In one of my project for IntraNet, I am using PHP to identify
the client's IP, because, I have availed the access privilleges
using the IP.
But there is yet a serious problem: if somebody tries to change
the IP of his/her computer, how should I detect at the server
that the client's IP was not as intended?
Here is my simple logic normally:
validateIP('download');
// A page is protected and the
// client's IP requires "download"
// previlages available in the database.
function validateIP($service)
{
$ip=$_SERVER['REMOTE_ADDR'];
$dbresult=$db->query('SELECT service from SERVICES where
ip="'.$ip.'"');
$serviceFlag=$db->nextRecord();
if($serviceFlag['service']!=1)
// kill the page()
else
// grant access to the page
} // validateIP()
Now, how should I find the $_SERVER['REMOTE_ADDR'] if it is not
comming from the real computer/client?
Help me, so that I can kick off the hackers to my intranet.
Thanks.
=====
Bimal Poudel
(Information Management)
Kathmandu, Nepal
http://fakenepal.tripod.com
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
------------------------ Yahoo! Groups Sponsor --------------------~-->
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~->
PHP Data object relational mapping generator - http://www.meta-language.net/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
