Cookbook /
IpForAuthentication
Summary: Bring trusted IP's to authenticated level without password. Very useful for intranet wiki also visible to web
Version: 0.1
Prerequisites: AuthUser
Status: simply working
Maintainer: mik.admin@gmx.de
Categories: Security
Discussion: IpForAuthentication-Talk?
Questions answered by this recipe
Description
Substitute 192.168.10.0
with the address of your subnet.
Code for local/config.php
include_once('scripts/authuser.php'); // include authuser first! if( ( ip2long($_SERVER['REMOTE_ADDR']) & ip2long('255.255.255.0') )== ip2long('192.168.10.0') ) { SDV($AuthId, $_SERVER['REMOTE_ADDR']); //don't set if visitor is already authenticated } $Author = $AuthId; // my favorite
You have Login-Button? No problem (:if !enabled AuthPw) [[{$Name}?action=login|Log In]](:endif:)
markup still works, because no password has been entered
Plan B
This time only visitor from local net are able to login. See also Blocklist
local/config.php
include_once("scripts/authuser.php");//include authuser.php first $Author=$AuthId; if ((ip2long($_SERVER['REMOTE_ADDR'])&ip2long('255.255.255.0'))==ip2long('192.168.10.0')){//local ip? $EnableAuthUser=1; } else { $EnableAuthUser=0; }
Change line in Site.AuthForm and add some stuff
(:if enabled EnableAuthUser:)$[Password]: (:input password name=authpw:)
(:if enabled EnableAuthUser:)$[Name]: (:input text name=authid:)\\ (:if enabled EnableAuthUser:)$[Password]: (:input password name=authpw:) (:input submit value='OK':) (:input end:) (:if !enabled EnableAuthUser:)Sorry, login disabled for visitors from outside(:endif:)
Notes
Consider IP-Spoofing is possible, so don't protect important things this way.
Release Notes
See Also
Contributors
- mik
Comments
See Discussion at IpForAuthentication-Talk?
User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.