Authenticating by IP?

Next topic

Author	Message
Petter Arneson	Thursday 29 December 2005 1:19:27 am Im currently working on a project, using 3.7.2, where we have to include an iframe from another server. They want to use user id, session id and ip to authenticate the user. I send this information to the iframe, and they send it back for authentication. E.g. a script that returns true or false. I can send the users ip since this is done by a templateoperator for current user. But how can I get this users ip in the auth script? I can get the correct user, but as far as I can see ez doesn't save ip in session or user object information. I probably could alter the session table, to include ip, but I dont want to mess to much with the kernel. Does anyone know exactly where this could be done? I think session id is enough to authenticate the correct user, but how do I convice them of this? www.vzt.no
Kristian Hole	Friday 30 December 2005 4:15:43 am Hi This is a patch for 3.5.1 which allows one specific user to log in from one specific IP. You can probably get some idea about how to do something like you want from this. --- pre_check.php.orig 2005-04-06 15:24:51.020472000 +0200 +++ pre_check.php 2005-04-06 16:10:16.603120456 +0200 @@ -84,6 +84,21 @@ $requireUserLogin = ( $ini->variable( "SiteAccessSettings", "RequireUserLogin" ) == "true" ); $check = null; $http =& eZHTTPTool::instance(); + + //---LOGINONIP-HACK + if ( $ini->hasVariable( 'LoginOnIP', 'IPAddress' ) && $ini->hasVariable( 'LoginOnIP', 'UserID' ) + && $_SERVER['REMOTE_ADDR'] == trim( $ini->variable( 'LoginOnIP', 'IPAddress' ) ) ) + { + include_once( 'kernel/classes/datatypes/ezuser/ezuser.php' ); + $userID = ( int ) $ini->variable( 'LoginOnIP', 'UserID' ); + $user = eZUser::fetch( $userID ); + if ( ! is_object( $user ) ) + eZDebug::writeDebug( "Unable to fetch user with id $userID for IP login", "LoginOnIP" ); + else + eZUser::setCurrentlyLoggedInUser( $user, $userID ); + } + //---/LOGINONIP-HACK + if ( !$requireUserLogin ) return null; // $uri =& $GLOBALS['eZRequestedURI']; Kristian http://ez.no/ez_publish/documenta...tricks/show_which_templates_are_used http://ez.no/doc/ez_publish/techn...te_operators/miscellaneous/attribute

Author

Message

Thursday 29 December 2005 1:19:27 am

Im currently working on a project, using 3.7.2, where we have to include an iframe from another server. They want to use user id, session id and ip to authenticate the user. I send this information to the iframe, and they send it back for authentication. E.g. a script that returns true or false. I can send the users ip since this is done by a templateoperator for current user. But how can I get this users ip in the auth script? I can get the correct user, but as far as I can see ez doesn't save ip in session or user object information. I probably could alter the session table, to include ip, but I dont want to mess to much with the kernel. Does anyone know exactly where this could be done? I think session id is enough to authenticate the correct user, but how do I convice them of this?

www.vzt.no

Kristian Hole

Friday 30 December 2005 4:15:43 am

This is a patch for 3.5.1 which allows one specific user to log in from one specific IP. You can probably get some idea about how to do something like you want from this.

--- pre_check.php.orig  2005-04-06 15:24:51.020472000 +0200
+++ pre_check.php       2005-04-06 16:10:16.603120456 +0200
@@ -84,6 +84,21 @@
     $requireUserLogin = ( $ini->variable( "SiteAccessSettings", "RequireUserLogin" ) == "true" );
     $check = null;
     $http =& eZHTTPTool::instance();
+
+       //---LOGINONIP-HACK
+    if ( $ini->hasVariable( 'LoginOnIP', 'IPAddress' ) && $ini->hasVariable( 'LoginOnIP', 'UserID' )
+         && $_SERVER['REMOTE_ADDR'] == trim( $ini->variable( 'LoginOnIP', 'IPAddress' ) ) )
+    {
+        include_once( 'kernel/classes/datatypes/ezuser/ezuser.php' );
+        $userID = ( int ) $ini->variable( 'LoginOnIP', 'UserID' );
+        $user = eZUser::fetch( $userID );
+        if ( ! is_object( $user ) )
+            eZDebug::writeDebug( "Unable to fetch user with id $userID for IP login", "LoginOnIP" );
+        else
+            eZUser::setCurrentlyLoggedInUser( $user, $userID );
+    }
+       //---/LOGINONIP-HACK
+
     if ( !$requireUserLogin )
         return null;
 //     $uri =& $GLOBALS['eZRequestedURI'];

Kristian

http://ez.no/ez_publish/documenta...tricks/show_which_templates_are_used
http://ez.no/doc/ez_publish/techn...te_operators/miscellaneous/attribute