All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?
Should I be checking HTTP_CLIENT_IP and HTTP_X_FORWARDE D_FOR also ?
$ip = $_SERVER["REMOTE_ADD R"];
if (($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
}
else
{
echo "<META HTTP-EQUIV=\"refresh \" content=\"0; url=/index.php\">";
die();
}
or something like this:
function getipaddress()
{
$ip;
if (getenv("HTTP_C LIENT_IP")) $ip = getenv("HTTP_CL IENT_IP");
else if (getenv("HTTP_X _FORWARDED_FOR" )) $ip =
getenv("HTTP_X_ FORWARDED_FOR") ;
else if (getenv("REMOTE _ADDR")) $ip = getenv("REMOTE_ ADDR");
else $ip = "UNKNOWN";
return $ip;
}
$ip = getipaddress();
if(($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
} else {
echo "<META HTTP-EQUIV=\"refresh \" content=\"0; url=/index.php\">";
die();
}
Thanks.
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?
Should I be checking HTTP_CLIENT_IP and HTTP_X_FORWARDE D_FOR also ?
$ip = $_SERVER["REMOTE_ADD R"];
if (($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
}
else
{
echo "<META HTTP-EQUIV=\"refresh \" content=\"0; url=/index.php\">";
die();
}
or something like this:
function getipaddress()
{
$ip;
if (getenv("HTTP_C LIENT_IP")) $ip = getenv("HTTP_CL IENT_IP");
else if (getenv("HTTP_X _FORWARDED_FOR" )) $ip =
getenv("HTTP_X_ FORWARDED_FOR") ;
else if (getenv("REMOTE _ADDR")) $ip = getenv("REMOTE_ ADDR");
else $ip = "UNKNOWN";
return $ip;
}
$ip = getipaddress();
if(($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
} else {
echo "<META HTTP-EQUIV=\"refresh \" content=\"0; url=/index.php\">";
die();
}
Thanks.
Comment