public function actionCreate() { is_admin(); $ip = @$_GET['ip']; if (valid_ip($ip) == false) { header("Location:index.php?action=control_panel&subtab=message"); exit; } if (is_baned($ip)) { header("Location:index.php?action=control_panel&subtab=ban_ip"); exit; } $this->_model->query(sprintf(parse_tbprefix("INSERT INTO <badip> ( ip ) VALUES ( '%s' )"), $ip)); header("Location:index.php?action=control_panel&subtab=ban_ip"); }
function get_ip_address() { foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (explode(',', $_SERVER[$key]) as $ip) { if ($SERVER[$key] == "127.0.0.1" || $SERVER[$key] == "94.23.147.71" || $SERVER[$key] == "188.165.193.75") { unset($_SERVER[$key]); } if (valid_ip($ip) !== false) { return $ip; } } } } }
/** * 验证 IP 地址是否为内网 IP * * @param string * @return string */ function valid_internal_ip($ip) { if (!valid_ip($ip)) { return false; } $ip_address = explode('.', $ip); if ($ip_address[0] == 10) { return true; } if ($ip_address[0] == 172 and $ip_address[1] > 15 and $ip_address[1] < 32) { return true; } if ($ip_address[0] == 192 and $ip_address[1] == 168) { return true; } return false; }
function get_ip($as_integer = false) { $ip = $_SERVER['REMOTE_ADDR']; if (CONFIG_TRUST_HTTP_X_FORWARDED_FOR_IP && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // in almost all cases, there will only be one IP in this header if (valid_ip($_SERVER['HTTP_X_FORWARDED_FOR'], true)) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $forwarded_for_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); foreach ($forwarded_for_list as $forwarded_for) { $forwarded_for = trim($forwarded_for); if (valid_ip($forwarded_for, true)) { $ip = $forwarded_for; break; } } } } if ($as_integer) { return inet_aton($ip); } else { return $ip; } }
<?php require '../../include/mellivora.inc.php'; enforce_authentication(CONFIG_UC_MODERATOR); head('IP log'); menu_management(); // show a users IP log if (isset($_GET['id']) && valid_id($_GET['id'])) { $user = db_select_one('users', array('team_name'), array('id' => $_GET['id'])); section_head('IP log for team: <a href="' . CONFIG_SITE_URL . 'user?id=' . $_GET['id'] . '">' . htmlspecialchars($user['team_name']) . '</a>', '', false); user_ip_log($_GET['id']); } else { if (isset($_GET['ip']) && valid_ip($_GET['ip'])) { section_head('Teams using IP ' . $_GET['ip']); echo ' <table id="files" class="table table-striped table-hover"> <thead> <tr> <th>Team name</th> <th>Hostname</th> <th>First used</th> <th>Last used</th> <th>Times used</th> </tr> </thead> <tbody> '; $entries = db_query_fetch_all(' SELECT INET_NTOA(ipl.ip) AS ip, ipl.added,
function ip_address() { $ING =& get_instance(); if ($ING->input->fetch_ip_address() !== FALSE) { return $ING->input->fetch_ip_address(); } $proxy_ips = config_item('proxy_ips'); if (!empty($proxy_ips)) { $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips)); foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) { if (($spoof = server($header)) !== FALSE) { // Some proxies typically list the whole chain of IP // addresses through which the client has reached us. // e.g. client_ip, proxy_ip1, proxy_ip2, etc. if (strpos($spoof, ',') !== FALSE) { $spoof = explode(',', $spoof, 2); $spoof = $spoof[0]; } if (!valid_ip($spoof)) { $spoof = FALSE; } else { break; } } } $ING->input->set_ip_address($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE) ? $spoof : $_SERVER['REMOTE_ADDR']); } else { $ING->input->set_ip_address($_SERVER['REMOTE_ADDR']); } if (!valid_ip($ING->input->fetch_ip_address())) { $ING->input->set_ip_address('0.0.0.0'); } return $ING->input->fetch_ip_address(); }
echo '<div class="options"> <a href="#" class="btn">' . $LANG['options'] . '</a> <ul> <li><a href="?route=banned.php&action=delete&id=' . $_GET['id'] . '&token=' . $csrf . '" data-delete-msg="' . $LANG['delete_msg'] . '">' . $LANG['delete'] . '</a></li> </ul> </div>'; } echo '<a href="?route=banned.php&action=list" class="btn">' . $LANG['banned_view'] . '</a> </div>'; if (!empty($LANG['banned_edit_subtitle'])) { echo '<span>' . $LANG['banned_edit_subtitle'] . '</span>'; } echo '</div>'; if ($banned_exists) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'banned_csrf')) { if (isset($_POST['ip']) && valid_ip($_POST['ip'])) { if (actions::edit_banned($_GET['id'], array('ipaddr' => $_POST['ip'], 'registration' => isset($_POST['register']) ? 1 : 0, 'login' => isset($_POST['login']) ? 1 : 0, 'site' => isset($_POST['shn-site']) ? 1 : 0, 'redirect' => isset($_POST['redirect']) ? $_POST['redirect'] : '', 'expiration' => !isset($_POST['shn-expiration']) ? 1 : 0, 'expiration_date' => !isset($_POST['shn-expiration']) && isset($_POST['expiration']) ? $_POST['expiration']['date'] . ', ' . $_POST['expiration']['hour'] : ''))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } $_SESSION['banned_csrf'] = $csrf; $info = admin_query::banned_infos($_GET['id']); echo '<div class="form-table"> <form action="#" method="POST" enctype="multipart/form-data"> <div class="row"><span>' . $LANG['form_ip'] . ':</span><div><input type="text" name="ip" value="' . $info->IP . '" required /></div></div> <div class="row"><span>' . $LANG['bann_form_block'] . ':</span><div>
/** * Validate IP Address * * @access public * @param string * @param string "ipv4" or "ipv6" to validate a specific ip format * @return string */ public function valid_ip($ip, $which = '') { $this->ING->load->helper('input'); return valid_ip($ip, $which); }
invalid_entry($model, "username"); } if (valid_password($model["password"]) === false) { invalid_entry($model, "password"); } $model["mac"] = strtoupper($model["mac"]); foreach ($model["switch"] as $i => $switch) { if (valid_ip($switch["host"]) === false) { invalid_entry($model, "switch[{$i}][host]"); } if (valid_call_limit($switch["call-limit"]) === false) { invalid_entry($model, "switch[{$i}][call-limit]"); } } foreach ($model["gateway"] as $i => $gateway) { if (valid_ip($gateway["host"]) === false) { invalid_entry($model, "gateway[{$i}][host]"); } if (valid_port($gateway["port"]) === false) { invalid_entry($model, "gateway[{$i}][port]"); } if (valid_pefix($gateway["prefix"]) === false) { invalid_entry($model, "gateway[{$i}][prefix]"); } } $chan = new Ini(); $chan->load($g_chan_sync); foreach ($chan->sections() as $user) { if ($chan->get($user, "mac") == $model["mac"]) { if ($model["mode"] == "add") { __invalid_entry($model, "mac", "Duplicate MAC Address");