CMS Security Settings Code

3 posts by 2 authors in: Forums > CMS Builder
Last Post: May 9   (RSS)

By depdesign - May 9

Hi all,

I need help to display content only to IPs that match an IP in the "restrictByIP" array from the CMS Security Settings.

The code below gets a site visitor IP and then checks to see if that IP is listed in the "restrictByIP" array from the CMS Security Settings.

This line, from the code below, is where I need help modifying  $safeips = array($SETTINGS['restrictByIP']);

Here is the code I have:

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}

$safeips = array($SETTINGS['restrictByIP']);

if (in_array($ip, $safeips) !== FALSE)
{
echo "Match found display content";
} else {
echo "Match not found do not display content";
}

Dan Perez

By daniel - May 9 - edited: May 9

Hi Dan,

CMSB has a built-in function that you can use to check against the IP list in Security Settings, isIpAllowed(). You can use it like this:

<?php
if (isIpAllowed()) {
  echo 'show content to allowed IP';
}
else {
  echo 'not allowed from this IP';
}
?>

I will note that this function only checks $_SERVER['REMOTE_ADDR'], so if it's also important for you to check things like HTTP_X_FORWARDED_FOR, you may still want to set up your own code for checking. In which case you'd want to use the following to generate the allowed IP array:

$allowedIPs = preg_split("/[\s,]+/", $GLOBALS['SETTINGS']['advanced']['restrictByIP_allowed']);

Let me know if that helps, or if you have any other questions!

Thanks,

Daniel
Technical Lead
interactivetools.com