Login automatic using session_start(); and detect network

Hey i'm thinking now for about 3 days of a solution for my login scipt to login people from specific network automaticly. I just can't figure it out :)

This is a part of the index script i use so people can login manually

<?php

session_start();

if (session_is_registered("example")) {

require('./log_header.php');

}
else {
 header( 'Location:  pre.php' ) ;

}
?&g开发者_C百科t;

But i want that users who connected through a specific network [10.92.80.1] don't have to login :)

plz help :)

thanks!

SOLUTION

Firts of all thanks for the fast responses! :)

it's working now. here's the code i used, eventually :)

if (session_is_registered("example")) {

require('./header.php'); require('scripts/members.php');

}

elseif (strripos(gethostbyaddr($_SERVER['REMOTE_ADDR']), ".kulnet.kuleuven.be")) {

require('./header.php'); require('scripts/members.php');

} else {

header( 'Location: login.php' ) ;

} ?>

Thanks again! :)

Knowing that the server is not located within the private network, it's still actually a little more complicated than it seems. There's helpful network functions you can use though.

Step 1:
Put just this script somewhere burried within your site that only you know the url to:

<?php echo gethostbyaddr($_SERVER['REMOTE_ADDR']); ?>

Step 2:
Open that above page in your browser while you are browsing from within the private network. This will give you the outfacing hostname of the network. Write down just the last fully qualified hostname part (IE, out of "436-2-x235.myuniversity.com", you want just ".myuniversity.com". Or maybe it has "mydorm.myuniversity.com" in it, so you can filter down to just your dorm). With that hostname written down, you can delete the above file. The reason for getting the network hostname is that the external IP address of the network may unexpectedly change either because of ISP reassignment or by the university switching users through a different exit point.

Step 3:
Change your code in your login check to something like this...

if (strripos(gethostbyaddr($_SERVER['REMOTE_ADDR']), ".myuniversity.com")) {
    // client is in private network
    }
else {
    // client is _not_ in private network
    }

Some caveats: client's remote address is not reliable due to proxies or spoofing. But if someone is proxying through the network, they may as well be a student there.

If you want to set it for a longer time. Why not creating a cookie? The only thing you can check is a hash code or something..

You can get the clients IP Address by looking at the REMOTE_ADDR element of the $_SERVER global.

$_SERVER['REMOTE_ADDR'];

1. Retrieve IP adress:

$ip=@$REMOTE_ADDR;<br>
echo "<b>IP Address= $ip</b>";

BTW this can be faked(spoofed) and should be filtered. If it contains rely critical data you should not really on this kind of information.

2. Next check if in range:
<?php

class ValidRange {
    // 10.92.80.1
    static function valid($ip) {
        $pieces = explode(".", $ip);

        if ($pieces[0] <> 10) {
            return FALSE;
        } else if ($pieces[1] <> 92) {
            return FALSE;
        } else if ($pieces[2] <> 80) {
            return FALSE;
        } else {
            return TRUE;
        }
    }

}

class ValidRangeTest extends PHPUnit_Framework_TestCase {
    public function testIP() {
        $this->assertFalse(ValidRange::valid("11.91.80.1"));
        $this->assertFalse(ValidRange::valid("10.92.81.1"));
        $this->assertTrue(ValidRange::valid("10.92.80.1"));
    }
}