Storing IP address in Mysql then using for verification

Hey guys and gals,
I am fairly new to PHP, taught myself the basics for my company but struggling, so I used Usercake to create a secure login page as the one I wrote was terrible, SQL injections the works.

Now I am a little bit more experienced, but I am trying to set it so that the IP address can be used for verification, basically my boss only wants people to log in when they are on the specific IP address. We know the IP addresses will not change.

I know that

$ip=$_SERVER['REMOTE_ADDR'];

is probably the thing I need, the question is how I am to store it…

I have tried several times, but because I do it on usercake which I did not write, it seems to have a massive spaz.

Here is an example of the register script:

if (!empty($_POST)) {
                $errors       = array();
                $email        = trim($_POST["email"]);
                $username     = trim($_POST["username"]);
                $displayname  = trim($_POST["displayname"]);
                $password     = trim($_POST["password"]);
                $confirm_pass = trim($_POST["passwordc"]);
                $captcha      = md5($_POST["captcha"]);


                if ($captcha != $_SESSION['captcha']) {
                                $errors[] = lang("CAPTCHA_FAIL");
                }
                if (minMaxRange(5, 25, $username)) {
                                $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT", array(
                                                5,
                                                25
                                ));
                }
                if (!ctype_alnum($username)) {
                                $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS");
                }
                if (minMaxRange(5, 25, $displayname)) {
                                $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(
                                                5,
                                                25
                                ));
                }
                if (!ctype_alnum($displayname)) {
                                $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
                }
                if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $confirm_pass)) {
                                $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT", array(
                                                8,
                                                50
                                ));

and here is my sql table field…

13 ipaddress int(10) UNSIGNED Yes NULL

any help would be great please.

Hi,

You won’t be able to store an IP address in an integer field… the field will need to be varchar(15), as the maximum length of an IP address is going to be 15 chars and it’ll have to be stored as a string because it’s not a valid numerical format.

Thanks for heads up, have changed it

now just to work out how to get it into it…

Unless you are doing simple compares like $current_ip == $db_ip dealing with the “dotted quad” format could get messy.

You can change them to an Int. I forgot how and I couldn’t find the old post or the code I used, but @paul_wilkins; should remember how.

Something like
first10^[1]3[/sup] + second10^[2]2[/sup] + third*10 + fourth

1. sup ↩︎

2. sup ↩︎

http://www.aboutmyip.com/AboutMyXApp/IP2Integer.jsp - Looks like your right. I’m not sure how you would handle IP ranges though. I wonder if this does allow for a simple greater / less than logic to be applied to it.

1. SUP ↩︎

2. SUP ↩︎

Thanks for finding that. I wouldn’t have found “octet” searching for “quad”.
And it is 256 not 10. I think in base 10 and sometimes forget computers think in bits.

As for being easier, I guess it depends on what you want to do with them.
Strings work fine for simple compares.

For more it becomes tricky and messy quick, using split, array functions, regex, etc. to work with ranges.

When a user registers, I need the IP address to be stored in the SQL db, when the user tries to log back on I need the IP to be validated. Little confused as to how to do it.

The reason I wanted to get away from the “dotted quad” format was because I wanted to sort the IPs and they didn’t sort well at all that way.

Sounds like you’re thinking of a simple comparison though so you’re lucky there.

One potential problem you should think about is changing IPs

Many ISPs use more than one IP for example MyISP might use 111.122.123.xxx where xxx is anything from 0 to 255
And they might even have more than one range. eg. not only 111.122.123.xxx but also 57.34.22.xxx where xxx is anything from 0 to 50

The point is, many legitimate users might have registration IPs that differ from their current one they’re using.

Thanks Mitt,

thankfully the people we work with are going to have Static IPs no matter what, they will never change them unless planned. We also have a very niche customer base so not too worried about the average user