function wfWikiaAbortAutoblock($autoblockip, $block)
{
if (!IP::isPublic($autoblockip)) {
wfDebug("IP {$autoblockip} was prevented from being autoblocked by internal IP autoblock");
return false;
}
}
public function testPrivateIPs()
{
$private = array('10.0.0.1', '172.16.0.1', '192.168.0.1');
foreach ($private as $p) {
$this->assertFalse(IP::isPublic($p), "{$p} is not a public IP address");
}
}
/** Work out the IP address based on various globals */
function wfGetIP()
{
global $wgSquidServers, $wgSquidServersNoPurge, $wgIP;
# Return cached result
if (!empty($wgIP)) {
return $wgIP;
}
/* collect the originating ips */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ipchain = array($_SERVER['REMOTE_ADDR']);
} else {
# Running on CLI?
$ipchain = array('127.0.0.1');
}
$ip = $ipchain[0];
# Get list of trusted proxies
# Flipped for quicker access
$trustedProxies = array_flip(array_merge($wgSquidServers, $wgSquidServersNoPurge));
if (count($trustedProxies)) {
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
if (array_key_exists($curIP, $trustedProxies)) {
if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
} else {
break;
}
}
}
wfDebug("IP: {$ip}\n");
$wgIP = $ip;
return $ip;
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
*
* @since 1.19
*
* @throws MWException
* @return string
*/
public function getIP()
{
global $wgUsePrivateIPs;
# Return cached result
if ($this->ip !== null) {
return $this->ip;
}
# collect the originating ips
$ip = $this->getRawIP();
# Append XFF
$forwardedFor = $this->getHeader('X-Forwarded-For');
if ($forwardedFor !== false) {
$ipchain = array_map('trim', explode(',', $forwardedFor));
$ipchain = array_reverse($ipchain);
if ($ip) {
array_unshift($ipchain, $ip);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
$curIP = IP::canonicalize($curIP);
if (wfIsTrustedProxy($curIP)) {
if (isset($ipchain[$i + 1])) {
if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
}
} else {
break;
}
}
}
# Allow extensions to improve our guess
wfRunHooks('GetIP', array(&$ip));
if (!$ip) {
throw new MWException("Unable to determine IP");
}
wfDebug("IP: {$ip}\n");
$this->ip = $ip;
return $ip;
}
/**
* @covers IP::isPublic
*/
public function testPrivateIPs()
{
$private = array('fc00::3', 'fc00::ff', '::1', '10.0.0.1', '172.16.0.1', '192.168.0.1');
foreach ($private as $p) {
$this->assertFalse(IP::isPublic($p), "{$p} is not a public IP address");
}
$public = array('2001:5c0:1000:a::133', 'fc::3', '00FC::');
foreach ($public as $p) {
$this->assertTrue(IP::isPublic($p), "{$p} is a public IP address");
}
}
/**
* Locates the client IP within a given XFF string
* @param string $xff
* @return array( string, bool )
*/
public static function getClientIPfromXFF($xff)
{
global $wgSquidServers, $wgSquidServersNoPurge;
if (!$xff) {
return array(null, false);
}
// Avoid annoyingly long xff hacks
$xff = trim(substr($xff, 0, 255));
$client = null;
$isSquidOnly = true;
$trusted = true;
// Check each IP, assuming they are separated by commas
$ips = explode(',', $xff);
foreach ($ips as $ip) {
$ip = trim($ip);
// If it is a valid IP, not a hash or such
if (IP::isIPAddress($ip)) {
# The first IP should be the client.
# Start only from the first public IP.
if (is_null($client)) {
if (IP::isPublic($ip)) {
$client = $ip;
}
} elseif (!in_array($ip, $wgSquidServers) && !in_array($ip, $wgSquidServersNoPurge)) {
$isSquidOnly = false;
break;
}
}
}
return array($client, $isSquidOnly);
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
*
* @since 1.19
*
* @throws MWException
* @return string
*/
public function getIP()
{
global $wgUsePrivateIPs;
# Return cached result
if ($this->ip !== null) {
return $this->ip;
}
# collect the originating ips
$ip = $this->getRawIP();
if (!$ip) {
throw new MWException('Unable to determine IP.');
}
# Append XFF
$forwardedFor = $this->getHeader('X-Forwarded-For');
if ($forwardedFor !== false) {
$isConfigured = IP::isConfiguredProxy($ip);
$ipchain = array_map('trim', explode(',', $forwardedFor));
$ipchain = array_reverse($ipchain);
array_unshift($ipchain, $ip);
# Step through XFF list and find the last address in the list which is a
# trusted server. Set $ip to the IP address given by that trusted server,
# unless the address is not sensible (e.g. private). However, prefer private
# IP addresses over proxy servers controlled by this site (more sensible).
# Note that some XFF values might be "unknown" with Squid/Varnish.
foreach ($ipchain as $i => $curIP) {
$curIP = IP::sanitizeIP(IP::canonicalize($curIP));
if (!$curIP || !isset($ipchain[$i + 1]) || $ipchain[$i + 1] === 'unknown' || !IP::isTrustedProxy($curIP)) {
break;
// IP is not valid/trusted or does not point to anything
}
if (IP::isPublic($ipchain[$i + 1]) || $wgUsePrivateIPs || IP::isConfiguredProxy($curIP)) {
// Follow the next IP according to the proxy
$nextIP = IP::canonicalize($ipchain[$i + 1]);
if (!$nextIP && $isConfigured) {
// We have not yet made it past CDN/proxy servers of this site,
// so either they are misconfigured or there is some IP spoofing.
throw new MWException("Invalid IP given in XFF '{$forwardedFor}'.");
}
$ip = $nextIP;
// keep traversing the chain
continue;
}
break;
}
}
# Allow extensions to improve our guess
Hooks::run('GetIP', array(&$ip));
if (!$ip) {
throw new MWException("Unable to determine IP.");
}
wfDebug("IP: {$ip}\n");
$this->ip = $ip;
return $ip;
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
* @return string
*/
function wfGetIP()
{
global $wgUsePrivateIPs, $wgCommandLineMode;
static $ip = false;
# Return cached result
if (!empty($ip)) {
return $ip;
}
$ipchain = array();
/* collect the originating ips */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ip = IP::canonicalize($_SERVER['REMOTE_ADDR']);
} elseif ($wgCommandLineMode) {
$ip = '127.0.0.1';
}
if ($ip) {
$ipchain[] = $ip;
}
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
$curIP = IP::canonicalize($curIP);
if (wfIsTrustedProxy($curIP)) {
if (isset($ipchain[$i + 1])) {
if ($wgUsePrivateIPs || IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
}
} else {
break;
}
}
# Allow extensions to improve our guess
wfRunHooks('GetIP', array(&$ip));
if (!$ip) {
throw new MWException("Unable to determine IP");
}
wfDebug("IP: {$ip}\n");
return $ip;
}
static function getCurrUserName()
{
global $wgUser, $wgSquidServers;
global $wgUsePrivateIPs;
if (self::$anon_forwarded_for === true && $wgUser->isAnon()) {
/* collect the originating IPs
borrowed from ProxyTools::wfGetIP
bypass trusted proxies list check */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR']));
} else {
# Running on CLI?
$ipchain = array('127.0.0.1');
}
$ip = $ipchain[0];
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
$username = "";
foreach ($ipchain as $i => $curIP) {
if ($wgUsePrivateIPs || IP::isPublic($curIP)) {
$username .= IP::canonicalize($curIP) . '/';
}
}
if ($username != "") {
# remove trailing slash
$username = substr($username, 0, strlen($username) - 1);
} else {
$username .= IP::canonicalize($ipchain[0]);
}
} else {
$username = $wgUser->getName();
}
return $username;
}
/**
* @covers IP::isPublic
* @dataProvider provideIsPublic
*/
public function testIsPublic($expected, $input)
{
$result = IP::isPublic($input);
$this->assertEquals($expected, $result);
}
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
*
* @since 1.19
*
* @throws MWException
* @return string
*/
public function getIP() {
global $wgUsePrivateIPs;
# Return cached result
if ( $this->ip !== null ) {
return $this->ip;
}
# collect the originating ips
$ip = $this->getRawIP();
# Append XFF
$forwardedFor = $this->getHeader( 'X-Forwarded-For' );
if ( $forwardedFor !== false ) {
$ipchain = array_map( 'trim', explode( ',', $forwardedFor ) );
$ipchain = array_reverse( $ipchain );
if ( $ip ) {
array_unshift( $ipchain, $ip );
}
# Step through XFF list and find the last address in the list which is a
# trusted server. Set $ip to the IP address given by that trusted server,
# unless the address is not sensible (e.g. private). However, prefer private
# IP addresses over proxy servers controlled by this site (more sensible).
foreach ( $ipchain as $i => $curIP ) {
$curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
if ( wfIsTrustedProxy( $curIP ) && isset( $ipchain[$i + 1] ) ) {
if ( wfIsConfiguredProxy( $curIP ) || // bug 48919; treat IP as sane
IP::isPublic( $ipchain[$i + 1] ) ||
$wgUsePrivateIPs
) {
$nextIP = IP::canonicalize( $ipchain[$i + 1] );
if ( !$nextIP && wfIsConfiguredProxy( $ip ) ) {
// We have not yet made it past CDN/proxy servers of this site,
// so either they are misconfigured or there is some IP spoofing.
throw new MWException( "Invalid IP given in XFF '$forwardedFor'." );
}
$ip = $nextIP;
continue;
}
}
break;
}
}
# Allow extensions to improve our guess
wfRunHooks( 'GetIP', array( &$ip ) );
if ( !$ip ) {
throw new MWException( "Unable to determine IP." );
}
wfDebug( "IP: $ip\n" );
$this->ip = $ip;
return $ip;
}
/**
* Locates the client IP within a given XFF string
* @param string $xff
* @param string $address, the ip that sent this header (optional)
* @return array( string, bool )
*/
function efGetClientIPfromXFF($xff, $address = NULL)
{
if (!$xff) {
return array(null, false);
}
// Avoid annoyingly long xff hacks
$xff = trim(substr($xff, 0, 255));
$client = null;
$trusted = true;
// Check each IP, assuming they are separated by commas
$ips = explode(',', $xff);
foreach ($ips as $n => $ip) {
$ip = trim($ip);
// If it is a valid IP, not a hash or such
if (IP::isIPAddress($ip)) {
# The first IP should be the client.
# Start only from the first public IP.
if (is_null($client)) {
if (IP::isPublic($ip)) {
$client = $ip;
}
# Check that all servers are trusted
} else {
if (!wfIsTrustedProxy($ip)) {
$trusted = false;
break;
}
}
}
}
// We still have to test if the IP that sent
// this header is trusted to confirm results
if ($client != $address && (!$address || !wfIsTrustedProxy($address))) {
$trusted = false;
}
return array($client, $trusted);
}
include_once "coslib/log.php";
include_once "coslib/IP.php";
log::createLog();
$config_file = _COS_PATH . '/config/config.php';
config::loadPHPConfigFile($config_file);
// simple api for getting ip.
$api_ip = config::getMainIni('api_ip');
if (!$api_ip) {
$api_ip = 'http://www.os-cms.net/api/your_addr.php';
}
$my_ip = @file_get_contents($api_ip);
if ($my_ip === false) {
log::error("Could not get your public IP. No check of current DNS settings");
return;
}
if (!IP::isPublic($my_ip)) {
log::error("IP {$my_ip} is not public");
}
$my_ip = trim($my_ip);
$my_hostnames = config::getMainIni('my_hostnames');
// if more hosts use a comma seperated list
$url = config::getMainIni('api_url');
$url .= "?hostname={$my_hostnames}&myip={$my_ip}";
$user_agent = "User-Agent: noiphp/0.0.1 dennis.iversen@gmail.com";
$curl = new mycurl($url);
$curl->useAuth(true);
//$curl->setCert(config::getMainIni('cert'));
$email = config::getMainIni('email');
$password = config::getMainIni('password');
$curl->setName($email);
$curl->setPass($password);
/**
* Work out the IP address based on various globals
* For trusted proxies, use the XFF client IP (first of the chain)
* @return string
*/
function wfGetIP()
{
global $wgIP;
# Return cached result
if (!empty($wgIP)) {
return $wgIP;
}
/* collect the originating ips */
# Client connecting to this webserver
if (isset($_SERVER['REMOTE_ADDR'])) {
$ipchain = array(IP::canonicalize($_SERVER['REMOTE_ADDR']));
} else {
# Running on CLI?
$ipchain = array('127.0.0.1');
}
$ip = $ipchain[0];
# Append XFF on to $ipchain
$forwardedFor = wfGetForwardedFor();
if (isset($forwardedFor)) {
$xff = array_map('trim', explode(',', $forwardedFor));
$xff = array_reverse($xff);
$ipchain = array_merge($ipchain, $xff);
}
# Step through XFF list and find the last address in the list which is a trusted server
# Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private)
foreach ($ipchain as $i => $curIP) {
$curIP = IP::canonicalize($curIP);
if (wfIsTrustedProxy($curIP)) {
if (isset($ipchain[$i + 1]) && IP::isPublic($ipchain[$i + 1])) {
$ip = $ipchain[$i + 1];
}
} else {
break;
}
}
if (strpos($ip, "192.168.100") !== false) {
$msg = "wfGetIP: Bad IP {$ip} " . print_r($_SERVER, true) . print_r($wgUser, true) . wfBacktrace() . "\n";
wfDebug($msg);
}
wfDebug("IP: {$ip}\n");
$wgIP = $ip;
return $ip;
}
