public function testMultipleSubnetInMaskAdvance() { $expected = true; $filter = new IpFilter(array('10.22.0.0 255.255.0.0', '10.24.0.0 255.255.0.0', '10.26.0.0 255.255.0.0', '10.28.0.0 255.255.0.0')); $actual = $filter->check('10.28.255.1'); $this->assertEquals($expected, $actual); }
public function hookCheckForBlockedHost() { if (!Cgi::getMode()) { $ipFilter = new IpFilter(); if ($ipFilter->isBlocked()) { throw new IPBlockedException("This host is blocked!"); } } }
/** * Initialization, it sets DB information, request arguments and so on. * * @see This function should be called only once * @return void */ public function init() { // fix missing HTTP_RAW_POST_DATA in PHP 5.6 and above if (!isset($GLOBALS['HTTP_RAW_POST_DATA']) && version_compare(PHP_VERSION, '5.6.0', '>=') === TRUE) { $GLOBALS['HTTP_RAW_POST_DATA'] = file_get_contents("php://input"); // If content is not XML or JSON, unset if (!preg_match('/^[\\<\\{\\[]/', $GLOBALS['HTTP_RAW_POST_DATA'])) { unset($GLOBALS['HTTP_RAW_POST_DATA']); } } // set context variables in $GLOBALS (backward compatibility) $GLOBALS['__Context__'] = $this; $GLOBALS['lang'] =& $this->lang; $this->_COOKIE = $_COOKIE; // 20140429 editor/image_link $this->_checkGlobalVars(); $this->setRequestMethod(''); $this->_setXmlRpcArgument(); $this->_setJSONRequestArgument(); $this->_setRequestArgument(); $this->_setUploadedArgument(); $this->loadDBInfo(); if ($this->db_info->use_sitelock == 'Y') { if (is_array($this->db_info->sitelock_whitelist)) { $whitelist = $this->db_info->sitelock_whitelist; } if (!IpFilter::filter($whitelist)) { $title = $this->db_info->sitelock_title ? $this->db_info->sitelock_title : 'Maintenance in progress...'; $message = $this->db_info->sitelock_message; define('_XE_SITELOCK_', TRUE); define('_XE_SITELOCK_TITLE_', $title); define('_XE_SITELOCK_MESSAGE_', $message); header("HTTP/1.1 403 Forbidden"); if (FileHandler::exists(_XE_PATH_ . 'common/tpl/sitelock.user.html')) { include _XE_PATH_ . 'common/tpl/sitelock.user.html'; } else { include _XE_PATH_ . 'common/tpl/sitelock.html'; } exit; } } // If XE is installed, get virtual site information if (self::isInstalled()) { $oModuleModel = getModel('module'); $site_module_info = $oModuleModel->getDefaultMid(); if (!isset($site_module_info)) { $site_module_info = new stdClass(); } // if site_srl of site_module_info is 0 (default site), compare the domain to default_url of db_config if ($site_module_info->site_srl == 0 && $site_module_info->domain != $this->db_info->default_url) { $site_module_info->domain = $this->db_info->default_url; } self::set('site_module_info', $site_module_info); if ($site_module_info->site_srl && isSiteID($site_module_info->domain)) { self::set('vid', $site_module_info->domain, TRUE); } if (!isset($this->db_info)) { $this->db_info = new stdClass(); } $this->db_info->lang_type = $site_module_info->default_language; if (!$this->db_info->lang_type) { $this->db_info->lang_type = 'ko'; } if (!$this->db_info->use_db_session) { $this->db_info->use_db_session = 'N'; } } // Load Language File $lang_supported = self::loadLangSelected(); // Retrieve language type set in user's cookie if ($this->lang_type = self::get('l')) { if ($_COOKIE['lang_type'] != $this->lang_type) { setcookie('lang_type', $this->lang_type, $_SERVER['REQUEST_TIME'] + 3600 * 24 * 1000, '/'); } } elseif ($_COOKIE['lang_type']) { $this->lang_type = $_COOKIE['lang_type']; } // If it's not exists, follow default language type set in db_info if (!$this->lang_type) { $this->lang_type = $this->db_info->lang_type; } // if still lang_type has not been set or has not-supported type , set as Korean. if (!$this->lang_type) { $this->lang_type = 'ko'; } if (is_array($lang_supported) && !isset($lang_supported[$this->lang_type])) { $this->lang_type = 'ko'; } self::set('lang_supported', $lang_supported); self::setLangType($this->lang_type); // Load languages $this->lang = Rhymix\Framework\Lang::getInstance($this->lang_type); $this->lang->loadDirectory(RX_BASEDIR . 'common/lang', 'common'); $this->lang->loadDirectory(RX_BASEDIR . 'modules/module/lang', 'module'); // set session handler if (self::isInstalled() && $this->db_info->use_db_session == 'Y') { $oSessionModel = getModel('session'); $oSessionController = getController('session'); session_set_save_handler(array(&$oSessionController, 'open'), array(&$oSessionController, 'close'), array(&$oSessionModel, 'read'), array(&$oSessionController, 'write'), array(&$oSessionController, 'destroy'), array(&$oSessionController, 'gc')); } // start session if it was previously started $session_name = session_name(); $session_id = NULL; if ($session_id = $_POST[$session_name]) { session_id($session_id); } else { $session_id = $_COOKIE[$session_name]; } if ($session_id !== NULL || $this->db_info->delay_session != 'Y') { $this->setCacheControl(0, false); session_start(); } else { ob_start(); $this->setCacheControl(-1, true); register_shutdown_function(array($this, 'checkSessionStatus')); $_SESSION = array(); } // set authentication information in Context and session if (self::isInstalled()) { $oModuleModel = getModel('module'); $oModuleModel->loadModuleExtends(); $oMemberModel = getModel('member'); $oMemberController = getController('member'); if ($oMemberController && $oMemberModel) { // if signed in, validate it. if ($oMemberModel->isLogged()) { $oMemberController->setSessionInfo(); } elseif ($_COOKIE['xeak']) { $oMemberController->doAutologin(); } self::set('is_logged', $oMemberModel->isLogged()); if ($oMemberModel->isLogged()) { self::set('logged_info', $oMemberModel->getLoggedInfo()); } } } // check if using rewrite module $this->allow_rewrite = $this->db_info->use_rewrite == 'Y' ? TRUE : FALSE; // set locations for javascript use $url = array(); $current_url = self::getRequestUri(); if ($_SERVER['REQUEST_METHOD'] == 'GET') { if ($this->get_vars) { $url = array(); foreach ($this->get_vars as $key => $val) { if (is_array($val) && count($val) > 0) { foreach ($val as $k => $v) { $url[] = $key . '[' . $k . ']=' . urlencode($v); } } elseif ($val) { $url[] = $key . '=' . urlencode($val); } } $current_url = self::getRequestUri(); if ($url) { $current_url .= '?' . join('&', $url); } } else { $current_url = self::getUrl(); } } else { $current_url = self::getRequestUri(); } self::set('current_url', $current_url); self::set('request_uri', self::getRequestUri()); if (strpos($current_url, 'xn--') !== FALSE) { self::set('current_url', self::decodeIdna($current_url)); } if (strpos(self::getRequestUri(), 'xn--') !== FALSE) { self::set('request_uri', self::decodeIdna(self::getRequestUri())); } }
/** * Get is current user crawler * * @param string $agent if set, use this value instead HTTP_USER_AGENT * @return bool */ function isCrawler($agent = NULL) { if (!$agent) { $agent = $_SERVER['HTTP_USER_AGENT']; } $check_agent = array('bot', 'spider', 'spyder', 'crawl', 'http://', 'google', 'yahoo', 'slurp', 'yeti', 'daum', 'teoma', 'fish', 'hanrss', 'facebook', 'yandex', 'infoseek', 'askjeeves', 'stackrambler'); $check_ip = array(); foreach ($check_agent as $str) { if (stristr($agent, $str) != FALSE) { return TRUE; } } return IpFilter::filter($check_ip); }
/** * check allowed target ip address when login for admin. * * @return boolean (true : allowed, false : refuse) */ function getMemberAdminIPCheck() { $db_info = Context::getDBInfo(); $admin_ip_list = $db_info->admin_ip_list; if (!$admin_ip_list) { return true; } if (!is_array($admin_ip_list)) { $admin_ip_list = explode(',', $admin_ip_list); } if (!count($admin_ip_list) || IpFilter::filter($admin_ip_list)) { return true; } else { return false; } }
function procAdminUpdateSitelock() { $vars = Context::getRequestVars(); $oInstallController = getController('install'); $db_info = Context::getDbInfo(); $db_info->use_sitelock = $vars->use_sitelock ? $vars->use_sitelock : 'N'; $db_info->sitelock_title = $vars->sitelock_title; $db_info->sitelock_message = $vars->sitelock_message; $whitelist = $vars->sitelock_whitelist; $whitelist = preg_replace("/[\r|\n|\r\n]+/", ",", $whitelist); $whitelist = preg_replace("/\\s+/", "", $whitelist); if (preg_match('/(<\\?|<\\?php|\\?>)/xsm', $whitelist)) { $whitelist = ''; } $whitelist .= ',127.0.0.1,' . $_SERVER['REMOTE_ADDR']; $whitelist = explode(',', trim($whitelist, ',')); $whitelist = array_unique($whitelist); if (!IpFilter::validate($whitelist)) { return new Object(-1, 'msg_invalid_ip'); } $db_info->sitelock_whitelist = $whitelist; $oInstallController = getController('install'); if (!$oInstallController->makeConfigFile()) { return new Object(-1, 'msg_invalid_request'); } if (!in_array(Context::getRequestMethod(), array('XMLRPC', 'JSON'))) { $returnUrl = Context::get('success_return_url'); if (!$returnUrl) { $returnUrl = getNotEncodedUrl('', 'act', 'dispAdminConfigGeneral'); } header('location:' . $returnUrl); return; } }
/** * Initialization, it sets DB information, request arguments and so on. * * @see This function should be called only once * @return void */ function init() { // set context variables in $GLOBALS (to use in display handler) $this->context =& $GLOBALS['__Context__']; $this->context->lang =& $GLOBALS['lang']; $this->context->_COOKIE = $_COOKIE; // 20140429 editor/image_link $this->_checkGlobalVars(); $this->setRequestMethod(''); $this->_setXmlRpcArgument(); $this->_setJSONRequestArgument(); $this->_setRequestArgument(); $this->_setUploadedArgument(); $this->loadDBInfo(); if ($this->db_info->use_sitelock == 'Y') { if (is_array($this->db_info->sitelock_whitelist)) { $whitelist = $this->db_info->sitelock_whitelist; } if (!IpFilter::filter($whitelist)) { $title = $this->db_info->sitelock_title ? $this->db_info->sitelock_title : 'Maintenance in progress...'; $message = $this->db_info->sitelock_message; define('_XE_SITELOCK_', TRUE); define('_XE_SITELOCK_TITLE_', $title); define('_XE_SITELOCK_MESSAGE_', $message); header("HTTP/1.1 403 Forbidden"); include _XE_PATH_ . 'common/tpl/sitelock.html'; exit; } } // If XE is installed, get virtual site information if (self::isInstalled()) { $oModuleModel = getModel('module'); $site_module_info = $oModuleModel->getDefaultMid(); if (!isset($site_module_info)) { $site_module_info = new stdClass(); } // if site_srl of site_module_info is 0 (default site), compare the domain to default_url of db_config if ($site_module_info->site_srl == 0 && $site_module_info->domain != $this->db_info->default_url) { $site_module_info->domain = $this->db_info->default_url; } $this->set('site_module_info', $site_module_info); if ($site_module_info->site_srl && isSiteID($site_module_info->domain)) { $this->set('vid', $site_module_info->domain, TRUE); } if (!isset($this->db_info)) { $this->db_info = new stdClass(); } $this->db_info->lang_type = $site_module_info->default_language; if (!$this->db_info->lang_type) { $this->db_info->lang_type = 'en'; } if (!$this->db_info->use_db_session) { $this->db_info->use_db_session = 'N'; } } // Load Language File $lang_supported = $this->loadLangSelected(); // Retrieve language type set in user's cookie if ($this->lang_type = $this->get('l')) { if ($_COOKIE['lang_type'] != $this->lang_type) { setcookie('lang_type', $this->lang_type, $_SERVER['REQUEST_TIME'] + 3600 * 24 * 1000, '/'); } } elseif ($_COOKIE['lang_type']) { $this->lang_type = $_COOKIE['lang_type']; } // If it's not exists, follow default language type set in db_info if (!$this->lang_type) { $this->lang_type = $this->db_info->lang_type; } // if still lang_type has not been set or has not-supported type , set as English. if (!$this->lang_type) { $this->lang_type = 'en'; } if (is_array($lang_supported) && !isset($lang_supported[$this->lang_type])) { $this->lang_type = 'en'; } $this->set('lang_supported', $lang_supported); $this->setLangType($this->lang_type); // load module module's language file according to language setting $this->loadLang(_XE_PATH_ . 'modules/module/lang'); // set session handler if (self::isInstalled() && $this->db_info->use_db_session == 'Y') { $oSessionModel = getModel('session'); $oSessionController = getController('session'); session_set_save_handler(array(&$oSessionController, 'open'), array(&$oSessionController, 'close'), array(&$oSessionModel, 'read'), array(&$oSessionController, 'write'), array(&$oSessionController, 'destroy'), array(&$oSessionController, 'gc')); } session_start(); if ($sess = $_POST[session_name()]) { session_id($sess); } // set authentication information in Context and session if (self::isInstalled()) { $oModuleModel = getModel('module'); $oModuleModel->loadModuleExtends(); $oMemberModel = getModel('member'); $oMemberController = getController('member'); if ($oMemberController && $oMemberModel) { // if signed in, validate it. if ($oMemberModel->isLogged()) { $oMemberController->setSessionInfo(); } elseif ($_COOKIE['xeak']) { $oMemberController->doAutologin(); } $this->set('is_logged', $oMemberModel->isLogged()); $this->set('logged_info', $oMemberModel->getLoggedInfo()); } } // load common language file $this->lang =& $GLOBALS['lang']; $this->loadLang(_XE_PATH_ . 'common/lang/'); // check if using rewrite module $this->allow_rewrite = $this->db_info->use_rewrite == 'Y' ? TRUE : FALSE; // set locations for javascript use if ($_SERVER['REQUEST_METHOD'] == 'GET') { if ($this->get_vars) { $url = array(); foreach ($this->get_vars as $key => $val) { if (is_array($val) && count($val) > 0) { foreach ($val as $k => $v) { $url[] = $key . '[' . $k . ']=' . urlencode($v); } } elseif ($val) { $url[] = $key . '=' . urlencode($val); } } $this->set('current_url', self::getRequestUri() . '?' . join('&', $url)); } else { $this->set('current_url', $this->getUrl()); } } else { $this->set('current_url', self::getRequestUri()); } $this->set('request_uri', self::getRequestUri()); }
/** * @brief Change settings */ function procInstallAdminSaveTimeZone() { $db_info = Context::getDBInfo(); $admin_ip_list = Context::get('admin_ip_list'); if ($admin_ip_list) { $admin_ip_list = preg_replace("/[\r|\n|\r\n]+/", ",", $admin_ip_list); $admin_ip_list = preg_replace("/\\s+/", "", $admin_ip_list); if (preg_match('/(<\\?|<\\?php|\\?>)/xsm', $admin_ip_list)) { $admin_ip_list = ''; } $admin_ip_list .= ',127.0.0.1,' . $_SERVER['REMOTE_ADDR']; $admin_ip_list = explode(',', trim($admin_ip_list, ',')); $admin_ip_list = array_unique($admin_ip_list); if (!IpFilter::validate($admin_ip_list)) { return new Object(-1, 'msg_invalid_ip'); } } $default_url = Context::get('default_url'); if ($default_url && strncasecmp('http://', $default_url, 7) !== 0 && strncasecmp('https://', $default_url, 8) !== 0) { $default_url = 'http://' . $default_url; } $use_ssl = Context::get('use_ssl'); if (!$use_ssl) { $use_ssl = 'none'; } $http_port = Context::get('http_port'); $https_port = Context::get('https_port'); $use_rewrite = Context::get('use_rewrite'); if ($use_rewrite != 'Y') { $use_rewrite = 'N'; } $use_sso = Context::get('use_sso'); if ($use_sso != 'Y') { $use_sso = 'N'; } $use_db_session = Context::get('use_db_session'); if ($use_db_session != 'Y') { $use_db_session = 'N'; } $qmail_compatibility = Context::get('qmail_compatibility'); if ($qmail_compatibility != 'Y') { $qmail_compatibility = 'N'; } $use_html5 = Context::get('use_html5'); if (!$use_html5) { $use_html5 = 'N'; } $db_info->default_url = $default_url; $db_info->qmail_compatibility = $qmail_compatibility; $db_info->use_db_session = $use_db_session; $db_info->use_rewrite = $use_rewrite; $db_info->use_sso = $use_sso; $db_info->use_ssl = $use_ssl; $db_info->use_html5 = $use_html5; $db_info->admin_ip_list = $admin_ip_list; if ($http_port) { $db_info->http_port = (int) $http_port; } else { if ($db_info->http_port) { unset($db_info->http_port); } } if ($https_port) { $db_info->https_port = (int) $https_port; } else { if ($db_info->https_port) { unset($db_info->https_port); } } unset($db_info->lang_type); $oInstallController = getController('install'); if (!$oInstallController->makeConfigFile()) { return new Object(-1, 'msg_invalid_request'); } else { Context::setDBInfo($db_info); if ($default_url) { $site_args = new stdClass(); $site_args->site_srl = 0; $site_args->domain = $default_url; $oModuleController = getController('module'); $oModuleController->updateSite($site_args); } $this->setRedirectUrl(Context::get('error_return_url')); } }
/** * Update sitelock configuration. */ function procAdminUpdateSitelock() { $vars = Context::gets('sitelock_locked', 'sitelock_allowed_ip', 'sitelock_title', 'sitelock_message'); $allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->sitelock_allowed_ip)); $allowed_ip = array_unique(array_filter($allowed_ip, function ($item) { return $item !== ''; })); if ($vars->sitelock_locked === 'Y') { $allowed_localhost = false; $allowed_current = false; foreach ($allowed_ip as $range) { if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range)) { $allowed_localhost = true; } if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) { $allowed_current = true; } } if (!$allowed_localhost) { array_unshift($allowed_ip, '127.0.0.1'); } if (!$allowed_current) { array_unshift($allowed_ip, RX_CLIENT_IP); } } if (!IpFilter::validate($whitelist)) { return new Object(-1, 'msg_invalid_ip'); } Rhymix\Framework\Config::set('lock.locked', $vars->sitelock_locked === 'Y'); Rhymix\Framework\Config::set('lock.title', trim($vars->sitelock_title)); Rhymix\Framework\Config::set('lock.message', trim($vars->sitelock_message)); Rhymix\Framework\Config::set('lock.allow', array_values($allowed_ip)); Rhymix\Framework\Config::save(); $this->setMessage('success_updated'); $this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'act', 'dispAdminConfigSitelock')); }
/** * Get is current user crawler * * @param string $agent if set, use this value instead HTTP_USER_AGENT * @return bool */ function isCrawler($agent = NULL) { if (!$agent) { $agent = $_SERVER['HTTP_USER_AGENT']; } $check_agent = array('bot', 'spider', 'google', 'yahoo', 'daum', 'teoma', 'fish', 'hanrss', 'facebook'); $check_ip = array('211.245.21.110-211.245.21.119'); foreach ($check_agent as $str) { if (stristr($agent, $str) != FALSE) { return TRUE; } } return IpFilter::filter($check_ip); }