public function test_cleanremoteaddr()
{
// IPv4.
$this->assertNull(cleanremoteaddr('1023.121.234.1'));
$this->assertSame('123.121.234.1', cleanremoteaddr('123.121.234.01 '));
// IPv6.
$this->assertNull(cleanremoteaddr('0:0:0:0:0:0:0:0:0'));
$this->assertNull(cleanremoteaddr('0:0:0:0:0:0:0:abh'));
$this->assertNull(cleanremoteaddr('0:0:0:::0:0:1'));
$this->assertSame('::', cleanremoteaddr('0:0:0:0:0:0:0:0', true));
$this->assertSame('::1:1', cleanremoteaddr('0:0:0:0:0:0:1:1', true));
$this->assertSame('abcd:ef::', cleanremoteaddr('abcd:00ef:0:0:0:0:0:0', true));
$this->assertSame('1::1', cleanremoteaddr('1:0:0:0:0:0:0:1', true));
$this->assertSame('0:0:0:0:0:0:10:1', cleanremoteaddr('::10:1', false));
$this->assertSame('1:1:0:0:0:0:0:0', cleanremoteaddr('01:1::', false));
$this->assertSame('10:0:0:0:0:0:0:10', cleanremoteaddr('10::10', false));
$this->assertSame('::ffff:c0a8:11', cleanremoteaddr('::ffff:192.168.1.1', true));
}
function test_cleanremoteaddr()
{
//IPv4
$this->assertEqual(cleanremoteaddr('1023.121.234.1'), null);
$this->assertEqual(cleanremoteaddr('123.121.234.01 '), '123.121.234.1');
//IPv6
$this->assertEqual(cleanremoteaddr('0:0:0:0:0:0:0:0:0'), null);
$this->assertEqual(cleanremoteaddr('0:0:0:0:0:0:0:abh'), null);
$this->assertEqual(cleanremoteaddr('0:0:0:::0:0:1'), null);
$this->assertEqual(cleanremoteaddr('0:0:0:0:0:0:0:0', true), '::');
$this->assertEqual(cleanremoteaddr('0:0:0:0:0:0:1:1', true), '::1:1');
$this->assertEqual(cleanremoteaddr('abcd:00ef:0:0:0:0:0:0', true), 'abcd:ef::');
$this->assertEqual(cleanremoteaddr('1:0:0:0:0:0:0:1', true), '1::1');
$this->assertEqual(cleanremoteaddr('::10:1', false), '0:0:0:0:0:0:10:1');
$this->assertEqual(cleanremoteaddr('01:1::', false), '1:1:0:0:0:0:0:0');
$this->assertEqual(cleanremoteaddr('10::10', false), '10:0:0:0:0:0:0:10');
$this->assertEqual(cleanremoteaddr('::ffff:192.168.1.1', true), '::ffff:c0a8:11');
}
/**
* Cleans an ip address. Internal addresses are now allowed.
* (Originally local addresses were not allowed.)
*
* @param string $addr IPv4 or IPv6 address
* @param bool $compress use IPv6 address compression
* @return string normalised ip address string, null if error
*/
function cleanremoteaddr($addr, $compress = false)
{
$addr = trim($addr);
if (strpos($addr, ':') !== false) {
// Can be only IPv6.
$parts = explode(':', $addr);
$count = count($parts);
if (strpos($parts[$count - 1], '.') !== false) {
// Legacy ipv4 notation.
$last = array_pop($parts);
$ipv4 = cleanremoteaddr($last, true);
if ($ipv4 === null) {
return null;
}
$bits = explode('.', $ipv4);
$parts[] = dechex($bits[0]) . dechex($bits[1]);
$parts[] = dechex($bits[2]) . dechex($bits[3]);
$count = count($parts);
$addr = implode(':', $parts);
}
if ($count < 3 or $count > 8) {
return null;
// Severly malformed.
}
if ($count != 8) {
if (strpos($addr, '::') === false) {
return null;
// Malformed.
}
// Uncompress.
$insertat = array_search('', $parts, true);
$missing = array_fill(0, 1 + 8 - $count, '0');
array_splice($parts, $insertat, 1, $missing);
foreach ($parts as $key => $part) {
if ($part === '') {
$parts[$key] = '0';
}
}
}
$adr = implode(':', $parts);
if (!preg_match('/^([0-9a-f]{1,4})(:[0-9a-f]{1,4})*$/i', $adr)) {
return null;
// Incorrect format - sorry.
}
// Normalise 0s and case.
$parts = array_map('hexdec', $parts);
$parts = array_map('dechex', $parts);
$result = implode(':', $parts);
if (!$compress) {
return $result;
}
if ($result === '0:0:0:0:0:0:0:0') {
return '::';
// All addresses.
}
$compressed = preg_replace('/(:0)+:0$/', '::', $result, 1);
if ($compressed !== $result) {
return $compressed;
}
$compressed = preg_replace('/^(0:){2,7}/', '::', $result, 1);
if ($compressed !== $result) {
return $compressed;
}
$compressed = preg_replace('/(:0){2,6}:/', '::', $result, 1);
if ($compressed !== $result) {
return $compressed;
}
return $result;
}
// First get all things that look like IPv4 addresses.
$parts = array();
if (!preg_match('/^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$/', $addr, $parts)) {
return null;
}
unset($parts[0]);
foreach ($parts as $key => $match) {
if ($match > 255) {
return null;
}
$parts[$key] = (int) $match;
// Normalise 0s.
}
return implode('.', $parts);
}
function getremoteaddr()
{
global $CFG;
if (empty($CFG->getremoteaddrconf)) {
// This will happen, for example, before just after the upgrade, as the
// user is redirected to the admin screen.
$variablestoskip = 0;
} else {
$variablestoskip = $CFG->getremoteaddrconf;
}
if (!($variablestoskip & GETREMOTEADDR_SKIP_HTTP_CLIENT_IP)) {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
return cleanremoteaddr($_SERVER['HTTP_CLIENT_IP']);
}
}
if (!($variablestoskip & GETREMOTEADDR_SKIP_HTTP_X_FORWARDED_FOR)) {
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return cleanremoteaddr($_SERVER['HTTP_X_FORWARDED_FOR']);
}
}
if (!empty($_SERVER['REMOTE_ADDR'])) {
return cleanremoteaddr($_SERVER['REMOTE_ADDR']);
} else {
return null;
}
}
/**
* Returns most reliable client address
*
* @return string The remote IP address
*/
function getremoteaddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
return cleanremoteaddr($_SERVER['HTTP_CLIENT_IP']);
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return cleanremoteaddr($_SERVER['HTTP_X_FORWARDED_FOR']);
}
if (!empty($_SERVER['REMOTE_ADDR'])) {
return cleanremoteaddr($_SERVER['REMOTE_ADDR']);
}
return '';
}
if (isguestuser()) {
// Guest users cannot perform lookups.
throw new require_login_exception('Guests are not allowed here.');
}
$ip = optional_param('ip', getremoteaddr(), PARAM_RAW);
$user = optional_param('user', 0, PARAM_INT);
if (isset($CFG->iplookup)) {
// Clean up of old settings.
set_config('iplookup', NULL);
}
$PAGE->set_url('/iplookup/index.php', array('id' => $ip, 'user' => $user));
$PAGE->set_pagelayout('popup');
$PAGE->set_context(context_system::instance());
$info = array($ip);
$note = array();
if (cleanremoteaddr($ip) === false) {
print_error('invalidipformat', 'error');
}
if (!ip_is_public($ip)) {
print_error('iplookupprivate', 'error');
}
$info = iplookup_find_location($ip);
if ($info['error']) {
// Can not display.
notice($info['error']);
}
if ($user) {
if ($user = $DB->get_record('user', array('id' => $user, 'deleted' => 0))) {
// note: better not show full names to everybody
if (has_capability('moodle/user:viewdetails', context_user::instance($user->id))) {
array_unshift($info['title'], fullname($user));
