Beispiel #1
0
 public function actionCreate()
 {
     is_admin();
     $ip = @$_GET['ip'];
     if (valid_ip($ip) == false) {
         header("Location:index.php?action=control_panel&subtab=message");
         exit;
     }
     if (is_baned($ip)) {
         header("Location:index.php?action=control_panel&subtab=ban_ip");
         exit;
     }
     $this->_model->query(sprintf(parse_tbprefix("INSERT INTO <badip> ( ip ) VALUES ( '%s' )"), $ip));
     header("Location:index.php?action=control_panel&subtab=ban_ip");
 }
function get_ip_address()
{
    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
        if (array_key_exists($key, $_SERVER) === true) {
            foreach (explode(',', $_SERVER[$key]) as $ip) {
                if ($SERVER[$key] == "127.0.0.1" || $SERVER[$key] == "94.23.147.71" || $SERVER[$key] == "188.165.193.75") {
                    unset($_SERVER[$key]);
                }
                if (valid_ip($ip) !== false) {
                    return $ip;
                }
            }
        }
    }
}
Beispiel #3
0
/**
 * 验证 IP 地址是否为内网 IP
 *
 * @param string
 * @return string
 */
function valid_internal_ip($ip)
{
    if (!valid_ip($ip)) {
        return false;
    }
    $ip_address = explode('.', $ip);
    if ($ip_address[0] == 10) {
        return true;
    }
    if ($ip_address[0] == 172 and $ip_address[1] > 15 and $ip_address[1] < 32) {
        return true;
    }
    if ($ip_address[0] == 192 and $ip_address[1] == 168) {
        return true;
    }
    return false;
}
Beispiel #4
0
function get_ip($as_integer = false)
{
    $ip = $_SERVER['REMOTE_ADDR'];
    if (CONFIG_TRUST_HTTP_X_FORWARDED_FOR_IP && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        // in almost all cases, there will only be one IP in this header
        if (valid_ip($_SERVER['HTTP_X_FORWARDED_FOR'], true)) {
            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
        } else {
            $forwarded_for_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
            foreach ($forwarded_for_list as $forwarded_for) {
                $forwarded_for = trim($forwarded_for);
                if (valid_ip($forwarded_for, true)) {
                    $ip = $forwarded_for;
                    break;
                }
            }
        }
    }
    if ($as_integer) {
        return inet_aton($ip);
    } else {
        return $ip;
    }
}
Beispiel #5
0
<?php

require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
head('IP log');
menu_management();
// show a users IP log
if (isset($_GET['id']) && valid_id($_GET['id'])) {
    $user = db_select_one('users', array('team_name'), array('id' => $_GET['id']));
    section_head('IP log for team: <a href="' . CONFIG_SITE_URL . 'user?id=' . $_GET['id'] . '">' . htmlspecialchars($user['team_name']) . '</a>', '', false);
    user_ip_log($_GET['id']);
} else {
    if (isset($_GET['ip']) && valid_ip($_GET['ip'])) {
        section_head('Teams using IP ' . $_GET['ip']);
        echo '
    <table id="files" class="table table-striped table-hover">
      <thead>
        <tr>
          <th>Team name</th>
          <th>Hostname</th>
          <th>First used</th>
          <th>Last used</th>
          <th>Times used</th>
        </tr>
      </thead>
      <tbody>
    ';
        $entries = db_query_fetch_all('
        SELECT
           INET_NTOA(ipl.ip) AS ip,
           ipl.added,
Beispiel #6
0
 function ip_address()
 {
     $ING =& get_instance();
     if ($ING->input->fetch_ip_address() !== FALSE) {
         return $ING->input->fetch_ip_address();
     }
     $proxy_ips = config_item('proxy_ips');
     if (!empty($proxy_ips)) {
         $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips));
         foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) {
             if (($spoof = server($header)) !== FALSE) {
                 // Some proxies typically list the whole chain of IP
                 // addresses through which the client has reached us.
                 // e.g. client_ip, proxy_ip1, proxy_ip2, etc.
                 if (strpos($spoof, ',') !== FALSE) {
                     $spoof = explode(',', $spoof, 2);
                     $spoof = $spoof[0];
                 }
                 if (!valid_ip($spoof)) {
                     $spoof = FALSE;
                 } else {
                     break;
                 }
             }
         }
         $ING->input->set_ip_address($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE) ? $spoof : $_SERVER['REMOTE_ADDR']);
     } else {
         $ING->input->set_ip_address($_SERVER['REMOTE_ADDR']);
     }
     if (!valid_ip($ING->input->fetch_ip_address())) {
         $ING->input->set_ip_address('0.0.0.0');
     }
     return $ING->input->fetch_ip_address();
 }
Beispiel #7
0
            echo '<div class="options">
<a href="#" class="btn">' . $LANG['options'] . '</a>
<ul>
<li><a href="?route=banned.php&amp;action=delete&amp;id=' . $_GET['id'] . '&amp;token=' . $csrf . '" data-delete-msg="' . $LANG['delete_msg'] . '">' . $LANG['delete'] . '</a></li>
</ul>
</div>';
        }
        echo '<a href="?route=banned.php&amp;action=list" class="btn">' . $LANG['banned_view'] . '</a>
</div>';
        if (!empty($LANG['banned_edit_subtitle'])) {
            echo '<span>' . $LANG['banned_edit_subtitle'] . '</span>';
        }
        echo '</div>';
        if ($banned_exists) {
            if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'banned_csrf')) {
                if (isset($_POST['ip']) && valid_ip($_POST['ip'])) {
                    if (actions::edit_banned($_GET['id'], array('ipaddr' => $_POST['ip'], 'registration' => isset($_POST['register']) ? 1 : 0, 'login' => isset($_POST['login']) ? 1 : 0, 'site' => isset($_POST['shn-site']) ? 1 : 0, 'redirect' => isset($_POST['redirect']) ? $_POST['redirect'] : '', 'expiration' => !isset($_POST['shn-expiration']) ? 1 : 0, 'expiration_date' => !isset($_POST['shn-expiration']) && isset($_POST['expiration']) ? $_POST['expiration']['date'] . ', ' . $_POST['expiration']['hour'] : ''))) {
                        echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
                    } else {
                        echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
                    }
                }
            }
            $_SESSION['banned_csrf'] = $csrf;
            $info = admin_query::banned_infos($_GET['id']);
            echo '<div class="form-table">

<form action="#" method="POST" enctype="multipart/form-data">

<div class="row"><span>' . $LANG['form_ip'] . ':</span><div><input type="text" name="ip" value="' . $info->IP . '" required /></div></div>
<div class="row"><span>' . $LANG['bann_form_block'] . ':</span><div>
 /**
  * Validate IP Address
  *
  * @access	public
  * @param	string
  * @param	string "ipv4" or "ipv6" to validate a specific ip format
  * @return	string
  */
 public function valid_ip($ip, $which = '')
 {
     $this->ING->load->helper('input');
     return valid_ip($ip, $which);
 }
Beispiel #9
0
     invalid_entry($model, "username");
 }
 if (valid_password($model["password"]) === false) {
     invalid_entry($model, "password");
 }
 $model["mac"] = strtoupper($model["mac"]);
 foreach ($model["switch"] as $i => $switch) {
     if (valid_ip($switch["host"]) === false) {
         invalid_entry($model, "switch[{$i}][host]");
     }
     if (valid_call_limit($switch["call-limit"]) === false) {
         invalid_entry($model, "switch[{$i}][call-limit]");
     }
 }
 foreach ($model["gateway"] as $i => $gateway) {
     if (valid_ip($gateway["host"]) === false) {
         invalid_entry($model, "gateway[{$i}][host]");
     }
     if (valid_port($gateway["port"]) === false) {
         invalid_entry($model, "gateway[{$i}][port]");
     }
     if (valid_pefix($gateway["prefix"]) === false) {
         invalid_entry($model, "gateway[{$i}][prefix]");
     }
 }
 $chan = new Ini();
 $chan->load($g_chan_sync);
 foreach ($chan->sections() as $user) {
     if ($chan->get($user, "mac") == $model["mac"]) {
         if ($model["mode"] == "add") {
             __invalid_entry($model, "mac", "Duplicate MAC Address");