There are three files: index.php, ip.txt that contains ip address which are allowed to visit site and count.txt which simply counts the hit if any user visits the site with specified ip addresses in ip.txt. But the problem is when ip.txt contains only my laptops ip local machines ip address, it works perfectly and increases the ip address by one. But when ip.txt contains many ip address along with my local machines ip address if block in foreach loop checks them and and doesn't increase the count. However it should increase the count as my ip address is also there in ip.txt file. Please help!!
index.php:
<?php
$ip_address = $_SERVER['REMOTE_ADDR'];
$handle = fopen('ip.txt','r');
$file_read = fread($handle, filesize('ip.txt'));
$file_read_array = explode('\n',$file_read);
foreach($file_read_array as $ip)
{
if(trim($ip) == trim($ip_address))
{
$visit =true;
echo 'true';
break;
}
else
{
$visit =false;
echo 'false';
}
}
if($visit == true)
{
$handle_1 = fopen('count.txt','r');
$file_read_1 = fread($handle_1, filesize('count.txt'));
$increment = $file_read_1 + 1;
fclose($handle_1);
$handle_2 = fopen('count.txt','w');
fwrite($handle_2,$increment);
fclose($handle_2);
}
else
{
echo 'ip address not found.';
}
?>
ip.txt:
127.0.0.1
100.100.100.100
102.1.1.1
count.txt:
0
Related
Hello i want to match my ip address with ip text list. How would it do? Whereas my ip address with ip address in my ip text list is correct. And already several times I open and always access denied when it has the same ip address
<?php
function inStr($s, $as){
$s = strtoupper($s);
if(!is_array($as))
$as=array($as);
for($i=0;$i<count($as);$i++)
if(strpos(($s),strtoupper($as[$i]))!==false)
return true;
return false;
}
$ipchecker = file_get_contents('http://anonsec.us/iplist.txt');
$ip = _SERVER['REMOTE_ADDR'];
if (instr($ipchecker, ''.$ip.'')) {
echo 'GRANTED';
} else {
echo 'Access Denied';
}
?>
If you know what delimite your ipchecker you can use that :
Example with ipchecker delimite with commat like that: 127.0.0.1,255.255.255.255,...
$delimiter = ",";
$ipList = explode($delimiter, $ipchecker);
if (in_array($ip, $ipList)) {
echo 'GRANTED';
} else {
echo 'Access Denied';
}
I've installed a Tor relay and Nginx and created my .onion on my Linux server.
In torrc HiddenServicePort 80 127.0.0.1:8747
In nginx's default: listen 8747
I've modified TorDNSExitList's PHP Pear Net_DNS to use Net_DNS2. When I echo out the $ip, $myip, $myport I get:
ip = 127.0.0.1
my ip = 127.0.0.1
port = 8747
Thus it is picking the IP address as the local machine and not the Tor exit node's IP address. Is there another why to test if the page is access via the Tor network?
(I've also tried this suggestion)
The solution is to check for 127.0.0.1 IP address, seeing that torrc points to 127.0.0.1. This works when accessing the website via the .onion path. But the full check still needs to be done as the website can be access via the full URL, e.g. http:// [IP Address]:[Port] - using a "normal" or Tor browser. My changes to the function below:
<?php include("Net/DNS2.php");
// torel_check ($ip, $port, $destip) queries the Tor DNS Exit List server.
// The result of the query is one of the following:
// -1 : DNS lookup failed to get a response, or other error occurred.
// 0 : $ip does not appear to be a Tor exit.
// 1 : $ip is a known Tor exit for the provided destination IP / port.
function revaddr ($ip) {
list($a, $b, $c, $d) = split("[.]", $ip);
return("${d}.${c}.${b}.${a}");
}
function torel_qh ($ip, $port, $destip) {
$rsrcip = revaddr ($ip);
$rdstip = revaddr ($destip);
return("${rsrcip}.${port}.${rdstip}.ip-port.exitlist.torproject.org");
}
function torel_check ($ip, $port, $destip) {
try{
if($ip == "127.0.0.1") {
//TX: Access via .onion path
// is Tor exit
return (1);
}
//TX: Access web site directly
$ndr = new Net_DNS2_Resolver();
$qh = torel_qh($ip, $port, $destip);
// uncomment these two lines to query the server directly...
//$ns = "exitlist-ns.torproject.org";
//$ndr->nameservers( array($ns) );
// tune DNS params accordingly. this is just my preference.
$ndr->retrans = 2;
$ndr->retry = 3;
$ndr->usevc = 0;
// perform DNS query
// TX: Old Net_DNS check $ndr->search($qh)
if (! $pkt = $ndr->query($qh)) {
if (strcmp($ndr->errorstring, "NXDOMAIN") == 0) {
// response but no answer. does not appear to be Tor exit.
return (0);
}
// search failed: no response or other problem...
return(-1);
}
if (! isset($pkt->answer[0])) {
// response but no answer section. does not appear to be Tor exit.
// (this should only happen when authority sections are provided without answer)
return(0);
}
// is Tor exit
return(1);
} catch(Net_DNS2_Exception $e) {
return (-1);
}
}
// get client request parameters from Apache or equiv server:
$ip = $myip = $myport = 0;
if (isset ($_SERVER["REMOTE_ADDR"])) { $ip = $_SERVER["REMOTE_ADDR"]; }
if (isset ($_SERVER["SERVER_ADDR"])) { $myip = $_SERVER["SERVER_ADDR"]; }
if (isset ($_SERVER["SERVER_PORT"])) { $myport = $_SERVER["SERVER_PORT"]; }
$istor = torel_check($ip, $myport, $myip);
TX: is my comments
I am not familiar with PHP but I need to create a simple page to temporarily redirect internal users until a production problem is fixed.
If the user's IP address starts with "10.", "192.", or "172." then I need to redirect them to another server. If the user's IP address does not meet this criteria then I need to display a message telling the user the site is down for maintenance.
Can someone help me with this?
You can use preg_match() to see if the user's address ($_SERVER['REMOTE_ADDR']) starts with 10., 192., or 172.:
if(preg_match('/^(10|192|172)\./', $_SERVER['REMOTE_ADDR']))
{
header('Location: http://example.com');
die;
}
echo 'Site down for maintenance.';
$chunks = explode('.', $_SERVER['REMOTE_ADDR']);
$whitelist = array(10, 192, 172);
$server = "http://example.com";
if(in_array($chunks[0], $whitelist))
{
//redirect to another server
header("Location: " . $server);
die();
}
else
{
//Show maintenance message
die("The site is down for maintenance.");
}
You cannot reliably identify a local ip address via the first octet of an IPv4 address. Luckily, PHP has taken care of all of this for us. I know the OP was asking only about IPv4, but this solution covers IPv6 and reserved addresses as well.
/**
* Function returns true if IP Address is identified as private or reserved
*
* Uses REMOTE_ADDR, a reliable source as TCP handshake is required, most others can be spoofed
*
* FILTER_FLAG_NO_PRIV_RANGE:
* Fails validation for the following private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
* Fails validation for the IPv6 addresses starting with FD or FC.
*
* FILTER_FLAG_NO_RES_RANGE:
* Fails validation for the following reserved IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24 and 224.0.0.0/4.
* This flag does not apply to IPv6 addresses.
*/
function isPrivateIp()
{
return !filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
}
/*Using function to get OP desired result*/
if (isPrivateIp() === true) {
$server = 'http://example.com';
//redirect to another server
header("Location: $server");
} else {
//Show maintenance message
echo 'The site is down for maintenance.';
}
exit;
Well,you can do this:
$ip = $_SERVER['REMOTE_ADDR']; //get IP address
$toRedirect = array(10,192,172);
$parts = explode('.', $ip);
$id = $parts[0];
if(in_array($id, $toRedirect)) {
//do redirect
}
<?php
// Settings
$toRedirect = array (10, 172, 192);
$redirectAddress = 'http://wherever.com/';
$maintenanceMessage = 'The site is down for maintenance';
// Split the IP address into octets
list($oct1, $oct2, $oct3, $oct4) = explode('.', $_SERVER['REMOTE_ADDR']);
// Send local clients to redirect address
if (in_array($oct1, $toRedirect)) {
header('HTTP/1.1 307 Temporary Redirect');
header('Location: '.$redirectAddress);
}
// Exit with the maintenance message.
// We can send this everyone in case the redirect fails
exit($maintenanceMessage);
I use a javascript API from (http://www.iplocationtools.com) to give me the location data from a visitors IP. For some reason, their API won't give me the actual IP of the visitor, just the other info, which is why I have to use PHP and CodeIgniter to give me the IP instead.
So I use CodeIgniter/PHP to get the IP of a visitor and add it to the database along with location data from above by using PHP's ip2long([the ip code igniter gives me])
I'm confused when my database table looks like this: http://pulse.media.mit.edu/images/1.png
Which is wrong? I'm tempted to believe CodeIgniter is wrong since it gives me the same IP so many times. Age and sex are self reported and I doubt one person is making up all this information.
At the end of the day, all we really need is the users IP and location, preferably from the same source, so we don't compound errors.
Anybody have a better idea on how to do this?
EDIT: Here is the code that I'm using to get the IP address from CodeIgniter
$data['ip_address'] = ip2long($this->input->ip_address());
$this->pulse_model->voter_info($data);
Then the voter_info function just inserts it into the database where it's stored as an INT(11).
And here is the function ip_address:
function ip_address()
{
if ($this->ip_address !== FALSE)
{
return $this->ip_address;
}
if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
{
$proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
$proxies = is_array($proxies) ? $proxies : array($proxies);
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($this->server('REMOTE_ADDR'))
{
$this->ip_address = $_SERVER['REMOTE_ADDR'];
}
elseif ($this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($this->server('HTTP_X_FORWARDED_FOR'))
{
$this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if ($this->ip_address === FALSE)
{
$this->ip_address = '0.0.0.0';
return $this->ip_address;
}
if (strpos($this->ip_address, ',') !== FALSE)
{
$x = explode(',', $this->ip_address);
$this->ip_address = trim(end($x));
}
if ( ! $this->valid_ip($this->ip_address))
{
$this->ip_address = '0.0.0.0';
}
return $this->ip_address;
}
$_SERVER['REMOTE_ADDR'] is the PHP code to return the IP address of the person viewing the page.
Old versions of ip2long() will return -1 if the IPv4 address is invalid. You may want to use inet_pton instead and expand the field used to hold it to 128 bits.
Based on your code, it looks like $this->input->ip_address() has the possibility of returning '0.0.0.0' if the IP is not valid or could not be determined. However, your comments also state that you need to record the ip address even if the above method returns '0.0.0.0'.
First, I'd recommend checking to see if $this->input->ip_address() and $this->valid_ip() are working as expected. Is $this->valid_ip() returning false for IP's that should be considered valid?
Second, I'd update your code to always fall back to $_SERVER['REMOTE_ADDR'] if $this->input->ip_address() returns '0.0.0.0'.
$ip_address = $this->input->ip_address();
if($ip_address == '0.0.0.0') {
$ip_address = $_SERVER['REMOTE_ADDR'];
}
$data['ip_address'] = ip2long($ip_address);
$this->pulse_model->voter_info($data);
Or if you wanted, you could not use $this->input->ip_address() and do as #rockerest suggests and just use $_SERVER['REMOTE_ADDR'] to being with.
$data['ip_address'] = ip2long($_SERVER['REMOTE_ADDR']);
$this->pulse_model->voter_info($data);
Since IP can be spoofed, how can one build a PHP website that correctly identifies the visitor's country?
That's inherently a problem given the anonymity of the internet, but spoofing IP addresses to obtain content not legally available in your country is technically a crime in most places anyways.
It's up to you to make every reasonable effort to ensure your site follows distribution restrictions on media and information, but there are some things that are just impractical to guard against. The closest you could get is by doing an actual physical address verification such as a billing address on a credit card or physically mailing someone a pin number for registration, but both of those options incur expenses on behalf of either the user or yourself.
Joomla has been using below function to get IP addresses, it is very versatile good function, that can avoid possible cheats, you can use it:
function get_ip()
{
$ip = false;
if (!empty($_SERVER['HTTP_CLIENT_IP']))
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ips = explode (', ', $_SERVER['HTTP_X_FORWARDED_FOR']);
if ($ip != false)
{
array_unshift($ips,$ip);
$ip = false;
}
$count = count($ips);
# exclude IP addresses reserved for LANs
for ($i = 0; $i < $count; $i++)
{
if (!preg_match("/^(10|172\.16|192\.168)\./i", $ips[$i]))
{
$ip = $ips[$i];
break;
}
}
}
if (false == $ip AND isset($_SERVER['REMOTE_ADDR']))
{
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}