| View previous topic :: View next topic |
| Author |
Message |
TerraFrost
-
Joined: 17 Oct 2004
Posts: 4
|
 Posted: Sun Jul 30, 2006 8:35 am Post subject: password protected for non-private ip ranges? |
 |
|
Say I wanted to password protect my website to all IP addresses save for those in the private IP range?
For instance, if the REMOTE_ADDR was google.com's IP address, I'd want access to require a password. If, however, it was 192.168.1.2's IP address, I wouldn't want to be prompted for a password.
Any ideas as to how to do this? |
|
| Back to top |
  |
 |
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sun Jul 30, 2006 12:46 pm Post subject: Re: password protected for non-private ip ranges? |
|
|
TerraFrost,
With the current version, this isn't possible without using a script to control and serve the protected files.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Sun Jul 30, 2006 1:31 pm Post subject: |
|
|
Anti-Hacking can ban someone after a certain amount of failed logins. Have
you thought about Abyss's IP Address Controle? You can allow access to your
private IP range and block access to global IP Addresses.
I believe this is the feature you really want. |
|
| Back to top |
 |
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Sun Jul 30, 2006 2:37 pm Post subject: Re: password protected for non-private ip ranges? |
|
|
| aprelium wrote: | | With the current version, this isn't possible without using a script to control and serve the protected files. |
Would be possible if you created a virtual path and limited the access using IP address control. The original path should be password protected.
You wont get the same URL, but it will work.
However, my PHP-login is pretty easy to modify to make it work like you want it to.
File: class_login
| Code: | <?php
//Default message if no message is set.
$message = "Please sign in";
//This will allow some IPs to access the page without having to login:
if ($_SERVER['REMOTE_ADDR'] == "127.0.0.1") { $accept_login = true; }
if ($_SERVER['REMOTE_ADDR'] == "192.168.0.1") { $accept_login = true; }
if ($_SERVER['REMOTE_ADDR'] == "192.168.13.37") { $accept_login = true; }
//Do not touch below unless you know what you're doing
$htaccess = "users.php";
error_reporting(0);
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
session_start();
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
foreach(explode("\n", implode("", file($htaccess))) as $void => $row) {
$row = str_replace("\r", "", $row);
$array_chunk = explode(":", $row);
if ($array_chunk[0] == "_auth_msg") {
$message = $array_chunk[1];
} else {
if ($user == $array_chunk[0] && $pass === $array_chunk[1] && $pass != "" && $user != "" && $array_chunk[1] != "" && $array_chunk[0] != "" && $array_chunk[2] != "1") {
$accept_login = true;
}
if ($user == $array_chunk[0] && md5($pass) === $array_chunk[1] && $pass != "" && $user != "" && $array_chunk[1] != "" && $array_chunk[0] != "" && $array_chunk[2] == "1") {
$accept_login = true;
}
}
}
unset($pass);
if (!isset($_SESSION['llogin_set_failedlogins'])) { $_SESSION['llogin_set_failedlogins'] = 0; }
if ($user != "" && !$_SESSION['llogin_set_nosleep']) { sleep(5); }
if (!$accept_login) {
$_SESSION['llogin_set_nosleep'] = false;
if ($user != "") {
$_SESSION['llogin_set_failedlogins']++;
}
if ($_SESSION['llogin_set_failedlogins'] < 5) {
header("www-authenticate: basic realm=\"$message\"");
}
header("content-type: text/plain");
if ($_SESSION['llogin_set_failedlogins'] < 5) {
header('HTTP/1.0 401 Unauthorized');
echo "ERROR 401 - Unauthorized.";
} else {
header('HTTP/1.0 403 Forbidden');
echo "403 - Forbidden.";
$_SESSION['llogin_set_nosleep'] = true;
}
die("\n\nYou are not allowed to view this page.\n_________________________\nPowered by L-Login\nWritten by Kisom");
} else {
$_SESSION['llogin_set_nosleep'] = true;
$_SESSION['llogin_set_failedlogins'] = 0;
}
unset($accept_login);
unset($message);
unset($void);
unset($row);
unset($htaccess);
?> |
File: users.php
| Code: | <?php die ?>
_auth_msg:default realm
user:password:0
user2:password in MD5:1 |
File: test.php
| Code: | <?php include("class_login") ?>
Welcome, you are signed in as <?php echo $user ?>. |
|
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Mon Jul 31, 2006 12:31 pm Post subject: Re: password protected for non-private ip ranges? |
|
|
TerraFrost,
There is another idea: if you want to protect the virtual path /data/images as you explained above, you can create an alias called /private/data/images (or any other name) and make it point to the real path of /data/images . So both /data/images and /private/data/images will point to the same pages.
Now protect /private/data/images using IP protection and make it only accessible to local IPs, and protect /data/images with passwords.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
