3 // vim: expandtab sw=4 ts=4 sts=4:
6 * This library is used with the server IP allow/deny host authentication
12 * Gets the "true" IP address of the current user
14 * @return string the ip of the user
21 global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED;
22 global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM;
24 // Get some server/environment variables values
25 if (empty($REMOTE_ADDR)) {
26 if (!empty($_SERVER) && isset($_SERVER['REMOTE_ADDR'])) {
27 $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
29 else if (!empty($_ENV) && isset($_ENV['REMOTE_ADDR'])) {
30 $REMOTE_ADDR = $_ENV['REMOTE_ADDR'];
32 else if (@getenv
('REMOTE_ADDR')) {
33 $REMOTE_ADDR = getenv('REMOTE_ADDR');
36 if (empty($HTTP_X_FORWARDED_FOR)) {
37 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
38 $HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];
40 else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) {
41 $HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR'];
43 else if (@getenv
('HTTP_X_FORWARDED_FOR')) {
44 $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
47 if (empty($HTTP_X_FORWARDED)) {
48 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) {
49 $HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED'];
51 else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) {
52 $HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED'];
54 else if (@getenv
('HTTP_X_FORWARDED')) {
55 $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
58 if (empty($HTTP_FORWARDED_FOR)) {
59 if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) {
60 $HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
62 else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) {
63 $HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
65 else if (@getenv
('HTTP_FORWARDED_FOR')) {
66 $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
69 if (empty($HTTP_FORWARDED)) {
70 if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) {
71 $HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
73 else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) {
74 $HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
76 else if (@getenv
('HTTP_FORWARDED')) {
77 $HTTP_FORWARDED = getenv('HTTP_FORWARDED');
80 if (empty($HTTP_VIA)) {
81 if (!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) {
82 $HTTP_VIA = $_SERVER['HTTP_VIA'];
84 else if (!empty($_ENV) && isset($_ENV['HTTP_VIA'])) {
85 $HTTP_VIA = $_ENV['HTTP_VIA'];
87 else if (@getenv
('HTTP_VIA')) {
88 $HTTP_VIA = getenv('HTTP_VIA');
91 if (empty($HTTP_X_COMING_FROM)) {
92 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) {
93 $HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
95 else if (!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) {
96 $HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
98 else if (@getenv
('HTTP_X_COMING_FROM')) {
99 $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
102 if (empty($HTTP_COMING_FROM)) {
103 if (!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) {
104 $HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
106 else if (!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) {
107 $HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
109 else if (@getenv
('HTTP_COMING_FROM')) {
110 $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
114 // Gets the default ip sent by the user
115 if (!empty($REMOTE_ADDR)) {
116 $direct_ip = $REMOTE_ADDR;
119 // Gets the proxy ip sent by the user
121 if (!empty($HTTP_X_FORWARDED_FOR)) {
122 $proxy_ip = $HTTP_X_FORWARDED_FOR;
123 } else if (!empty($HTTP_X_FORWARDED)) {
124 $proxy_ip = $HTTP_X_FORWARDED;
125 } else if (!empty($HTTP_FORWARDED_FOR)) {
126 $proxy_ip = $HTTP_FORWARDED_FOR;
127 } else if (!empty($HTTP_FORWARDED)) {
128 $proxy_ip = $HTTP_FORWARDED;
129 } else if (!empty($HTTP_VIA)) {
130 $proxy_ip = $HTTP_VIA;
131 } else if (!empty($HTTP_X_COMING_FROM)) {
132 $proxy_ip = $HTTP_X_COMING_FROM;
133 } else if (!empty($HTTP_COMING_FROM)) {
134 $proxy_ip = $HTTP_COMING_FROM;
135 } // end if... else if...
137 // Returns the true IP if it has been found, else FALSE
138 if (empty($proxy_ip)) {
139 // True IP without proxy
142 $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs);
143 if ($is_ip && (count($regs) > 0)) {
144 // True IP behind a proxy
147 // Can't define IP: there is a proxy but we don't have
148 // information about the true IP
151 } // end if... else...
152 } // end of the 'PMA_getIp()' function
156 * Based on IP Pattern Matcher
157 * Originally by J.Adams <jna@retina.net>
158 * Found on <http://www.php.net/manual/en/function.ip2long.php>
159 * Modified by Robbat2 <robbat2@users.sourceforge.net>
162 * xxx.xxx.xxx.xxx (exact)
163 * xxx.xxx.xxx.[yyy-zzz] (range)
164 * xxx.xxx.xxx.xxx/nn (CIDR)
167 * xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported)
169 * @param string string of IP range to match
170 * @param string string of IP to test against range
172 * @return boolean always true
176 function PMA_ipMaskTest($testRange, $ipToTest)
180 if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs)) {
181 // performs a mask match
182 $ipl = ip2long($ipToTest);
183 $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]);
187 for ($i = 0; $i < 31; $i++
) {
188 if ($i < $regs[5] - 1) {
189 $maskl = $maskl +
pow(2, (30 - $i));
193 if (($maskl & $rangel) == ($maskl & $ipl)) {
200 $maskocts = explode('.', $testRange);
201 $ipocts = explode('.', $ipToTest);
203 // perform a range match
204 for ($i = 0; $i < 4; $i++
) {
205 if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
206 if (($ipocts[$i] > $regs[2])
207 ||
($ipocts[$i] < $regs[1])) {
211 if ($maskocts[$i] <> $ipocts[$i]) {
219 } // end of the "PMA_IPMaskTest()" function
223 * Runs through IP Allow/Deny rules the use of it below for more information
225 * @param string 'allow' | 'deny' type of rule to match
227 * @return bool Matched a rule ?
233 function PMA_allowDeny($type)
237 // Grabs true IP of the user and returns if it can't be found
238 $remote_ip = PMA_getIp();
239 if (empty($remote_ip)) {
244 $username = $cfg['Server']['user'];
246 // copy rule database
247 $rules = $cfg['Server']['AllowDeny']['rules'];
249 // lookup table for some name shortcuts
251 'all' => '0.0.0.0/0',
252 'localhost' => '127.0.0.1/8'
255 foreach($rules AS $rule) {
257 $rule_data = explode(' ', $rule);
259 // check for rule type
260 if ($rule_data[0] != $type) {
264 // check for username
265 if (($rule_data[1] != '%') //wildcarded first
266 && ($rule_data[1] != $username)) {
270 // check if the config file has the full string with an extra
271 // 'from' in it and if it does, just discard it
272 if ($rule_data[2] == 'from') {
273 $rule_data[2] = $rule_data[3];
276 // Handle shortcuts with above array
277 // DON'T use "array_key_exists" as it's only PHP 4.1 and newer.
278 if (isset($shortcuts[$rule_data[2]])) {
279 $rule_data[2] = $shortcuts[$rule_data[2]];
282 // Add code for host lookups here
283 // Excluded for the moment
285 // Do the actual matching now
286 if (PMA_ipMaskTest($rule_data[2], $remote_ip)) {
292 } // end of the "PMA_AllowDeny()" function
