public function actionCreate()
{
is_admin();
$ip = @$_GET['ip'];
if (valid_ip($ip) == false) {
header("Location:index.php?action=control_panel&subtab=message");
exit;
}
if (is_baned($ip)) {
header("Location:index.php?action=control_panel&subtab=ban_ip");
exit;
}
$this->_model->query(sprintf(parse_tbprefix("INSERT INTO <badip> ( ip ) VALUES ( '%s' )"), $ip));
header("Location:index.php?action=control_panel&subtab=ban_ip");
}
function get_ip_address()
{
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (explode(',', $_SERVER[$key]) as $ip) {
if ($SERVER[$key] == "127.0.0.1" || $SERVER[$key] == "94.23.147.71" || $SERVER[$key] == "188.165.193.75") {
unset($_SERVER[$key]);
}
if (valid_ip($ip) !== false) {
return $ip;
}
}
}
}
}
/**
* 验证 IP 地址是否为内网 IP
*
* @param string
* @return string
*/
function valid_internal_ip($ip)
{
if (!valid_ip($ip)) {
return false;
}
$ip_address = explode('.', $ip);
if ($ip_address[0] == 10) {
return true;
}
if ($ip_address[0] == 172 and $ip_address[1] > 15 and $ip_address[1] < 32) {
return true;
}
if ($ip_address[0] == 192 and $ip_address[1] == 168) {
return true;
}
return false;
}
function get_ip($as_integer = false)
{
$ip = $_SERVER['REMOTE_ADDR'];
if (CONFIG_TRUST_HTTP_X_FORWARDED_FOR_IP && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// in almost all cases, there will only be one IP in this header
if (valid_ip($_SERVER['HTTP_X_FORWARDED_FOR'], true)) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$forwarded_for_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($forwarded_for_list as $forwarded_for) {
$forwarded_for = trim($forwarded_for);
if (valid_ip($forwarded_for, true)) {
$ip = $forwarded_for;
break;
}
}
}
}
if ($as_integer) {
return inet_aton($ip);
} else {
return $ip;
}
}
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
head('IP log');
menu_management();
// show a users IP log
if (isset($_GET['id']) && valid_id($_GET['id'])) {
$user = db_select_one('users', array('team_name'), array('id' => $_GET['id']));
section_head('IP log for team: <a href="' . CONFIG_SITE_URL . 'user?id=' . $_GET['id'] . '">' . htmlspecialchars($user['team_name']) . '</a>', '', false);
user_ip_log($_GET['id']);
} else {
if (isset($_GET['ip']) && valid_ip($_GET['ip'])) {
section_head('Teams using IP ' . $_GET['ip']);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Team name</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
$entries = db_query_fetch_all('
SELECT
INET_NTOA(ipl.ip) AS ip,
ipl.added,
function ip_address()
{
$ING =& get_instance();
if ($ING->input->fetch_ip_address() !== FALSE) {
return $ING->input->fetch_ip_address();
}
$proxy_ips = config_item('proxy_ips');
if (!empty($proxy_ips)) {
$proxy_ips = explode(',', str_replace(' ', '', $proxy_ips));
foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) {
if (($spoof = server($header)) !== FALSE) {
// Some proxies typically list the whole chain of IP
// addresses through which the client has reached us.
// e.g. client_ip, proxy_ip1, proxy_ip2, etc.
if (strpos($spoof, ',') !== FALSE) {
$spoof = explode(',', $spoof, 2);
$spoof = $spoof[0];
}
if (!valid_ip($spoof)) {
$spoof = FALSE;
} else {
break;
}
}
}
$ING->input->set_ip_address($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE) ? $spoof : $_SERVER['REMOTE_ADDR']);
} else {
$ING->input->set_ip_address($_SERVER['REMOTE_ADDR']);
}
if (!valid_ip($ING->input->fetch_ip_address())) {
$ING->input->set_ip_address('0.0.0.0');
}
return $ING->input->fetch_ip_address();
}
echo '<div class="options">
<a href="#" class="btn">' . $LANG['options'] . '</a>
<ul>
<li><a href="?route=banned.php&action=delete&id=' . $_GET['id'] . '&token=' . $csrf . '" data-delete-msg="' . $LANG['delete_msg'] . '">' . $LANG['delete'] . '</a></li>
</ul>
</div>';
}
echo '<a href="?route=banned.php&action=list" class="btn">' . $LANG['banned_view'] . '</a>
</div>';
if (!empty($LANG['banned_edit_subtitle'])) {
echo '<span>' . $LANG['banned_edit_subtitle'] . '</span>';
}
echo '</div>';
if ($banned_exists) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'banned_csrf')) {
if (isset($_POST['ip']) && valid_ip($_POST['ip'])) {
if (actions::edit_banned($_GET['id'], array('ipaddr' => $_POST['ip'], 'registration' => isset($_POST['register']) ? 1 : 0, 'login' => isset($_POST['login']) ? 1 : 0, 'site' => isset($_POST['shn-site']) ? 1 : 0, 'redirect' => isset($_POST['redirect']) ? $_POST['redirect'] : '', 'expiration' => !isset($_POST['shn-expiration']) ? 1 : 0, 'expiration_date' => !isset($_POST['shn-expiration']) && isset($_POST['expiration']) ? $_POST['expiration']['date'] . ', ' . $_POST['expiration']['hour'] : ''))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
$_SESSION['banned_csrf'] = $csrf;
$info = admin_query::banned_infos($_GET['id']);
echo '<div class="form-table">
<form action="#" method="POST" enctype="multipart/form-data">
<div class="row"><span>' . $LANG['form_ip'] . ':</span><div><input type="text" name="ip" value="' . $info->IP . '" required /></div></div>
<div class="row"><span>' . $LANG['bann_form_block'] . ':</span><div>
/**
* Validate IP Address
*
* @access public
* @param string
* @param string "ipv4" or "ipv6" to validate a specific ip format
* @return string
*/
public function valid_ip($ip, $which = '')
{
$this->ING->load->helper('input');
return valid_ip($ip, $which);
}
invalid_entry($model, "username");
}
if (valid_password($model["password"]) === false) {
invalid_entry($model, "password");
}
$model["mac"] = strtoupper($model["mac"]);
foreach ($model["switch"] as $i => $switch) {
if (valid_ip($switch["host"]) === false) {
invalid_entry($model, "switch[{$i}][host]");
}
if (valid_call_limit($switch["call-limit"]) === false) {
invalid_entry($model, "switch[{$i}][call-limit]");
}
}
foreach ($model["gateway"] as $i => $gateway) {
if (valid_ip($gateway["host"]) === false) {
invalid_entry($model, "gateway[{$i}][host]");
}
if (valid_port($gateway["port"]) === false) {
invalid_entry($model, "gateway[{$i}][port]");
}
if (valid_pefix($gateway["prefix"]) === false) {
invalid_entry($model, "gateway[{$i}][prefix]");
}
}
$chan = new Ini();
$chan->load($g_chan_sync);
foreach ($chan->sections() as $user) {
if ($chan->get($user, "mac") == $model["mac"]) {
if ($model["mode"] == "add") {
__invalid_entry($model, "mac", "Duplicate MAC Address");