I’m not sure about 0.9.6, but in Revo, the plugin events for login are geared toward rejecting a user rather than accepting them. I think it might work to have a plugin that listens for one of these:
OnBeforeManagerLogin
OnManagerFormRender
In the plugin, you’d test the IP. If the IP doesn’t check out - do nothing. If the IP checks out, log the user in Manually in the plugin code and redirect to the main manager page.
I was just working on this function to get the user’s IP earlier today (for a different use) and thought I’d toss it in:
/**
$allowReverseProxy = false;
$allowedReverseProxyAddresses = array();
* Returns the user's IP number.
* @returns string - user's IP number or false
* @access protected
*/
function _getAuthorIp() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { //check ip from proxy
return($_SERVER['HTTP_CLIENT_IP']);
}
if(!isset($_SERVER['REMOTE_ADDR'])) {
return null;
}
$ip = $_SERVER['REMOTE_ADDR'];
if($allowReverseProxy) {
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
if(!empty($allowedReverseProxyAddresses) && in_array($ip, $allowedReverseProxyAddresses, true)) {
return array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
}
}
// running in a cluster environment
if(isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) return $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
}
return $ip;
}
Someone else may have a better version.