function is_reverse_proxied() { $reverseProxied = false; // TODO multiple ips! if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_FORWARDED_FOR']) || !empty($_SERVER['HTTP_CLIENT_IP']) || !empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) { $ip = $_SERVER['REMOTE_ADDR']; // First check for requests that originate from localhost $reverseProxied = $reverseProxied || ip_in_range($ip, "10.0.0.0/8"); $reverseProxied = $reverseProxied || ip_in_range($ip, "127.0.0.1/8"); $reverseProxied = $reverseProxied || ip_in_range($ip, "172.16.0.0/12"); $reverseProxied = $reverseProxied || ip_in_range($ip, "192.168.0.0/16"); // Then check for CloudFlare $reverseProxied = $reverseProxied || ip_in_range($ip, "204.93.240.0/24"); $reverseProxied = $reverseProxied || ip_in_range($ip, "204.93.177.0/24"); $reverseProxied = $reverseProxied || ip_in_range($ip, "199.27.128.0/21"); $reverseProxied = $reverseProxied || ip_in_range($ip, "173.245.48.0/20"); $reverseProxied = $reverseProxied || ip_in_range($ip, "103.22.200.0/22"); $reverseProxied = $reverseProxied || ip_in_range($ip, "141.101.64.0/18"); if (!empty($proxy_ranges)) { foreach ($proxy_ranges as $proxy_range) { $reverseProxied = $reverseProxied || ip_in_range($ip, $proxy_range); } } } return $reverseProxied; }
function cloudflare_init() { global $cf_api_host, $cf_api_port, $is_cf; $cf_api_host = "ssl://www.cloudflare.com"; $cf_api_port = 443; $cf_ip_ranges = array("204.93.240.0/24", "204.93.177.0/24", "199.27.128.0/21", "173.245.48.0/20", "103.22.200.0/22", "141.101.64.0/18"); $is_cf = ($_SERVER["HTTP_CF_CONNECTING_IP"])? TRUE: FALSE; // Update the REMOTE_ADDR value if the current REMOTE_ADDR value is in the specified range. foreach ($cf_ip_ranges as $range) { if (ip_in_range($_SERVER["REMOTE_ADDR"], $range)) { if ($_SERVER["HTTP_CF_CONNECTING_IP"]) { $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"]; } break; } } // Let people know that the CF WP plugin is turned on. if (!headers_sent()) { header("X-CF-Powered-By: WP " . CLOUDFLARE_VERSION); } add_action('admin_menu', 'cloudflare_config_page'); cloudflare_admin_warnings(); }
/** * Constructor * * @access public * @return void * **/ public function __construct() { parent::__construct(); // -------------------------------------------------------------------------- $this->_authorised = TRUE; $this->_error = ''; // -------------------------------------------------------------------------- // Constructor mabobs. // IP whitelist? $_ip_whitelist = json_decode(APP_ADMIN_IP_WHITELIST); if ($_ip_whitelist) { if (!ip_in_range($this->input->ip_address(), $_ip_whitelist)) { show_404(); } } // Only logged in users if (!$this->user_model->is_logged_in()) { $this->_authorised = FALSE; $this->_error = lang('auth_require_session'); // Only admins } elseif (!$this->user_model->is_admin()) { $this->_authorised = FALSE; $this->_error = lang('auth_require_administrator'); } }
function plaintext_is_ok() { global $CFG; $trusted_hosts = explode(',', get_config('mnet', 'mnet_trusted_hosts')); foreach ($trusted_hosts as $host) { list($network, $mask) = explode('/', $host . '/'); if (empty($network)) { continue; } if (strlen($mask) == 0) { $mask = 32; } if (ip_in_range($_SERVER['REMOTE_ADDR'], $network, $mask)) { return true; } } return false; }
function onAfterInitialise() { global $is_cf; $is_cf = FALSE; $cf_ip_ranges = array('204.93.240.0/24', '204.93.177.0/24', '199.27.128.0/21', '173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18', '108.162.192.0/18', '190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15'); foreach ($cf_ip_ranges as $range) { if (ip_in_range($_SERVER["REMOTE_ADDR"], $range)) { if ($_SERVER["HTTP_CF_CONNECTING_IP"]) { $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"]; $is_cf = TRUE; } break; } } // Let people know that the CF plugin is turned on. if (!headers_sent()) { header("X-CF-Powered-By: CF-Joomla " . CLOUDFLARE_VERSION); } }
/** * Updates the IP which PHP sees, if necessary. * * @param array $params An object containing the module parameters * @access public * @side-effect -- sets the global var is_cf */ function updateIP($params) { global $is_cf; $is_cf = FALSE; $cf_ip_ranges = array("204.93.240.0/24", "204.93.177.0/24", "199.27.128.0/21", "173.245.48.0/20", "103.22.200.0/22"); foreach ($cf_ip_ranges as $range) { if (ip_in_range($_SERVER["REMOTE_ADDR"], $range)) { if ($_SERVER["HTTP_CF_CONNECTING_IP"]) { $_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"]; $is_cf = TRUE; } break; } } // Let people know that the CF plugin is turned on. if (!headers_sent()) { header("X-CF-Powered-By: Mod-CF-Joomla " . CLOUDFLARE_VERSION); } return $_SERVER["REMOTE_ADDR"]; }
public function __construct() { parent::__construct(); // If cloudflare isn't telling us a client IP, bust outta here! $CloudflareClientIP = val('HTTP_CF_CONNECTING_IP', $_SERVER, NULL); if (is_null($CloudflareClientIP)) { return; } $RequestAddress = Gdn::Request()->RequestAddress(); $CloudflareRequest = FALSE; foreach ($this->CloudflareSourceIPs as $CloudflareIPRange) { // Not a cloudflare origin server if (!ip_in_range($RequestAddress, $CloudflareIPRange)) { continue; } Gdn::Request()->RequestAddress($CloudflareClientIP); $CloudflareRequest = TRUE; break; } // Let people know that the CF plugin is turned on. if ($CloudflareRequest && !headers_sent()) { header("X-CF-Powered-By: CF-Vanilla v" . $this->GetPluginKey('Version')); } }
/** * @return bool */ function captcha_check() { global $config, $user; if (DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) { return true; } if ($user->is_anonymous() && $config->get_bool("comment_captcha")) { $r_privatekey = $config->get_string('api_recaptcha_privkey'); if (!empty($r_privatekey)) { $resp = recaptcha_check_answer($r_privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { log_info("core", "Captcha failed (ReCaptcha): " . $resp->error); return false; } } else { session_start(); $securimg = new Securimage(); if ($securimg->check($_POST['code']) == false) { log_info("core", "Captcha failed (Securimage)"); return false; } } } return true; }
/** * This function checks if authentication needs to be forces over an authentication source. * * @return void */ function simplesaml_check_force_authentication() { if (elgg_is_logged_in()) { // no need to do anything if already logged in return; } if (isset($_GET["disable_sso"])) { // bypass for sso $_SESSION["simpleaml_disable_sso"] = true; return; } if (isset($_SESSION["simpleaml_disable_sso"]) && $_SESSION["simpleaml_disable_sso"] === true) { // sso was bypassed on a previous page return; } if (strpos(current_page_url(), elgg_get_site_url() . "saml/no_linked_account") === 0) { // do not force authentication on the no_linked_account page return; } $source = elgg_get_plugin_setting("force_authentication", "simplesaml"); if (!$source) { return; } if (!simplesaml_is_enabled_source($source)) { return; } $ip_filter = elgg_get_plugin_setting($source . "_force_ip_filter", "simplesaml"); if ($ip_filter) { elgg_load_library("pgregg.ipcheck"); $client_ip = $_SERVER["REMOTE_ADDR"]; $client_ip = elgg_trigger_plugin_hook("remote_address", "system", array("remote_address" => $client_ip), $client_ip); $ip_ranges = explode(',', $ip_filter); $found = false; foreach ($ip_ranges as $range) { if (ip_in_range($client_ip, $range)) { $found = true; break; } } if (!$found) { return; } } if (!isset($_SESSION["last_forward_from"])) { $_SESSION["last_forward_from"] = current_page_url(); } forward("saml/login/" . $source); }
function check_ip($mask, $ip) { // Убираем пробелы рядом с дефисом $mask = str_replace(' -', '-', $mask); $mask = str_replace('- ', '-', $mask); // Заменяем все разделители запятыми $mask = str_replace(';', ' ', $mask); $mask = str_replace(',', ' ', $mask); $mask = preg_replace("/\\s+/", ' ', $mask); $mask = explode(' ', $mask); foreach ($mask as $current_mask) { // Имеем дело с диапазоном IP if (strstr($current_mask, '-') !== false) { list($ip_start, $ip_end) = explode('-', $current_mask); if (ip_in_range($ip, $ip_start, $ip_end)) { return true; } // Одиночный IP, возможно с * } else { if (ip_in_range($ip, $current_mask)) { return true; } } } return false; }
function spam_score($url, $title = "", $check_ip = true) { $score = 0; if ($check_ip) { /* Check DNSBLs */ if (check_blacklisted()) { /* If a user is blacklisted in a DNSBL, his submission will be * held for manual review. We do not want to assign any further * spam points to this submission to avoid him accidentally * getting blocked, so we return with a score of 5. */ return 5; } /* Check internal banlist */ if (check_banlist()) { return 10; } } if (!preg_match("/^https?:\\/\\/([^\\/:]*?\\.[^\\/:]*)(\\/|:[0-9]{1,5}|\$)/", $url, $matches)) { return 10; } $domain = $matches[1]; if (preg_match("/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\$/", $domain)) { $localhost = false; $localhost = $localhost || ip_in_range($domain, "10.0.0.0/8"); $localhost = $localhost || ip_in_range($domain, "127.0.0.1/8"); $localhost = $localhost || ip_in_range($domain, "172.16.0.0/12"); $localhost = $localhost || ip_in_range($domain, "192.168.0.0/16"); if ($localhost) { // Adding entries that point to localhost is not allowed. return 10; } } $domain_parts = explode(".", $domain); $top_domain = $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1]; if ($result = mysql_query_cached("SELECT * FROM blacklist")) { $blacklist = $result->data; } else { return $score; } $banned_domains = array(); $banned_parts = array(); $banned_ips = array(); $banned_titles = array(); foreach ($blacklist as $element) { if ($element['Type'] == "0") { $banned_ips[] = $element['Value']; } elseif ($element['Type'] == "1") { $banned_parts[] = $element['Value']; } elseif ($element['Type'] == "2") { $banned_domains[] = $element['Value']; } elseif ($element['Type'] == "3") { $banned_titles[] = $element['Value']; } } $ipList = explode(",", get_ip()); foreach ($ipList as $ip) { if (in_array($ip, $banned_ips)) { $score += 5; } } if (count($domain_parts) >= 3) { $sub_domain = $domain_parts[count($domain_parts) - 3] . "." . $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1]; } else { $sub_domain = $top_domain; } foreach ($banned_domains as $part) { if (strtolower($part) == strtolower($top_domain) || strtolower($part) == strtolower($sub_domain)) { $score += 10; } elseif (strpos($url, $part) !== false) { $score += 5; } } foreach ($banned_parts as $part) { if (strpos(strtolower($url), strtolower($part)) !== false) { $score += 3; } } if (!empty($title)) { foreach ($banned_titles as $part) { if (strpos(strtolower($title), strtolower($part)) !== false) { $score += 3; } } } return $score; }
} if (strpos($range, '-') !== false) { // A-B format list($lower, $upper) = explode('-', $range, 2); $lower_dec = (double) sprintf("%u", ip2long($lower)); $upper_dec = (double) sprintf("%u", ip2long($upper)); $ip_dec = (double) sprintf("%u", ip2long($ip)); return $ip_dec >= $lower_dec && $ip_dec <= $upper_dec; } return false; } } if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) { $cf_ip_ranges = array('204.93.240.0/24', '204.93.177.0/24', '199.27.128.0/21', '173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18', '108.162.192.0/18', '190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15'); foreach ($cf_ip_ranges as $range) { if (ip_in_range($_SERVER['REMOTE_ADDR'], $range)) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; break; } } } $_SERVER['REMOTE_ADDR'] = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP); $_SERVER['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'] === false ? '0.0.0.0' : $_SERVER['REMOTE_ADDR']; function convert_number_to_words($number) { $hyphen = '-'; $conjunction = ' and '; $separator = ', '; $negative = 'negative '; $decimal = ' point '; $dictionary = array(0 => 'zero', 1 => 'one', 2 => 'two', 3 => 'three', 4 => 'four', 5 => 'five', 6 => 'six', 7 => 'seven', 8 => 'eight', 9 => 'nine', 10 => 'ten', 11 => 'eleven', 12 => 'twelve', 13 => 'thirteen', 14 => 'fourteen', 15 => 'fifteen', 16 => 'sixteen', 17 => 'seventeen', 18 => 'eighteen', 19 => 'nineteen', 20 => 'twenty', 30 => 'thirty', 40 => 'fourty', 50 => 'fifty', 60 => 'sixty', 70 => 'seventy', 80 => 'eighty', 90 => 'ninety', 100 => 'hundred', 1000 => 'thousand', 1000000 => 'million', 1000000000 => 'billion', 1000000000000.0 => 'trillion', 1000000000000000.0 => 'quadrillion', 1.0E+18 => 'quintillion');
if (!defined('ALM_WHITELIST')) { define('ALM_WHITELIST', '127.0.0.1/32,::1'); } # IPv4,IPv6 $whitelist_ips = explode(',', ALM_WHITELIST); # Verifyin localhost is in the list if (!in_array('127.0.0.1', $whitelist_ips)) { $whitelist_ips[] = '127.0.0.1/32'; } if (!in_array('::1', $whitelist_ips)) { $whitelist_ips[] = '::1'; } # Verifying if the address if whitelisting $ip = explode(',', !empty($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['REMOTE_ADDR'] == '127.0.0.1' ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']); $ip = trim($ip[count($ip) - 1]); $whitelist = ip_in_range($ip, $whitelist_ips); $smarty->assign('whitelist', $whitelist); if (!empty($_POST)) { # Aqui tomo en cuenta que el servidor puede estar usando varnish //Cargo credenciales y voy a 404 $txtcaptcha = preg_replace('/[^A-Za-z0-9]/', '', $_POST['txtcaptcha']); if (!$whitelist && md5($txtcaptcha) === $_SESSION['key'] && check_user($_POST['alm_user'], $_POST['password'])) { #error_log("ALM CAPTCHA: Good $txtcaptcha " . md5($txtcaptcha) . "!== " . $_SESSION['key']); if (empty($_REQUEST['redirect_to'])) { header('location: ./'); } else { header('location: ' . $_REQUEST['redirect_to']); } exit; } elseif ($whitelist && check_user($_POST['alm_user'], $_POST['password'])) { if (empty($_REQUEST['redirect_to'])) {
/** * Common constructor for all admin pages * * @access public * @return void * **/ public function __construct() { parent::__construct(); // -------------------------------------------------------------------------- // IP whitelist? $_ip_whitelist = json_decode(APP_ADMIN_IP_WHITELIST); if ($_ip_whitelist) { if (!ip_in_range($this->input->ip_address(), $_ip_whitelist)) { show_404(); } } // -------------------------------------------------------------------------- // Admins only please if (!$this->user_model->is_admin()) { unauthorised(); } // -------------------------------------------------------------------------- // Load up the generic admin langfile $this->lang->load('admin_generic'); // -------------------------------------------------------------------------- // Check that admin is running on the SECURE_BASE_URL url if (APP_SSL_ROUTING) { $_host1 = $this->input->server('HTTP_HOST'); $_host2 = parse_url(SECURE_BASE_URL); if (!empty($_host2['host']) && $_host2['host'] != $_host1) { // Not on the secure URL, redirect with message $_redirect = $this->input->server('REQUEST_URI'); if ($_redirect) { $this->session->set_flashdata('message', lang('admin_not_secure')); redirect($_redirect); } } } // -------------------------------------------------------------------------- // Load admin helper and config $this->load->model('admin_model'); $this->config->load('admin'); if (file_exists(FCPATH . 'application/config/admin.php')) { $this->config->load('admin'); } // -------------------------------------------------------------------------- // Load up the modules which have been enabled for this installation and the // user has permission to see. $this->_loaded_modules = array(); $this->data['loaded_modules'] =& $this->_loaded_modules; $this->_load_active_modules(); // -------------------------------------------------------------------------- // Check the user has permission to view this module (skip the dashboard // we need to show them _something_) $_active_module = $this->uri->segment(2); $_active_method = $this->uri->segment(3, 'index'); $_acl = active_user('acl'); if (!$this->user_model->is_superuser() && !isset($this->_loaded_modules[$_active_module])) { // If this is the dashboard, we should see if the user has permission to // access any other modules before we 404 their ass. if ($_active_module == 'dashboard' || $_active_module == '') { // Look at the user's ACL if (isset($_acl['admin'])) { // If they have other modules defined, loop them until one is found // which appears in the loaded modules list. If this doesn't happen // then they'll fall back to the 'no loaded modules' page. foreach ($_acl['admin'] as $module => $methods) { if (isset($this->_loaded_modules[$module])) { redirect('admin/' . $module); break; } } } } else { // Oh well, it's not, 404 bitches! show_404(); } } elseif (!$this->user_model->is_superuser()) { // Module is OK, check to make sure they can access this method if (!isset($_acl['admin'][$_active_module][$_active_method])) { unauthorised(); } } // -------------------------------------------------------------------------- // Load libraries and helpers $this->load->library('cdn'); $this->load->helper('admin'); // -------------------------------------------------------------------------- // Add the current module to the $page variable (for convenience) $this->data['page'] = new stdClass(); if (isset($this->_loaded_modules[$this->uri->segment(2)])) { $this->data['page']->module = $this->_loaded_modules[$this->uri->segment(2)]; } else { $this->data['page']->moduled = FALSE; } // -------------------------------------------------------------------------- // Unload any previously loaded assets, admin handles it's own assets $this->asset->clear_all(); // CSS $this->asset->load('fancybox/source/jquery.fancybox.css', 'BOWER'); $this->asset->load('jquery-toggles/toggles.css', 'BOWER'); $this->asset->load('jquery-toggles/themes/toggles-modern.css', 'BOWER'); $this->asset->load('tipsy/src/stylesheets/tipsy.css', 'BOWER'); $this->asset->load('ionicons/css/ionicons.min.css', 'BOWER'); $this->asset->load('nails.admin.css', TRUE); // JS $this->asset->load('jquery/dist/jquery.min.js', 'BOWER'); $this->asset->load('fancybox/source/jquery.fancybox.pack.js', 'BOWER'); $this->asset->load('jquery-toggles/toggles.min.js', 'BOWER'); $this->asset->load('tipsy/src/javascripts/jquery.tipsy.js', 'BOWER'); $this->asset->load('jquery.scrollTo/jquery.scrollTo.min.js', 'BOWER'); $this->asset->load('jquery-cookie/jquery.cookie.js', 'BOWER'); $this->asset->load('nails.default.min.js', TRUE); $this->asset->load('nails.admin.min.js', TRUE); $this->asset->load('nails.forms.min.js', TRUE); $this->asset->load('nails.api.min.js', TRUE); // Libraries $this->asset->library('jqueryui'); $this->asset->library('select2'); $this->asset->library('ckeditor'); // Look for any Admin styles provided by the app if (file_exists(FCPATH . 'assets/css/admin.css')) { $this->asset->load('admin.css'); } // Inline assets $_js = 'var _nails,_nails_admin,_nails_forms;'; $_js .= '$(function(){'; $_js .= 'if ( typeof( NAILS_JS ) === \'function\' ){'; $_js .= '_nails = new NAILS_JS();'; $_js .= '_nails.init();'; $_js .= '}'; $_js .= 'if ( typeof( NAILS_Admin ) === \'function\' ){'; $_js .= '_nails_admin = new NAILS_Admin();'; $_js .= '_nails_admin.init();'; $_js .= '}'; $_js .= 'if ( typeof( NAILS_Forms ) === \'function\' ){'; $_js .= '_nails_forms = new NAILS_Forms();'; $_js .= '}'; $_js .= 'if ( typeof( NAILS_API ) === \'function\' ){'; $_js .= '_nails_api = new NAILS_API();'; $_js .= '}'; $_js .= '});'; $this->asset->inline('<script>' . $_js . '</script>'); // -------------------------------------------------------------------------- // Initialise the admin change log model $this->load->model('admin_changelog_model'); }
*/ function ip_in_range($ip, $range) { if (strpos($range, '/') == false) { $range .= '/32'; } // $range is in IP/CIDR format eg 127.0.0.1/24 list($range, $netmask) = explode('/', $range, 2); $rangeDecimal = ip2long($range); $ipDecimal = ip2long($ip); $wildcardDecimal = pow(2, 32 - $netmask) - 1; $netmaskDecimal = ~$wildcardDecimal; return ($ipDecimal & $netmaskDecimal) == ($rangeDecimal & $netmaskDecimal); } // This check prevents access to debug front controllers that are deployed by accident to production servers. // Feel free to remove this, extend it, or make something more sophisticated. if (!ip_in_range(@$_SERVER['REMOTE_ADDR'], '172.17.42.1/16') && (isset($_SERVER['HTTP_CLIENT_IP']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || !(in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1')) || php_sapi_name() === 'cli-server'))) { header('HTTP/1.0 403 Forbidden'); exit('You are not allowed to access this file. Check ' . basename(__FILE__) . ' for more information.'); } /** * @var Composer\Autoload\ClassLoader $loader */ $loader = (require __DIR__ . '/../app/autoload.php'); Debug::enable(); $kernel = new AppKernel('dev', true); $kernel->loadClassCache(); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
private function check_ip_ban() { global $config; global $database; $prefix = $database->engine->name == "sqlite" ? "bans." : ""; $remote = $_SERVER['REMOTE_ADDR']; $bans = $this->get_active_bans(); foreach ($bans as $row) { $ip = $row[$prefix . "ip"]; if (strstr($ip, '/') && ip_in_range($remote, $ip) || $ip == $remote) { $reason = $row[$prefix . 'reason']; $admin = User::by_id($row[$prefix . 'banner_id']); $date = date("Y-m-d", $row[$prefix . 'end_timestamp']); print "IP <b>{$ip}</b> has been banned until <b>{$date}</b> by <b>{$admin->name}</b> because of <b>{$reason}</b>"; $contact_link = $config->get_string("contact_link"); if (!empty($contact_link)) { print "<p><a href='{$contact_link}'>Contact The Admin</a>"; } exit; } } }
echo "<br />"; echo "URL will be: {$whichOne}/{$command}<br />"; $response = file_get_contents("http://{$whichOne}/{$command}"); return true; } if (!$_REQUEST["command"]) { echo "Didn't get a command"; die; } /* First, check to see if control is allowed I check the incoming ip address, if it's not in house then maybe it has the secret word. If not both of those, toss them out */ $ip = $_SERVER["REMOTE_ADDR"]; $ipok = ip_in_range($ip, '192.168.*.*'); echo $ip, ' in my house? ', $ipok ? ' OK' : ' Fail', "<br />"; $secret = isset($_REQUEST['secret']) ? $_REQUEST['secret'] : 'jerk'; /*echo "Got: $secret<br />*/ $config = file_get_contents("/home/pi/.houserc"); $passwd = json_decode($config, true)["webpasswd"]; if (!$ipok && $passwd != $secret) { echo "Quit messing around<br />"; die; } /* Suck the ip addresses for the various processes out of the json string I got from the .houserc file. I put them here instead of each section to cut down on typing and bugs. */
function ip_in_ranges($ip, $ranges_string) { if (empty($ranges_string)) { return FALSE; } $ranges = explode(';', $ranges_string); foreach ($ranges as $range) { $range = trim($range); if (!empty($range) && ip_in_range($ip, $range)) { return TRUE; } } return FALSE; }
private function block($remote) { global $config, $database; $prefix = $database->get_driver_name() == "sqlite" ? "bans." : ""; $bans = $this->get_active_bans(); foreach ($bans as $row) { $ip = $row[$prefix . "ip"]; if (strstr($ip, '/') && ip_in_range($remote, $ip) || $ip == $remote) { $reason = $row[$prefix . 'reason']; $admin = User::by_id($row[$prefix . 'banner_id']); $date = date("Y-m-d", $row[$prefix . 'end_timestamp']); header("HTTP/1.0 403 Forbidden"); print "IP <b>{$ip}</b> has been banned until <b>{$date}</b> by <b>{$admin->name}</b> because of <b>{$reason}</b>\n"; print "<p>If you couldn't possibly be guilty of what you're banned for, the person we banned probably had a dynamic IP address and so do you. See <a href='http://whatismyipaddress.com/dynamic-static'>http://whatismyipaddress.com/dynamic-static</a> for more information.\n"; $contact_link = $config->get_string("contact_link"); if (!empty($contact_link)) { print "<p><a href='{$contact_link}'>Contact The Admin</a>"; } exit; } } log_error("ipban", "block({$remote}) called but no bans matched"); exit; }
$old_trusted_hosts = explode(',', $old_trusted_hosts); } else { $old_trusted_hosts = array(); } $test_ip_address = optional_param('testipaddress', NULL, PARAM_HOST); $in_range = false; if (!empty($test_ip_address)) { foreach ($old_trusted_hosts as $host) { list($network, $mask) = explode('/', $host . '/'); if (empty($network)) { continue; } if (strlen($mask) == 0) { $mask = 32; } if (ip_in_range($test_ip_address, $network, $mask)) { $in_range = true; $validated_by = $network . '/' . $mask; break; } } } /// If data submitted, process and store if (($form = data_submitted()) && confirm_sesskey()) { $hostlist = preg_split("/[\\s,]+/", $form->hostlist); foreach ($hostlist as $host) { list($address, $mask) = explode('/', $host . '/'); if (empty($address)) { continue; } if (strlen($mask) == 0) {
function entity_view_counter_ignore_ip() { elgg_load_library("pgregg.ipcheck"); $client_ip = $_SERVER["REMOTE_ADDR"]; $client_ip = elgg_trigger_plugin_hook("remote_address", "system", array("remote_address" => $client_ip), $client_ip); $ranges = explode(',', elgg_get_plugin_setting("ignore_ips", "entity_view_counter")); foreach ($ranges as $range) { if (ip_in_range($client_ip, $range)) { return true; } } return false; }
function importPTRData() { $net = spotEntity('ipv4net', getBypassValue()); assertUIntArg('addrcount'); $nbad = $ngood = 0; for ($i = 1; $i <= $_REQUEST['addrcount']; $i++) { $inputname = "import_{$i}"; if (!isCheckSet($inputname)) { continue; } $ip_bin = assertIPv4Arg("addr_{$i}"); assertStringArg("descr_{$i}", TRUE); assertStringArg("rsvd_{$i}"); // Non-existent addresses will not have this argument set in request. $rsvd = 'no'; if ($_REQUEST["rsvd_{$i}"] == 'yes') { $rsvd = 'yes'; } try { if (!ip_in_range($ip_bin, $net)) { throw new InvalidArgException('ip_bin', $ip_bin); } updateAddress($ip_bin, $_REQUEST["descr_{$i}"], $rsvd); $ngood++; } catch (RackTablesError $e) { $nbad++; } } if (!$nbad) { showFuncMessage(__FUNCTION__, 'OK', array($ngood)); } else { showFuncMessage(__FUNCTION__, 'ERR', array($nbad, $ngood)); } }
<?php $ip = $_SERVER['REMOTE_ADDR']; $my_ip = gethostbyname("leancode.duckdns.org"); $valid_ip_ranges = array("131.103.20.160/27", "165.254.145.0/26", "104.192.143.0/24", $my_ip . "/32"); $ip_passed = 0; foreach ($valid_ip_ranges as $valid_ip_range) { echo $valid_ip_range; if (ip_in_range($ip, $valid_ip_range)) { $ip_passed++; echo "=>OK<br>"; } else { echo "=>FAIL<br>"; } } if (!$ip_passed) { header('HTTP/1.1 401 Unauthorized'); exit; } passthru('git pull'); /* * ip_in_range.php - Function to determine if an IP is located in a * specific range as specified via several alternative * formats. * * Network ranges can be specified as: * 1. Wildcard format: 1.2.3.* * 2. CIDR format: 1.2.3/24 OR 1.2.3.4/255.255.255.0 * 3. Start-End IP format: 1.2.3.0-1.2.3.255 * * Return value BOOLEAN : ip_in_range($ip, $range);