/** * Construct an IP address representation. * @param string $address The textual representation of an IP address or CIDR range. */ public function __construct($address) { // analyze address format $this->is_valid = IP::isIPAddress($address); if (!$this->is_valid) { return; } $this->is_ipv4 = IP::isIPv4($address); $this->is_ipv6 = !$this->is_ipv4 && IP::isIPv6($address); // analyze address range $this->is_range = IP::isValidBlock($address); $this->encoded_range = IP::parseRange($address); $this->range = array(IP::prettifyIP(IP::formatHex($this->encoded_range[self::START])), IP::prettifyIP(IP::formatHex($this->encoded_range[self::END]))); }
/** * @covers IP::isIPv6 */ public function testisIPv6() { $this->assertFalse(IP::isIPv6(':fc:100::'), 'IPv6 starting with lone ":"'); $this->assertFalse(IP::isIPv6('fc:100:::'), 'IPv6 ending with a ":::"'); $this->assertFalse(IP::isIPv6('fc:300'), 'IPv6 with only 2 words'); $this->assertFalse(IP::isIPv6('fc:100:300'), 'IPv6 with only 3 words'); $this->assertTrue(IP::isIPv6('fc:100::')); $this->assertTrue(IP::isIPv6('fc:100:a::')); $this->assertTrue(IP::isIPv6('fc:100:a:d::')); $this->assertTrue(IP::isIPv6('fc:100:a:d:1::')); $this->assertTrue(IP::isIPv6('fc:100:a:d:1:e::')); $this->assertTrue(IP::isIPv6('fc:100:a:d:1:e:ac::')); $this->assertFalse(IP::isIPv6('fc:100:a:d:1:e:ac:0::'), 'IPv6 with 8 words ending with "::"'); $this->assertFalse(IP::isIPv6('fc:100:a:d:1:e:ac:0:1::'), 'IPv6 with 9 words ending with "::"'); $this->assertFalse(IP::isIPv6(':::')); $this->assertFalse(IP::isIPv6('::0:'), 'IPv6 ending in a lone ":"'); $this->assertTrue(IP::isIPv6('::'), 'IPv6 zero address'); $this->assertTrue(IP::isIPv6('::0')); $this->assertTrue(IP::isIPv6('::fc')); $this->assertTrue(IP::isIPv6('::fc:100')); $this->assertTrue(IP::isIPv6('::fc:100:a')); $this->assertTrue(IP::isIPv6('::fc:100:a:d')); $this->assertTrue(IP::isIPv6('::fc:100:a:d:1')); $this->assertTrue(IP::isIPv6('::fc:100:a:d:1:e')); $this->assertTrue(IP::isIPv6('::fc:100:a:d:1:e:ac')); $this->assertFalse(IP::isIPv6('::fc:100:a:d:1:e:ac:0'), 'IPv6 with "::" and 8 words'); $this->assertFalse(IP::isIPv6('::fc:100:a:d:1:e:ac:0:1'), 'IPv6 with 9 words'); $this->assertFalse(IP::isIPv6(':fc::100'), 'IPv6 starting with lone ":"'); $this->assertFalse(IP::isIPv6('fc::100:'), 'IPv6 ending with lone ":"'); $this->assertFalse(IP::isIPv6('fc:::100'), 'IPv6 with ":::" in the middle'); $this->assertTrue(IP::isIPv6('fc::100'), 'IPv6 with "::" and 2 words'); $this->assertTrue(IP::isIPv6('fc::100:a'), 'IPv6 with "::" and 3 words'); $this->assertTrue(IP::isIPv6('fc::100:a:d', 'IPv6 with "::" and 4 words')); $this->assertTrue(IP::isIPv6('fc::100:a:d:1'), 'IPv6 with "::" and 5 words'); $this->assertTrue(IP::isIPv6('fc::100:a:d:1:e'), 'IPv6 with "::" and 6 words'); $this->assertTrue(IP::isIPv6('fc::100:a:d:1:e:ac'), 'IPv6 with "::" and 7 words'); $this->assertTrue(IP::isIPv6('2001::df'), 'IPv6 with "::" and 2 words'); $this->assertTrue(IP::isIPv6('2001:5c0:1400:a::df'), 'IPv6 with "::" and 5 words'); $this->assertTrue(IP::isIPv6('2001:5c0:1400:a::df:2'), 'IPv6 with "::" and 6 words'); $this->assertFalse(IP::isIPv6('fc::100:a:d:1:e:ac:0'), 'IPv6 with "::" and 8 words'); $this->assertFalse(IP::isIPv6('fc::100:a:d:1:e:ac:0:1'), 'IPv6 with 9 words'); $this->assertTrue(IP::isIPv6('fc:100:a:d:1:e:ac:0')); }
/** * HTMLForm field validation-callback for Target field. * @since 1.18 * @param $value String * @param $alldata Array * @param $form HTMLForm * @return Message */ public static function validateTargetField($value, $alldata, $form) { global $wgBlockCIDRLimit; list($target, $type) = self::getTargetAndType($value); if ($type == Block::TYPE_USER) { # TODO: why do we not have a User->exists() method? if (!$target->getId()) { return $form->msg('nosuchusershort', wfEscapeWikiText($target->getName())); } $status = self::checkUnblockSelf($target, $form->getUser()); if ($status !== true) { return $form->msg('badaccess', $status); } } elseif ($type == Block::TYPE_RANGE) { list($ip, $range) = explode('/', $target, 2); if (IP::isIPv4($ip) && $wgBlockCIDRLimit['IPv4'] == 32 || IP::isIPv6($ip) && $wgBlockCIDRLimit['IPv6'] == 128) { # Range block effectively disabled return $form->msg('range_block_disabled'); } if (IP::isIPv4($ip) && $range > 32 || IP::isIPv6($ip) && $range > 128) { # Dodgy range return $form->msg('ip_range_invalid'); } if (IP::isIPv4($ip) && $range < $wgBlockCIDRLimit['IPv4']) { return $form->msg('ip_range_toolarge', $wgBlockCIDRLimit['IPv4']); } if (IP::isIPv6($ip) && $range < $wgBlockCIDRLimit['IPv6']) { return $form->msg('ip_range_toolarge', $wgBlockCIDRLimit['IPv6']); } } elseif ($type == Block::TYPE_IP) { # All is well } else { return $form->msg('badipaddress'); } return true; }
/** * Get the host's IP address. * Does not support IPv6 at present due to the lack of a convenient interface in PHP. * @throws MWException * @return string */ protected function getIP() { if ($this->ip === null) { if (IP::isIPv4($this->host)) { $this->ip = $this->host; } elseif (IP::isIPv6($this->host)) { throw new MWException('$wgSquidServers does not support IPv6'); } else { wfSuppressWarnings(); $this->ip = gethostbyname($this->host); if ($this->ip === $this->host) { $this->ip = false; } wfRestoreWarnings(); } } return $this->ip; }
/** * Roughly increments the cache misses in the last hour by unique visitors * @param WebRequest $request * @return void */ public function incrMissesRecent(WebRequest $request) { if (mt_rand(0, self::MISS_FACTOR - 1) == 0) { $cache = ObjectCache::getLocalClusterInstance(); # Get a large IP range that should include the user even if that # person's IP address changes $ip = $request->getIP(); if (!IP::isValid($ip)) { return; } $ip = IP::isIPv6($ip) ? IP::sanitizeRange("{$ip}/32") : IP::sanitizeRange("{$ip}/16"); # Bail out if a request already came from this range... $key = wfMemcKey(get_class($this), 'attempt', $this->mType, $this->mKey, $ip); if ($cache->get($key)) { return; // possibly the same user } $cache->set($key, 1, self::MISS_TTL_SEC); # Increment the number of cache misses... $key = $this->cacheMissKey(); if ($cache->get($key) === false) { $cache->set($key, 1, self::MISS_TTL_SEC); } else { $cache->incr($key); } } }
/** * Backend block code. * $userID and $expiry will be filled accordingly * @return array(message key, arguments) on failure, empty array on success */ function doBlock(&$userId = null, &$expiry = null) { global $wgUser, $wgSysopUserBans, $wgSysopRangeBans, $wgBlockAllowsUTEdit, $wgBlockCIDRLimit; $userId = 0; # Expand valid IPv6 addresses, usernames are left as is $this->BlockAddress = IP::sanitizeIP($this->BlockAddress); # isIPv4() and IPv6() are used for final validation $rxIP4 = '\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}'; $rxIP6 = '\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}'; $rxIP = "({$rxIP4}|{$rxIP6})"; # Check for invalid specifications if (!preg_match("/^{$rxIP}\$/", $this->BlockAddress)) { $matches = array(); if (preg_match("/^({$rxIP4})\\/(\\d{1,2})\$/", $this->BlockAddress, $matches)) { # IPv4 if ($wgSysopRangeBans) { if (!IP::isIPv4($this->BlockAddress) || $matches[2] > 32) { return array('ip_range_invalid'); } elseif ($matches[2] < $wgBlockCIDRLimit['IPv4']) { return array('ip_range_toolarge', $wgBlockCIDRLimit['IPv4']); } $this->BlockAddress = Block::normaliseRange($this->BlockAddress); } else { # Range block illegal return array('range_block_disabled'); } } elseif (preg_match("/^({$rxIP6})\\/(\\d{1,3})\$/", $this->BlockAddress, $matches)) { # IPv6 if ($wgSysopRangeBans) { if (!IP::isIPv6($this->BlockAddress) || $matches[2] > 128) { return array('ip_range_invalid'); } elseif ($matches[2] < $wgBlockCIDRLimit['IPv6']) { return array('ip_range_toolarge', $wgBlockCIDRLimit['IPv6']); } $this->BlockAddress = Block::normaliseRange($this->BlockAddress); } else { # Range block illegal return array('range_block_disabled'); } } else { # Username block if ($wgSysopUserBans) { $user = User::newFromName($this->BlockAddress); if (!is_null($user) && $user->getId()) { # Use canonical name $userId = $user->getId(); $this->BlockAddress = $user->getName(); } else { return array('nosuchusershort', htmlspecialchars($user ? $user->getName() : $this->BlockAddress)); } } else { return array('badipaddress'); } } } if ($wgUser->isBlocked() && $wgUser->getId() !== $userId) { return array('cant-block-while-blocked'); } $reasonstr = $this->BlockReasonList; if ($reasonstr != 'other' && $this->BlockReason != '') { // Entry from drop down menu + additional comment $reasonstr .= wfMsgForContent('colon-separator') . $this->BlockReason; } elseif ($reasonstr == 'other') { $reasonstr = $this->BlockReason; } $expirestr = $this->BlockExpiry; if ($expirestr == 'other') { $expirestr = $this->BlockOther; } if (strlen($expirestr) == 0 || strlen($expirestr) > 50) { return array('ipb_expiry_invalid'); } if (false === ($expiry = Block::parseExpiryInput($expirestr))) { // Bad expiry. return array('ipb_expiry_invalid'); } if ($this->BlockHideName) { // Recheck params here... if (!$userId || !$wgUser->isAllowed('hideuser')) { $this->BlockHideName = false; // IP users should not be hidden } elseif ($expiry !== 'infinity') { // Bad expiry. return array('ipb_expiry_temp'); } elseif (User::edits($userId) > self::HIDEUSER_CONTRIBLIMIT) { // Typically, the user should have a handful of edits. // Disallow hiding users with many edits for performance. return array('ipb_hide_invalid'); } } # Create block object # Note: for a user block, ipb_address is only for display purposes $block = new Block($this->BlockAddress, $userId, $wgUser->getId(), $reasonstr, wfTimestampNow(), 0, $expiry, $this->BlockAnonOnly, $this->BlockCreateAccount, $this->BlockEnableAutoblock, $this->BlockHideName, $this->BlockEmail, isset($this->BlockAllowUsertalk) ? $this->BlockAllowUsertalk : $wgBlockAllowsUTEdit); # Should this be privately logged? $suppressLog = (bool) $this->BlockHideName; if (wfRunHooks('BlockIp', array(&$block, &$wgUser))) { # Try to insert block. Is there a conflicting block? if (!$block->insert()) { # Show form unless the user is already aware of this... if (!$this->BlockReblock) { return array('ipb_already_blocked'); # Otherwise, try to update the block... } else { # This returns direct blocks before autoblocks/rangeblocks, since we should # be sure the user is blocked by now it should work for our purposes $currentBlock = Block::newFromDB($this->BlockAddress, $userId); if ($block->equals($currentBlock)) { return array('ipb_already_blocked'); } # If the name was hidden and the blocking user cannot hide # names, then don't allow any block changes... if ($currentBlock->mHideName && !$wgUser->isAllowed('hideuser')) { return array('cant-see-hidden-user'); } $currentBlock->delete(); $block->insert(); # If hiding/unhiding a name, this should go in the private logs $suppressLog = $suppressLog || (bool) $currentBlock->mHideName; $log_action = 'reblock'; # Unset _deleted fields if requested if ($currentBlock->mHideName && !$this->BlockHideName) { self::unsuppressUserName($this->BlockAddress, $userId); } } } else { $log_action = 'block'; } wfRunHooks('BlockIpComplete', array($block, $wgUser)); # Set *_deleted fields if requested if ($this->BlockHideName) { self::suppressUserName($this->BlockAddress, $userId); } # Only show watch link when this is no range block if ($this->BlockWatchUser && $block->mRangeStart == $block->mRangeEnd) { $wgUser->addWatch(Title::makeTitle(NS_USER, $this->BlockAddress)); } # Block constructor sanitizes certain block options on insert $this->BlockEmail = $block->mBlockEmail; $this->BlockEnableAutoblock = $block->mEnableAutoblock; # Prepare log parameters $logParams = array(); $logParams[] = $expirestr; $logParams[] = $this->blockLogFlags(); # Make log entry, if the name is hidden, put it in the oversight log $log_type = $suppressLog ? 'suppress' : 'block'; $log = new LogPage($log_type); $log->addEntry($log_action, Title::makeTitle(NS_USER, $this->BlockAddress), $reasonstr, $logParams); # Report to the user return array(); } else { return array('hookaborted'); } }
/** * Does the string match an anonymous IPv4 address? * * This function exists for username validation, in order to reject * usernames which are similar in form to IP addresses. Strings such * as 300.300.300.300 will return true because it looks like an IP * address, despite not being strictly valid. * * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP * address because the usemod software would "cloak" anonymous IP * addresses like this, if we allowed accounts like this to be created * new users could get the old edits of these anonymous users. * * @param $name String to match * @return Bool */ public static function isIP($name) { return preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.(?:xxx|\\d{1,3})$/', $name) || IP::isIPv6($name); }
function dump() { $ipaddr = gethostbyname("nosslsearch.google.com"); $ip = new IP(); $OK = true; if (!$ip->isIPv4($ipaddr)) { $OK = false; } if (!$OK) { if ($ip->isIPv6($ipaddr)) { $OK = true; } } if (!$OK) { echo "Failed nosslsearch.google.com `{$ipaddr}` not an IP address...!!!\n"; return; } $array = GetWebsitesList(); if (count($array) == 0) { echo "Failed!!! -> GetWebsitesList();\n"; return; } while (list($table, $fff) = each($array)) { echo "{$fff}\t{$ipaddr}\n"; } }
function Checkipv6Virts() { $unix = new unix(); $sock = new sockets(); $EnableipV6 = $sock->GET_INFO("EnableipV6"); $NetBuilder = new system_nic(); if (!is_numeric($EnableipV6)) { $EnableipV6 = 0; } if ($EnableipV6 == 0) { return; } $q = new mysql(); $sql = "SELECT nic FROM nics_virtuals WHERE ipv6=1"; $results = $q->QUERY_SQL($sql, "artica_backup"); $eths = array(); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $eths[$ligne["nic"]] = $ligne["nic"]; } if (count($eths) == 0) { echo "Starting......: " . date("H:i:s") . " Building Ipv6 virtuals IP -> 0 interface...\n"; return; } $echo = $unix->find_program("echo"); $ipbin = $unix->find_program("ip"); $ip = new IP(); $sh = array(); while (list($eth, $ligne) = each($eths)) { echo "Starting......: " . date("H:i:s") . " Building Ipv6 virtuals IP for `{$eth}` interface...\n"; $sh[] = "{$echo} 0 > /proc/sys/net/ipv6/conf/{$eth}/disable_ipv6"; $sh[] = "{$echo} 0 > /proc/sys/net/ipv6/conf/{$eth}/autoconf"; $sh[] = "{$echo} 0 > /proc/sys/net/ipv6/conf/{$eth}/accept_ra"; $sh[] = "{$echo} 0 > /proc/sys/net/ipv6/conf/{$eth}/accept_ra_defrtr"; $sh[] = "{$echo} 0 > /proc/sys/net/ipv6/conf/{$eth}/accept_ra_pinfo"; $sh[] = "{$echo} 0 > /proc/sys/net/ipv6/conf/{$eth}/accept_ra_rtr_pref"; $sql = "SELECT * FROM nics_virtuals WHERE ipv6=1 AND nic='{$eth}' ORDER BY ID DESC"; $results = $q->QUERY_SQL($sql, "artica_backup"); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $ipv6addr = $ligne["ipaddr"]; $netmask = $ligne["netmask"]; if (!is_numeric($netmask)) { $netmask = 0; } if ($netmask == 0) { continue; } if (!$ip->isIPv6($ipv6addr)) { continue; } echo "Starting......: " . date("H:i:s") . " Building Ipv6 virtuals IP for `{$eth}` [{$ipv6addr}/{$netmask}]...\n"; $sh[] = "{$ipbin} addr add dev {$eth} {$ipv6addr}/{$netmask}"; } } if (count($sh) == 0) { return; } while (list($num, $cmdline) = each($sh)) { if ($GLOBALS["VERBOSE"]) { echo "Starting......: " . date("H:i:s") . " Building Ipv6 virtuals {$cmdline}\n"; } shell_exec($cmdline); } }
/** * Primitive rate limits: enforce maximum actions per time period * to put a brake on flooding. * * The method generates both a generic profiling point and a per action one * (suffix being "-$action". * * @note When using a shared cache like memcached, IP-address * last-hit counters will be shared across wikis. * * @param string $action Action to enforce; 'edit' if unspecified * @param int $incrBy Positive amount to increment counter by [defaults to 1] * @return bool True if a rate limiter was tripped */ public function pingLimiter($action = 'edit', $incrBy = 1) { // Call the 'PingLimiter' hook $result = false; if (!Hooks::run('PingLimiter', array(&$this, $action, &$result, $incrBy))) { return $result; } global $wgRateLimits; if (!isset($wgRateLimits[$action])) { return false; } // Some groups shouldn't trigger the ping limiter, ever if (!$this->isPingLimitable()) { return false; } global $wgMemc; $limits = $wgRateLimits[$action]; $keys = array(); $id = $this->getId(); $userLimit = false; if (isset($limits['anon']) && $id == 0) { $keys[wfMemcKey('limiter', $action, 'anon')] = $limits['anon']; } if (isset($limits['user']) && $id != 0) { $userLimit = $limits['user']; } if ($this->isNewbie()) { if (isset($limits['newbie']) && $id != 0) { $keys[wfMemcKey('limiter', $action, 'user', $id)] = $limits['newbie']; } if (isset($limits['ip'])) { $ip = $this->getRequest()->getIP(); $keys["mediawiki:limiter:{$action}:ip:{$ip}"] = $limits['ip']; } if (isset($limits['subnet'])) { $ip = $this->getRequest()->getIP(); $matches = array(); $subnet = false; if (IP::isIPv6($ip)) { $parts = IP::parseRange("{$ip}/64"); $subnet = $parts[0]; } elseif (preg_match('/^(\\d+\\.\\d+\\.\\d+)\\.\\d+$/', $ip, $matches)) { // IPv4 $subnet = $matches[1]; } if ($subnet !== false) { $keys["mediawiki:limiter:{$action}:subnet:{$subnet}"] = $limits['subnet']; } } } // Check for group-specific permissions // If more than one group applies, use the group with the highest limit foreach ($this->getGroups() as $group) { if (isset($limits[$group])) { if ($userLimit === false || $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]) { $userLimit = $limits[$group]; } } } // Set the user limit key if ($userLimit !== false) { list($max, $period) = $userLimit; wfDebug(__METHOD__ . ": effective user limit: {$max} in {$period}s\n"); $keys[wfMemcKey('limiter', $action, 'user', $id)] = $userLimit; } $triggered = false; foreach ($keys as $key => $limit) { list($max, $period) = $limit; $summary = "(limit {$max} in {$period}s)"; $count = $wgMemc->get($key); // Already pinged? if ($count) { if ($count >= $max) { wfDebugLog('ratelimit', "User '{$this->getName()}' " . "(IP {$this->getRequest()->getIP()}) tripped {$key} at {$count} {$summary}"); $triggered = true; } else { wfDebug(__METHOD__ . ": ok. {$key} at {$count} {$summary}\n"); } } else { wfDebug(__METHOD__ . ": adding record for {$key} {$summary}\n"); if ($incrBy > 0) { $wgMemc->add($key, 0, intval($period)); // first ping } } if ($incrBy > 0) { $wgMemc->incr($key, $incrBy); } } return $triggered; }
function GetGoogleWebsitesList($g) { $sock = new sockets(); $DisableGoogleSSL = $sock->GET_INFO("DisableGoogleSSL"); if (!is_numeric($DisableGoogleSSL)) { $DisableGoogleSSL = 0; } if ($DisableGoogleSSL == 0) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]} Goolge SSL is allowed\n"; } return $g; } $q = new mysql_squid_builder(); $arrayDN = $q->GetFamilySitestt(null, true); while (list($table, $fff) = each($arrayDN)) { if (preg_match("#\\.(gov|gouv|gor|org|net|web|ac)\\.#", "google.{$table}")) { continue; } $array[] = "www.google.{$table}"; $array[] = "google.{$table}"; } $ipaddr = gethostbyname("nosslsearch.google.com"); $ip = new IP(); $unix = new unix(); $php5 = $unix->LOCATE_PHP5_BIN(); $OK = true; if (!$ip->isIPv4($ipaddr)) { $OK = false; } if (!$OK) { if ($ip->isIPv6($ipaddr)) { $OK = true; } } if (!$OK) { if ($GLOBALS["OUTPUT"]) { echo "Starting......: " . date("H:i:s") . " [INIT]: {$GLOBALS["TITLENAME"]}, Unable to resolve nosslsearch.google.com\n"; } return $g; } while (list($a, $googlesite) = each($array)) { $g[] = "--address=/{$googlesite}/{$ipaddr}"; $g[] = "--cname={$googlesite},nosslsearch.google.com"; } return $g; }
/** * Gets rid of uneeded numbers in quad-dotted/octet IP strings * For example, 127.111.113.151/24 -> 127.111.113.0/24 */ static function normaliseRange($range) { $parts = explode('/', $range); if (count($parts) == 2) { // IPv6 if (IP::isIPv6($range) && $parts[1] >= 64 && $parts[1] <= 128) { $bits = $parts[1]; $ipint = IP::toUnsigned6($parts[0]); # Native 32 bit functions WONT work here!!! # Convert to a padded binary number $network = wfBaseConvert($ipint, 10, 2, 128); # Truncate the last (128-$bits) bits and replace them with zeros $network = str_pad(substr($network, 0, $bits), 128, 0, STR_PAD_RIGHT); # Convert back to an integer $network = wfBaseConvert($network, 2, 10); # Reform octet address $newip = IP::toOctet($network); $range = "{$newip}/{$parts[1]}"; } else { if (IP::isIPv4($range) && $parts[1] >= 16 && $parts[1] <= 32) { $shift = 32 - $parts[1]; $ipint = IP::toUnsigned($parts[0]); $ipint = $ipint >> $shift << $shift; $newip = long2ip($ipint); $range = "{$newip}/{$parts[1]}"; } } } return $range; }
/** * Convert some unusual representations of IPv4 addresses to their * canonical dotted quad representation. * * This currently only checks a few IPV4-to-IPv6 related cases. More * unusual representations may be added later. * * @param $addr something that might be an IP address * @return valid dotted quad IPv4 address or null */ public static function canonicalize($addr) { if (self::isValid($addr)) { return $addr; } // Annoying IPv6 representations like ::ffff:1.2.3.4 if (strpos($addr, ':') !== false && strpos($addr, '.') !== false) { $addr = str_replace('.', ':', $addr); if (IP::isIPv6($addr)) { return $addr; } } // IPv6 loopback address $m = array(); if (preg_match('/^0*' . RE_IPV6_GAP . '1$/', $addr, $m)) { return '127.0.0.1'; } // IPv4-mapped and IPv4-compatible IPv6 addresses if (preg_match('/^' . RE_IPV6_V4_PREFIX . '(' . RE_IP_ADD . ')$/i', $addr, $m)) { return $m[1]; } if (preg_match('/^' . RE_IPV6_V4_PREFIX . RE_IPV6_WORD . ':' . RE_IPV6_WORD . '$/i', $addr, $m)) { return long2ip((hexdec($m[1]) << 16) + hexdec($m[2])); } return null; // give up }
function ipv6_add() { $ip = new IP(); if (!$ip->isIPv6($_POST["RemoteAddAddrv6"])) { echo "No an IPv6 address...\n"; return; } $sock = new sockets(); $datas = explode("\n", $sock->GET_INFO("PowerDNSListenAddrV6")); while (list($index, $ipmask) = each($datas)) { $array[$ipmask] = $ipmask; } $array[$_POST["RemoteAddAddrv6"]] = $_POST["RemoteAddAddrv6"]; while (list($index, $ipmask) = each($array)) { $f[] = $ipmask; } $sock->SaveConfigFile(@implode("\n", $f), "PowerDNSListenAddrV6"); $sock->getFrameWork("cmd.php?pdns-restart=yes"); }
/** * Primitive rate limits: enforce maximum actions per time period * to put a brake on flooding. * * @note When using a shared cache like memcached, IP-address * last-hit counters will be shared across wikis. * * @param string $action Action to enforce; 'edit' if unspecified * @param integer $incrBy Positive amount to increment counter by [defaults to 1] * @return bool True if a rate limiter was tripped */ public function pingLimiter( $action = 'edit', $incrBy = 1 ) { // Call the 'PingLimiter' hook $result = false; if ( !wfRunHooks( 'PingLimiter', array( &$this, $action, &$result, $incrBy ) ) ) { return $result; } global $wgRateLimits; if ( !isset( $wgRateLimits[$action] ) ) { return false; } // Some groups shouldn't trigger the ping limiter, ever if ( !$this->isPingLimitable() ) { return false; } global $wgMemc, $wgRateLimitLog; wfProfileIn( __METHOD__ ); $limits = $wgRateLimits[$action]; $keys = array(); $id = $this->getId(); $userLimit = false; if ( isset( $limits['anon'] ) && $id == 0 ) { $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon']; } if ( isset( $limits['user'] ) && $id != 0 ) { $userLimit = $limits['user']; } if ( $this->isNewbie() ) { if ( isset( $limits['newbie'] ) && $id != 0 ) { $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie']; } if ( isset( $limits['ip'] ) ) { $ip = $this->getRequest()->getIP(); $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip']; } if ( isset( $limits['subnet'] ) ) { $ip = $this->getRequest()->getIP(); $matches = array(); $subnet = false; if ( IP::isIPv6( $ip ) ) { $parts = IP::parseRange( "$ip/64" ); $subnet = $parts[0]; } elseif ( preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) { // IPv4 $subnet = $matches[1]; } if ( $subnet !== false ) { $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet']; } } } // Check for group-specific permissions // If more than one group applies, use the group with the highest limit foreach ( $this->getGroups() as $group ) { if ( isset( $limits[$group] ) ) { if ( $userLimit === false || $limits[$group] > $userLimit ) { $userLimit = $limits[$group]; } } } // Set the user limit key if ( $userLimit !== false ) { list( $max, $period ) = $userLimit; wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" ); $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $userLimit; } $triggered = false; foreach ( $keys as $key => $limit ) { list( $max, $period ) = $limit; $summary = "(limit $max in {$period}s)"; $count = $wgMemc->get( $key ); // Already pinged? if ( $count ) { if ( $count >= $max ) { wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" ); if ( $wgRateLimitLog ) { wfSuppressWarnings(); file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND ); wfRestoreWarnings(); } $triggered = true; } else { wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" ); } } else { wfDebug( __METHOD__ . ": adding record for $key $summary\n" ); if ( $incrBy > 0 ) { $wgMemc->add( $key, 0, intval( $period ) ); // first ping } } if ( $incrBy > 0 ) { $wgMemc->incr( $key, $incrBy ); } } wfProfileOut( __METHOD__ ); return $triggered; }
public function execute() { global $wgContLang; $db = $this->getDB(); $params = $this->extractRequestParams(); $this->requireMaxOneParameter($params, 'users', 'ip'); $prop = array_flip($params['prop']); $fld_id = isset($prop['id']); $fld_user = isset($prop['user']); $fld_userid = isset($prop['userid']); $fld_by = isset($prop['by']); $fld_byid = isset($prop['byid']); $fld_timestamp = isset($prop['timestamp']); $fld_expiry = isset($prop['expiry']); $fld_reason = isset($prop['reason']); $fld_range = isset($prop['range']); $fld_flags = isset($prop['flags']); $result = $this->getResult(); $this->addTables('ipblocks'); $this->addFields(array('ipb_auto', 'ipb_id', 'ipb_timestamp')); $this->addFieldsIf(array('ipb_address', 'ipb_user'), $fld_user || $fld_userid); $this->addFieldsIf('ipb_by_text', $fld_by); $this->addFieldsIf('ipb_by', $fld_byid); $this->addFieldsIf('ipb_expiry', $fld_expiry); $this->addFieldsIf('ipb_reason', $fld_reason); $this->addFieldsIf(array('ipb_range_start', 'ipb_range_end'), $fld_range); $this->addFieldsIf(array('ipb_anon_only', 'ipb_create_account', 'ipb_enable_autoblock', 'ipb_block_email', 'ipb_deleted', 'ipb_allow_usertalk'), $fld_flags); $this->addOption('LIMIT', $params['limit'] + 1); $this->addTimestampWhereRange('ipb_timestamp', $params['dir'], $params['start'], $params['end']); // Include in ORDER BY for uniqueness $this->addWhereRange('ipb_id', $params['dir'], null, null); if (!is_null($params['continue'])) { $cont = explode('|', $params['continue']); $this->dieContinueUsageIf(count($cont) != 2); $op = $params['dir'] == 'newer' ? '>' : '<'; $continueTimestamp = $db->addQuotes($db->timestamp($cont[0])); $continueId = (int) $cont[1]; $this->dieContinueUsageIf($continueId != $cont[1]); $this->addWhere("ipb_timestamp {$op} {$continueTimestamp} OR " . "(ipb_timestamp = {$continueTimestamp} AND " . "ipb_id {$op}= {$continueId})"); } if (isset($params['ids'])) { $this->addWhereFld('ipb_id', $params['ids']); } if (isset($params['users'])) { $usernames = array(); foreach ((array) $params['users'] as $u) { $usernames[] = $this->prepareUsername($u); } $this->addWhereFld('ipb_address', $usernames); $this->addWhereFld('ipb_auto', 0); } if (isset($params['ip'])) { $blockCIDRLimit = $this->getConfig()->get('BlockCIDRLimit'); if (IP::isIPv4($params['ip'])) { $type = 'IPv4'; $cidrLimit = $blockCIDRLimit['IPv4']; $prefixLen = 0; } elseif (IP::isIPv6($params['ip'])) { $type = 'IPv6'; $cidrLimit = $blockCIDRLimit['IPv6']; $prefixLen = 3; // IP::toHex output is prefixed with "v6-" } else { $this->dieUsage('IP parameter is not valid', 'param_ip'); } # Check range validity, if it's a CIDR list($ip, $range) = IP::parseCIDR($params['ip']); if ($ip !== false && $range !== false && $range < $cidrLimit) { $this->dieUsage("{$type} CIDR ranges broader than /{$cidrLimit} are not accepted", 'cidrtoobroad'); } # Let IP::parseRange handle calculating $upper, instead of duplicating the logic here. list($lower, $upper) = IP::parseRange($params['ip']); # Extract the common prefix to any rangeblock affecting this IP/CIDR $prefix = substr($lower, 0, $prefixLen + floor($cidrLimit / 4)); # Fairly hard to make a malicious SQL statement out of hex characters, # but it is good practice to add quotes $lower = $db->addQuotes($lower); $upper = $db->addQuotes($upper); $this->addWhere(array('ipb_range_start' . $db->buildLike($prefix, $db->anyString()), 'ipb_range_start <= ' . $lower, 'ipb_range_end >= ' . $upper, 'ipb_auto' => 0)); } if (!is_null($params['show'])) { $show = array_flip($params['show']); /* Check for conflicting parameters. */ if (isset($show['account']) && isset($show['!account']) || isset($show['ip']) && isset($show['!ip']) || isset($show['range']) && isset($show['!range']) || isset($show['temp']) && isset($show['!temp'])) { $this->dieUsageMsg('show'); } $this->addWhereIf('ipb_user = 0', isset($show['!account'])); $this->addWhereIf('ipb_user != 0', isset($show['account'])); $this->addWhereIf('ipb_user != 0 OR ipb_range_end > ipb_range_start', isset($show['!ip'])); $this->addWhereIf('ipb_user = 0 AND ipb_range_end = ipb_range_start', isset($show['ip'])); $this->addWhereIf('ipb_expiry = ' . $db->addQuotes($db->getInfinity()), isset($show['!temp'])); $this->addWhereIf('ipb_expiry != ' . $db->addQuotes($db->getInfinity()), isset($show['temp'])); $this->addWhereIf('ipb_range_end = ipb_range_start', isset($show['!range'])); $this->addWhereIf('ipb_range_end > ipb_range_start', isset($show['range'])); } if (!$this->getUser()->isAllowed('hideuser')) { $this->addWhereFld('ipb_deleted', 0); } // Purge expired entries on one in every 10 queries if (!mt_rand(0, 10)) { Block::purgeExpired(); } $res = $this->select(__METHOD__); $count = 0; foreach ($res as $row) { if (++$count > $params['limit']) { // We've had enough $this->setContinueEnumParameter('continue', "{$row->ipb_timestamp}|{$row->ipb_id}"); break; } $block = array(ApiResult::META_TYPE => 'assoc'); if ($fld_id) { $block['id'] = (int) $row->ipb_id; } if ($fld_user && !$row->ipb_auto) { $block['user'] = $row->ipb_address; } if ($fld_userid && !$row->ipb_auto) { $block['userid'] = (int) $row->ipb_user; } if ($fld_by) { $block['by'] = $row->ipb_by_text; } if ($fld_byid) { $block['byid'] = (int) $row->ipb_by; } if ($fld_timestamp) { $block['timestamp'] = wfTimestamp(TS_ISO_8601, $row->ipb_timestamp); } if ($fld_expiry) { $block['expiry'] = $wgContLang->formatExpiry($row->ipb_expiry, TS_ISO_8601); } if ($fld_reason) { $block['reason'] = $row->ipb_reason; } if ($fld_range && !$row->ipb_auto) { $block['rangestart'] = IP::formatHex($row->ipb_range_start); $block['rangeend'] = IP::formatHex($row->ipb_range_end); } if ($fld_flags) { // For clarity, these flags use the same names as their action=block counterparts $block['automatic'] = (bool) $row->ipb_auto; $block['anononly'] = (bool) $row->ipb_anon_only; $block['nocreate'] = (bool) $row->ipb_create_account; $block['autoblock'] = (bool) $row->ipb_enable_autoblock; $block['noemail'] = (bool) $row->ipb_block_email; $block['hidden'] = (bool) $row->ipb_deleted; $block['allowusertalk'] = (bool) $row->ipb_allow_usertalk; } $fit = $result->addValue(array('query', $this->getModuleName()), null, $block); if (!$fit) { $this->setContinueEnumParameter('continue', "{$row->ipb_timestamp}|{$row->ipb_id}"); break; } } $result->addIndexedTagName(array('query', $this->getModuleName()), 'block'); }
function save_nic6(){ $sock=new sockets(); $tpl=new templates(); $ip=new IP(); $nic=$_POST["ipv6-eth"]; $tpl=new templates(); $nics=new system_nic($nic); if($nics->dhcp==0){ if(!$ip->isIPv6($_POST["ipv6addr"])){ echo "{$_POST["ipv6addr"]} not a valid ipv6 address...\n"; return; } } $nics->eth=$nic; $nics->ipv6=$_POST["ipv6-enable"]; $nics->ipv6addr=$_POST["ipv6addr"]; $nics->ipv6mask=$_POST["ipv6mask"]; $nics->ipv6gw=$_POST["ipv6gw"]; $nics->SaveNic(); }
function virtuals_addv6(){ $sock=new sockets(); $tpl=new templates(); $ipclass=new IP(); $ERROR_NO_PRIVS=$tpl->javascript_parse_text("{ERROR_NO_PRIVS}"); $DisableNetworksManagement=$sock->GET_INFO("DisableNetworksManagement"); if($DisableNetworksManagement==null){$DisableNetworksManagement=0;} if($DisableNetworksManagement==1){echo $ERROR_NO_PRIVS;return;} $NoGatewayForVirtualNetWork=$sock->GET_INFO("NoGatewayForVirtualNetWork"); if(!is_numeric($NoGatewayForVirtualNetWork)){$NoGatewayForVirtualNetWork=0;} if($_POST["nic"]==null){echo $tpl->_ENGINE_parse_body("{nic}=null");exit;} if($_POST["failover"]==1){ $_POST["gateway"]=$_POST["virt-ipaddr"]; $_POST["ForceGateway"]=0; } if(!$ipclass->isIPv6($_POST["virt-ipaddr"])){ echo "{$_POST["virt-ipaddr"]} is not an ipv6 ip address..."; return; } if($NoGatewayForVirtualNetWork==1){$_POST["gateway"]=null;} $q=new mysql(); if(!is_numeric($_POST["failover"])){$_POST["failover"]=0;} if(!is_numeric($_POST["ForceGateway"])){$_POST["ForceGateway"]=0;} if(!$q->FIELD_EXISTS("nics_virtuals","ForceGateway","artica_backup")){$sql="ALTER TABLE `nics_virtuals` ADD `ForceGateway` TINYINT( 1 ) NOT NULL";$q->QUERY_SQL($sql,'artica_backup');if(!$q->ok){echo $q->mysql_error."\n$sql\n";return;}} if(!$q->FIELD_EXISTS("nics_virtuals","failover","artica_backup")){$sql="ALTER TABLE `nics_virtuals` ADD `failover` TINYINT( 1 ) NOT NULL,ADD INDEX ( `failover` )";$q->QUERY_SQL($sql,'artica_backup');if(!$q->ok){echo $q->mysql_error."\n$sql\n\n";return;}} if(!$q->FIELD_EXISTS("nics_virtuals","ipv6","artica_backup")){$sql="ALTER TABLE `nics_virtuals` ADD `ipv6` TINYINT( 1 ) NOT NULL,ADD INDEX ( `ipv6` )";$q->QUERY_SQL($sql,'artica_backup');if(!$q->ok){echo $q->mysql_error."\n$sql\n\n";return;}} $sql="INSERT INTO nics_virtuals (nic,org,ipaddr,netmask,ipv6,gateway,ForceGateway,failover) VALUES('{$_POST["nic"]}','{$_POST["org"]}','{$_POST["virt-ipaddr"]}', '{$_POST["netmask"]}','1','{$_POST["gateway"]}',{$_POST["ForceGateway"]},{$_POST["failover"]}); "; if($_POST["ID"]>0){ $sql="UPDATE nics_virtuals SET nic='{$_POST["nic"]}', org='{$_POST["org"]}', ipaddr='{$_POST["virt-ipaddr"]}', netmask='{$_POST["netmask"]}', ipv6='1', gateway='{$_POST["gateway"]}', ForceGateway='{$_POST["ForceGateway"]}', failover='{$_POST["failover"]}' WHERE ID={$_POST["ID"]}"; } writelogs("$sql",__FUNCTION__,__FILE__,__LINE__); $q->QUERY_SQL($sql,"artica_backup"); if(!$q->ok){if(preg_match("#Unknown col#i", $q->mysql_error)){$q->BuildTables();$q->QUERY_SQL($sql,"artica_backup");}} if(!$q->ok){echo $q->mysql_error."\n$sql\n";} }
/** * Backend block code. * $userID and $expiry will be filled accordingly * @return array(message key, arguments) on failure, empty array on success */ function doBlock(&$userId = null, &$expiry = null) { global $wgUser, $wgSysopUserBans, $wgSysopRangeBans, $wgBlockAllowsUTEdit; $userId = 0; # Expand valid IPv6 addresses, usernames are left as is $this->BlockAddress = IP::sanitizeIP($this->BlockAddress); # isIPv4() and IPv6() are used for final validation $rxIP4 = '\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}'; $rxIP6 = '\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}'; $rxIP = "({$rxIP4}|{$rxIP6})"; # Check for invalid specifications if (!preg_match("/^{$rxIP}\$/", $this->BlockAddress)) { $matches = array(); if (preg_match("/^({$rxIP4})\\/(\\d{1,2})\$/", $this->BlockAddress, $matches)) { # IPv4 if ($wgSysopRangeBans) { if (!IP::isIPv4($this->BlockAddress) || $matches[2] < 16 || $matches[2] > 32) { return array('ip_range_invalid'); } $this->BlockAddress = Block::normaliseRange($this->BlockAddress); } else { # Range block illegal return array('range_block_disabled'); } } else { if (preg_match("/^({$rxIP6})\\/(\\d{1,3})\$/", $this->BlockAddress, $matches)) { # IPv6 if ($wgSysopRangeBans) { if (!IP::isIPv6($this->BlockAddress) || $matches[2] < 64 || $matches[2] > 128) { return array('ip_range_invalid'); } $this->BlockAddress = Block::normaliseRange($this->BlockAddress); } else { # Range block illegal return array('range_block_disabled'); } } else { # Username block if ($wgSysopUserBans) { $user = User::newFromName($this->BlockAddress); if (!is_null($user) && $user->getId()) { # Use canonical name $userId = $user->getId(); $this->BlockAddress = $user->getName(); } else { return array('nosuchusershort', htmlspecialchars($user ? $user->getName() : $this->BlockAddress)); } } else { return array('badipaddress'); } } } } if ($wgUser->isBlocked() && $wgUser->getId() !== $userId) { return array('cant-block-while-blocked'); } $reasonstr = $this->BlockReasonList; if ($reasonstr != 'other' && $this->BlockReason != '') { // Entry from drop down menu + additional comment $reasonstr .= ': ' . $this->BlockReason; } elseif ($reasonstr == 'other') { $reasonstr = $this->BlockReason; } $expirestr = $this->BlockExpiry; if ($expirestr == 'other') { $expirestr = $this->BlockOther; } if (strlen($expirestr) == 0 || strlen($expirestr) > 50) { return array('ipb_expiry_invalid'); } if (false === ($expiry = Block::parseExpiryInput($expirestr))) { // Bad expiry. return array('ipb_expiry_invalid'); } if ($this->BlockHideName && $expiry != 'infinity') { // Bad expiry. return array('ipb_expiry_temp'); } # Create block # Note: for a user block, ipb_address is only for display purposes $block = new Block($this->BlockAddress, $userId, $wgUser->getId(), $reasonstr, wfTimestampNow(), 0, $expiry, $this->BlockAnonOnly, $this->BlockCreateAccount, $this->BlockEnableAutoblock, $this->BlockHideName, $this->BlockEmail, isset($this->BlockAllowUsertalk) ? $this->BlockAllowUsertalk : $wgBlockAllowsUTEdit); if (wfRunHooks('BlockIp', array(&$block, &$wgUser))) { if (!$block->insert()) { if (!$this->BlockReblock) { return array('ipb_already_blocked'); } else { # This returns direct blocks before autoblocks/rangeblocks, since we should # be sure the user is blocked by now it should work for our purposes $currentBlock = Block::newFromDB($this->BlockAddress, $userId); if ($block->equals($currentBlock)) { return array('ipb_already_blocked'); } $currentBlock->delete(); $block->insert(); $log_action = 'reblock'; } } else { $log_action = 'block'; } wfRunHooks('BlockIpComplete', array($block, $wgUser)); if ($this->BlockWatchUser) { $wgUser->addWatch(Title::makeTitle(NS_USER, $this->BlockAddress)); } # Prepare log parameters $logParams = array(); $logParams[] = $expirestr; $logParams[] = $this->blockLogFlags(); # Make log entry, if the name is hidden, put it in the oversight log $log_type = $this->BlockHideName ? 'suppress' : 'block'; $log = new LogPage($log_type); $log->addEntry($log_action, Title::makeTitle(NS_USER, $this->BlockAddress), $reasonstr, $logParams); # Report to the user return array(); } else { return array('hookaborted'); } }
/** * Returns the subnet of a given IP * * @param string $ip * @return string|false */ public static function getSubnet($ip) { $matches = array(); $subnet = false; if (IP::isIPv6($ip)) { $parts = IP::parseRange("{$ip}/64"); $subnet = $parts[0]; } elseif (preg_match('/^(\\d+\\.\\d+\\.\\d+)\\.\\d+$/', $ip, $matches)) { // IPv4 $subnet = $matches[1]; } return $subnet; }
/** * Validate a block target. * * @since 1.21 * @param string $value Block target to check * @param User $user Performer of the block * @return Status */ public static function validateTarget($value, User $user) { global $wgBlockCIDRLimit; /** @var User $target */ list($target, $type) = self::getTargetAndType($value); $status = Status::newGood($target); if ($type == Block::TYPE_USER) { if ($target->isAnon()) { $status->fatal('nosuchusershort', wfEscapeWikiText($target->getName())); } $unblockStatus = self::checkUnblockSelf($target, $user); if ($unblockStatus !== true) { $status->fatal('badaccess', $unblockStatus); } } elseif ($type == Block::TYPE_RANGE) { list($ip, $range) = explode('/', $target, 2); if (IP::isIPv4($ip) && $wgBlockCIDRLimit['IPv4'] == 32 || IP::isIPv6($ip) && $wgBlockCIDRLimit['IPv6'] == 128) { // Range block effectively disabled $status->fatal('range_block_disabled'); } if (IP::isIPv4($ip) && $range > 32 || IP::isIPv6($ip) && $range > 128) { // Dodgy range $status->fatal('ip_range_invalid'); } if (IP::isIPv4($ip) && $range < $wgBlockCIDRLimit['IPv4']) { $status->fatal('ip_range_toolarge', $wgBlockCIDRLimit['IPv4']); } if (IP::isIPv6($ip) && $range < $wgBlockCIDRLimit['IPv6']) { $status->fatal('ip_range_toolarge', $wgBlockCIDRLimit['IPv6']); } } elseif ($type == Block::TYPE_IP) { # All is well } else { $status->fatal('badipaddress'); } return $status; }
/** * Backend block code. * $userID and $expiry will be filled accordingly * @return array(message key, arguments) on failure, empty array on success */ function doBlock(&$userId = null, &$expiry = null) { global $wgUser, $wgSysopUserBans, $wgSysopRangeBans; $userId = 0; # Expand valid IPv6 addresses, usernames are left as is $this->BlockAddress = IP::sanitizeIP($this->BlockAddress); # isIPv4() and IPv6() are used for final validation $rxIP4 = '\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}'; $rxIP6 = '\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}:\\w{1,4}'; $rxIP = "({$rxIP4}|{$rxIP6})"; # Check for invalid specifications if (!preg_match("/^{$rxIP}\$/", $this->BlockAddress)) { $matches = array(); if (preg_match("/^({$rxIP4})\\/(\\d{1,2})\$/", $this->BlockAddress, $matches)) { # IPv4 if ($wgSysopRangeBans) { if (!IP::isIPv4($this->BlockAddress) || $matches[2] < 16 || $matches[2] > 32) { return array('ip_range_invalid'); } $this->BlockAddress = Block::normaliseRange($this->BlockAddress); } else { # Range block illegal return array('range_block_disabled'); } } else { if (preg_match("/^({$rxIP6})\\/(\\d{1,3})\$/", $this->BlockAddress, $matches)) { # IPv6 if ($wgSysopRangeBans) { if (!IP::isIPv6($this->BlockAddress) || $matches[2] < 64 || $matches[2] > 128) { return array('ip_range_invalid'); } $this->BlockAddress = Block::normaliseRange($this->BlockAddress); } else { # Range block illegal return array('range_block_disabled'); } } else { # Username block if ($wgSysopUserBans) { $user = User::newFromName($this->BlockAddress); if (!is_null($user) && $user->getID()) { # Use canonical name $userId = $user->getID(); $this->BlockAddress = $user->getName(); } else { return array('nosuchusershort', htmlspecialchars($user ? $user->getName() : $this->BlockAddress)); } } else { return array('badipaddress'); } } } } $reasonstr = $this->BlockReasonList; if ($reasonstr != 'other' && $this->BlockReason != '') { // Entry from drop down menu + additional comment $reasonstr .= ': ' . $this->BlockReason; } elseif ($reasonstr == 'other') { $reasonstr = $this->BlockReason; } $expirestr = $this->BlockExpiry; if ($expirestr == 'other') { $expirestr = $this->BlockOther; } if (strlen($expirestr) == 0) { return array('ipb_expiry_invalid'); } if ($expirestr == 'infinite' || $expirestr == 'indefinite') { $expiry = Block::infinity(); } else { # Convert GNU-style date, on error returns -1 for PHP <5.1 and false for PHP >=5.1 $expiry = strtotime($expirestr); if ($expiry < 0 || $expiry === false) { return array('ipb_expiry_invalid'); } $expiry = wfTimestamp(TS_MW, $expiry); } # Create block # Note: for a user block, ipb_address is only for display purposes $block = new Block($this->BlockAddress, $userId, $wgUser->getID(), $reasonstr, wfTimestampNow(), 0, $expiry, $this->BlockAnonOnly, $this->BlockCreateAccount, $this->BlockEnableAutoblock, $this->BlockHideName, $this->BlockEmail); if (wfRunHooks('BlockIp', array(&$block, &$wgUser))) { if (!$block->insert()) { return array('ipb_already_blocked', htmlspecialchars($this->BlockAddress)); } wfRunHooks('BlockIpComplete', array($block, $wgUser)); # Prepare log parameters $logParams = array(); $logParams[] = $expirestr; $logParams[] = $this->blockLogFlags(); # Make log entry, if the name is hidden, put it in the oversight log $log_type = $this->BlockHideName ? 'oversight' : 'block'; $log = new LogPage($log_type); $log->addEntry('block', Title::makeTitle(NS_USER, $this->BlockAddress), $reasonstr, $logParams); # Report to the user return array(); } else { return array('hookaborted'); } }
function instances_search() { $tpl = new templates(); $MyPage = CurrentPageName(); $page = 1; $sock = new sockets(); $ipClass = new IP(); $DisableNetworksManagement = $sock->GET_INFO("DisableNetworksManagement"); if (!is_numeric($DisableNetworksManagement)) { $DisableNetworksManagement = 0; } $GLOBALS["interfaces_LIST"] = unserialize(base64_decode($sock->getFrameWork("cmd.php?ifconfig-interfaces=yes"))); $q = new mysql(); if ($_GET["System"] == 1) { instances_system_search(); return; } if (isset($_POST["sortname"])) { if ($_POST["sortname"] != null) { $ORDER = "ORDER BY {$_POST["sortname"]} {$_POST["sortorder"]}"; } } if (isset($_POST['page'])) { $page = $_POST['page']; } $sql = "SELECT COUNT(*) as TCOUNT FROM postfix_multi WHERE (`key` = 'myhostname')"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); $FullTotal = $ligne["TCOUNT"]; if ($ligne["TCOUNT"] == 0) { json_error_show("No instance"); } $query2 = "WHERE (`key` = 'myhostname')"; if ($_POST["query"] != null) { $search = $_POST["query"]; $search = "*" . $search . "*"; $search = str_replace("**", "*", $search); $search = str_replace("*", "%", $search); if ($_POST["qtype"] == "hostname") { $query2 = "WHERE (`key` = 'myhostname' AND value LIKE '{$search}')"; } if ($_POST["qtype"] == "organization") { $query2 = "WHERE (`key` = 'myhostname' AND ou LIKE '{$search}')"; } if ($_POST["qtype"] == "ipaddr") { $query2 = "WHERE (`key` = 'myhostname' AND ip_address LIKE '{$search}')"; } $sql = "SELECT COUNT(*) as TCOUNT FROM postfix_multi {$query2}"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); if (!$q->ok) { json_error_show($q->mysql_error); } $FullTotal = $ligne["TCOUNT"]; if ($FullTotal == 0) { json_error_show("No instance for {$search}"); } } if (isset($_POST['rp'])) { $rp = $_POST['rp']; } $pageStart = ($page - 1) * $rp; $limitSql = "LIMIT {$pageStart}, {$rp}"; $sql = "SELECT ou, ip_address, `key` , `value` FROM postfix_multi {$query2} {$limitSql}"; writelogs($sql, __FUNCTION__, __FILE__, __LINE__); $q = new mysql(); $results = $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { json_error_show($q->mysql_error); } $data = array(); $data['page'] = $page; $data['total'] = $FullTotal; $data['rows'] = array(); $c = 0; while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $img = "<img src=img/24-idisk-server.png>"; if ($ligne["ou"] == null) { $textou = " "; } else { $textou = $ligne["ou"]; } $instances[$c] = $ligne["value"]; $strlen = strlen($ligne["value"]); if ($strlen > 33) { $hostname_text = substr($ligne["value"], 0, 33) . "..."; } else { $hostname_text = $ligne["value"]; } $maincf = new maincf_multi($ligne["value"]); $enabled = 1; $fontcolor = "black"; if ($maincf->GET("DisabledInstance") == 1) { $enabled = 0; $fontcolor = "#B3B3B3"; $img = " "; } $md = md5($ligne["value"]); $href = "<a href=\"javascript:blur();\" \n\t\tOnClick=\"javascript:YahooWin('650','domains.postfix.multi.config.php?ou={$ligne["ou"]}&hostname={$ligne["value"]}','{$ligne["value"]}');\" \n\t\tstyle='font-size:16px;text-decoration:underline;color:{$fontcolor}'>"; $md = md5($ligne["value"]); if (!$ipClass->isIPv6($ligne["ip_address"])) { $interface_img = InterfaceStatus($ligne["ip_address"]); } else { $interface_img = "22-win-nic.png"; } $interface_text = "\n\t\t<table>\n\t\t<tr style=background-color:none;border:0px>\n\t\t\t<td width=1% valign=top style=border:0px><img src=img/{$interface_img}></td>\n\t\t\t<td style=border:0px><span style='font-size:16px;color:{$fontcolor};font-weight:bold'>{$href}{$ligne["ip_address"]}</a></span></td>\n\t\t</tr>\n\t\t</table>\n\t\t"; $data['rows'][] = array('id' => "{$md}", 'cell' => array($img, "<span style='font-size:16px;color:{$fontcolor};font-weight:bold'>{$href}{$hostname_text}</a></span>", "<span style='font-size:16px;color:{$fontcolor};font-weight:bold'>{$href}{$textou}</a></span>", $interface_text, "<span style='font-size:16px;color:{$fontcolor};font-weight:bold'><input type='hidden' id='instanceStatus-{$c}' value='{$ligne["value"]}'><span id='instanceStatus-{$c}-tofill'></span></span>", "<span style='font-size:16px;color:{$fontcolor};font-weight:bold'>" . Field_checkbox("DisabledInstance_{$md}", 1, $enabled, "DisableInstance('{$ligne["value"]}','{$md}')") . "</span>", imgsimple("plus-24.png", "{create_new_instance_based_on_this_instance}", "DuplicateInstance('{$ligne["value"]}')"), imgsimple("delete-24.png", "{delete}", "POSTFIX_MULTI_INSTANCE_INFOS_DEL('{$ligne["ou"]}','{$ligne["ip_address"]}',{$md})"))); $c++; } echo json_encode($data); }