IP range won't assign role, just individual IP
traviss359 - July 2, 2008 - 17:17
| Project: | ipAuthenticator - authenticates an IP to a role |
| Version: | 6.x-1.3 |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | jonfrancisskydiver |
| Status: | active |
Jump to:
Description
I have ipAuthenticator 5.x-1.1 installed on Drupal 5.7. When I enter a first IP of 128.223.0.0, a second IP of 128.223.255.255 and a role of "On Campus" and then try to view a node that requires the role "On Campus" from my computer with IP 128.223.29.42, I receive an "Access Denied" page instead of the node.
If however I add a new first IP of 128.223.29.42, no second IP and role of "On Campus" and view the node from my machine, the page is visible as expected.
I have tried different combinations of ranges such as 128.223.29.0 - 128.223.29.43 with no success. This is a great module and I would love to be able to use it for a large range of IP addresses. Any assistance would be wonderful.
Thanks.
#1
I have also noticed this behavior. I haven't had much time to look into it; but I have found a temporary solution. After you add the IP address range, go back and edit the ip address range and enter the second IP address and submit the form. That should work for you. It's certainly an annoyance and I apologize that it is there.
#2
Thank you for the quick reponse. I believe I was able to resolve my issue by making a small change to your ipAuthenticator.module file. The "less than" and "greater than" symbols were backwards for the ip range function to work. I switched them as seen in the snippet below, lines 386 to 393.
function ipauth_get_ip_authenticators($ip = "", $return_fields = "roles") {
$sql_where_clause = ("ALL" == $ip || "all" == $ip || "*" == $ip || "" == $ip) ? "1" : "(ip1 = '%s') OR (ip1 <= '%s' AND ip2 >= '%s')";
$sql = "SELECT ". $return_fields .", id FROM {ip_authenticator} WHERE ". $sql_where_clause;
// use the php functions and not the mysql function INET_ATON and INET_NTOA functions. This will provide greater database functionality.
$long_ip = sprintf("%u", ip2long($ip));
return db_query($sql, $long_ip, $long_ip, $long_ip);
} // end function ipauth_get_ip_authenticators
I can make a patch file if you would like. Thanks again for a great module!
#3
I have committed that change into the CVS (http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/ipAuthentic...). Thank you for looking into that error and figuring out the solution!
#4
Automatically closed -- issue fixed for two weeks with no activity.
#5
I have found this range problem too with the 6.x-1.3 (I see in 6.x-1.4 the inversion is corrected too) and an correct an other pb (see bellow)
$sql_where_clause = ("ALL" == $ip || "all" == $ip || "*" == $ip || "" == $ip) ? "1" : "(ip1 = '%s') OR (ip2 <> 0 AND ip1 <= %d AND ip2 >= %d)";
- same correction of invertion in ip1 et ip2
- I still use SQL to compare (not the sprintf), I don't know if on is better that and other (see %d without single cote)
- BUT IMPORTANT: I add ip2 <> 0 , because I only whant the SQL range check to be checked when ip2 exists. Because in my case, I have:
- ip2long is a negative number, (IP around 207.xxx.xxx..xxx)
- I have 1 range and 1 unique IP configure in IPAuthenticator
- the SQL range check range return always a TRUE. Because all my IP are negative, so ip <= ip2 is alway true (I have a other unique IP configure with ip2=0)
Regards, thx for your module, an other point, I will investigated a problem with the caching ....
#6
#7
I've updated some code and commit it to the HEAD revision.
I think that I may have corrected the negative integer issue by using sprintf("%u", ip2long($ip))... so the database table should still be unsigned. Could you send me the IP that was resulting in a negative integer?