-2

Okay so I have this code:

if ($_GET['url'] != 'maintenance') {
    header('Location: ' . $_CONFIG['site']['url'] . '/maintenance');
    exit;
}

That code works fine, redirects to maintenance. I want it however, if it's me it lets me access the site. Everybody else goes to /maintenance.

I was hoping to make it check my IP etc, but not sure how.

EDIT:

if($_GET['url'] != 'maintenance' && $_SERVER['REMOTE_ADDR'] != 'xxx.xx.xx.xxx')

That above still directs me to maintenance.

JackAlmighty
  • 1
  • 4
  • 1
    Possibly look at using `$_SERVER['REMOTE_ADDR']` http://php.net/manual/en/reserved.variables.server.php – Andrew Nolan Jun 15 '16 at 18:09
  • 2
    Your IP address may change. You might want to use a different computer, or your router or ISP could assign you a new IP. And somebody could spoof your IP. So that's not a reliable way to let you in and nobody else. If this is just a casual thing with no real security implications, you could add a parameter to the URL that is a "secret," and that triggers your code to let you view the page. You can use it anywhere, link to it, and share it if desired. The "real" solution is to set up a login system, but that *might* be overkill. Try the "secret" parameter. – Surreal Dreams Jun 15 '16 at 18:10
  • I have a static IP so I guess that doesn't matter Surreal? – JackAlmighty Jun 15 '16 at 18:12
  • it still matters, someone could still spoof your ip.. depends on what youre hiding and if it's worth it for someone to go to that effort – I wrestled a bear once. Jun 15 '16 at 18:12
  • Possible duplicate of [How to get the client IP address in PHP?](http://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php) – Jonathan Jun 15 '16 at 18:12
  • @SurrealDreams: can't spoof IPs for full tcp/ip connections unless you have control over the network infrastructure in between. – Marc B Jun 15 '16 at 18:14
  • Your IP may be static, and that might be sufficient for your needs. I encourage you to think about some alternatives in case your needs ever change. You'll be better prepared. – Surreal Dreams Jun 15 '16 at 18:14
  • `$_SERVER['REMOTE_ADDR']` should work. What do you see if you echo that? – Barmar Jun 15 '16 at 18:18

1 Answers1

0

You shouldnt rely on IPs, a certain IP doesn't nessesarily mean it's you, but if you hahve a static ip that never changes you could get away with using

if ($_SERVER['REMOTE_ADDR'] != 'my_ip_address') {
    header('Location: ' . $_CONFIG['site']['url'] . '/maintenance');
    exit;
}
I wrestled a bear once.
  • 22,983
  • 19
  • 69
  • 116
  • Updated my original post with new code but didn't work. – JackAlmighty Jun 15 '16 at 18:16
  • then you're using the wrong ip address. simple as that. you may be using your local ip which may be differnet from your public ip, which is what the server sees. echo the value of $_SERVER['REMOTE_ADDR'] to make your ip is what you think it is. – I wrestled a bear once. Jun 15 '16 at 18:33