IP Address Validation Help

Question

I am using this IP Validation Function that I came across while browsing, it has been working well until today i ran into a problem.

For some reason the function won't validate this IP as valid: 203.81.192.26

I'm not too great with regular expressions, so would appreciate any help on what could be wrong.

If you have another function, I would appreciate if you could post that for me.

The code for the function is below:

public static function validateIpAddress($ip_addr)
{
    global $errors;

    $preg = '#^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}' .
            '(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$#';

    if(preg_match($preg, $ip_addr))
    {
        //now all the intger values are separated
        $parts = explode(".", $ip_addr);

        //now we need to check each part can range from 0-255
        foreach($parts as $ip_parts)
        {
            if(intval($ip_parts) > 255 || intval($ip_parts) < 0)
            {
                $errors[] = "ip address is not valid.";
                return false;
            }

            return true;
        }

        return true;
    } else {
        $errors[] = "please double check the ip address.";
        return false;
    }
}

Answer 1

There is already something built-in to do this : http://fr.php.net/manual/en/filter.examples.validation.php See example 2

Answer 2

I prefer a simplistic approach described here. This should be considered valid for security purposes. Although make sure you get it from $_SERVER['REMOTE_ADDR'], any other http header can be spoofed.

function validateIpAddress($ip){
    return long2ip(ip2long($ip)))==$ip;
}

Answer 3

Have you tried using built-in functions to try and validate the address? For example, you can use ip2long and long2ip to convert the human-readable dotted IP address into the number it represents, then back. If the strings are identical, the IP is valid.

There's also the filter extension, which has an IP validation option. filter is included by default in PHP 5.2 and better.

Answer 4

Well, why are you doing both regex and int comparisons? You are "double" checking the address. Also, your second check is not valid, as it will always return true if the first octet is valid (you have a return true inside of the foreach loop).

You could do:

$parts = explode('.', $ip_addr);
if (count($parts) == 4) {
    foreach ($parts as $part) { 
        if ($part > 255 || $part < 0) {
            //error
        }
    }
    return true;
} else {
    return false;
}

But as others have suggested, ip2long/long2ip may suit your needs better...