示例#1
0
 public function validate($ip_list = array())
 {
     foreach ($ip_list as $filter) {
         if (!Rhymix\Framework\IpFilter::validateRange($filter)) {
             return false;
         }
     }
     return true;
 }
示例#2
0
 /**
  * check allowed target ip address when  login for admin. 
  *
  * @return boolean (true : allowed, false : refuse)
  */
 function getMemberAdminIPCheck($allow_list = null, $deny_list = null)
 {
     if ($allow_list = $allow_list === null ? config('admin.allow') : $allow_list) {
         foreach ($allow_list as $range) {
             if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
                 return true;
             }
         }
         return false;
     }
     if ($deny_list = $deny_list === null ? config('admin.deny') : $deny_list) {
         foreach ($deny_list as $range) {
             if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
                 return false;
             }
         }
         return true;
     }
     return true;
 }
示例#3
0
    define('RX_BASEURL', '/');
}
/**
 * RX_REQUEST_URL is the remainder of the current URL (not including RX_BASEURL).
 */
if (isset($_SERVER['REQUEST_URI'])) {
    define('RX_REQUEST_URL', RX_BASEURL === '/' ? substr($_SERVER['REQUEST_URI'], 1) : (substr($_SERVER['REQUEST_URI'], strlen(RX_BASEURL)) ?: ''));
} else {
    define('RX_REQUEST_URL', '');
}
/**
 * RX_CLIENT_IP_VERSION and RX_CLIENT_IP contain information about the current visitor's IP address.
 */
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
    include_once __DIR__ . '/framework/ipfilter.php';
    Rhymix\Framework\IpFilter::getCloudFlareRealIP();
}
if (isset($_SERVER['REMOTE_ADDR']) && preg_match('/[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+$/', $_SERVER['REMOTE_ADDR'], $matches)) {
    define('RX_CLIENT_IP_VERSION', 4);
    define('RX_CLIENT_IP', $matches[0]);
} elseif (isset($_SERVER['REMOTE_ADDR']) && @inet_pton($_SERVER['REMOTE_ADDR']) !== false) {
    define('RX_CLIENT_IP_VERSION', 6);
    define('RX_CLIENT_IP', $_SERVER['REMOTE_ADDR']);
} else {
    define('RX_CLIENT_IP_VERSION', 4);
    define('RX_CLIENT_IP', '0.0.0.0');
}
/*
 * RX_SSL is true if the current request uses SSL/TLS.
 */
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
 /**
  * Update sitelock configuration.
  */
 function procAdminUpdateSitelock()
 {
     $vars = Context::gets('sitelock_locked', 'sitelock_allowed_ip', 'sitelock_title', 'sitelock_message');
     $allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->sitelock_allowed_ip));
     $allowed_ip = array_unique(array_filter($allowed_ip, function ($item) {
         return $item !== '';
     }));
     if ($vars->sitelock_locked === 'Y') {
         $allowed_localhost = false;
         $allowed_current = false;
         foreach ($allowed_ip as $range) {
             if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range)) {
                 $allowed_localhost = true;
             }
             if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
                 $allowed_current = true;
             }
         }
         if (!$allowed_localhost) {
             array_unshift($allowed_ip, '127.0.0.1');
         }
         if (!$allowed_current) {
             array_unshift($allowed_ip, RX_CLIENT_IP);
         }
     }
     if (!IpFilter::validate($whitelist)) {
         return new Object(-1, 'msg_invalid_ip');
     }
     Rhymix\Framework\Config::set('lock.locked', $vars->sitelock_locked === 'Y');
     Rhymix\Framework\Config::set('lock.title', trim($vars->sitelock_title));
     Rhymix\Framework\Config::set('lock.message', trim($vars->sitelock_message));
     Rhymix\Framework\Config::set('lock.allow', array_values($allowed_ip));
     Rhymix\Framework\Config::save();
     $this->setMessage('success_updated');
     $this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'act', 'dispAdminConfigSitelock'));
 }
示例#5
0
 /**
  * Display Sitelock Settings page
  * @return void
  */
 function dispAdminConfigSitelock()
 {
     Context::set('sitelock_locked', Rhymix\Framework\Config::get('lock.locked'));
     Context::set('sitelock_title', escape(Rhymix\Framework\Config::get('lock.title')));
     Context::set('sitelock_message', escape(Rhymix\Framework\Config::get('lock.message')));
     $allowed_ip = Rhymix\Framework\Config::get('lock.allow') ?: array();
     $allowed_localhost = false;
     $allowed_current = false;
     foreach ($allowed_ip as $range) {
         if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range)) {
             $allowed_localhost = true;
         }
         if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range)) {
             $allowed_current = true;
         }
     }
     if (!$allowed_localhost) {
         array_unshift($allowed_ip, '127.0.0.1');
     }
     if (!$allowed_current) {
         array_unshift($allowed_ip, RX_CLIENT_IP);
     }
     Context::set('sitelock_allowed_ip', implode(PHP_EOL, $allowed_ip));
     Context::set('remote_addr', RX_CLIENT_IP);
     $this->setTemplateFile('config_sitelock');
 }
示例#6
0
 /**
  * Enforce site lock.
  */
 private static function enforceSiteLock()
 {
     // Allow if the current user is logged in as administrator, or trying to log in.
     $logged_info = self::get('logged_info');
     if ($logged_info && $logged_info->is_admin === 'Y') {
         return;
     } elseif (in_array(self::get('act'), array('procMemberLogin', 'dispMemberLogout'))) {
         return;
     }
     // Allow if the current user is in the list of allowed IPs.
     $allowed_list = config('lock.allow');
     foreach ($allowed_list as $allowed_ip) {
         if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $allowed_ip)) {
             return;
         }
     }
     // Set headers and constants for backward compatibility.
     header('HTTP/1.1 503 Service Unavailable');
     define('_XE_SITELOCK_', TRUE);
     define('_XE_SITELOCK_TITLE_', config('lock.title') ?: self::getLang('admin.sitelock_in_use'));
     define('_XE_SITELOCK_MESSAGE_', config('lock.message'));
     unset($_SESSION['XE_VALIDATOR_RETURN_URL']);
     // Load the sitelock template.
     if (FileHandler::exists(RX_BASEDIR . 'common/tpl/sitelock.user.html')) {
         include RX_BASEDIR . 'common/tpl/sitelock.user.html';
     } else {
         self::setBrowserTitle(self::getSiteTitle());
         $oMessageObject = getView('message');
         $oMessageObject->setHttpStatusCode(503);
         $oMessageObject->setError(-1);
         $oMessageObject->setMessage(_XE_SITELOCK_TITLE_);
         $oMessageObject->dispMessage();
         $oModuleHandler = new ModuleHandler();
         $oModuleHandler->displayContent($oMessageObject);
     }
     exit;
 }