function getIP()
{
if (!empty($_SERVER['HTTP_CLIENT_IP']) && isValidIP($_SERVER['HTTP_CLIENT_IP'])) {
return $_SERVER["HTTP_CLIENT_IP"];
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
foreach (explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']) as $ip) {
if (isValidIP(trim($ip))) {
return $ip;
}
}
}
if (!empty($_SERVER['HTTP_X_FORWARDED']) && isValidIP($_SERVER['HTTP_X_FORWARDED'])) {
return $_SERVER['HTTP_X_FORWARDED'];
} elseif (!empty($_SERVER['HTTP_FORWARDED_FOR']) && isValidIP($_SERVER['HTTP_FORWARDED_FOR'])) {
return $_SERVER['HTTP_FORWARDED_FOR'];
} elseif (!empty($_SERVER['HTTP_FORWARDED']) && isValidIP($_SERVER['HTTP_FORWARDED'])) {
return $_SERVER['HTTP_FORWARDED'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED']) && isValidIP($_SERVER['HTTP_X_FORWARDED'])) {
return $_SERVER['HTTP_X_FORWARDED'];
} else {
return $_SERVER['REMOTE_ADDR'];
}
}
$error = false;
$name = htmlentities($_POST['name']);
$type = htmlentities($_POST['type']);
$ip = htmlentities($_POST['ip']);
$port = htmlentities($_POST['port']);
$user = htmlentities($_POST['user']);
$password = htmlentities($_POST['password']);
if (!preg_match("/^[a-zA-Z0-9._-]+\$/", $name)) {
$msg = _addons_message_error_name . "<br>";
$error = true;
}
if ($type != "Rsync/Tar") {
$error = true;
$msg = _templates_invalid_type;
}
if (isValidIP($ip) == false) {
$error = true;
$msg = _dedicated_message_ip_invalid;
}
if (!preg_match("/^[0-9]+\$/", $port)) {
$msg = _dedicated_message_port_invalid . "<br>";
$error = true;
}
if (!preg_match("/^[a-zA-Z0-9._-]+\$/", $user)) {
$msg = _gameserver_user_invalid . "<br>";
$error = true;
}
if (exists_entry("name", "backup_server", "name", $name) == true) {
$error = true;
$msg = _template_exists;
}
break;
}
$json['result'] = true;
$json['data'] = array();
while ($row = $res->fetch_row()) {
$ap = array();
$ap['id'] = (int) $row[0];
$ap['time'] = $row[1];
$ap['comment'] = $row[2];
$ip = _long2ip($row[3]);
$wanip = _long2ip($row[10]);
$ap['range'] = $ip != '' ? $ip : ($wanip != '' ? $wanip : '');
if (isLocalIP($ap['range']) && $ap['range'] != $wanip && isValidIP($wanip) && !isLocalIP($wanip)) {
$ap['range'] = $wanip;
}
if (isValidIP($ap['range'])) {
$oct = explode('.', $ap['range']);
array_pop($oct);
array_pop($oct);
$ap['range'] = implode('.', $oct) . '.0.0/16';
} else {
$ap['range'] = '';
}
$ap['bssid'] = $row[4] == 0 ? dec2mac($row[5]) : '';
$ap['essid'] = $row[6];
$ap['sec'] = sec2str((int) $row[7]);
$ap['key'] = $row[8];
$ap['wps'] = $row[9] == 1 ? '' : str_pad($row[9], 8, '0', STR_PAD_LEFT);
$ap['lat'] = null;
$ap['lon'] = null;
if ($row[4] == 0 && $row[11] != 0 && $row[12] != 0) {
if ($UserManager->Level > 1) {
$entry['ipport'] = $ip != '' ? $ip : ($wanip != '' ? $wanip : '');
if (isLocalIP($entry['ipport']) && $entry['ipport'] != $wanip && isValidIP($wanip) && !isLocalIP($wanip)) {
$entry['ipport'] = $wanip;
}
if ($entry['ipport'] != '' && $row[5] != null) {
$entry['ipport'] .= ':' . $row[5];
}
$entry['auth'] = $row[6];
$entry['name'] = $row[7];
} else {
$entry['range'] = $ip != '' ? $ip : ($wanip != '' ? $wanip : '');
if (isLocalIP($entry['range']) && $entry['range'] != $wanip && isValidIP($wanip) && !isLocalIP($wanip)) {
$entry['range'] = $wanip;
}
if (isValidIP($entry['range'])) {
$oct = explode('.', $entry['range']);
array_pop($oct);
array_pop($oct);
$entry['range'] = implode('.', $oct) . '.0.0/16';
} else {
$entry['range'] = '';
}
}
$entry['bssid'] = '';
if ((int) $row[8] == 0) {
$entry['bssid'] = dec2mac($row[9]);
}
$entry['essid'] = $row[10];
$entry['sec'] = sec2str((int) $row[11]);
$entry['key'] = $row[12];
function unban($ip) {
global $dirs, $paths;
if (!isAdmin()) return false;
if (!isValidIP($ip)) return false;
$ip = formatString($ip);
ensureExists($dirs['prefs']);
$jData = decode($paths['ban']);
if ($jData == null) $jData = array();
foreach ($jData as $key => $value) {
if ($value['ip'] == $ip) {
unset($jData[$key]);
}
}
$jData = array_values($jData);
$output = encode($jData);
write($paths['ban'], $output, 0773);
return true;
}
<?php
require_once 'ajax_auth.inc.php';
$db = Database::getDatabase();
/* get vars */
$params = json_decode($_REQUEST['value']);
$ip_address = trim(strtolower($params->group1->ip_address));
$ban_type = trim($params->group1->ban_type);
$notes = $params->group1->notes;
$response = array();
$response['content'] = "";
$response['javascript'] = "";
$response['errors'] = array();
$response['success'] = 1;
/* validate submission */
if (!isValidIP($ip_address)) {
$response['errors']['ip_address'] = array(t("ip_address_invalid_try_again"));
} else {
$db = Database::getDatabase(true);
$row = $db->getRow('SELECT id FROM banned_ips WHERE ipAddress = ' . $db->quote($ip_address));
if (is_array($row)) {
$response['errors']['ip_address'] = array(t("ip_address_already_blocked"));
}
}
/* insert/update db */
if (COUNT($response['errors']) == 0) {
/* create the intial record */
$dbInsert = new DBObject("banned_ips", array("ipAddress", "banType", "banNotes", "dateBanned"));
$dbInsert->ipAddress = $ip_address;
$dbInsert->banType = $ban_type;
$dbInsert->banNotes = $notes;
<?php
//header
$title = "Login";
include 'header.php';
$remote = htmlentities($_SERVER['REMOTE_ADDR']);
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$forward = $_SERVER['HTTP_X_FORWARDED_FOR'];
if (isValidIP($forward) == false) {
$forward = "0";
}
} else {
$forward = "0";
}
if (isValidIP($remote) == false) {
$remote = "0";
}
$error = false;
$msg = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST' and check_blocked_ip($forward, $remote) == false) {
if (isValidEmail($_POST['email']) == false) {
$msg = "E-Mail ungültig.";
$error = true;
}
if (strlen($_POST['email']) < 6) {
$msg = "E-Mail zu kurz.";
$error = true;
}
if (strlen($_POST['password']) < 8) {
$msg = "Passwort zu kurz";
$error = true;
