IpForAuthentication

Summary: Bring trusted IP's to authenticated level without password. Very useful for intranet wiki also visible to web
Version: 0.1
Prerequisites: AuthUser
Status: simply working
Maintainer: mik.admin@gmx.de
Categories: Security

Questions answered by this recipe

This section is optional; use it to indicate the types of questions (if any) this recipe is intended to answer.

Description

Substitute 192.168.10.0 with the address of your subnet.

Code for local/config.php

include_once('scripts/authuser.php'); // include authuser first!
if( ( ip2long($_SERVER['REMOTE_ADDR']) & ip2long('255.255.255.0') )== ip2long('192.168.10.0') )
{ 
  SDV($AuthId, $_SERVER['REMOTE_ADDR']); //don't set if visitor is already authenticated
}
$Author = $AuthId; // my favorite

You have Login-Button? No problem (:if !enabled AuthPw) [[{$Name}?action=login|Log In]](:endif:) markup still works, because no password has been entered

Plan B

This time only visitor from local net are able to login. See also Blocklist

local/config.php

include_once("scripts/authuser.php");//include authuser.php first
$Author=$AuthId;
if ((ip2long($_SERVER['REMOTE_ADDR'])&ip2long('255.255.255.0'))==ip2long('192.168.10.0')){//local ip?
  $EnableAuthUser=1;
} else {
  $EnableAuthUser=0;
}

Change line in Site.AuthForm and add some stuff

(:if enabled EnableAuthUser:)$[Password]: (:input password name=authpw:)
(:if enabled EnableAuthUser:)$[Name]: (:input text name=authid:)\\
(:if enabled EnableAuthUser:)$[Password]: (:input password name=authpw:)
(:input submit value='OK':)
(:input end:)
(:if !enabled EnableAuthUser:)Sorry, login disabled for visitors from outside(:endif:)

Another option: $_POST['authid']=''; $_POST['authpw']; but this time before include authuser.php

Notes

Consider IP-Spoofing is possible, so don't protect important things this way.

Release Notes

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".

See Also

Contributors

  • mik

Comments

See Discussion at IpForAuthentication-Talk?

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.