Acmlm's Board - I2 Archive - Programming - secret site
User | Post |
HyperLamer
Posts: 955/8210 |
The problem with this idea is people's IPs tend to change a lot. Here's what I suggest instead: -Get the IPs of everyone you want to be able to access the site. -Set up the site to allow those IPs. When they get in, it should set a cookie and remove that IP from the list, or at least tell you so that you can do it. -Configure the code so that they'll be allowed in if the IP is on the list or they have the cookie. (Don't use something like 'allowed=true', rather, generate a random number and store it. The number should have a pattern, such as always being a 12-digit multiple of 7. If the number doesn't match this criteria, they should be kicked right there for trying to fake the cookie. (Consider setting another with a similar pattern, maybe a different number of digits, to disallow access even if they get a matching IP.)) If the cookie's not stored, check the IP.
Consider a user/password system. Each person should have a user ID and password issued by you. If they give out the password, delete the account and don't give them a new one. |
Elric
Posts: 212/687 |
I have dial-up, and my IP is always one of three different ones.
You could find out what their IP addresses are, and add them to the script, or you could do a partial IP address, though that way is riskier... |
Sokarhacd
Posts: 286/1757 |
although this way, you cant have anyone with dialup have access to your website....only people whos IP address is always the same....or only change every so often... |
goodall
Posts: 14/38 |
thanks loads, this way i wont get people giving out passwords to the site. |
Modereb
Posts: 17/75 |
Passwords do fine, if you use them properly. And here's a rough script that restricts only to a few IP adresses.
<? $allowed_ip_adresses=' 12.34.56.67 34.56.78.89 98.87.76.65 123.546.56.3 '; if(stristr($allowed_ip_adresses,$REMOTE_ADDR)){ echo "You are allowed"; }else{ echo "You are not allowed to view this page!"; } ?>
|
Parasyte
Posts: 58/514 |
Use some kind of server-side scripting, such as PHP or PERL for password-protecting things. (Or you can use .htaccess, but that tends to give you a lot less control) Never use client-side scripting like javascript to password-protect "secret" sites. That's just irresponsible. |
goodall
Posts: 13/38 |
is there any way i can set up a website that only allows acces to a strict set of IP adresses. the reason is i want to set up a secret site, and i find peopel crack passwords too fast. |
|