
But I am having an issue with a company who is behind a proxy. It works for some employees, but does not work for all.... which is weird.
Normally the script would redirect them to a page like this:
www.website.com/member.php
But with the customer behind the proxy their url looks like this:
http://nameprod22.corp.company.com:1889/member.php
The error message that they are getting is that they are not logged in, which would lead me to assume that they are coming from the right ip address, but there is something wrong in my script.
There are only two paths:
1) The script recognizes you as a valid ip address, creates a session, and redirects you to member.php
2) The script does not recognize your ip address, and redirects you to login.
What is happening, Im sure is #1, where their ip is recognized and its redirecting them to the member page, however somehow the session is not being created, and the user is getting an "Error, you do not have permission to view this page", because the member.php page is wrapped in an if($_SESSION) script to authenticate them first
Here is the login script:
<?php
$my_ip = getIPaddress();
if($my_ip == "XX.XXX.XX.XX"){
session_start();
$username = "ripcurlksm";
$_SESSION['valid_user'] = $username;
$_SESSION['access'] = getAccess($username);
$_SESSION['license_type'] = getLicense($username);
$_SESSION['account_type'] = getAccountType($username);
// the users are getting to this page, but the session above is not being set... only for some users
header('Location: ../member.php');
} else {
header('Location: login.php');
}
?>
Here is the ip address script
function getIPaddress(){
if (!empty($_SERVER['HTTP_CLIENT_IP'])){ //check ip from share internet
$ip=$_SERVER['HTTP_CLIENT_IP'];
} else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ //to check ip is pass from proxy
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Why is this working for some, and not for all?
