private function isValidNetFilter($ip)
{
$res = isIPv4($ip) > 0 || isIPv6($ip) > 0 || isCIDR($ip) > 0 || isCIDR6($ip) > 0;
if ($res == false) {
$res = preg_match('/^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\\-]*[A-Za-z0-9])$/', $ip) > 0;
}
return $res;
}
public static function validateToken($token)
{
if (is_string($token)) {
if (trim($token) === "") {
return null;
}
$tokens = new Default_Model_AccessTokens();
$tokens->filter->token->equals($token);
if (count($tokens->items) === 0) {
return false;
}
$token = $tokens->items[0];
} else {
if ($token instanceof Default_Model_AccessToken) {
//nothing to do
} else {
return false;
}
}
$valid = false;
$ip = $_SERVER['REMOTE_ADDR'];
$netfilters = $token->getNetfilters();
if (count($netfilters) === 0) {
return true;
}
foreach ($netfilters as $netfilter) {
if ($netfilter == '') {
// NULL netfilter
$valid = true;
break;
} elseif (isCIDR($netfilter)) {
if (ipCIDRCheck($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isCIDR6($netfilter)) {
if (ipCIDRCheck6($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isIPv4($netfilter) || isIPv6($netfilter)) {
if ($ip == $netfilter) {
$valid = true;
break;
}
} else {
// domain name based netfilter
$hostname = gethostbyaddr($ip);
$netfilter = str_replace('\\', '', $netfilter);
// do not permit escaping
if (preg_match('/\\.' . str_replace('.', '\\.', $netfilter) . '$/', $hostname) || preg_match('/^' . str_replace('.', '\\.', $netfilter) . '$/', $hostname)) {
$valid = true;
break;
}
}
}
if (!$valid) {
debug_log('[AccessTokens::validateToken]: Invalid API key ' . $token->getToken());
}
return $valid;
}
/**
* check that the apikey is valid for the IP that made the request
*
* @key string the API key
* @netfilter string the netfilter for which the key is valid
*
* @return boolean
* @access private
*/
private function _validateAPIKey($key)
{
$valid = false;
if ($this->getParam("remoteaddr") != "") {
$ip = base64_decode($this->getParam("remoteaddr"));
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
if (count($key->netfilters) == 0) {
$valid = true;
}
foreach ($key->netfilters as $netfilter) {
if ($netfilter == '') {
// NULL netfilter
$valid = true;
break;
} elseif (isCIDR($netfilter)) {
if (ipCIDRCheck($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isCIDR6($netfilter)) {
if (ipCIDRCheck6($ip, $netfilter)) {
$valid = true;
break;
}
} elseif (isIPv4($netfilter) || isIPv6($netfilter)) {
if ($ip == $netfilter) {
$valid = true;
break;
}
} else {
// domain name based netfilter
$hostname = gethostbyaddr($ip);
$netfilter = str_replace('\\', '', $netfilter);
// do not permit escaping
if (preg_match('/\\.' . str_replace('.', '\\.', $netfilter) . '$/', $hostname) || preg_match('/^' . str_replace('.', '\\.', $netfilter) . '$/', $hostname)) {
$valid = true;
break;
}
}
}
if (!$valid) {
error_log('Invalid API key ' . $key->key . "(ip = {$ip})");
}
return $valid;
}