The IP-Gatekeeper is a poor man's way to keep unwanted eyes off of a project. It was developed out of a need to allow client access to an unfinished product while still keeping out the general public. Rather than granting access through some sort of login mechanism, this tool analyzes the user's IP address to grant or deny access. While obviously not as secure as a login mechanism, this tool serves its purpose by providing a simply way of keeping out unwanted users, while granting access to a client without the need to remember yet another username and password.
Adding the IP Gatekeeper to any project is easy. Simply follow these instructions:
- Include the necessary gatekeeper file
- Configure the gatekeeper (see below)
- Create a new Gatekeeper object
- Put the Gatekeeper on guard
Example:
<?php
require_once('path/to/gatekeeper/gatekeeper.php');
$gatekeeper = new Gatekeeper();
$gatekeeper->guard('gatekeeper/');
?>
<html>
<body>
...
</body>
</html>Once setup, all unauthorized visitors will be redirected to a landing page; the URL/path of which is defined by the parameter passed to the $gatekeeper->guard() method.
To grant a user access to your project, simply ask them to visit the URL below. The authorization process can also be configured to require a password before granting access to the user.
http://yourdomain.com/path/to/gatekeeper/authorize/
Site administrators can also add/remove authorized users via the URL below. A password is required to access the admin area. See configuration details below for more information.
http://yourdomain.com/path/to/gatekeeper/admin/
The gatekeeper tool can be configured via the gatekeeper/gatekeeper-config.php file. Configuration options are defined below:
$config = array(
// The URL of the gatekeeper landing page
'gatekeeper_url' => 'http://yourdomain.com/gatekeeper/',
// The URL of your site/project
'project_url' => 'http://yourdomain.com/',
// User authentication password configuration
'auth_password_required' => false, // true/false
'auth_password' => 'auth-password-goes-here',
// Administration password configuration
'admin_password' => 'admin-password-goes-here'
);- Consider different sources for IP addresses [http://stackoverflow.com/questions/1634782/what-is-the-most-accurate-way-to-retrieve-a-users-correct-ip-address-in-php]. For example, some servers don't store the user's IP address in the "REMOTE_ADDR" variable.
- Add a troubleshooting section to my readme. Include something about making sure that the authorized IP text file is writeable. Perhaps include a notification in the landing page, or a system of checks and balances before authorizing a user.