Looking for website script/software that requires login to access site

[UDT89]

I'm creating a site for work and I need to make the whole site username and password protected. I would also need to see the IP addresses of where each user logs in and be able to restrict access to only 1-2 IP addresses.

I have looked around on google and seen a few php scripts but I'm not sure on how good they are or if they are secure. Its not like we'll be having bank account info and stuff, but its content needs to be restricted to certain people.

if anyone has some suggestions please let me know. i bet there is something obvious that I am over looking.

 

[purbeast0]

i have done this with vBulletin

 

[UDT89]

I'm kinda boycotting VB. they come out with this new version and basically screw everyone into buying it. and us old users didnt get the greatest discount to buy it

 

[purbeast0]

oh snap sorry i didn't mean vbulletin lol, i meant phpbb, the free one.

 

[TwiceOver]

.htaccess?

 

[BigDH01]

I'm creating a site for work and I need to make the whole site username and password protected. I would also need to see the IP addresses of where each user logs in and be able to restrict access to only 1-2 IP addresses.

I have looked around on google and seen a few php scripts but I'm not sure on how good they are or if they are secure. Its not like we'll be having bank account info and stuff, but its content needs to be restricted to certain people.

if anyone has some suggestions please let me know. i bet there is something obvious that I am over looking.

Something like this is super easy in PHP if you have the server side software ready to go. Just do something like...
<?php session_start();
if ($_SESSION['authenticated'] != "true")
{
echo "You do not have permission to be here.";
exit;
}
?>

You could also replace echo with header('Location: index.php (or wherever)'); to redirect direct them away from the page.

It sounds like you won't be adding new users, you just want to authenticate a few hosts, so all you need is a simple form asking for username and password. SQL is super easy to work with in PHP so create a table for users and a table for accepted IP addresses. Check against both before you set the session['authenticated'] variable. The PHP global variable for host IP address is $_SERVER['REMOTE_ADDR']. So when you authenticate from your form just check both tables and set the authentication variable. You can also play around in the .ini file to set the length of a session.

The only issue here is if the user logs in and then changes their IP address. It doesn't sound like people will be intentionally trying to hack this site, so I'm not sure if you need to check remote IP address on every protected page load.

 

[UDT89]

damn that seems complicated.....

 

[IceBergSLiM]

this is pretty much built into the .net framework.

 

[BigDH01]

this is pretty much built into the .net framework.

Haha, if you like that sort of thing. But yes, the membership namespace does make this somewhat easier, although I don't think it naturally supports IP authentication as well, so you'll still have to write that. I like being able to write my code in kate or npp.

 

[Pegun]

Wordpress will do it if you want to go that route...

 

[PCTC2]

If you have a directory server to authenticate against, you could just use Ruby (or PHP).
Ruby on Rails is a decent framework to work with.

 

[MrColin]

.htaccess?

You can serve ANY site package and secure it by username/password AND client ip with one htacess file and one passwd file.

 

[UDT89]

i cant across this. can anyone review it? seems perfect and not too expensive

http://www.coffeecup.com/website-access-manager/