search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed the Garvin's calculations.
[phpmyadmin/crack.git] / libraries / ip_allow_deny.lib.php3
blob65077eab259f9463a593a95f5f43c468ce7a2294
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 /**
6 * This library is used with the server IP allow/deny host authentication
7 * feature
8 */
9
10
11 if (!defined('PMA_ALLOW_DENY_LIB_INCLUDED')) {
12 define('PMA_ALLOW_DENY_LIB_INCLUDED', 1);
13
14 if (PMA_PHP_INT_VERSION < 40000) {
15 /**
16 * Emulates the "ip2long" function under PHP3
17 *
18 * Based on a piece of code from
19 * richard lithvall <richard at lithvall dot nu>
20 *
21 * @param string an IP in Internet standard format
22 *
23 * @return string its IPv4 Internet network address
24 *
25 * @access private
26 */
27 function ip2long($dotted)
28 {
29 $dotted = split('\.', $dotted);
30 $ip = (double)0;
31 $y = 0x1000000;
32 for ($i = 0; $i < 4; $i++) {
33 $ip += ($dotted[$i] * $y);
34 $y = ($y >> 8);
35 } // end for
36
37 return $ip;
38 } // end of the "ip2long" function
39 } // end if
40
41
42 /**
43 * Gets the "true" IP address of the current user
44 *
45 * @return string the ip of the user
46 *
47 * @access private
48 */
49 function PMA_getIp()
50 {
51 global $REMOTE_ADDR;
52 global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED;
53 global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM;
54 global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
55
56 // Get some server/environment variables values
57 if (empty($REMOTE_ADDR)) {
58 if (!empty($_SERVER) && isset($_SERVER['REMOTE_ADDR'])) {
59 $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
60 }
61 else if (!empty($_ENV) && isset($_ENV['REMOTE_ADDR'])) {
62 $REMOTE_ADDR = $_ENV['REMOTE_ADDR'];
63 }
64 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['REMOTE_ADDR'])) {
65 $REMOTE_ADDR = $HTTP_SERVER_VARS['REMOTE_ADDR'];
66 }
67 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['REMOTE_ADDR'])) {
68 $REMOTE_ADDR = $HTTP_ENV_VARS['REMOTE_ADDR'];
69 }
70 else if (@getenv('REMOTE_ADDR')) {
71 $REMOTE_ADDR = getenv('REMOTE_ADDR');
72 }
73 } // end if
74 if (empty($HTTP_X_FORWARDED_FOR)) {
75 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
76 $HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];
77 }
78 else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) {
79 $HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR'];
80 }
81 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
82 $HTTP_X_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
83 }
84 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) {
85 $HTTP_X_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'];
86 }
87 else if (@getenv('HTTP_X_FORWARDED_FOR')) {
88 $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
89 }
90 } // end if
91 if (empty($HTTP_X_FORWARDED)) {
92 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) {
93 $HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED'];
94 }
95 else if (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) {
96 $HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED'];
97 }
98 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED'])) {
99 $HTTP_X_FORWARDED = $HTTP_SERVER_VARS['HTTP_X_FORWARDED'];
100 }
101 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED'])) {
102 $HTTP_X_FORWARDED = $HTTP_ENV_VARS['HTTP_X_FORWARDED'];
103 }
104 else if (@getenv('HTTP_X_FORWARDED')) {
105 $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
106 }
107 } // end if
108 if (empty($HTTP_FORWARDED_FOR)) {
109 if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) {
110 $HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
111 }
112 else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) {
113 $HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
114 }
115 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED_FOR'])) {
116 $HTTP_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_FORWARDED_FOR'];
117 }
118 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED_FOR'])) {
119 $HTTP_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_FORWARDED_FOR'];
120 }
121 else if (@getenv('HTTP_FORWARDED_FOR')) {
122 $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
123 }
124 } // end if
125 if (empty($HTTP_FORWARDED)) {
126 if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) {
127 $HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
128 }
129 else if (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) {
130 $HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
131 }
132 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED'])) {
133 $HTTP_FORWARDED = $HTTP_SERVER_VARS['HTTP_FORWARDED'];
134 }
135 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED'])) {
136 $HTTP_FORWARDED = $HTTP_ENV_VARS['HTTP_FORWARDED'];
137 }
138 else if (@getenv('HTTP_FORWARDED')) {
139 $HTTP_FORWARDED = getenv('HTTP_FORWARDED');
140 }
141 } // end if
142 if (empty($HTTP_VIA)) {
143 if (!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) {
144 $HTTP_VIA = $_SERVER['HTTP_VIA'];
145 }
146 else if (!empty($_ENV) && isset($_ENV['HTTP_VIA'])) {
147 $HTTP_VIA = $_ENV['HTTP_VIA'];
148 }
149 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_VIA'])) {
150 $HTTP_VIA = $HTTP_SERVER_VARS['HTTP_VIA'];
151 }
152 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_VIA'])) {
153 $HTTP_VIA = $HTTP_ENV_VARS['HTTP_VIA'];
154 }
155 else if (@getenv('HTTP_VIA')) {
156 $HTTP_VIA = getenv('HTTP_VIA');
157 }
158 } // end if
159 if (empty($HTTP_X_COMING_FROM)) {
160 if (!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) {
161 $HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
162 }
163 else if (!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) {
164 $HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
165 }
166 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_COMING_FROM'])) {
167 $HTTP_X_COMING_FROM = $HTTP_SERVER_VARS['HTTP_X_COMING_FROM'];
168 }
169 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_COMING_FROM'])) {
170 $HTTP_X_COMING_FROM = $HTTP_ENV_VARS['HTTP_X_COMING_FROM'];
171 }
172 else if (@getenv('HTTP_X_COMING_FROM')) {
173 $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
174 }
175 } // end if
176 if (empty($HTTP_COMING_FROM)) {
177 if (!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) {
178 $HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
179 }
180 else if (!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) {
181 $HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
182 }
183 else if (!empty($HTTP_COMING_FROM) && isset($HTTP_SERVER_VARS['HTTP_COMING_FROM'])) {
184 $HTTP_COMING_FROM = $HTTP_SERVER_VARS['HTTP_COMING_FROM'];
185 }
186 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_COMING_FROM'])) {
187 $HTTP_COMING_FROM = $HTTP_ENV_VARS['HTTP_COMING_FROM'];
188 }
189 else if (@getenv('HTTP_COMING_FROM')) {
190 $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
191 }
192 } // end if
193
194 // Gets the default ip sent by the user
195 if (!empty($REMOTE_ADDR)) {
196 $direct_ip = $REMOTE_ADDR;
197 }
198
199 // Gets the proxy ip sent by the user
200 $proxy_ip = '';
201 if (!empty($HTTP_X_FORWARDED_FOR)) {
202 $proxy_ip = $HTTP_X_FORWARDED_FOR;
203 } else if (!empty($HTTP_X_FORWARDED)) {
204 $proxy_ip = $HTTP_X_FORWARDED;
205 } else if (!empty($HTTP_FORWARDED_FOR)) {
206 $proxy_ip = $HTTP_FORWARDED_FOR;
207 } else if (!empty($HTTP_FORWARDED)) {
208 $proxy_ip = $HTTP_FORWARDED;
209 } else if (!empty($HTTP_VIA)) {
210 $proxy_ip = $HTTP_VIA;
211 } else if (!empty($HTTP_X_COMING_FROM)) {
212 $proxy_ip = $HTTP_X_COMING_FROM;
213 } else if (!empty($HTTP_COMING_FROM)) {
214 $proxy_ip = $HTTP_COMING_FROM;
215 } // end if... else if...
216
217 // Returns the true IP if it has been found, else FALSE
218 if (empty($proxy_ip)) {
219 // True IP without proxy
220 return $direct_ip;
221 } else {
222 $is_ip = ereg('^([0-9]{1,3}\.){3,3}[0-9]{1,3}', $proxy_ip, $regs);
223 if ($is_ip && (count($regs) > 0)) {
224 // True IP behind a proxy
225 return $regs[0];
226 } else {
227 // Can't define IP: there is a proxy but we don't have
228 // information about the true IP
229 return FALSE;
230 }
231 } // end if... else...
232 } // end of the 'PMA_getIp()' function
233
234
235 /**
236 * Based on IP Pattern Matcher
237 * Originally by J.Adams <jna@retina.net>
238 * Found on <http://www.php.net/manual/en/function.ip2long.php>
239 * Modified by Robbat2 <robbat2@users.sourceforge.net>
240 *
241 * Matches:
242 * xxx.xxx.xxx.xxx (exact)
243 * xxx.xxx.xxx.[yyy-zzz] (range)
244 * xxx.xxx.xxx.xxx/nn (CIDR)
245 *
246 * Does not match:
247 * xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported)
248 *
249 * @param string string of IP range to match
250 * @param string string of IP to test against range
251 *
252 * @return boolean always true
253 *
254 * @access public
255 */
256 function PMA_ipMaskTest($testRange, $ipToTest)
257 {
258 $result = TRUE;
259
260 if (ereg('([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)', $testRange, $regs)) {
261 // performs a mask match
262 $ipl = ip2long($ipToTest);
263 $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]);
264
265 $maskl = 0;
266
267 for ($i = 0; $i < 31; $i++) {
268 if ($i < $regs[5] - 1) {
269 $maskl = $maskl + pow(2, (30 - $i));
270 } // end if
271 } // end for
272
273 if (($maskl & $rangel) == ($maskl & $ipl)) {
274 return TRUE;
275 } else {
276 return FALSE;
277 }
278 } else {
279 // range based
280 $maskocts = split('\.', $testRange);
281 $ipocts = split('\.', $ipToTest);
282
283 // perform a range match
284 for ($i = 0; $i < 4; $i++) {
285 if (ereg('\[([0-9]+)\-([0-9]+)\]', $maskocts[$i], $regs)) {
286 if (($ipocts[$i] > $regs[2])
287 || ($ipocts[$i] < $regs[1])) {
288 $result = FALSE;
289 } // end if
290 } else {
291 if ($maskocts[$i] <> $ipocts[$i]) {
292 $result = FALSE;
293 } // end if
294 } // end if/else
295 } //end for
296 } //end if/else
297
298 return $result;
299 } // end of the "PMA_IPMaskTest()" function
300
301
302 /**
303 * Runs through IP Allow/Deny rules the use of it below for more information
304 *
305 * @param string 'allow' | 'deny' type of rule to match
306 *
307 * @return bool Matched a rule ?
308 *
309 * @access public
310 *
311 * @see PMA_getIp()
312 */
313 function PMA_allowDeny($type)
314 {
315 global $cfg;
316
317 // Grabs true IP of the user and returns if it can't be found
318 $remote_ip = PMA_getIp();
319 if (empty($remote_ip)) {
320 return FALSE;
321 }
322
323 // copy username
324 $username = $cfg['Server']['user'];
325
326 // copy rule database
327 $rules = $cfg['Server']['AllowDeny']['rules'];
328
329 // lookup table for some name shortcuts
330 $shortcuts = array(
331 'all' => '0.0.0.0/0',
332 'localhost' => '127.0.0.1/8'
333 );
334
335 reset($rules); // used instead of a foreach look for PHP3 support
336 while (list(, $rule) = each($rules)) {
337 // extract rule data
338 $rule_data = explode(' ', $rule);
339
340 // check for rule type
341 if ($rule_data[0] != $type) {
342 continue;
343 }
344
345 // check for username
346 if (($rule_data[1] != '%') //wildcarded first
347 && ($rule_data[1] != $username)) {
348 continue;
349 }
350
351 // check if the config file has the full string with an extra
352 // 'from' in it and if it does, just discard it
353 if ($rule_data[2] == 'from') {
354 $rule_data[2] = $rule_data[3];
355 }
356
357 // Handle shortcuts with above array
358 // DON'T use "array_key_exists" as it's only PHP 4.1 and newer.
359 if (isset($shortcuts[$rule_data[2]])) {
360 $rule_data[2] = $shortcuts[$rule_data[2]];
361 }
362
363 // Add code for host lookups here
364 // Excluded for the moment
365
366 // Do the actual matching now
367 if (PMA_ipMaskTest($rule_data[2], $remote_ip)) {
368 return TRUE;
369 }
370 } // end while
371
372 return FALSE;
373 } // end of the "PMA_AllowDeny()" function
374
375 } // $__PMA_ALLOW_DENY_LIB__
376 ?>
Drizzle / GSOC 2011