All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?
Should I be checking HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR also ?
$ip = $_SERVER["REMOTE_ADDR"];
if (($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
}
else
{
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}
or something like this:
function getipaddress()
{
$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR")) $ip =
getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "UNKNOWN";
return $ip;
}
$ip = getipaddress();
if(($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}
Thanks.