How to check if your WAP/WEB site visitor is a BITE customer

To see if your site visitor is a BITE customer, you have to check IP adress from which the user is coming, and to see if there is users' Bite-Account-Id in the HTTP request header.

On your site you can identify user based on Account ID, but since HTTP headers can be spoofed from security perspective you must also validate users' IP address to know if he is really a BITE customer. In addition, starting from October 1st 2007, real BITE customers may be connecting via Opera Mini application and use Opera Mini gateway. For these customers the gateway IP address is different. BITE gateways uses IP addresses and Opera Mini uses IP ranges specified in the text file http://partner.biteplius.lt/biteip.txt, this file is freely accessible.

Minisite has to validate:

  1. if user‘s IP address is from BITE gateway/Opera Mini IP range;
  2. user‘s ACCOUNT ID.

BITE gateway and/or Opera Mini IP ranges may change, so provider should make automated IP validation mechanism for this own convenience.

Following steps need to be taken during IP validation procedure (see the UML sequence diagram below):

  1. Partner makes local copy of valid IP list and date taken from http://partner.biteplius.lt/biteip.txt. These IPs can be stored anywhere depending on minisite’s infrastructure;
  2. After that, partner’s minisite performs one check every day on date when file has been updated (date is a first line in biteip.txt);
  3. If occurs that minisite’s local copy of IP list is out of date, the valid list should be read from biteip.txt.

BITE gateway/Opera Mini IP validation procedure

This scenario is recommended, but can vary depending on partner’s needs. Keeping in mind, that up to date BITE gateway and Opera Mini IP ranges are stored in biteip.txt and accessible.

User is BITE customer and uses BITE gateway or Opera Mini application when both conditions are met (user‘s ACCOUNT ID is not 0 and user‘s IP address is from valid IP range. NOTE: IP range is defined by subnetwork mask represented in the end of IP address after ”/” sign).

User validation code example is provided below (excluding date checking functions).

<?php
class MobileUser
{
    private $accountId	= 0;

    public
    function __construct()
    {
        if (isset($_SERVER['HTTP_BITE_ACCOUNT_ID']))
            $this->accountId    = $_SERVER['HTTP_BITE_ACCOUNT_ID'];
    }

    /**
     * Tells whether current user is a valid one.
     *
     * @return  boolean
     */
    public
    function isValid()
    {
        return $this->getAccountId() && $this->isValidGateway();
    }

    /**
     * Returns users account id
     *
     * @return  string(?)
     */
    public
    function getAccountId()
    {
        return $this->accountId;
    }

  
  /**
     * Tells whether user uses a valid gateway or not
     *
     * @return  boolean
  */
    private
    function isValidGateway()
    {
        $ip         = $_SERVER['REMOTE_ADDR'];
        //$gateways	= $config->get('valid_gateways');
        $gateways   = array(
                 /**
                    * These addresses should be read from local copy 
                    * of IP list. Up to date IP list is provided in 
                    * http://partner.biteplius.lt/biteip.txt.
                 */
		'213.226.131.21',
		'213.226.131.132',
		'213.226.131.133',
		'213.226.131.154',
		'213.226.131.141',
		'213.226.131.149',
		'213.226.131.151',
		'84.15.15.4',
		'84.15.15.5',
		'84.15.15.10',
		'84.15.15.11',
		'84.15.15.12',
               '195.189.142.0/23',
		'195.189.142.0/24',
		'195.189.143.0/24',
		'80.232.117.0/24',
               '91.203.96.0/22',
		'64.255.180.0/24',
		'94.246.126.0/23',
		'91.203.96.47',
		'94.246.127.0/24',

            );

        foreach ($gateways as $gateway)
            if (self::ipInRange($ip, $gateway))
            	return true;

        return false;
    }

    /**
     * Tells whether ip is in ip range.
     * Note: could be moved into a separate library.
     *
     * @param   string  $ip
     * @param   string  $ipRange
     * @return  boolean
     */
    private static
    function ipInRange($ip, $ipRange)
    {
        if (false === strpos($ipRange, '/'))
            return $ip == $ipRange;

        list($net, $mask)   = split('/', $ipRange);
        $ipNet              = ip2long($net);
        $ipMask             = ~((1 << (32 - $mask)) - 1);
        $checkIp            = ip2long($ip);
        $checkIpNet         = $checkIp & $ipMask;
        return $checkIpNet == $ipNet;
    }
}
?>
 
gateway_code_example.txt · Last modified: 2019/04/19 11:56 by tomas