2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * This library is used with the server IP allow/deny host authentication
12 * Gets the "true" IP address of the current user
14 * @return string the ip of the user
20 /* Get the address of user */
21 if (!empty($_SERVER['REMOTE_ADDR'])) {
22 $direct_ip = $_SERVER['REMOTE_ADDR'];
24 /* We do not know remote IP */
28 /* Do we trust this IP as a proxy? If yes we will use it's header. */
29 if (isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) {
30 $trusted_header_value = PMA_getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]);
32 // the $ checks that the header contains only one IP address, ?: makes sure the () don't capture
33 $is_ip = preg_match('|^(?:[0-9]{1,3}\.){3,3}[0-9]{1,3}$|', $trusted_header_value, $matches);
34 if ($is_ip && (count($matches) == 1)) {
35 // True IP behind a proxy
42 } // end of the 'PMA_getIp()' function
46 * Based on IP Pattern Matcher
47 * Originally by J.Adams <jna@retina.net>
48 * Found on <http://www.php.net/manual/en/function.ip2long.php>
49 * Modified by Robbat2 <robbat2@users.sourceforge.net>
52 * xxx.xxx.xxx.xxx (exact)
53 * xxx.xxx.xxx.[yyy-zzz] (range)
54 * xxx.xxx.xxx.xxx/nn (CIDR)
57 * xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported)
59 * @param string string of IP range to match
60 * @param string string of IP to test against range
62 * @return boolean always true
66 function PMA_ipMaskTest($testRange, $ipToTest)
70 if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs)) {
71 // performs a mask match
72 $ipl = ip2long($ipToTest);
73 $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]);
77 for ($i = 0; $i < 31; $i++
) {
78 if ($i < $regs[5] - 1) {
79 $maskl = $maskl +
PMA_pow(2, (30 - $i));
83 if (($maskl & $rangel) == ($maskl & $ipl)) {
90 $maskocts = explode('.', $testRange);
91 $ipocts = explode('.', $ipToTest);
93 // perform a range match
94 for ($i = 0; $i < 4; $i++
) {
95 if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
96 if (($ipocts[$i] > $regs[2])
97 ||
($ipocts[$i] < $regs[1])) {
101 if ($maskocts[$i] <> $ipocts[$i]) {
109 } // end of the "PMA_IPMaskTest()" function
113 * Runs through IP Allow/Deny rules the use of it below for more information
115 * @param string 'allow' | 'deny' type of rule to match
117 * @return bool Matched a rule ?
123 function PMA_allowDeny($type)
127 // Grabs true IP of the user and returns if it can't be found
128 $remote_ip = PMA_getIp();
129 if (empty($remote_ip)) {
134 $username = $cfg['Server']['user'];
136 // copy rule database
137 $rules = $cfg['Server']['AllowDeny']['rules'];
139 // lookup table for some name shortcuts
141 'all' => '0.0.0.0/0',
142 'localhost' => '127.0.0.1/8'
145 // Provide some useful shortcuts if server gives us address:
146 if (PMA_getenv('SERVER_ADDR')) {
147 $shortcuts['localnetA'] = PMA_getenv('SERVER_ADDR') . '/8';
148 $shortcuts['localnetB'] = PMA_getenv('SERVER_ADDR') . '/16';
149 $shortcuts['localnetC'] = PMA_getenv('SERVER_ADDR') . '/24';
152 foreach ($rules as $rule) {
154 $rule_data = explode(' ', $rule);
156 // check for rule type
157 if ($rule_data[0] != $type) {
161 // check for username
162 if (($rule_data[1] != '%') //wildcarded first
163 && ($rule_data[1] != $username)) {
167 // check if the config file has the full string with an extra
168 // 'from' in it and if it does, just discard it
169 if ($rule_data[2] == 'from') {
170 $rule_data[2] = $rule_data[3];
173 // Handle shortcuts with above array
174 if (isset($shortcuts[$rule_data[2]])) {
175 $rule_data[2] = $shortcuts[$rule_data[2]];
178 // Add code for host lookups here
179 // Excluded for the moment
181 // Do the actual matching now
182 if (PMA_ipMaskTest($rule_data[2], $remote_ip)) {
188 } // end of the "PMA_AllowDeny()" function