public static function validateToken($token) { if (is_string($token)) { if (trim($token) === "") { return null; } $tokens = new Default_Model_AccessTokens(); $tokens->filter->token->equals($token); if (count($tokens->items) === 0) { return false; } $token = $tokens->items[0]; } else { if ($token instanceof Default_Model_AccessToken) { //nothing to do } else { return false; } } $valid = false; $ip = $_SERVER['REMOTE_ADDR']; $netfilters = $token->getNetfilters(); if (count($netfilters) === 0) { return true; } foreach ($netfilters as $netfilter) { if ($netfilter == '') { // NULL netfilter $valid = true; break; } elseif (isCIDR($netfilter)) { if (ipCIDRCheck($ip, $netfilter)) { $valid = true; break; } } elseif (isCIDR6($netfilter)) { if (ipCIDRCheck6($ip, $netfilter)) { $valid = true; break; } } elseif (isIPv4($netfilter) || isIPv6($netfilter)) { if ($ip == $netfilter) { $valid = true; break; } } else { // domain name based netfilter $hostname = gethostbyaddr($ip); $netfilter = str_replace('\\', '', $netfilter); // do not permit escaping if (preg_match('/\\.' . str_replace('.', '\\.', $netfilter) . '$/', $hostname) || preg_match('/^' . str_replace('.', '\\.', $netfilter) . '$/', $hostname)) { $valid = true; break; } } } if (!$valid) { debug_log('[AccessTokens::validateToken]: Invalid API key ' . $token->getToken()); } return $valid; }
/** * check that the apikey is valid for the IP that made the request * * @key string the API key * @netfilter string the netfilter for which the key is valid * * @return boolean * @access private */ private function _validateAPIKey($key) { $valid = false; if ($this->getParam("remoteaddr") != "") { $ip = base64_decode($this->getParam("remoteaddr")); } else { $ip = $_SERVER['REMOTE_ADDR']; } if (count($key->netfilters) == 0) { $valid = true; } foreach ($key->netfilters as $netfilter) { if ($netfilter == '') { // NULL netfilter $valid = true; break; } elseif (isCIDR($netfilter)) { if (ipCIDRCheck($ip, $netfilter)) { $valid = true; break; } } elseif (isCIDR6($netfilter)) { if (ipCIDRCheck6($ip, $netfilter)) { $valid = true; break; } } elseif (isIPv4($netfilter) || isIPv6($netfilter)) { if ($ip == $netfilter) { $valid = true; break; } } else { // domain name based netfilter $hostname = gethostbyaddr($ip); $netfilter = str_replace('\\', '', $netfilter); // do not permit escaping if (preg_match('/\\.' . str_replace('.', '\\.', $netfilter) . '$/', $hostname) || preg_match('/^' . str_replace('.', '\\.', $netfilter) . '$/', $hostname)) { $valid = true; break; } } } if (!$valid) { error_log('Invalid API key ' . $key->key . "(ip = {$ip})"); } return $valid; }
require_once __DIR__ . '/../config.php'; require_once __DIR__ . '/core.php'; /** * Check with the GitHub API if the source IP matches one from GitHub. */ $match = false; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/meta'); curl_setopt($ch, CURLOPT_USERAGENT, 'betacie/githooks'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $data = curl_exec($ch); curl_close($ch); $metaJSON = json_decode($data); foreach ($metaJSON->hooks as $cidr) { if (ipCIDRCheck($_SERVER['REMOTE_ADDR'], $cidr)) { $match = true; break; } } if (!$match || !isset($_POST['payload'])) { die; } /** * Decode the JSON Payload. */ $json = json_decode($_POST['payload']); $refs = explode('/', $json->ref); $branch = $refs[count($refs) - 1]; $name = $json->repository->owner->name . '/' . $json->repository->name . '/' . $branch; /**
} fclose($unzipped); } } // loop over the geoip file // find a matching network $row = 0; if (($handle = fopen($dirname . $fileIP, 'r')) !== FALSE) { while (($data = fgetcsv($handle, 1000, ',')) !== FALSE) { $num = count($data); $row++; if ($row > 1) { // get network $range = $data[0]; // check if user's IP matches network if (ipCIDRCheck($ip, $range)) { $geo_id = $data[1]; $loc['postal'] = $data[6]; $loc['lat'] = $data[7]; $loc['lng'] = $data[8]; break; } } } } // if a geo_id match is found then // loop over the locations file to find // country, province, city if ($geo_id != null) { $row = 0; if (($handle = fopen($dirname . $fileLOC, 'r')) !== FALSE) {