/modules/security/admin/security_iprule_admin.php
PHP | 284 lines | 102 code | 13 blank | 169 comment | 16 complexity | 369b07b960b95fe5dc8ef624e2cf45de MD5 | raw file
- <?
- define("ADMIN_MODULE_NAME", "security");
- require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_before.php");
- CModule::IncludeModule('security');
- IncludeModuleLangFile(__FILE__);
- /**
- * @global CUser $USER
- * @global CMain $APPLICATION
- **/
- $canRead = $USER->CanDoOperation('security_iprule_admin_settings_read');
- $canWrite = $USER->CanDoOperation('security_iprule_admin_settings_write');
- if(!$canRead && !$canWrite)
- $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
- $aTabs = array(
- array(
- "DIV" => "main",
- "TAB" => GetMessage("SEC_IPRULE_ADMIN_MAIN_TAB"),
- "ICON"=>"main_user_edit",
- "TITLE"=>GetMessage("SEC_IPRULE_ADMIN_MAIN_TAB_TITLE"),
- ),
- );
- $tabControl = new CAdminTabControl("tabControl", $aTabs, false, true);
- $rsIPRule = CSecurityIPRule::GetList(array(), array(
- "=RULE_TYPE" => "A",
- "=ADMIN_SECTION" => "Y",
- "=SITE_ID" => false,
- "=SORT" => 10,
- "=ACTIVE_FROM" => false,
- "=ACTIVE_TO" => false,
- ), array("ID" => "ASC"));
- $arIPRule = $rsIPRule->Fetch();
- if($arIPRule)
- {
- $ID = $arIPRule["ID"];
- $ACTIVE = $arIPRule["ACTIVE"];
- }
- else
- {
- $ID = 0;
- $ACTIVE = "N";
- }
- $exclMasks=array(
- '/bitrix/admin/user_options.php',
- );
- foreach(GetModuleEvents("security", "OnIPRuleAdmin", true) as $event)
- {
- $exclMasks = array_merge($exclMasks,ExecuteModuleEventEx($event));
- }
- $strError = "";
- $bVarsFromForm = false;
- $bShowForce = false;
- $message = CSecurityIPRule::CheckAntiFile(true);
- if($_SERVER["REQUEST_METHOD"] == "POST" && $_REQUEST["save"].$_REQUEST["apply"].$_REQUEST["activate_iprule"].$_REQUEST["deactivate_iprule"] !="" && $canWrite && check_bitrix_sessid())
- {
- $ob = new CSecurityIPRule;
- if(!$_REQUEST["activate_iprule"] && $_REQUEST["deactivate_iprule"])
- {
- //When rule is going to be deactivated we will no check for IP
- $noExclIPS = false;
- $selfBlock = false;
- }
- else
- {
- //Otherwise check if ANY input supplied
- $noExclIPS = true;
- foreach($_POST["EXCL_IPS"] as $ip)
- {
- if(trim($ip) <> '')
- {
- $noExclIPS = false;
- break;
- }
- }
- //AND it is not selfblocking rule
- $INCL_IPS = array("0.0.0.1-255.255.255.255");
- $selfBlock = $ob->CheckIP($INCL_IPS, $_POST["EXCL_IPS"]);
- }
- if($noExclIPS)
- {
- $message = new CAdminMessage(GetMessage("SEC_IPRULE_ADMIN_NO_IP"));
- $bVarsFromForm = true;
- }
- elseif($selfBlock && (COption::GetOptionString("security", "ipcheck_allow_self_block")!=="Y"))
- {
- if($e = $APPLICATION->GetException())
- $message = new CAdminMessage(GetMessage("SEC_IPRULE_ADMIN_SAVE_ERROR"), $e);
- $bVarsFromForm = true;
- }
- elseif($selfBlock && $_POST["USE_THE_FORCE_LUK"]!=="Y")
- {
- if($e = $APPLICATION->GetException())
- $message = new CAdminMessage(GetMessage("SEC_IPRULE_ADMIN_SAVE_ERROR"), $e);
- $bVarsFromForm = true;
- $bShowForce = true;
- }
- else
- {
- $arFields = array(
- "RULE_TYPE" => "A",
- "ACTIVE" => $_REQUEST["activate_iprule"]? "Y": ($_REQUEST["deactivate_iprule"]? "N": $ACTIVE),
- "ADMIN_SECTION" => "Y",
- "SITE_ID" => false,
- "SORT" => 10,
- "NAME" => GetMessage("SEC_IPRULE_ADMIN_RULE_NAME"),
- "ACTIVE_FROM" => false,
- "ACTIVE_TO" => false,
- "INCL_IPS" => $INCL_IPS,
- "EXCL_IPS" => $_POST["EXCL_IPS"],
- "INCL_MASKS" => array("/bitrix/admin/*"),
- "EXCL_MASKS" => $exclMasks,
- );
- if($ID > 0)
- {
- $res = $ob->Update($ID, $arFields);
- }
- else
- {
- $ID = $ob->Add($arFields);
- $res = ($ID>0);
- }
- if($res)
- {
- if($_REQUEST["save"] != "" && $_GET["return_url"]!="")
- LocalRedirect($_GET["return_url"]);
- $returnUrl = $_GET["return_url"]? "&return_url=".urlencode($_GET["return_url"]): "";
- LocalRedirect("/bitrix/admin/security_iprule_admin.php?lang=".LANGUAGE_ID.$returnUrl."&".$tabControl->ActiveTabParam());
- }
- else
- {
- if($e = $APPLICATION->GetException())
- $message = new CAdminMessage(GetMessage("SEC_IPRULE_ADMIN_SAVE_ERROR"), $e);
- $bVarsFromForm = true;
- }
- }
- }
- $messageDetails = "";
- if ($ID > 0 && $ACTIVE=="Y")
- {
- $messageType = "OK";
- $messageText = GetMessage("SEC_IPRULE_ADMIN_ON");
- } else
- {
- $messageType = "ERROR";
- $messageText = GetMessage("SEC_IPRULE_ADMIN_OFF");
- }
- $APPLICATION->SetTitle(GetMessage("SEC_IPRULE_ADMIN_TITLE"));
- CUtil::InitJSCore();
- $APPLICATION->AddHeadScript('/bitrix/js/security/admin/interface.js');
- require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_after.php");
- if($message)
- echo $message->Show();
- CAdminMessage::ShowMessage(array(
- "MESSAGE"=>$messageText,
- "TYPE"=>$messageType,
- "DETAILS"=>$messageDetails,
- "HTML"=>true
- ));
- ?>
- <form method="POST" action="security_iprule_admin.php?lang=<?echo LANGUAGE_ID?><?echo $_GET["return_url"]? "&return_url=".urlencode($_GET["return_url"]): ""?>" enctype="multipart/form-data" name="editform">
- <?
- $tabControl->Begin();
- ?>
- <?
- $tabControl->BeginNextTab();
- ?>
- <tr>
- <td colspan="2" align="left">
- <?if($ID > 0 && $ACTIVE=="Y"):?>
- <input type="submit" name="deactivate_iprule" value="<?echo GetMessage("SEC_IPRULE_ADMIN_BUTTON_OFF")?>"<?if(!$canWrite) echo " disabled"?>>
- <?else:?>
- <input type="submit" name="activate_iprule" value="<?echo GetMessage("SEC_IPRULE_ADMIN_BUTTON_ON")?>"<?if(!$canWrite) echo " disabled"?> class="adm-btn-save">
- <?endif?>
- </td>
- </tr>
- <tr>
- <td colspan="2">
- <?echo BeginNote();?><?echo GetMessage("SEC_IPRULE_ADMIN_NOTE", array("#IP#" => $_SERVER["REMOTE_ADDR"]))?>
- <?echo EndNote(); ?>
- </td>
- </tr>
- <?
- $arExclIPs = array();
- if($bVarsFromForm)
- {
- if(is_array($_POST["EXCL_IPS"]))
- foreach($_POST["EXCL_IPS"] as $i => $ip)
- $arExclIPs[] = htmlspecialcharsbx($ip);
- }
- elseif($ID > 0)
- {
- $ar = CSecurityIPRule::GetRuleExclIPs($ID);
- foreach($ar as $i => $ip)
- $arExclIPs[] = htmlspecialcharsbx($ip);
- }
- ?>
- <tr>
- <td class="adm-detail-valign-top" width="40%"><?echo GetMessage("SEC_IPRULE_ADMIN_EXCL_IPS")?>:<br><?echo GetMessage("SEC_IPRULE_ADMIN_EXCL_IPS_SAMPLE")?></td>
- <td width="60%">
- <table cellpadding="0" cellspacing="0" border="0" class="nopadding" width="100%" id="tbEXCL_IPS">
- <?foreach($arExclIPs as $i => $ip):?>
- <tr><td nowrap style="padding-bottom: 3px;">
- <input type="text" size="45" name="EXCL_IPS[<?echo $i?>]" value="<?echo $ip?>">
- </td></tr>
- <?endforeach;?>
- <?if(!$bVarsFromForm):?>
- <tr class="security-addable-row"><td nowrap style="padding-bottom: 3px;">
- <input type="text" size="45" name="EXCL_IPS[n0]" value="">
- </td></tr>
- <?endif;?>
- <tr><td>
- <br><input type="button" id="add-button" value="<?echo GetMessage("SEC_IPRULE_ADMIN_ADD")?>">
- </td></tr>
- </table>
- </td>
- </tr>
- <?
- if (count($exclMasks) > 0)
- {
- ?>
- <tr>
- <td class="adm-detail-valign-top" width="40%"><?echo GetMessage("SEC_IPRULE_ADMIN_EXCL_FILES_".(($ACTIVE == 'Y')?'ACTIVE':'INACTIVE'))?></td>
- <td width="60%">
- <table cellpadding="0" cellspacing="0" border="0" class="nopadding" width="100%" id="tbEXCL_FILES">
- <?foreach($exclMasks as $mask):?>
- <tr><td nowrap>
- <?echo htmlspecialcharsbx($mask)?>
- </td></tr>
- <?endforeach;?>
- </table>
- </td>
- </tr>
- <?
- }
- ?>
- <script id="security-interface-settings" type="application/json">
- {
- "addableRows": [{
- "tableId": "tbEXCL_IPS",
- "buttonId": "add-button"
- }]
- }
- </script>
- <?
- $tabControl->Buttons(
- array(
- "disabled"=>(!$canWrite),
- "back_url"=>$_GET["return_url"]? $_GET["return_url"]: "security_iprule_admin.php?lang=".LANG,
- )
- );
- ?>
- <?echo bitrix_sessid_post();?>
- <input type="hidden" name="lang" value="<?echo LANG?>">
- <?if($bShowForce && (COption::GetOptionString("security", "ipcheck_allow_self_block")==="Y")):?>
- <input type="hidden" name="USE_THE_FORCE_LUK" value="Y">
- <?endif;?>
- <?
- $tabControl->End();
- ?>
- </form>
- <?
- require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin.php");
- ?>