function isCIDR($ip)
{
$ip = explode("/", $ip);
if (count($ip) == 2) {
return isIPv4($ip[0]) && is_numeric($ip[1]) && $ip[1] >= 0 && $ip[1] <= 32;
} else {
return false;
}
}
public static function validateToken($token)
{
if (is_string($token)) {
if (trim($token) === "") {
return null;
}
$tokens = new Default_Model_AccessTokens();
$tokens->filter->token->equals($token);
if (count($tokens->items) === 0) {
return false;
}
$token = $tokens->items[0];
} else {
if ($token instanceof Default_Model_AccessToken) {
//nothing to do
} else {
return false;
}
}
$valid = false;
$ip = $_SERVER['REMOTE_ADDR'];
$netfilters = $token->getNetfilters();
if (count($netfilters) === 0) {
return true;
}
foreach ($netfilters as $netfilter) {
if ($netfilter == '') {
// NULL netfilter
$valid = true;
break;
} elseif (isCIDR($netfilter)) {
if (ipCIDRCheck($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isCIDR6($netfilter)) {
if (ipCIDRCheck6($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isIPv4($netfilter) || isIPv6($netfilter)) {
if ($ip == $netfilter) {
$valid = true;
break;
}
} else {
// domain name based netfilter
$hostname = gethostbyaddr($ip);
$netfilter = str_replace('\\', '', $netfilter);
// do not permit escaping
if (preg_match('/\\.' . str_replace('.', '\\.', $netfilter) . '$/', $hostname) || preg_match('/^' . str_replace('.', '\\.', $netfilter) . '$/', $hostname)) {
$valid = true;
break;
}
}
}
if (!$valid) {
debug_log('[AccessTokens::validateToken]: Invalid API key ' . $token->getToken());
}
return $valid;
}
function match_ip_to_ip_or_cidr($ip, $ips_or_cidr_array)
{
if (isIPv4($ip)) {
foreach ($ips_or_cidr_array as $ip_or_cidr) {
if (isIPv4cidr($ip_or_cidr)) {
if (ip_v4_cidr_match($ip, $ip_or_cidr)) {
return true;
}
} elseif (isIPv4($ip_or_cidr)) {
if ($ip == $ip_or_cidr) {
return true;
}
}
}
} else {
foreach ($ips_or_cidr_array as $ip_or_cidr) {
if (isIPv6cidr($ip_or_cidr)) {
if (ip_v6_cidr_match($ip, $ip_or_cidr)) {
return true;
}
} elseif (isIPv6($ip_or_cidr)) {
if ($ip == $ip_or_cidr) {
return true;
}
}
}
}
return false;
}
AND user.id", $course_id);
}
echo json_encode($data);
exit;
}
}
load_js('tools.js');
// the exercise form has been submitted
if (isset($_POST['submitExercise'])) {
$v = new Valitron\Validator($_POST);
$v->addRule('ipORcidr', function($field, $value, array $params) {
//explode here and run a loop
$IPs = explode(',', $value);
//matches IPv4/6 and IPv4/6 CIDR ranges
foreach ($IPs as $ip){
$valid = isIPv4($ip) || isIPv4cidr($ip) || isIPv6($ip) || isIPv6cidr($ip);
if (!$valid) return false;
}
return true;
}, $langIPInvalid);
$v->rule('required', array('exerciseTitle'));
$v->rule('numeric', array('exerciseTimeConstraint', 'exerciseAttemptsAllowed'));
$v->rule('date', array('exerciseEndDate', 'exerciseStartDate'));
$v->rule('ipORcidr', array('exerciseIPLock'));
$v->labels(array(
'exerciseTitle' => "$langTheField $langExerciseName",
'exerciseTimeConstraint' => "$langTheField $langExerciseConstrain",
'exerciseAttemptsAllowed' => "$langTheField $langExerciseAttemptsAllowed",
'exerciseEndDate' => "$langTheField $langEnd",
'exerciseStartDate' => "$langTheField $langStart",
'exerciseIPLock' => "$langTheField IPs"
private function isValidNetFilter($ip)
{
$res = isIPv4($ip) > 0 || isIPv6($ip) > 0 || isCIDR($ip) > 0 || isCIDR6($ip) > 0;
if ($res == false) {
$res = preg_match('/^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])$/', $ip) > 0;
}
return $res;
}
/**
* check that the apikey is valid for the IP that made the request
*
* @key string the API key
* @netfilter string the netfilter for which the key is valid
*
* @return boolean
* @access private
*/
private function _validateAPIKey($key)
{
$valid = false;
if ($this->getParam("remoteaddr") != "") {
$ip = base64_decode($this->getParam("remoteaddr"));
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
if (count($key->netfilters) == 0) {
$valid = true;
}
foreach ($key->netfilters as $netfilter) {
if ($netfilter == '') {
// NULL netfilter
$valid = true;
break;
} elseif (isCIDR($netfilter)) {
if (ipCIDRCheck($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isCIDR6($netfilter)) {
if (ipCIDRCheck6($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isIPv4($netfilter) || isIPv6($netfilter)) {
if ($ip == $netfilter) {
$valid = true;
break;
}
} else {
// domain name based netfilter
$hostname = gethostbyaddr($ip);
$netfilter = str_replace('\\', '', $netfilter);
// do not permit escaping
if (preg_match('/\\.' . str_replace('.', '\\.', $netfilter) . '$/', $hostname) || preg_match('/^' . str_replace('.', '\\.', $netfilter) . '$/', $hostname)) {
$valid = true;
break;
}
}
}
if (!$valid) {
error_log('Invalid API key ' . $key->key . "(ip = {$ip})");
}
return $valid;
}
