Documentation TYPO3 par Ameos |
00001 <?php 00002 /* $Id: ip_allow_deny.lib.php,v 2.2 2003/11/26 22:52:23 rabus Exp $ */ 00003 // vim: expandtab sw=4 ts=4 sts=4: 00004 00018 function PMA_getIp() 00019 { 00020 global $REMOTE_ADDR; 00021 global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED; 00022 global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM; 00023 00024 // Get some server/environment variables values 00025 if (empty($REMOTE_ADDR)) { 00026 if (!empty($_SERVER) && isset($_SERVER['REMOTE_ADDR'])) { 00027 $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; 00028 } 00029 else if (!empty($_ENV) && isset($_ENV['REMOTE_ADDR'])) { 00030 $REMOTE_ADDR = $_ENV['REMOTE_ADDR']; 00031 } 00032 else if (@getenv('REMOTE_ADDR')) { 00033 $REMOTE_ADDR = getenv('REMOTE_ADDR'); 00034 } 00035 } // end if 00036 if (empty($HTTP_X_FORWARDED_FOR)) { 00037 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { 00038 $HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR']; 00039 } 00040 else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) { 00041 $HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR']; 00042 } 00043 else if (@getenv('HTTP_X_FORWARDED_FOR')) { 00044 $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR'); 00045 } 00046 } // end if 00047 if (empty($HTTP_X_FORWARDED)) { 00048 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) { 00049 $HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED']; 00050 } 00051 else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) { 00052 $HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED']; 00053 } 00054 else if (@getenv('HTTP_X_FORWARDED')) { 00055 $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED'); 00056 } 00057 } // end if 00058 if (empty($HTTP_FORWARDED_FOR)) { 00059 if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) { 00060 $HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR']; 00061 } 00062 else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) { 00063 $HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR']; 00064 } 00065 else if (@getenv('HTTP_FORWARDED_FOR')) { 00066 $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR'); 00067 } 00068 } // end if 00069 if (empty($HTTP_FORWARDED)) { 00070 if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) { 00071 $HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED']; 00072 } 00073 else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) { 00074 $HTTP_FORWARDED = $_ENV['HTTP_FORWARDED']; 00075 } 00076 else if (@getenv('HTTP_FORWARDED')) { 00077 $HTTP_FORWARDED = getenv('HTTP_FORWARDED'); 00078 } 00079 } // end if 00080 if (empty($HTTP_VIA)) { 00081 if (!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) { 00082 $HTTP_VIA = $_SERVER['HTTP_VIA']; 00083 } 00084 else if (!empty($_ENV) && isset($_ENV['HTTP_VIA'])) { 00085 $HTTP_VIA = $_ENV['HTTP_VIA']; 00086 } 00087 else if (@getenv('HTTP_VIA')) { 00088 $HTTP_VIA = getenv('HTTP_VIA'); 00089 } 00090 } // end if 00091 if (empty($HTTP_X_COMING_FROM)) { 00092 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) { 00093 $HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM']; 00094 } 00095 else if (!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) { 00096 $HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM']; 00097 } 00098 else if (@getenv('HTTP_X_COMING_FROM')) { 00099 $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM'); 00100 } 00101 } // end if 00102 if (empty($HTTP_COMING_FROM)) { 00103 if (!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) { 00104 $HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM']; 00105 } 00106 else if (!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) { 00107 $HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM']; 00108 } 00109 else if (@getenv('HTTP_COMING_FROM')) { 00110 $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM'); 00111 } 00112 } // end if 00113 00114 // Gets the default ip sent by the user 00115 if (!empty($REMOTE_ADDR)) { 00116 $direct_ip = $REMOTE_ADDR; 00117 } 00118 00119 // Gets the proxy ip sent by the user 00120 $proxy_ip = ''; 00121 if (!empty($HTTP_X_FORWARDED_FOR)) { 00122 $proxy_ip = $HTTP_X_FORWARDED_FOR; 00123 } else if (!empty($HTTP_X_FORWARDED)) { 00124 $proxy_ip = $HTTP_X_FORWARDED; 00125 } else if (!empty($HTTP_FORWARDED_FOR)) { 00126 $proxy_ip = $HTTP_FORWARDED_FOR; 00127 } else if (!empty($HTTP_FORWARDED)) { 00128 $proxy_ip = $HTTP_FORWARDED; 00129 } else if (!empty($HTTP_VIA)) { 00130 $proxy_ip = $HTTP_VIA; 00131 } else if (!empty($HTTP_X_COMING_FROM)) { 00132 $proxy_ip = $HTTP_X_COMING_FROM; 00133 } else if (!empty($HTTP_COMING_FROM)) { 00134 $proxy_ip = $HTTP_COMING_FROM; 00135 } // end if... else if... 00136 00137 // Returns the true IP if it has been found, else FALSE 00138 if (empty($proxy_ip)) { 00139 // True IP without proxy 00140 return $direct_ip; 00141 } else { 00142 $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs); 00143 if ($is_ip && (count($regs) > 0)) { 00144 // True IP behind a proxy 00145 return $regs[0]; 00146 } else { 00147 // Can't define IP: there is a proxy but we don't have 00148 // information about the true IP 00149 return FALSE; 00150 } 00151 } // end if... else... 00152 } // end of the 'PMA_getIp()' function 00153 00154 00176 function PMA_ipMaskTest($testRange, $ipToTest) 00177 { 00178 $result = TRUE; 00179 00180 if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs)) { 00181 // performs a mask match 00182 $ipl = ip2long($ipToTest); 00183 $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]); 00184 00185 $maskl = 0; 00186 00187 for ($i = 0; $i < 31; $i++) { 00188 if ($i < $regs[5] - 1) { 00189 $maskl = $maskl + pow(2, (30 - $i)); 00190 } // end if 00191 } // end for 00192 00193 if (($maskl & $rangel) == ($maskl & $ipl)) { 00194 return TRUE; 00195 } else { 00196 return FALSE; 00197 } 00198 } else { 00199 // range based 00200 $maskocts = explode('.', $testRange); 00201 $ipocts = explode('.', $ipToTest); 00202 00203 // perform a range match 00204 for ($i = 0; $i < 4; $i++) { 00205 if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) { 00206 if (($ipocts[$i] > $regs[2]) 00207 || ($ipocts[$i] < $regs[1])) { 00208 $result = FALSE; 00209 } // end if 00210 } else { 00211 if ($maskocts[$i] <> $ipocts[$i]) { 00212 $result = FALSE; 00213 } // end if 00214 } // end if/else 00215 } //end for 00216 } //end if/else 00217 00218 return $result; 00219 } // end of the "PMA_IPMaskTest()" function 00220 00221 00233 function PMA_allowDeny($type) 00234 { 00235 global $cfg; 00236 00237 // Grabs true IP of the user and returns if it can't be found 00238 $remote_ip = PMA_getIp(); 00239 if (empty($remote_ip)) { 00240 return FALSE; 00241 } 00242 00243 // copy username 00244 $username = $cfg['Server']['user']; 00245 00246 // copy rule database 00247 $rules = $cfg['Server']['AllowDeny']['rules']; 00248 00249 // lookup table for some name shortcuts 00250 $shortcuts = array( 00251 'all' => '0.0.0.0/0', 00252 'localhost' => '127.0.0.1/8' 00253 ); 00254 00255 foreach($rules AS $rule) { 00256 // extract rule data 00257 $rule_data = explode(' ', $rule); 00258 00259 // check for rule type 00260 if ($rule_data[0] != $type) { 00261 continue; 00262 } 00263 00264 // check for username 00265 if (($rule_data[1] != '%') //wildcarded first 00266 && ($rule_data[1] != $username)) { 00267 continue; 00268 } 00269 00270 // check if the config file has the full string with an extra 00271 // 'from' in it and if it does, just discard it 00272 if ($rule_data[2] == 'from') { 00273 $rule_data[2] = $rule_data[3]; 00274 } 00275 00276 // Handle shortcuts with above array 00277 // DON'T use "array_key_exists" as it's only PHP 4.1 and newer. 00278 if (isset($shortcuts[$rule_data[2]])) { 00279 $rule_data[2] = $shortcuts[$rule_data[2]]; 00280 } 00281 00282 // Add code for host lookups here 00283 // Excluded for the moment 00284 00285 // Do the actual matching now 00286 if (PMA_ipMaskTest($rule_data[2], $remote_ip)) { 00287 return TRUE; 00288 } 00289 } // end while 00290 00291 return FALSE; 00292 } // end of the "PMA_AllowDeny()" function 00293 00294 ?>