2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * This library is used with the server IP allow/deny host authentication
12 * Gets the "true" IP address of the current user
14 * @return string the ip of the user
20 /* Get the address of user */
21 if (!empty($_SERVER['REMOTE_ADDR'])) {
22 $direct_ip = $_SERVER['REMOTE_ADDR'];
24 /* We do not know remote IP */
28 /* Do we trust this IP as a proxy? If yes we will use it's header. */
29 if (isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) {
30 $proxy_ip = PMA_getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]);
31 // the $ checks that the header contains only one IP address
32 $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}$|', $proxy_ip, $regs);
33 if ($is_ip && (count($regs) > 0)) {
34 // True IP behind a proxy
41 } // end of the 'PMA_getIp()' function
45 * Based on IP Pattern Matcher
46 * Originally by J.Adams <jna@retina.net>
47 * Found on <http://www.php.net/manual/en/function.ip2long.php>
48 * Modified by Robbat2 <robbat2@users.sourceforge.net>
51 * xxx.xxx.xxx.xxx (exact)
52 * xxx.xxx.xxx.[yyy-zzz] (range)
53 * xxx.xxx.xxx.xxx/nn (CIDR)
56 * xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported)
58 * @param string string of IP range to match
59 * @param string string of IP to test against range
61 * @return boolean always true
65 function PMA_ipMaskTest($testRange, $ipToTest)
69 if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs)) {
70 // performs a mask match
71 $ipl = ip2long($ipToTest);
72 $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]);
76 for ($i = 0; $i < 31; $i++
) {
77 if ($i < $regs[5] - 1) {
78 $maskl = $maskl +
PMA_pow(2, (30 - $i));
82 if (($maskl & $rangel) == ($maskl & $ipl)) {
89 $maskocts = explode('.', $testRange);
90 $ipocts = explode('.', $ipToTest);
92 // perform a range match
93 for ($i = 0; $i < 4; $i++
) {
94 if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
95 if (($ipocts[$i] > $regs[2])
96 ||
($ipocts[$i] < $regs[1])) {
100 if ($maskocts[$i] <> $ipocts[$i]) {
108 } // end of the "PMA_IPMaskTest()" function
112 * Runs through IP Allow/Deny rules the use of it below for more information
114 * @param string 'allow' | 'deny' type of rule to match
116 * @return bool Matched a rule ?
122 function PMA_allowDeny($type)
126 // Grabs true IP of the user and returns if it can't be found
127 $remote_ip = PMA_getIp();
128 if (empty($remote_ip)) {
133 $username = $cfg['Server']['user'];
135 // copy rule database
136 $rules = $cfg['Server']['AllowDeny']['rules'];
138 // lookup table for some name shortcuts
140 'all' => '0.0.0.0/0',
141 'localhost' => '127.0.0.1/8'
144 // Provide some useful shortcuts if server gives us address:
145 if (PMA_getenv('SERVER_ADDR')) {
146 $shortcuts['localnetA'] = PMA_getenv('SERVER_ADDR') . '/8';
147 $shortcuts['localnetB'] = PMA_getenv('SERVER_ADDR') . '/16';
148 $shortcuts['localnetC'] = PMA_getenv('SERVER_ADDR') . '/24';
151 foreach ($rules as $rule) {
153 $rule_data = explode(' ', $rule);
155 // check for rule type
156 if ($rule_data[0] != $type) {
160 // check for username
161 if (($rule_data[1] != '%') //wildcarded first
162 && ($rule_data[1] != $username)) {
166 // check if the config file has the full string with an extra
167 // 'from' in it and if it does, just discard it
168 if ($rule_data[2] == 'from') {
169 $rule_data[2] = $rule_data[3];
172 // Handle shortcuts with above array
173 if (isset($shortcuts[$rule_data[2]])) {
174 $rule_data[2] = $shortcuts[$rule_data[2]];
177 // Add code for host lookups here
178 // Excluded for the moment
180 // Do the actual matching now
181 if (PMA_ipMaskTest($rule_data[2], $remote_ip)) {
187 } // end of the "PMA_AllowDeny()" function