public function validate($ip_list = array())
{
foreach ($ip_list as $filter) {
if (!Rhymix\Framework\IpFilter::validateRange($filter)) {
return false;
}
}
return true;
}
/**
* check allowed target ip address when login for admin.
*
* @return boolean (true : allowed, false : refuse)
*/
function getMemberAdminIPCheck($allow_list = null, $deny_list = null)
{
if ($allow_list = $allow_list === null ? config('admin.allow') : $allow_list) {
foreach ($allow_list as $range) {
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
return true;
}
}
return false;
}
if ($deny_list = $deny_list === null ? config('admin.deny') : $deny_list) {
foreach ($deny_list as $range) {
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
return false;
}
}
return true;
}
return true;
}
define('RX_BASEURL', '/');
}
/**
* RX_REQUEST_URL is the remainder of the current URL (not including RX_BASEURL).
*/
if (isset($_SERVER['REQUEST_URI'])) {
define('RX_REQUEST_URL', RX_BASEURL === '/' ? substr($_SERVER['REQUEST_URI'], 1) : (substr($_SERVER['REQUEST_URI'], strlen(RX_BASEURL)) ?: ''));
} else {
define('RX_REQUEST_URL', '');
}
/**
* RX_CLIENT_IP_VERSION and RX_CLIENT_IP contain information about the current visitor's IP address.
*/
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
include_once __DIR__ . '/framework/ipfilter.php';
Rhymix\Framework\IpFilter::getCloudFlareRealIP();
}
if (isset($_SERVER['REMOTE_ADDR']) && preg_match('/[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+$/', $_SERVER['REMOTE_ADDR'], $matches)) {
define('RX_CLIENT_IP_VERSION', 4);
define('RX_CLIENT_IP', $matches[0]);
} elseif (isset($_SERVER['REMOTE_ADDR']) && @inet_pton($_SERVER['REMOTE_ADDR']) !== false) {
define('RX_CLIENT_IP_VERSION', 6);
define('RX_CLIENT_IP', $_SERVER['REMOTE_ADDR']);
} else {
define('RX_CLIENT_IP_VERSION', 4);
define('RX_CLIENT_IP', '0.0.0.0');
}
/*
* RX_SSL is true if the current request uses SSL/TLS.
*/
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
/**
* Update sitelock configuration.
*/
function procAdminUpdateSitelock()
{
$vars = Context::gets('sitelock_locked', 'sitelock_allowed_ip', 'sitelock_title', 'sitelock_message');
$allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->sitelock_allowed_ip));
$allowed_ip = array_unique(array_filter($allowed_ip, function ($item) {
return $item !== '';
}));
if ($vars->sitelock_locked === 'Y') {
$allowed_localhost = false;
$allowed_current = false;
foreach ($allowed_ip as $range) {
if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range)) {
$allowed_localhost = true;
}
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
$allowed_current = true;
}
}
if (!$allowed_localhost) {
array_unshift($allowed_ip, '127.0.0.1');
}
if (!$allowed_current) {
array_unshift($allowed_ip, RX_CLIENT_IP);
}
}
if (!IpFilter::validate($whitelist)) {
return new Object(-1, 'msg_invalid_ip');
}
Rhymix\Framework\Config::set('lock.locked', $vars->sitelock_locked === 'Y');
Rhymix\Framework\Config::set('lock.title', trim($vars->sitelock_title));
Rhymix\Framework\Config::set('lock.message', trim($vars->sitelock_message));
Rhymix\Framework\Config::set('lock.allow', array_values($allowed_ip));
Rhymix\Framework\Config::save();
$this->setMessage('success_updated');
$this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'act', 'dispAdminConfigSitelock'));
}
/**
* Display Sitelock Settings page
* @return void
*/
function dispAdminConfigSitelock()
{
Context::set('sitelock_locked', Rhymix\Framework\Config::get('lock.locked'));
Context::set('sitelock_title', escape(Rhymix\Framework\Config::get('lock.title')));
Context::set('sitelock_message', escape(Rhymix\Framework\Config::get('lock.message')));
$allowed_ip = Rhymix\Framework\Config::get('lock.allow') ?: array();
$allowed_localhost = false;
$allowed_current = false;
foreach ($allowed_ip as $range) {
if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range)) {
$allowed_localhost = true;
}
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
$allowed_current = true;
}
}
if (!$allowed_localhost) {
array_unshift($allowed_ip, '127.0.0.1');
}
if (!$allowed_current) {
array_unshift($allowed_ip, RX_CLIENT_IP);
}
Context::set('sitelock_allowed_ip', implode(PHP_EOL, $allowed_ip));
Context::set('remote_addr', RX_CLIENT_IP);
$this->setTemplateFile('config_sitelock');
}
/**
* Enforce site lock.
*/
private static function enforceSiteLock()
{
// Allow if the current user is logged in as administrator, or trying to log in.
$logged_info = self::get('logged_info');
if ($logged_info && $logged_info->is_admin === 'Y') {
return;
} elseif (in_array(self::get('act'), array('procMemberLogin', 'dispMemberLogout'))) {
return;
}
// Allow if the current user is in the list of allowed IPs.
$allowed_list = config('lock.allow');
foreach ($allowed_list as $allowed_ip) {
if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $allowed_ip)) {
return;
}
}
// Set headers and constants for backward compatibility.
header('HTTP/1.1 503 Service Unavailable');
define('_XE_SITELOCK_', TRUE);
define('_XE_SITELOCK_TITLE_', config('lock.title') ?: self::getLang('admin.sitelock_in_use'));
define('_XE_SITELOCK_MESSAGE_', config('lock.message'));
unset($_SESSION['XE_VALIDATOR_RETURN_URL']);
// Load the sitelock template.
if (FileHandler::exists(RX_BASEDIR . 'common/tpl/sitelock.user.html')) {
include RX_BASEDIR . 'common/tpl/sitelock.user.html';
} else {
self::setBrowserTitle(self::getSiteTitle());
$oMessageObject = getView('message');
$oMessageObject->setHttpStatusCode(503);
$oMessageObject->setError(-1);
$oMessageObject->setMessage(_XE_SITELOCK_TITLE_);
$oMessageObject->dispMessage();
$oModuleHandler = new ModuleHandler();
$oModuleHandler->displayContent($oMessageObject);
}
exit;
}
