[pmwiki-users] "Authentication" via dynamic DNS and/or IP address

Oliver Betz OBetz at despammed.com
Thu Mar 13 18:00:04 CDT 2008

Hello All,

especially for a small, known group of users, it would IMO be
convenient to get authenticated by IP address (ranges) and/or dynamic

I tried to implement such a check (regardless my rudimentary PHP
knowledge) but I'm not sure whether it's the right way, so I ask for

To avoid a bunch of DNS queries with each page request, I start the
check only if the session hasn't been established. Is it a good idea
to check AuthList directly, or is there a cleaner way?

To make the authentication info useable with AuthUser, I add the 
group '@DNS' to the auth list (should be configurable in a later

The allowed host names and IP addresses (or masks as in the existing
blocklist) are taken from a wiki page defined by $DNScheckPage.

Here my crude hack, just to show the idea:

- snip -

  $ip = preg_quote($_SERVER['REMOTE_ADDR']);
  $ip = preg_replace('/\\d+$/', '($0\\b|\\*)', $ip);

  $page = ReadPage($DNScheckPage, READPAGE_CURRENT);
  $list = preg_split("/[\\s,;]+/", $page['text'], -1,

  $hostips = '';
  foreach($list as $host) {
      $hostips .= " " . $host;
    else {
      $hostips .= " " . gethostbyname($host);

  SessionAuth($pagename, array('authlist' => array("@DNS" =>
preg_match("/\\b$ip/", $hostips))));

- snip -

Any comments about security issues, potential improvements?

Worth to be published in /Cookbook?

Oliver Betz, Muenchen (oliverbetz.de)

More information about the pmwiki-users mailing list