[pmwiki-users] "Authentication" via dynamic DNS and/or IP address
Oliver Betz
OBetz at despammed.com
Thu Mar 13 18:00:04 CDT 2008
Hello All,
especially for a small, known group of users, it would IMO be
convenient to get authenticated by IP address (ranges) and/or dynamic
DNS.
I tried to implement such a check (regardless my rudimentary PHP
knowledge) but I'm not sure whether it's the right way, so I ask for
comments.
To avoid a bunch of DNS queries with each page request, I start the
check only if the session hasn't been established. Is it a good idea
to check AuthList directly, or is there a cleaner way?
To make the authentication info useable with AuthUser, I add the
group '@DNS' to the auth list (should be configurable in a later
version).
The allowed host names and IP addresses (or masks as in the existing
blocklist) are taken from a wiki page defined by $DNScheckPage.
Here my crude hack, just to show the idea:
- snip -
if(!isset($AuthList['@DNS'])){
$ip = preg_quote($_SERVER['REMOTE_ADDR']);
$ip = preg_replace('/\\d+$/', '($0\\b|\\*)', $ip);
$page = ReadPage($DNScheckPage, READPAGE_CURRENT);
$list = preg_split("/[\\s,;]+/", $page['text'], -1,
PREG_SPLIT_NO_EMPTY);
$hostips = '';
foreach($list as $host) {
if(preg_match("/\\d+\\.\\d+\\.\\d+\\.[\\d+*]/",$host)){
$hostips .= " " . $host;
}
else {
$hostips .= " " . gethostbyname($host);
}
}
SessionAuth($pagename, array('authlist' => array("@DNS" =>
preg_match("/\\b$ip/", $hostips))));
}
- snip -
Any comments about security issues, potential improvements?
Worth to be published in /Cookbook?
Oliver
--
Oliver Betz, Muenchen (oliverbetz.de)
More information about the pmwiki-users
mailing list