function SSO_IsIPAllowed($info) { global $sso_settings, $sso_ipaddr; $allowed = false; $patterns = explode("\n", str_replace("\r", "\n", $sso_settings[""]["iprestrict"]["patterns"])); foreach ($patterns as $pattern) { $pattern = trim($pattern); if ($pattern != "" && IPAddr::IsMatch($pattern, $sso_ipaddr)) { $allowed = true; } } if (!$allowed) { return false; } $allowed = false; $patterns = explode("\n", str_replace("\r", "\n", $info["patterns"])); foreach ($patterns as $pattern) { $pattern = trim($pattern); if ($pattern != "" && IPAddr::IsMatch($pattern, $sso_ipaddr)) { $allowed = true; } } return $allowed; }
public static function MakeValidEmailAddress($email, $options = array()) { $email = str_replace("\t", " ", $email); $email = str_replace("\r", " ", $email); $email = str_replace("\n", " ", $email); $email = trim($email); // Reverse parse out the initial domain/IP address part of the e-mail address. $domain = ""; $state = "domend"; $cfwsdepth = 0; while ($email != "" && $state != "") { $prevchr = substr($email, -2, 1); $lastchr = substr($email, -1); switch ($state) { case "domend": if ($lastchr == ")") { $laststate = "domain"; $state = "cfws"; } else { if ($lastchr == "]" || $lastchr == "}") { $domain .= "]"; $email = trim(substr($email, 0, -1)); $state = "ipaddr"; } else { $state = "domain"; } } break; case "cfws": if ($prevchr == "\\") { $email = trim(substr($email, 0, -2)); } else { if ($lastchr == ")") { $email = trim(substr($email, 0, -1)); $depth++; } else { if ($lastchr == "(") { $email = trim(substr($email, 0, -1)); $depth--; if (!$depth && substr($email, -1) != ")") { $state = $laststate; } } else { $email = trim(substr($email, 0, -1)); } } } break; case "ipaddr": if ($lastchr == "[" || $lastchr == "{" || $lastchr == "@") { $domain .= "["; $state = "@"; if ($lastchr == "@") { break; } } else { if ($lastchr == "," || $lastchr == ".") { $domain .= "."; } else { if ($lastchr == ";" || $lastchr == ":") { $domain .= ":"; } else { if (preg_match('/[A-Za-z0-9]/', $lastchr)) { $domain .= $lastchr; } } } } $email = trim(substr($email, 0, -1)); break; case "domain": if ($lastchr == "@") { $state = "@"; break; } else { if ($lastchr == ")") { $state = "cfws"; $laststate = "@"; break; } else { if ($lastchr == "," || $lastchr == ".") { $domain .= "."; } else { if (preg_match('/[A-Za-z0-9-]/', $lastchr)) { $domain .= $lastchr; } } } } $email = trim(substr($email, 0, -1)); break; case "@": if ($lastchr == "@") { $state = ""; } $email = trim(substr($email, 0, -1)); break; } } $domain = strrev($domain); $parts = explode(".", $domain); foreach ($parts as $num => $part) { $parts[$num] = str_replace(" ", "-", trim(str_replace("-", " ", $part))); } $domain = implode(".", $parts); // Forward parse out the local part of the e-mail address. // Remove CFWS (comments, folding whitespace). while (substr($email, 0, 1) == "(") { while ($email != "") { $currchr = substr($email, 0, 1); if ($currchr == "\\") { $email = trim(substr($email, 2)); } else { if ($currchr == "(") { $depth++; $email = trim(substr($email, 1)); } else { if ($currchr == ")") { $email = trim(substr($email, 1)); $depth--; if (!$depth && substr($email, 0, 1) != "(") { break; } } } } } } // Process quoted/unquoted string. $local = ""; if (substr($email, 0, 1) == "\"") { $email = substr($email, 1); while ($email != "") { $currchr = substr($email, 0, 1); $nextchr = substr($email, 1, 1); if ($currchr == "\\") { if ($nextchr == "\\" || $nextchr == "\"") { $local .= substr($email, 0, 2); $email = substr($email, 2); } else { if (ord($nextchr) >= 33 && ord($nextchr) <= 126) { $local .= substr($email, 1, 1); $email = substr($email, 2); } } } else { if ($currchr == "\"") { break; } else { if (ord($currchr) >= 33 && ord($nextchr) <= 126) { $local .= substr($email, 0, 1); $email = substr($email, 1); } else { $email = substr($email, 1); } } } } if (substr($local, -1) != "\"") { $local .= "\""; } } else { while ($email != "") { $currchr = substr($email, 0, 1); if (preg_match("/[A-Za-z0-9]/", $currchr) || $currchr == "!" || $currchr == "#" || $currchr == "\$" || $currchr == "%" || $currchr == "&" || $currchr == "'" || $currchr == "*" || $currchr == "+" || $currchr == "-" || $currchr == "/" || $currchr == "=" || $currchr == "?" || $currchr == "^" || $currchr == "_" || $currchr == "`" || $currchr == "{" || $currchr == "|" || $currchr == "}" || $currchr == "~" || $currchr == ".") { $local .= $currchr; $email = substr($email, 1); } else { break; } } $local = preg_replace('/[.]+/', ".", $local); if (substr($local, 0, 1) == ".") { $local = substr($local, 1); } if (substr($local, -1) == ".") { $local = substr($local, 0, -1); } } while (substr($local, -2) == "\\\"") { $local = substr($local, 0, -2) . "\""; } if ($local == "\"" || $local == "\"\"") { $local = ""; } // Analyze the domain/IP part and fix any issues. $domain = preg_replace('/[.]+/', ".", $domain); if (substr($domain, -1) == "]") { if (substr($domain, 0, 1) != "[") { $domain = "[" . $domain; } // Process the IP address. if (strtolower(substr($domain, 0, 6)) == "[ipv6:") { $ipaddr = IPAddr::NormalizeIP(substr($domain, 6, -1)); } else { $ipaddr = IPAddr::NormalizeIP(substr($domain, 1, -1)); } if ($ipaddr["ipv4"] != "") { $domain = "[" . $ipaddr["ipv4"] . "]"; } else { $domain = "[IPv6:" . $ipaddr["ipv6"] . "]"; } } else { // Process the domain. if (substr($domain, 0, 1) == ".") { $domain = substr($domain, 1); } if (substr($domain, -1) == ".") { $domain = substr($domain, 0, -1); } $domain = explode(".", $domain); foreach ($domain as $num => $part) { if (substr($part, 0, 1) == "-") { $part = substr($part, 1); } if (substr($part, -1) == "-") { $part = substr($part, 0, -1); } if (strlen($part) > 63) { $part = substr($part, 0, 63); } $domain[$num] = $part; } $domain = implode(".", $domain); } // Validate the final lengths. $y = strlen($local); $y2 = strlen($domain); $email = $local . "@" . $domain; if (!$y) { return array("success" => false, "error" => self::SMTP_Translate("Missing local part of e-mail address."), "errorcode" => "missing_local_part", "info" => $email); } if (!$y2) { return array("success" => false, "error" => self::SMTP_Translate("Missing domain part of e-mail address."), "errorcode" => "missing_domain_part", "info" => $email); } if ($y > 64 || $y2 > 253 || $y + $y2 + 1 > 253) { return array("success" => false, "error" => self::SMTP_Translate("E-mail address is too long."), "errorcode" => "email_too_long", "info" => $email); } // Process results. if (substr($domain, 0, 1) == "[" && substr($domain, -1) == "]") { $result = array("success" => true, "email" => $email, "lookup" => false, "type" => "IP"); } else { if (isset($options["usedns"]) && $options["usedns"] === false) { $result = array("success" => true, "email" => $email, "lookup" => false, "type" => "Domain"); } else { if ((!isset($options["usednsttlcache"]) || $options["usednsttlcache"] === true) && isset(self::$dnsttlcache[$domain]) && self::$dnsttlcache[$domain] >= time()) { $result = array("success" => true, "email" => $email, "lookup" => false, "type" => "CachedDNS"); } else { // Check for a mail server based on a DNS lookup. $result = self::GetDNSRecord($domain, array("MX", "A"), isset($options["nameservers"]) ? $options["nameservers"] : array("8.8.8.8", "8.8.4.4"), !isset($options["usednsttlcache"]) || $options["usednsttlcache"] === true); if ($result["success"]) { $result = array("success" => true, "email" => $email, "lookup" => true, "type" => $result["type"], "records" => $result["records"]); } } } } return $result; }
$spammer = true; } } } $rows[] = array(htmlspecialchars($ipaddr["ipv4"] != "" ? $ipaddr["ipv4"] : $ipaddr["shortipv6"]), htmlspecialchars(BB_Translate($spammer ? "Yes" : "No")), BB_FormatTimestamp("M j, Y @ g:i A", CSDB::ConvertFromDBTime($row->created)), "<a href=\"" . BB_GetRequestURLBase() . "?action=viewipaddr&id=" . $row->id . "&sec_t=" . BB_CreateSecurityToken("viewipaddr") . "\">" . htmlspecialchars(BB_Translate("View")) . "</a>"); } } $table = array("title" => "Search Results", "type" => "table", "cols" => array("IP Address", "Spammer?", "Created", "Options"), "rows" => $rows, "desc" => BB_Translate("The search results for the IP address pattern '%s'.", $pattern)); } else { if (isset($_REQUEST["ipaddr"]) && $_REQUEST["ipaddr"] == "") { BB_SetPageMessage("error", "Please specify an IP address or pattern."); } $ts = time(); $result = $sso_db->Query("SELECT", array("*", "FROM" => "?", "WHERE" => "created >= ?", "ORDER BY" => "created DESC"), $sso_db_ipcache, CSDB::ConvertToDBTime(time() - 2 * 24 * 60 * 60)); while ($row = $result->NextRow()) { $ipaddr = IPAddr::NormalizeIP($row->ipaddr); $info = unserialize($row->info); $spammer = false; if (isset($info["spaminfo"])) { foreach ($sso_providers as $provider => &$instance) { if (isset($info["spaminfo"][$provider]) && $info["spaminfo"][$provider]["spammer"]) { $spammer = true; } } } $rows[] = array(htmlspecialchars($ipaddr["ipv4"] != "" ? $ipaddr["ipv4"] : $ipaddr["shortipv6"]), htmlspecialchars(BB_Translate($spammer ? "Yes" : "No")), BB_FormatTimestamp("M j, Y @ g:i A", CSDB::ConvertFromDBTime($row->created)), "<a href=\"" . BB_GetRequestURLBase() . "?action=viewipaddr&id=" . $row->id . "&sec_t=" . BB_CreateSecurityToken("viewipaddr") . "\">" . htmlspecialchars(BB_Translate("View")) . "</a>"); } $table = array("title" => "Last 48 Hours", "type" => "table", "cols" => array("IP Address", "Spammer?", "Created", "Options"), "rows" => $rows, "desc" => "New IP addresses in the last 48 hours."); } $contentopts = array("desc" => "Manage the IP address cache.", "htmldesc" => $desc, "nonce" => "action", "hidden" => array("action" => "manageipcache"), "fields" => array($table, "split", array("title" => "Find IP Address", "type" => "text", "name" => "ipaddr", "value" => BB_GetValue("ipaddr", ""), "desc" => "Enter an IP address or IP address pattern to search for. (e.g. '10.0.0-15,17.*')")), "submit" => "Search", "focus" => false); BB_GeneratePage("Manage IP Cache", $sso_menuopts, $contentopts);