By hawkeye217 on

Anyone familiar with a module or way of assigning a role based on an incoming IP address?

I've read around and seen some hacks for user.module, but I'd rather not go that route if there's something cleaner or something I'm not seeing!

Categories: Drupal 5.x

Comments

yepitem’s picture

yepitem commented

Suggest you check the module lists,perhaps you can find it.

GL

Welcome to http://www.cheapmesos.com/
Welcome to http://www.vanguardsagaofhero.com/
hawkeye217’s picture

hawkeye217 commented

I did... And didn't see anything that would do what I was looking for - hence the forum post in case anyone else knew something I didn't!

Drupal is amazing, so I am sure it's possible...

markdionne’s picture

markdionne commented

Here's a solution for a variation of this request. (This was done for Drupal 4.7.6.)

We wanted users in our local network to be able to come to our Drupal site and be treated as Anonymous logins, with the option to log in to do editing. We wanted users coming in from the internet to register and log in before they could see any content. It was not so obvious how to do this.

First, I renamed page.tpl.php (in my custom theme) and created a new one, like this:

<?php
/* If coming from the outside world, and anonymous, allow only login, user registration, and new password. 
 * (The left sidebar must contain a Login block, and the other blocks in 
 * that sidebar must be disabled by a PHP test of pih_authorized() )
 */
if (!pih_authorized()) {
    if (arg(0) == "user") {
	 /* Allow user registration and "new password" */
	 $sidebar_left = " "; /* non-empty for layout purposes */
    } else {
        $title = '<h2 class="title">Welcome</h2>';
        $content = "<p>You must log in when accessing this site from outside the firewall.</p>";
    }
    $sidebar_right = '<h2>Other Sites</h2><ul><li><a href="http://www.xyz.org/">xyz.org</a><li><a href="http://foo.xyz.org/">foo.xyz.org</a></ul>';
    unset($secondary_links);
    unset($primary_links);
    $header = "";
}

include 'page-default.tpl.php';
?>

Then I added the following to includes/common.inc:

/* Return True if user is authenticated OR coming from inside the intranet */
function pih_authorized() {
  global $user;
  return($user->uid > 0 || pih_internal());
}

/* Return True if user is coming from inside the intranet */
function pih_internal() {
  if (substr($_SERVER['REMOTE_ADDR'], 0, 11) != "123.123.123") return true;
  return false;
}

Which you can customize to select which IP addresses you want to allow.

And finally, I used the pih_authorized() function to hide blocks in the left sidebar, except for the Login block.

This seems to work, and aside from the code added to common.inc, it should survive a software upgrade. I suppose there is a better place to put that code other than common.inc.

-md

markdionne’s picture

markdionne commented

1) The solution I proposed above is probably dependent on using the phptemplate theme engine.

2) You should also set $head_title to set the title for the resulting page.

-mark

dianacastillo’s picture

dianacastillo commented

i want exactly this . to force login for people from outside of a set ip range. will this work for v6 ?

Diana Castillo

imerlin’s picture

imerlin commented

I'm pretty sure I could write that as a module. Would simply check the users IP address on login and add/remove configured 'role' to the user depending on his IP address.

What I'm wondering is how configurable do you think it should be?

Do you wan't to match an IP address to a single address, a list or simply a netmask (like 192.168.0.0/24) ?

I'm asking because I think I could use this module myself for an Intranet website I'm currently working on. So if we have similar needs, that would be beneficial for you :)

hawkeye217’s picture

hawkeye217 commented

Either one, a netmask or individual IPs... I could easily modify any php, I'm just not familiar with a module's hooks into core to be able to write one myself :)

Let me know what you think and if I can be of any help!

hawkeye217’s picture

hawkeye217 commented

Any progress...?

imerlin’s picture

imerlin commented

I've been busy with school but it got canceled due to snow so I took a look today.

I'm still scoping and doing groundwork but so far the plan is:

  • User IP address will be check on login against an array of IP addresses/Netmasks and given/taken a specific role accordingly
  • Does not and will probably never support IPV6
  • Users can work around this by logging in on a valid IP and the just move their computer and keep the cookie. It's possible to add another trigger but I'm not sure if that's acceptable to performance to check every page for the IP. If anyone knows of another hook to use, let me know.

Completion is around 30% right now. I'll keep you posted.

hawkeye217’s picture

hawkeye217 commented

Sounds good.

I'm actually looking to assign more of a subset of the "anonymous" role, without someone having to log in. I want to display specific blocks and menu items based on how somebody reaches the site. Does that make sense?

If you could write it for yourself keeping my situation in mind (so I can easily modify it to assign the role without a user logging in) that would be awesome!

steve.m’s picture

steve.m commented

We're also looking for (and are willing to write / help write) a module that allows anonymous users from a range of IP addresses access to view pages, but requires anonymous users from all other IP addresses to log in first. I'd love to know if anyone else is interested / has been working on this sort of thing.

The troll module looks like it might contain relevant bits, but I haven't looked in detail yet.

----
Steve McCullough, PhD
:: Drupal . Web . DevOps . Linux
:: http://irrational.ca

enlightened1’s picture

enlightened1 commented

I would also find this module useful for a project that I'm currently working on.

Cheers!

imerlin’s picture

imerlin commented

If anyone knows how to extend the anonymous user or add a role to an anonymous user that would be great. With my limited knowledge of the Drupal API I'm only able to add roles to registered users.

imerlin’s picture

imerlin commented

I've put this on hold for a while for several reasons.

  1. I can't get the user object to behave correctly for anonymous users
  2. After talking to the good people on #Drupal there are some serious security concerns with making this module and I don't have the time to put in all the safeguards needed for it to be allowed to be published as a Drupal project
  3. I'm getting SQL errors when using user_load on my PostgreSQL installation, no idea why

If someone else decides to go ahead and create this I have some comments.

  • Use hook_init (or hook_menu) to manipulate the user object for both anonymous and registered users
  • Limit the use of this module so people don't accidentally assign administrative rights to anonymous users that happen to use the same IP address as you
hawkeye217’s picture

hawkeye217 commented

I don't have any time to work on it now either, but thanks for trying... Anyone else want to give it a try?

samtherobot’s picture

samtherobot commented

Look at IPAuthenticator - seems to be what you're looking for.

Andri’s picture

Andri commented

it seems that module assigns users to IPs, not roles to IPs