PageRenderTime 36ms CodeModel.GetById 13ms RepoModel.GetById 1ms app.codeStats 0ms

/concrete/core/helpers/validation/ip.php

https://bitbucket.org/selfeky/xclusivescardwebsite
PHP | 166 lines | 121 code | 19 blank | 26 comment | 21 complexity | 3f567904c7c016370dfd3faa78b673b9 MD5 | raw file
  1. <?php
  2. /**
  3. * Helper elements for dealing with errors in Concrete
  4. * @package Helpers
  5. * @subpackage Validation
  6. * @author Andrew Embler <andrew@concrete5.org>
  7. * @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org)
  8. * @license http://www.concrete5.org/license/ MIT License
  9. */
  10. defined('C5_EXECUTE') or die("Access Denied.");
  11. class Concrete5_Helper_Validation_Ip {
  12. /**
  13. * Checks if an IP has been banned
  14. * @param type $ip if 127.0.0.1 form (as opposed to int)
  15. * @return boolean
  16. */
  17. public function check($ip=false,$extraParamString=false,$extraParamValues=array()) {
  18. $ip = ($ip) ? $ip : $this->getRequestIP();
  19. $db = Loader::db();
  20. //do ip check
  21. $q = 'SELECT count(expires) as count
  22. FROM UserBannedIPs
  23. WHERE
  24. (
  25. (ipFrom = ? AND ipTo = 0)
  26. OR
  27. (ipFrom <= ? AND ipTo >= ?)
  28. )
  29. AND (expires = 0 OR expires > UNIX_TIMESTAMP(now()))
  30. ';
  31. if($extraParamString !== false){
  32. $q .= $extraParamString;
  33. }
  34. $ip_as_long = ip2long($ip);
  35. $v = array($ip_as_long, $ip_as_long, $ip_as_long);
  36. $v = array_merge($v,$extraParamValues);
  37. $rs = $db->Execute($q,$v);
  38. $row = $rs->fetchRow();
  39. return ($row['count'] > 0) ? false : true;
  40. }
  41. protected function checkForManualPermBan($ip=false){
  42. return $this->check($ip, ' AND isManual = ? AND expires = ? ',Array(1,0));
  43. }
  44. /** Checks if an IPv4 address belongs to a private network.
  45. * @param string $ip The IP address to check.
  46. * @return bool Returns true if $ip belongs to a private network, false if it's a public IP address.
  47. */
  48. public function isPrivateIP($ip) {
  49. if(empty($ip)) {
  50. return false;
  51. }
  52. if(
  53. (strpos($ip, '10.') === 0)
  54. ||
  55. (strpos($ip, '192.168.') === 0)
  56. ||
  57. (preg_match('/^172\.(\d+)\./', $ip, $m) && (intval($m[1]) >= 16) && (intval($m[1]) <= 31))
  58. ) {
  59. return true;
  60. }
  61. return false;
  62. }
  63. /** Returns the client IP address (or an empty string if it can't be found).
  64. * @return string
  65. */
  66. public function getRequestIP() {
  67. $result = '';
  68. foreach(array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $index) {
  69. if(array_key_exists($index, $_SERVER) && is_string($_SERVER[$index])) {
  70. foreach(explode(',', $_SERVER[$index]) as $ip) {
  71. $ip = trim($ip);
  72. if(strlen($ip)) {
  73. if($this->isPrivateIP($ip)) {
  74. $result = $ip;
  75. }
  76. else {
  77. return $ip;
  78. }
  79. }
  80. }
  81. }
  82. }
  83. return $result;
  84. }
  85. public function getErrorMessage() {
  86. return t("Unable to complete action: your IP address has been banned. Please contact the administrator of this site for more information.");
  87. }
  88. public function logSignupRequest($ignoreConfig=false) {
  89. Loader::model('signup_request');
  90. if (Config::get('IP_BAN_LOCK_IP_ENABLE') == 1) {
  91. $signupRequest = new SignupRequest();
  92. $signupRequest->id = null;
  93. $signupRequest->date_access = null;
  94. $signupRequest->ipFrom = ip2long($this->getRequestIP());
  95. $signupRequest->save();
  96. }
  97. }
  98. public function signupRequestThreshholdReached($ignoreConfig=false) {
  99. if ($ignoreConfig || Config::get('IP_BAN_LOCK_IP_ENABLE') == 1) {
  100. $db = Loader::db();
  101. $threshold_attempts = Config::get('IP_BAN_LOCK_IP_ATTEMPTS');
  102. $threshhold_seconds = Config::get('IP_BAN_LOCK_IP_TIME');
  103. $ip = ip2long($this->getRequestIP());
  104. $q = 'SELECT count(ipFrom) as count
  105. FROM SignupRequests
  106. WHERE ipFrom = ?
  107. AND UNIX_TIMESTAMP(date_access) > (UNIX_TIMESTAMP(now()) - ?)';
  108. $v = Array($ip, $threshhold_seconds);
  109. $rs = $db->execute($q,$v);
  110. $row = $rs->fetchRow();
  111. if ($row['count'] >= $threshold_attempts) {
  112. return true;
  113. }
  114. else{
  115. return false;
  116. }
  117. }
  118. }
  119. public function createIPBan($ip=false,$ignoreConfig=false) {
  120. if ($ignoreConfig || Config::get('IP_BAN_LOCK_IP_ENABLE') == 1) {
  121. $ip = ($ip) ? $ip : $this->getRequestIP();
  122. $ip = ip2long($ip);
  123. //IP_BAN_LOCK_IP_HOW_LONG_MIN of 0 or undefined means forever
  124. $timeOffset = Config::get('IP_BAN_LOCK_IP_HOW_LONG_MIN');
  125. $timeOffset = $timeOffset ? ($timeOffset * 60) : 0;
  126. $time = $timeOffset ? time() + $timeOffset : 0;
  127. $db = Loader::db();
  128. Loader::model('user_banned_ip');
  129. //delete before inserting .. catching a duplicate (1062) doesn't
  130. //seem to be working in all enviornments. If there's a permanant ban,
  131. //obey its setting
  132. if ($this->checkForManualPermBan(long2ip($ip), true)) {
  133. $db->StartTrans();
  134. //check if there's a manual ban
  135. $q = 'DELETE FROM UserBannedIPs WHERE ipFrom = ? AND ipTo = 0 AND isManual = 0';
  136. $v = Array($ip,0);
  137. $db->execute($q,$v);
  138. $q = 'INSERT INTO UserBannedIPs (ipFrom,ipTo,banCode,expires,isManual) ';
  139. $q .= 'VALUES (?,?,?,?,?)';
  140. $v = array($ip,0,UserBannedIp::IP_BAN_CODE_REGISTRATION_THROTTLE,$time,0);
  141. $db->execute($q,$v);
  142. $db->CompleteTrans();
  143. }
  144. }
  145. }
  146. }
  147. ?>