[Fwd: Re: [Phplib-users] preauth using cidr]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I spoke too soon. I still cannot get a function that checks if an ip is
within a network block to work. I have done some more research and found
a description on how to solve this problem by Kristian Koehntopp.
Somehow I've botched this as well. It would be great to hear from
someone that has pulled this off.

Input:
remote_ip = 192.75.242.88
cidr = 192.75.242.0/24 

Output:
ip = -1068764584 
start = -1068764672 
mask = -16777216 

function within ($remote_ip, $cidr) {
        ## within function checks whether an ip is within a network
block
        ## example with("192.75.242.157", "192.75.242.0/24") 
        ## returns true if ip is within range

        $ip=ip2long($remote_ip); 
        list ($quad, $nbits) = split ("/", $cidr, 2);
        $shift_mask = (integer) $nbits;         
        $start=ip2long($quad);

        $mask = -1<<$shift_mask;

        return $ip & $start == $mask;
}

-------- Original Message --------
Subject: Re: [Phplib-users] preauth using cidr
Date: Thu, 08 Nov 2001 12:27:04 -0800
From: Paul Wolstenholme <pa...@zz...>
Organization: SMA WebWare
To: Php...@li...
References: <3BE...@zz...>

I fixed my own problem. I forgot to convert the remote host ip. This
code appears to work for anyone interested:

$cidr = $valid_client; /* db value 192.55.192.0/24 */
list ($quad, $nbits) = split ("/", $cidr, 2);
$byte = explode (".", $quad);
$address_required = ($byte[0] << 24) | ($byte[1] << 16) | ($byte[2] <<
8) | $byte[3];

/* remote host info */
$byte = explode(".", $ip); /* ip from $HTTP_SERVER_VARS['REMOTE_ADDR']
*/
$address_client = ($byte[0] << 24) | ($byte[1] << 16) | ($byte[2] << 8)
| $byte[3];

$bitmask = 0xffffffff << (32 - $nbits);			
if (($address_client & $bitmask) == ($address_required & $bitmask)) {
	$this->auth['uname'] = $this->dbAuth->f('ID');
	$this->auth['perm'][$this->dbAuth->f('Service')] = 1;
	$success = 1;
}

Paul Wolstenholme wrote:
> 
> Hi,
> 
> I am trying to do a preauth using cidr to allow some institutional
> subscribers to access info that is normally password protected. I found
> some Perl code that does this but it does not work in php. Does anyone
> know how one could accomplish this?
> 
> $cidr = $valid_client; /* eg 192.55.192.0/24 */
> list ($quad, $nbits) = split ("/", $cidr, 2);
> $byte = explode (".", $quad);
> 
> $address = ($byte[0] << 24) | ($byte[1] << 16) | ($byte[2] << 8) |
> $byte[3];
> $bitmask = 0xffffffff << (32 - $nbits);
> 
> if ($ip & $bitmask == $address & $bitmask) {
>         $this->auth['uname'] = $this->dbAuth->f('ID');
>         $this->auth['perm'][$this->dbAuth->f('Service')] = 1;
> }
> 
> --
> ________________________________________________________________
> Paul Wolstenholme
> SMA Webware
> http://www.zzube.com/
> What do you know?
> http://make.zzube.com/
> Vancouver, BC Canada

-- 
________________________________________________________________
Paul Wolstenholme
SMA Webware
http://www.zzube.com/
What do you know?
http://make.zzube.com/
Vancouver, BC Canada