could someone please make me a script that only allows certain IP address to view a folder?

eg: if the computer ip address was 11.111.11 they could view the pages in a folder and if the ip address wasn't 11.111.11 they got redirected to the main website page?

thanks :-)

Are talking about in a local network or public domain? If you were talking about public, take a look around the forums. I believe there are some scripts like that (you may need to edit it to suit your needs) floating around somewhere. As for a local network (unless you automatically assign the computers on your network) it would be a mess. I guess you need more specifics in that, but as I said before, just take a look around the forums for something to do with remote address (IP Address).

EDIT: I noticed that this is in the Javascript forum. I don't know how you would do it with javascript but I'm sure someone else here does. If not, this can be easily accomplished using server-side languages (PHP, ASP, etc).

Hope this helps.

Not in Javascript, no. You'd need some server-side language.

drat - ok i found this post by blizzard. How would one go about changing it to only allow certain ip addresses?

http://www.dynamicdrive.com/forums/showpost.php?p=24021&postcount=6

Saw you posted before I finished typing mine out.

Change the following in red:



ErrorDocument 403 /banned.html
order allow,deny
allow from 192.22.33.44
deny from all


Hope this helps.

Not sure how to add mulitple IP Addresses (in .htaccess that is). Sure someone else does though.

Well... if your server is php enabled:

<script type="text/javascript">
var ip = "<?php echo $_SERVER['ADDR']; ?>"
if (ip == ip address here) {
dosomething();
}
</script>


pointless though, seeings you could do exactly the same thing with PHP and the user wouldn't be able to see it.

/EDIT: Sorry test, we cross posted

thanks :D

to ad more would i just have to add the
?allowed =
line again?

Lol... triple cross-posting. ^^

Not a prob mike, posted a php script, then saw the OP posted an htaccess file and had to change the post.

//EDIT: and again.

to ad more would i just have to add the
?allowed =
line again?Yes. Make sure your new lines are above the Deny line.

Ok, so it would be something like this:



ErrorDocument 403 /banned.html
order allow,deny
allow from 192.22.33.44
allow from domain.com
allow from 192.168.1.1
deny from nondomain.com


right?

tried this: doesnt work :( only redirects me :(

<?php
$ip = $_SERVER['http://h1.ripway.com/toplus/admin/'];
$allowed = "81.158.51.49";
$website = "http://aidantest.x.am";

if ($ip != $allowed) {
header('Location: '.$website);
}
?>

The $_SERVER part should be like this:



$_SERVER['REMOTE_ADDR'];


Do not change that part.

ok - fixed that part but still wont work :(

Try this to see if you are getting the correct ip address.



<?php

echo $_SERVER['REMOTE_ADDR'];
?>

ah - had the wrong ip address - thanks :D

Code works as well :D :D

Glad to hear it.

problem :(

this is the script:

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$allowed = "192.168.0.5";
$allowed = "81.129.155.0";
$allowed = "81.77.193.171";
$website = "http://toplus.x.am";

if ($ip != $allowed) {
header('Location: '.$website);
}
?>

my IP is 81.129.155.0 but it redirects me :(

P.S - If you have 3 computers on the same internet connection does it give each PC the same ip???

Yes, if you hade 3 computers hooked up through a router, all 3 computers would have the same WAN IP Address (different LAN addresses). If you were accessing this script from your home computer (and assuming you have it hosted elsewhere on the web), then all of your computers will disply the 81.129.155.0 ip.

Now on to the script. I set that up to only do 1 IP address. To modify it, you would need to add the IP's to an Array.

Try the following:



<?php
$ip = $_SERVER['REMOTE_ADDR'];
$allowed = Array("192.168.0.5", "81.129.155.0", "81.77.193.171");
$website = "http://toplus.x.am";

foreach ($allowed as $ips) {
if ($ip != $ips) {
header('Location: '.$website);
}
}
?>

Not tested.

i now get
"Parse error: parse error, unexpected $end in \\192.168.0.16\webfiles\files\2007-1\1253297\admin\moderator030207\index.php on line 149"

ok, try the following:



<?php
$ip = $_SERVER['REMOTE_ADDR'];

$allowed = Array("192.168.1.1", "10.0.0.2", "1.0.0.1"); //array of allowed ip addresses to view your page
$website = "http://toplus.x.am"; //website to redirect to if ip address does not match one of the above

foreach ($allowed as $ips) {
if ($ip != $ips) {

$allow = "false";
}

else {
$allow = "true";
}
}

if ($allow != "true") {
header('Location: '.$website);
}
?>


Change the items in red above with. Make sure it has the same format as in the example. I have tested it, and it works. As far as the parse error, it could be something else in your code such as a bracket missing. (I say in your code because in the snippet I posted, there is not 149 lines.)

Hope this helps.

ok - this is the code:

<?php
$ip = $_SERVER['REMOTE_ADDR'];

$allowed = Array("81.77.193.171", "192.168.0.5", "81.129.155.0");
$website = "permissions.php";

foreach ($allowed as $ips) {
if ($ip != $ips) {

$allow = "false";
}

else {
$allow = "true";
}
}

if ($allow != "true") {
header('Location: '.$website);
}
?>

but it still redirects me :(

And you are sure that you have the correct IP Addresses in the allowed array?

yes - sure :D

Yes -- that code is broken. Unless the IP is the last IP in the array, it will deny access.
<?php
$allowed = Array('192.168.1.1', '10.0.0.2', '1.0.0.1');
$website = 'http://toplus.x.am/';

if(!in_array($_SERVER['REMOTE_ADDR'], $allowed))
header('Location: ' . $website);
?>

It works perfectly on my home server, when I try it. Even when I VNC into my work computer and access it from there. I've ran into a rpoblem like this before where REMOTE_ADDR did not work. Come to find out it was some other identifier for the ip address (something like HTTP_PC_REMOTE_ADDR). I'm wondering if this is the case here.

The SERVER['REMOTE_ADDR'] thing for getting IP address is inconsistent. The last set of digits preceding the . constantly change for me. Weird...

thanks twey :D - your code works (for the time being)

OK, let's trace this in an array where there are two IPs, the first matching the client's IP and the second being another that doesn't match.

The loop will iterate twice, once for each address. First iteration:

if ($ip != $ips)
$allow = "false";Not executed, since the IP does match.

else
$allow = "true";IP matches, so this executes and $allow is now true.

Second iteration:
if ($ip != $ips)
$allow = "false";The second IP doesn't match, so this is executed and $allow is now false.

else
$allow = "true";This isn't executed.

Thus, $allow is finally false, even though the IP is in the array.

Actually, after typing this out, I've noticed something: you've used "true" and "false", not true and false; "false" is true in a boolean context.
The SERVER['REMOTE_ADDR'] thing for getting IP address is inconsistent. The last set of digits preceding the . constantly change for me. Weird...Not weird at all. If you're on dialup, you'll likely get a new address each time you connect. Also, some ISPs (AOL, NTL) send connections through proxies, which tend to load-balance, meaning that one never knows which IP one will get this time. The X-Forwarded-For header can often be checked to find the real IP address in this case ($_SERVER['HTTP_X_FORWARDED_FOR']).

Sorry, I'm currently going on about 2 hours of sleep right now so my mind is farked. Anyways, thanks for noticing that Twey. I'm going to make a note of the in_array thing for future use also.

can i ask some of you to click here ("") - if you then see a blank page with a no permission kind of notice in the middle of it... if you see that please say - if not also say :D thanks

I see a moderators area.

See image attached

773

oh **** :( it doesnt work :(

Yep, me too :)

**** **** **** - Twey your code doesnt work :(

could someone fix it if you can?

or could we do something the .htaccess ?

Firstly, exit after using the Location header:
<?php
$allowed = Array('192.168.1.1', '10.0.0.2', '1.0.0.1');
$website = 'http://toplus.x.am/';

if(!in_array($_SERVER['REMOTE_ADDR'], $allowed))
die(header('Location: ' . $website));
?>Also, I suspect you've probably sent output before using header(). This isn't allowed. Check that there is no HTML or whitespace before the opening <?php.

there is nothing before the start of the code as i have placed it at the top

<?php
$allowed = Array('192.168.0.5');
$website = 'error.php';

if(!in_array($_SERVER['REMOTE_ADDR'], $allowed))
header('Location: ' . $website);
?>

found the problem i think - by
header('Location: ' . $website));
i was missing the last bracket

ok perhaps not

No, that came from the die() I wrapped it in.

Add the line:
error_reporting(E_ALL);to the top of the PHP code.

Parse error: parse error, unexpected ';' in \\192.168.1.16\webfiles\files\2007-1\1253297\admin\moderator030207\index.php on line 7

prety dumb but would having this
<?
include "core/footer.php"
?> at the bottom of the page have anything to do with it not working?

it's possible because it does not have the semicolon at the end, but that's just for the parse error.

EDIT: Missread the parse error, don't know then.

Parse error: parse error, unexpected ';' in \\192.168.1.16\webfiles\files\2007-1\1253297\admin\moderator030207\index.php on line 7What is line 7?

The code for the page with the php problem is:

<?php
error_reporting(E_ALL);
$allowed = Array('192.168.0.5');
$website = 'error.php';

if(!in_array($_SERVER['REMOTE_ADDR'], $allowed))
die(header('Location: ' . $website);
?>

underlined is line 7

Add the another parenthesis ' ) ' before the semicolon.

yah what?

<?php
error_reporting(E_ALL);
$allowed = Array('192.168.0.5');
$website = 'error.php';

if(!in_array($_SERVER['REMOTE_ADDR'], $allowed))
die(header('Location: ' . $website));
?>


add the item in red.

if(!in_array($_SERVER['REMOTE_ADDR'], $allowed))
die(header('Location: ' . $website));
?>

EDIT:

That post wasn't there when i hit "post reply"...

Also, if it still doesn't do the redirect, try changing $_SERVER['REMOTE_ADDR'] to $_SERVER['HTTP_PC_REMOTE_ADDR'] and see if that does anything for you.

Hope this helps.

can i ask you to test the page again please?

What's the url again, I lost the history in my browser when I cleared my sessions, cookies, etc. to test a script. You can post it here or send it to me via PM. Sorry for the late response too.

Just went to the page and it's the same as the last time I went there. (index.php). Not sure what the problem is with it.

oh :( - so could we do anything with .htaccess???

I'm pretty sure you could. Just copy that snippet in one of the previous posts and try. That's all we can ever do is try until it works.

Added Later: I'm going to try the same with .htaccess to see if it works on my server. Just so that I can get practice in with htaccess and stuff.

Added Even Later: Yes, htaccess works. Try the following code (taken from one of the previous posts):


ErrorDocument 403 /banned.html
order allow,deny
allow from 192.168.1.2
allow from 1.2.3.4
allow from 10.0.0.2
deny from bad-domain.com


Hope this helps.

if i take my ip out of the allow section then it stops me from viewing the page???? and when its in it alows me?

That's correct, or at least somewhat correct. Place that in the folder that you want to protect. Then (if you have an index.php page in there), if the IP address is allowed they will be able to view it. Otherwise it will give a 403 error (Unauthorized) I'm trying to find out how to redirect the user if it is denied, but having no luck currently.

Hope this helps.

errm - i have that code in the index.php file :confused:

.htaccess is not PHP code. It should be it's own file in the directory you are trying to protect (or whatever).

i have placed the htaccess file here:
http://h1.ripway.com/toplus/admin/.htaccess

do i need to add the htpasswd file still though?