function is_reverse_proxied()
{
$reverseProxied = false;
// TODO multiple ips!
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_FORWARDED_FOR']) || !empty($_SERVER['HTTP_CLIENT_IP']) || !empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) {
$ip = $_SERVER['REMOTE_ADDR'];
// First check for requests that originate from localhost
$reverseProxied = $reverseProxied || ip_in_range($ip, "10.0.0.0/8");
$reverseProxied = $reverseProxied || ip_in_range($ip, "127.0.0.1/8");
$reverseProxied = $reverseProxied || ip_in_range($ip, "172.16.0.0/12");
$reverseProxied = $reverseProxied || ip_in_range($ip, "192.168.0.0/16");
// Then check for CloudFlare
$reverseProxied = $reverseProxied || ip_in_range($ip, "204.93.240.0/24");
$reverseProxied = $reverseProxied || ip_in_range($ip, "204.93.177.0/24");
$reverseProxied = $reverseProxied || ip_in_range($ip, "199.27.128.0/21");
$reverseProxied = $reverseProxied || ip_in_range($ip, "173.245.48.0/20");
$reverseProxied = $reverseProxied || ip_in_range($ip, "103.22.200.0/22");
$reverseProxied = $reverseProxied || ip_in_range($ip, "141.101.64.0/18");
if (!empty($proxy_ranges)) {
foreach ($proxy_ranges as $proxy_range) {
$reverseProxied = $reverseProxied || ip_in_range($ip, $proxy_range);
}
}
}
return $reverseProxied;
}
function cloudflare_init() {
global $cf_api_host, $cf_api_port, $is_cf;
$cf_api_host = "ssl://www.cloudflare.com";
$cf_api_port = 443;
$cf_ip_ranges = array("204.93.240.0/24", "204.93.177.0/24", "199.27.128.0/21", "173.245.48.0/20", "103.22.200.0/22", "141.101.64.0/18");
$is_cf = ($_SERVER["HTTP_CF_CONNECTING_IP"])? TRUE: FALSE;
// Update the REMOTE_ADDR value if the current REMOTE_ADDR value is in the specified range.
foreach ($cf_ip_ranges as $range) {
if (ip_in_range($_SERVER["REMOTE_ADDR"], $range)) {
if ($_SERVER["HTTP_CF_CONNECTING_IP"]) {
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}
break;
}
}
// Let people know that the CF WP plugin is turned on.
if (!headers_sent()) {
header("X-CF-Powered-By: WP " . CLOUDFLARE_VERSION);
}
add_action('admin_menu', 'cloudflare_config_page');
cloudflare_admin_warnings();
}
/**
* Constructor
*
* @access public
* @return void
*
**/
public function __construct()
{
parent::__construct();
// --------------------------------------------------------------------------
$this->_authorised = TRUE;
$this->_error = '';
// --------------------------------------------------------------------------
// Constructor mabobs.
// IP whitelist?
$_ip_whitelist = json_decode(APP_ADMIN_IP_WHITELIST);
if ($_ip_whitelist) {
if (!ip_in_range($this->input->ip_address(), $_ip_whitelist)) {
show_404();
}
}
// Only logged in users
if (!$this->user_model->is_logged_in()) {
$this->_authorised = FALSE;
$this->_error = lang('auth_require_session');
// Only admins
} elseif (!$this->user_model->is_admin()) {
$this->_authorised = FALSE;
$this->_error = lang('auth_require_administrator');
}
}
function plaintext_is_ok()
{
global $CFG;
$trusted_hosts = explode(',', get_config('mnet', 'mnet_trusted_hosts'));
foreach ($trusted_hosts as $host) {
list($network, $mask) = explode('/', $host . '/');
if (empty($network)) {
continue;
}
if (strlen($mask) == 0) {
$mask = 32;
}
if (ip_in_range($_SERVER['REMOTE_ADDR'], $network, $mask)) {
return true;
}
}
return false;
}
function onAfterInitialise()
{
global $is_cf;
$is_cf = FALSE;
$cf_ip_ranges = array('204.93.240.0/24', '204.93.177.0/24', '199.27.128.0/21', '173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18', '108.162.192.0/18', '190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15');
foreach ($cf_ip_ranges as $range) {
if (ip_in_range($_SERVER["REMOTE_ADDR"], $range)) {
if ($_SERVER["HTTP_CF_CONNECTING_IP"]) {
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
$is_cf = TRUE;
}
break;
}
}
// Let people know that the CF plugin is turned on.
if (!headers_sent()) {
header("X-CF-Powered-By: CF-Joomla " . CLOUDFLARE_VERSION);
}
}
/**
* Updates the IP which PHP sees, if necessary.
*
* @param array $params An object containing the module parameters
* @access public
* @side-effect -- sets the global var is_cf
*/
function updateIP($params)
{
global $is_cf;
$is_cf = FALSE;
$cf_ip_ranges = array("204.93.240.0/24", "204.93.177.0/24", "199.27.128.0/21", "173.245.48.0/20", "103.22.200.0/22");
foreach ($cf_ip_ranges as $range) {
if (ip_in_range($_SERVER["REMOTE_ADDR"], $range)) {
if ($_SERVER["HTTP_CF_CONNECTING_IP"]) {
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
$is_cf = TRUE;
}
break;
}
}
// Let people know that the CF plugin is turned on.
if (!headers_sent()) {
header("X-CF-Powered-By: Mod-CF-Joomla " . CLOUDFLARE_VERSION);
}
return $_SERVER["REMOTE_ADDR"];
}
public function __construct()
{
parent::__construct();
// If cloudflare isn't telling us a client IP, bust outta here!
$CloudflareClientIP = val('HTTP_CF_CONNECTING_IP', $_SERVER, NULL);
if (is_null($CloudflareClientIP)) {
return;
}
$RequestAddress = Gdn::Request()->RequestAddress();
$CloudflareRequest = FALSE;
foreach ($this->CloudflareSourceIPs as $CloudflareIPRange) {
// Not a cloudflare origin server
if (!ip_in_range($RequestAddress, $CloudflareIPRange)) {
continue;
}
Gdn::Request()->RequestAddress($CloudflareClientIP);
$CloudflareRequest = TRUE;
break;
}
// Let people know that the CF plugin is turned on.
if ($CloudflareRequest && !headers_sent()) {
header("X-CF-Powered-By: CF-Vanilla v" . $this->GetPluginKey('Version'));
}
}
/**
* @return bool
*/
function captcha_check()
{
global $config, $user;
if (DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) {
return true;
}
if ($user->is_anonymous() && $config->get_bool("comment_captcha")) {
$r_privatekey = $config->get_string('api_recaptcha_privkey');
if (!empty($r_privatekey)) {
$resp = recaptcha_check_answer($r_privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
log_info("core", "Captcha failed (ReCaptcha): " . $resp->error);
return false;
}
} else {
session_start();
$securimg = new Securimage();
if ($securimg->check($_POST['code']) == false) {
log_info("core", "Captcha failed (Securimage)");
return false;
}
}
}
return true;
}
/**
* This function checks if authentication needs to be forces over an authentication source.
*
* @return void
*/
function simplesaml_check_force_authentication()
{
if (elgg_is_logged_in()) {
// no need to do anything if already logged in
return;
}
if (isset($_GET["disable_sso"])) {
// bypass for sso
$_SESSION["simpleaml_disable_sso"] = true;
return;
}
if (isset($_SESSION["simpleaml_disable_sso"]) && $_SESSION["simpleaml_disable_sso"] === true) {
// sso was bypassed on a previous page
return;
}
if (strpos(current_page_url(), elgg_get_site_url() . "saml/no_linked_account") === 0) {
// do not force authentication on the no_linked_account page
return;
}
$source = elgg_get_plugin_setting("force_authentication", "simplesaml");
if (!$source) {
return;
}
if (!simplesaml_is_enabled_source($source)) {
return;
}
$ip_filter = elgg_get_plugin_setting($source . "_force_ip_filter", "simplesaml");
if ($ip_filter) {
elgg_load_library("pgregg.ipcheck");
$client_ip = $_SERVER["REMOTE_ADDR"];
$client_ip = elgg_trigger_plugin_hook("remote_address", "system", array("remote_address" => $client_ip), $client_ip);
$ip_ranges = explode(',', $ip_filter);
$found = false;
foreach ($ip_ranges as $range) {
if (ip_in_range($client_ip, $range)) {
$found = true;
break;
}
}
if (!$found) {
return;
}
}
if (!isset($_SESSION["last_forward_from"])) {
$_SESSION["last_forward_from"] = current_page_url();
}
forward("saml/login/" . $source);
}
function check_ip($mask, $ip)
{
// Убираем пробелы рядом с дефисом
$mask = str_replace(' -', '-', $mask);
$mask = str_replace('- ', '-', $mask);
// Заменяем все разделители запятыми
$mask = str_replace(';', ' ', $mask);
$mask = str_replace(',', ' ', $mask);
$mask = preg_replace("/\\s+/", ' ', $mask);
$mask = explode(' ', $mask);
foreach ($mask as $current_mask) {
// Имеем дело с диапазоном IP
if (strstr($current_mask, '-') !== false) {
list($ip_start, $ip_end) = explode('-', $current_mask);
if (ip_in_range($ip, $ip_start, $ip_end)) {
return true;
}
// Одиночный IP, возможно с *
} else {
if (ip_in_range($ip, $current_mask)) {
return true;
}
}
}
return false;
}
function spam_score($url, $title = "", $check_ip = true)
{
$score = 0;
if ($check_ip) {
/* Check DNSBLs */
if (check_blacklisted()) {
/* If a user is blacklisted in a DNSBL, his submission will be
* held for manual review. We do not want to assign any further
* spam points to this submission to avoid him accidentally
* getting blocked, so we return with a score of 5. */
return 5;
}
/* Check internal banlist */
if (check_banlist()) {
return 10;
}
}
if (!preg_match("/^https?:\\/\\/([^\\/:]*?\\.[^\\/:]*)(\\/|:[0-9]{1,5}|\$)/", $url, $matches)) {
return 10;
}
$domain = $matches[1];
if (preg_match("/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\$/", $domain)) {
$localhost = false;
$localhost = $localhost || ip_in_range($domain, "10.0.0.0/8");
$localhost = $localhost || ip_in_range($domain, "127.0.0.1/8");
$localhost = $localhost || ip_in_range($domain, "172.16.0.0/12");
$localhost = $localhost || ip_in_range($domain, "192.168.0.0/16");
if ($localhost) {
// Adding entries that point to localhost is not allowed.
return 10;
}
}
$domain_parts = explode(".", $domain);
$top_domain = $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
if ($result = mysql_query_cached("SELECT * FROM blacklist")) {
$blacklist = $result->data;
} else {
return $score;
}
$banned_domains = array();
$banned_parts = array();
$banned_ips = array();
$banned_titles = array();
foreach ($blacklist as $element) {
if ($element['Type'] == "0") {
$banned_ips[] = $element['Value'];
} elseif ($element['Type'] == "1") {
$banned_parts[] = $element['Value'];
} elseif ($element['Type'] == "2") {
$banned_domains[] = $element['Value'];
} elseif ($element['Type'] == "3") {
$banned_titles[] = $element['Value'];
}
}
$ipList = explode(",", get_ip());
foreach ($ipList as $ip) {
if (in_array($ip, $banned_ips)) {
$score += 5;
}
}
if (count($domain_parts) >= 3) {
$sub_domain = $domain_parts[count($domain_parts) - 3] . "." . $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
} else {
$sub_domain = $top_domain;
}
foreach ($banned_domains as $part) {
if (strtolower($part) == strtolower($top_domain) || strtolower($part) == strtolower($sub_domain)) {
$score += 10;
} elseif (strpos($url, $part) !== false) {
$score += 5;
}
}
foreach ($banned_parts as $part) {
if (strpos(strtolower($url), strtolower($part)) !== false) {
$score += 3;
}
}
if (!empty($title)) {
foreach ($banned_titles as $part) {
if (strpos(strtolower($title), strtolower($part)) !== false) {
$score += 3;
}
}
}
return $score;
}
}
if (strpos($range, '-') !== false) {
// A-B format
list($lower, $upper) = explode('-', $range, 2);
$lower_dec = (double) sprintf("%u", ip2long($lower));
$upper_dec = (double) sprintf("%u", ip2long($upper));
$ip_dec = (double) sprintf("%u", ip2long($ip));
return $ip_dec >= $lower_dec && $ip_dec <= $upper_dec;
}
return false;
}
}
if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$cf_ip_ranges = array('204.93.240.0/24', '204.93.177.0/24', '199.27.128.0/21', '173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18', '108.162.192.0/18', '190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15');
foreach ($cf_ip_ranges as $range) {
if (ip_in_range($_SERVER['REMOTE_ADDR'], $range)) {
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
break;
}
}
}
$_SERVER['REMOTE_ADDR'] = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP);
$_SERVER['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'] === false ? '0.0.0.0' : $_SERVER['REMOTE_ADDR'];
function convert_number_to_words($number)
{
$hyphen = '-';
$conjunction = ' and ';
$separator = ', ';
$negative = 'negative ';
$decimal = ' point ';
$dictionary = array(0 => 'zero', 1 => 'one', 2 => 'two', 3 => 'three', 4 => 'four', 5 => 'five', 6 => 'six', 7 => 'seven', 8 => 'eight', 9 => 'nine', 10 => 'ten', 11 => 'eleven', 12 => 'twelve', 13 => 'thirteen', 14 => 'fourteen', 15 => 'fifteen', 16 => 'sixteen', 17 => 'seventeen', 18 => 'eighteen', 19 => 'nineteen', 20 => 'twenty', 30 => 'thirty', 40 => 'fourty', 50 => 'fifty', 60 => 'sixty', 70 => 'seventy', 80 => 'eighty', 90 => 'ninety', 100 => 'hundred', 1000 => 'thousand', 1000000 => 'million', 1000000000 => 'billion', 1000000000000.0 => 'trillion', 1000000000000000.0 => 'quadrillion', 1.0E+18 => 'quintillion');
if (!defined('ALM_WHITELIST')) {
define('ALM_WHITELIST', '127.0.0.1/32,::1');
}
# IPv4,IPv6
$whitelist_ips = explode(',', ALM_WHITELIST);
# Verifyin localhost is in the list
if (!in_array('127.0.0.1', $whitelist_ips)) {
$whitelist_ips[] = '127.0.0.1/32';
}
if (!in_array('::1', $whitelist_ips)) {
$whitelist_ips[] = '::1';
}
# Verifying if the address if whitelisting
$ip = explode(',', !empty($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['REMOTE_ADDR'] == '127.0.0.1' ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
$ip = trim($ip[count($ip) - 1]);
$whitelist = ip_in_range($ip, $whitelist_ips);
$smarty->assign('whitelist', $whitelist);
if (!empty($_POST)) {
# Aqui tomo en cuenta que el servidor puede estar usando varnish
//Cargo credenciales y voy a 404
$txtcaptcha = preg_replace('/[^A-Za-z0-9]/', '', $_POST['txtcaptcha']);
if (!$whitelist && md5($txtcaptcha) === $_SESSION['key'] && check_user($_POST['alm_user'], $_POST['password'])) {
#error_log("ALM CAPTCHA: Good $txtcaptcha " . md5($txtcaptcha) . "!== " . $_SESSION['key']);
if (empty($_REQUEST['redirect_to'])) {
header('location: ./');
} else {
header('location: ' . $_REQUEST['redirect_to']);
}
exit;
} elseif ($whitelist && check_user($_POST['alm_user'], $_POST['password'])) {
if (empty($_REQUEST['redirect_to'])) {
/**
* Common constructor for all admin pages
*
* @access public
* @return void
*
**/
public function __construct()
{
parent::__construct();
// --------------------------------------------------------------------------
// IP whitelist?
$_ip_whitelist = json_decode(APP_ADMIN_IP_WHITELIST);
if ($_ip_whitelist) {
if (!ip_in_range($this->input->ip_address(), $_ip_whitelist)) {
show_404();
}
}
// --------------------------------------------------------------------------
// Admins only please
if (!$this->user_model->is_admin()) {
unauthorised();
}
// --------------------------------------------------------------------------
// Load up the generic admin langfile
$this->lang->load('admin_generic');
// --------------------------------------------------------------------------
// Check that admin is running on the SECURE_BASE_URL url
if (APP_SSL_ROUTING) {
$_host1 = $this->input->server('HTTP_HOST');
$_host2 = parse_url(SECURE_BASE_URL);
if (!empty($_host2['host']) && $_host2['host'] != $_host1) {
// Not on the secure URL, redirect with message
$_redirect = $this->input->server('REQUEST_URI');
if ($_redirect) {
$this->session->set_flashdata('message', lang('admin_not_secure'));
redirect($_redirect);
}
}
}
// --------------------------------------------------------------------------
// Load admin helper and config
$this->load->model('admin_model');
$this->config->load('admin');
if (file_exists(FCPATH . 'application/config/admin.php')) {
$this->config->load('admin');
}
// --------------------------------------------------------------------------
// Load up the modules which have been enabled for this installation and the
// user has permission to see.
$this->_loaded_modules = array();
$this->data['loaded_modules'] =& $this->_loaded_modules;
$this->_load_active_modules();
// --------------------------------------------------------------------------
// Check the user has permission to view this module (skip the dashboard
// we need to show them _something_)
$_active_module = $this->uri->segment(2);
$_active_method = $this->uri->segment(3, 'index');
$_acl = active_user('acl');
if (!$this->user_model->is_superuser() && !isset($this->_loaded_modules[$_active_module])) {
// If this is the dashboard, we should see if the user has permission to
// access any other modules before we 404 their ass.
if ($_active_module == 'dashboard' || $_active_module == '') {
// Look at the user's ACL
if (isset($_acl['admin'])) {
// If they have other modules defined, loop them until one is found
// which appears in the loaded modules list. If this doesn't happen
// then they'll fall back to the 'no loaded modules' page.
foreach ($_acl['admin'] as $module => $methods) {
if (isset($this->_loaded_modules[$module])) {
redirect('admin/' . $module);
break;
}
}
}
} else {
// Oh well, it's not, 404 bitches!
show_404();
}
} elseif (!$this->user_model->is_superuser()) {
// Module is OK, check to make sure they can access this method
if (!isset($_acl['admin'][$_active_module][$_active_method])) {
unauthorised();
}
}
// --------------------------------------------------------------------------
// Load libraries and helpers
$this->load->library('cdn');
$this->load->helper('admin');
// --------------------------------------------------------------------------
// Add the current module to the $page variable (for convenience)
$this->data['page'] = new stdClass();
if (isset($this->_loaded_modules[$this->uri->segment(2)])) {
$this->data['page']->module = $this->_loaded_modules[$this->uri->segment(2)];
} else {
$this->data['page']->moduled = FALSE;
}
// --------------------------------------------------------------------------
// Unload any previously loaded assets, admin handles it's own assets
$this->asset->clear_all();
// CSS
$this->asset->load('fancybox/source/jquery.fancybox.css', 'BOWER');
$this->asset->load('jquery-toggles/toggles.css', 'BOWER');
$this->asset->load('jquery-toggles/themes/toggles-modern.css', 'BOWER');
$this->asset->load('tipsy/src/stylesheets/tipsy.css', 'BOWER');
$this->asset->load('ionicons/css/ionicons.min.css', 'BOWER');
$this->asset->load('nails.admin.css', TRUE);
// JS
$this->asset->load('jquery/dist/jquery.min.js', 'BOWER');
$this->asset->load('fancybox/source/jquery.fancybox.pack.js', 'BOWER');
$this->asset->load('jquery-toggles/toggles.min.js', 'BOWER');
$this->asset->load('tipsy/src/javascripts/jquery.tipsy.js', 'BOWER');
$this->asset->load('jquery.scrollTo/jquery.scrollTo.min.js', 'BOWER');
$this->asset->load('jquery-cookie/jquery.cookie.js', 'BOWER');
$this->asset->load('nails.default.min.js', TRUE);
$this->asset->load('nails.admin.min.js', TRUE);
$this->asset->load('nails.forms.min.js', TRUE);
$this->asset->load('nails.api.min.js', TRUE);
// Libraries
$this->asset->library('jqueryui');
$this->asset->library('select2');
$this->asset->library('ckeditor');
// Look for any Admin styles provided by the app
if (file_exists(FCPATH . 'assets/css/admin.css')) {
$this->asset->load('admin.css');
}
// Inline assets
$_js = 'var _nails,_nails_admin,_nails_forms;';
$_js .= '$(function(){';
$_js .= 'if ( typeof( NAILS_JS ) === \'function\' ){';
$_js .= '_nails = new NAILS_JS();';
$_js .= '_nails.init();';
$_js .= '}';
$_js .= 'if ( typeof( NAILS_Admin ) === \'function\' ){';
$_js .= '_nails_admin = new NAILS_Admin();';
$_js .= '_nails_admin.init();';
$_js .= '}';
$_js .= 'if ( typeof( NAILS_Forms ) === \'function\' ){';
$_js .= '_nails_forms = new NAILS_Forms();';
$_js .= '}';
$_js .= 'if ( typeof( NAILS_API ) === \'function\' ){';
$_js .= '_nails_api = new NAILS_API();';
$_js .= '}';
$_js .= '});';
$this->asset->inline('<script>' . $_js . '</script>');
// --------------------------------------------------------------------------
// Initialise the admin change log model
$this->load->model('admin_changelog_model');
}
*/
function ip_in_range($ip, $range)
{
if (strpos($range, '/') == false) {
$range .= '/32';
}
// $range is in IP/CIDR format eg 127.0.0.1/24
list($range, $netmask) = explode('/', $range, 2);
$rangeDecimal = ip2long($range);
$ipDecimal = ip2long($ip);
$wildcardDecimal = pow(2, 32 - $netmask) - 1;
$netmaskDecimal = ~$wildcardDecimal;
return ($ipDecimal & $netmaskDecimal) == ($rangeDecimal & $netmaskDecimal);
}
// This check prevents access to debug front controllers that are deployed by accident to production servers.
// Feel free to remove this, extend it, or make something more sophisticated.
if (!ip_in_range(@$_SERVER['REMOTE_ADDR'], '172.17.42.1/16') && (isset($_SERVER['HTTP_CLIENT_IP']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || !(in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1')) || php_sapi_name() === 'cli-server'))) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check ' . basename(__FILE__) . ' for more information.');
}
/**
* @var Composer\Autoload\ClassLoader $loader
*/
$loader = (require __DIR__ . '/../app/autoload.php');
Debug::enable();
$kernel = new AppKernel('dev', true);
$kernel->loadClassCache();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
private function check_ip_ban()
{
global $config;
global $database;
$prefix = $database->engine->name == "sqlite" ? "bans." : "";
$remote = $_SERVER['REMOTE_ADDR'];
$bans = $this->get_active_bans();
foreach ($bans as $row) {
$ip = $row[$prefix . "ip"];
if (strstr($ip, '/') && ip_in_range($remote, $ip) || $ip == $remote) {
$reason = $row[$prefix . 'reason'];
$admin = User::by_id($row[$prefix . 'banner_id']);
$date = date("Y-m-d", $row[$prefix . 'end_timestamp']);
print "IP <b>{$ip}</b> has been banned until <b>{$date}</b> by <b>{$admin->name}</b> because of <b>{$reason}</b>";
$contact_link = $config->get_string("contact_link");
if (!empty($contact_link)) {
print "<p><a href='{$contact_link}'>Contact The Admin</a>";
}
exit;
}
}
}
echo "<br />";
echo "URL will be: {$whichOne}/{$command}<br />";
$response = file_get_contents("http://{$whichOne}/{$command}");
return true;
}
if (!$_REQUEST["command"]) {
echo "Didn't get a command";
die;
}
/* First, check to see if control is allowed
I check the incoming ip address, if it's not in house
then maybe it has the secret word. If not both of those,
toss them out
*/
$ip = $_SERVER["REMOTE_ADDR"];
$ipok = ip_in_range($ip, '192.168.*.*');
echo $ip, ' in my house? ', $ipok ? ' OK' : ' Fail', "<br />";
$secret = isset($_REQUEST['secret']) ? $_REQUEST['secret'] : 'jerk';
/*echo "Got: $secret<br />*/
$config = file_get_contents("/home/pi/.houserc");
$passwd = json_decode($config, true)["webpasswd"];
if (!$ipok && $passwd != $secret) {
echo "Quit messing around<br />";
die;
}
/*
Suck the ip addresses for the various processes out
of the json string I got from the .houserc file.
I put them here instead of each section to cut down on
typing and bugs.
*/
function ip_in_ranges($ip, $ranges_string)
{
if (empty($ranges_string)) {
return FALSE;
}
$ranges = explode(';', $ranges_string);
foreach ($ranges as $range) {
$range = trim($range);
if (!empty($range) && ip_in_range($ip, $range)) {
return TRUE;
}
}
return FALSE;
}
private function block($remote)
{
global $config, $database;
$prefix = $database->get_driver_name() == "sqlite" ? "bans." : "";
$bans = $this->get_active_bans();
foreach ($bans as $row) {
$ip = $row[$prefix . "ip"];
if (strstr($ip, '/') && ip_in_range($remote, $ip) || $ip == $remote) {
$reason = $row[$prefix . 'reason'];
$admin = User::by_id($row[$prefix . 'banner_id']);
$date = date("Y-m-d", $row[$prefix . 'end_timestamp']);
header("HTTP/1.0 403 Forbidden");
print "IP <b>{$ip}</b> has been banned until <b>{$date}</b> by <b>{$admin->name}</b> because of <b>{$reason}</b>\n";
print "<p>If you couldn't possibly be guilty of what you're banned for, the person we banned probably had a dynamic IP address and so do you. See <a href='http://whatismyipaddress.com/dynamic-static'>http://whatismyipaddress.com/dynamic-static</a> for more information.\n";
$contact_link = $config->get_string("contact_link");
if (!empty($contact_link)) {
print "<p><a href='{$contact_link}'>Contact The Admin</a>";
}
exit;
}
}
log_error("ipban", "block({$remote}) called but no bans matched");
exit;
}
$old_trusted_hosts = explode(',', $old_trusted_hosts);
} else {
$old_trusted_hosts = array();
}
$test_ip_address = optional_param('testipaddress', NULL, PARAM_HOST);
$in_range = false;
if (!empty($test_ip_address)) {
foreach ($old_trusted_hosts as $host) {
list($network, $mask) = explode('/', $host . '/');
if (empty($network)) {
continue;
}
if (strlen($mask) == 0) {
$mask = 32;
}
if (ip_in_range($test_ip_address, $network, $mask)) {
$in_range = true;
$validated_by = $network . '/' . $mask;
break;
}
}
}
/// If data submitted, process and store
if (($form = data_submitted()) && confirm_sesskey()) {
$hostlist = preg_split("/[\\s,]+/", $form->hostlist);
foreach ($hostlist as $host) {
list($address, $mask) = explode('/', $host . '/');
if (empty($address)) {
continue;
}
if (strlen($mask) == 0) {
function entity_view_counter_ignore_ip()
{
elgg_load_library("pgregg.ipcheck");
$client_ip = $_SERVER["REMOTE_ADDR"];
$client_ip = elgg_trigger_plugin_hook("remote_address", "system", array("remote_address" => $client_ip), $client_ip);
$ranges = explode(',', elgg_get_plugin_setting("ignore_ips", "entity_view_counter"));
foreach ($ranges as $range) {
if (ip_in_range($client_ip, $range)) {
return true;
}
}
return false;
}
function importPTRData()
{
$net = spotEntity('ipv4net', getBypassValue());
assertUIntArg('addrcount');
$nbad = $ngood = 0;
for ($i = 1; $i <= $_REQUEST['addrcount']; $i++) {
$inputname = "import_{$i}";
if (!isCheckSet($inputname)) {
continue;
}
$ip_bin = assertIPv4Arg("addr_{$i}");
assertStringArg("descr_{$i}", TRUE);
assertStringArg("rsvd_{$i}");
// Non-existent addresses will not have this argument set in request.
$rsvd = 'no';
if ($_REQUEST["rsvd_{$i}"] == 'yes') {
$rsvd = 'yes';
}
try {
if (!ip_in_range($ip_bin, $net)) {
throw new InvalidArgException('ip_bin', $ip_bin);
}
updateAddress($ip_bin, $_REQUEST["descr_{$i}"], $rsvd);
$ngood++;
} catch (RackTablesError $e) {
$nbad++;
}
}
if (!$nbad) {
showFuncMessage(__FUNCTION__, 'OK', array($ngood));
} else {
showFuncMessage(__FUNCTION__, 'ERR', array($nbad, $ngood));
}
}
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$my_ip = gethostbyname("leancode.duckdns.org");
$valid_ip_ranges = array("131.103.20.160/27", "165.254.145.0/26", "104.192.143.0/24", $my_ip . "/32");
$ip_passed = 0;
foreach ($valid_ip_ranges as $valid_ip_range) {
echo $valid_ip_range;
if (ip_in_range($ip, $valid_ip_range)) {
$ip_passed++;
echo "=>OK<br>";
} else {
echo "=>FAIL<br>";
}
}
if (!$ip_passed) {
header('HTTP/1.1 401 Unauthorized');
exit;
}
passthru('git pull');
/*
* ip_in_range.php - Function to determine if an IP is located in a
* specific range as specified via several alternative
* formats.
*
* Network ranges can be specified as:
* 1. Wildcard format: 1.2.3.*
* 2. CIDR format: 1.2.3/24 OR 1.2.3.4/255.255.255.0
* 3. Start-End IP format: 1.2.3.0-1.2.3.255
*
* Return value BOOLEAN : ip_in_range($ip, $range);
