/**
* Check blacklist (hooked into dlm_can_download) checks if the download request comes from blacklisted IP address or user agent
*
* Other plugins can use the 'dlm_can_download' filter directly to change access rights.
*
* @access public
*
* @param boolean $can_download
* @param mixed $download
*
* @return boolean
*/
public function check_blacklist($can_download, $download)
{
// Check if IP is blacklisted
if (false !== $can_download) {
$visitor_ip = DLM_Utils::get_visitor_ip();
$ip_type = 0;
if (filter_var($visitor_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$ip_type = 4;
} elseif (filter_var($visitor_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip_type = 6;
}
$blacklisted_ips = preg_split("/\r?\n/", trim(get_option('dlm_ip_blacklist', "")));
/**
* Until IPs are validated at time of save, we need to ensure entries
* are legitimate before using them. Allow formats:
* IPv4, e.g. 198.51.100.1
* IPv4/CIDR netmask, e.g. 198.51.100.0/24
* IPv6, e.g. 2001:db8::1
* IPv6/CIDR netmask, e.g. 2001:db8::/32
*/
// IP/CIDR netmask regexes
// http://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/
// http://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
$ip4_with_mask_pattern = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$/';
$ip6_with_mask_pattern = '/^((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\\/[0-9][0-9]?|1([01][0-9]|2[0-8])))$/';
if (4 === $ip_type) {
foreach ($blacklisted_ips as $blacklisted_ip) {
// Detect unique IPv4 address and ranges of IPv4 addresses in IP/CIDR netmask format
if (filter_var($blacklisted_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || preg_match($ip4_with_mask_pattern, $blacklisted_ip)) {
if (DLM_Utils::ipv4_in_range($visitor_ip, $blacklisted_ip)) {
$can_download = false;
break;
}
}
}
} elseif (6 === $ip_type) {
foreach ($blacklisted_ips as $blacklisted_ip) {
// Detect unique IPv6 address and ranges of IPv6 addresses in IP/CIDR netmask format
if (filter_var($blacklisted_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || preg_match($ip6_with_mask_pattern, $blacklisted_ip)) {
if (DLM_Utils::ipv6_in_range($visitor_ip, $blacklisted_ip)) {
$can_download = false;
break;
}
}
}
}
}
// Check if user agent is blacklisted
if (false !== $can_download) {
// get request user agent
$visitor_ua = DLM_Utils::get_visitor_ua();
// check if $visitor_ua isn't empty
if (!empty($visitor_ua)) {
// get blacklisted user agents
$blacklisted_uas = preg_split("/\r?\n/", trim(get_option('dlm_user_agent_blacklist', "")));
if (!empty($blacklisted_uas)) {
// loop through blacklisted user agents
foreach ($blacklisted_uas as $blacklisted_ua) {
if (!empty($blacklisted_ua)) {
// check if blacklisted user agent is found in request user agent
if (false !== stristr($visitor_ua, $blacklisted_ua)) {
$can_download = false;
break;
}
}
}
}
}
}
return $can_download;
}
