kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix #1307

This commit is contained in:
Alan Garcia 2012-10-15 16:06:12 +00:00
parent 228fd364c8
commit 03e012dd46
7 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bureau/admin/adm_authip_whitelist.php
View File

@ -41,7 +41,7 @@ $list_ip = $authip->list_ip_whitelist();
<p> <p>
<fieldset> <fieldset>
<legend><?php __("Add an IP");?> - <a href="javascript:edit_ip('','<?php echo htmlentities($_SERVER['REMOTE_ADDR'])."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></legend> <legend><?php __("Add an IP");?> - <a href="javascript:edit_ip('','<?php echo htmlentities(get_remote_ip())."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></legend>
<span id="form_add_ip"> <span id="form_add_ip">
<form method="post" action="adm_authip_whitelist.php" name="main" id="main"> <form method="post" action="adm_authip_whitelist.php" name="main" id="main">
<p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php __("Cancel edit")?></a></p> <p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php __("Cancel edit")?></a></p>

2
bureau/admin/ip_main.php
View File

@ -162,7 +162,7 @@ $lac = $authip->list_affected();
</td> </td>
<td valign=top width=40%> <td valign=top width=40%>
<fieldset> <fieldset>
<legend><?php __("Add an IP");?> - <a href="javascript:edit_ip('','<?php echo htmlentities($_SERVER['REMOTE_ADDR'])."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></legend> <legend><?php __("Add an IP");?> - <a href="javascript:edit_ip('','<?php echo htmlentities(get_remote_ip())."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></legend>
<span id="form_add_ip"> <span id="form_add_ip">
<form method="post" action="ip_main.php" name="main" id="main"> <form method="post" action="ip_main.php" name="main" id="main">
<p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php __("Cancel edit")?></a></p> <p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php __("Cancel edit")?></a></p>

7
bureau/class/config.php
View File

@ -37,14 +37,13 @@
et mettez votre ip dans le IF pour que seule votre ip puisse accéder au bureau : et mettez votre ip dans le IF pour que seule votre ip puisse accéder au bureau :
*/ */
/* /* * /
if (getenv("REMOTE_ADDR")!="81.56.98.108") { if (getenv("REMOTE_ADDR")!="127.0.0.1") {
echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br> echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br>
Merci de revenir plus tard."; Merci de revenir plus tard.";
exit(); exit();
} }
*/ /* */
ini_set('display_errors', true);
// FIXME: Some constant, we put them here so that we can change them later ;) LFS // FIXME: Some constant, we put them here so that we can change them later ;) LFS
define('ALTERNC_MAIL', "/var/alternc/mail"); define('ALTERNC_MAIL', "/var/alternc/mail");

6
bureau/class/config_real.php
View File

@ -32,13 +32,13 @@
s'assurer que personne ne pourra accéder à 2 pages du bureau en même temps. s'assurer que personne ne pourra accéder à 2 pages du bureau en même temps.
*/ */
/* /* * /
if (getenv("REMOTE_ADDR")!="81.56.98.108") { if (getenv("REMOTE_ADDR")!="127.0.0.1") {
echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br> echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br>
Merci de revenir plus tard."; Merci de revenir plus tard.";
exit(); exit();
} }
*/ /* */
// 1. Get a semaphore id for the alternc magic number (18577) // 1. Get a semaphore id for the alternc magic number (18577)
$alternc_sem = sem_get ( 18577 ); $alternc_sem = sem_get ( 18577 );

6
bureau/class/functions.php
View File

@ -101,6 +101,12 @@ function checkhostallow_nodns($domain) {
return 0; return 0;
} }
function get_remote_ip() {
// Return the remote IP.
// If you are behind a proxy, use X_FORWARDED_FOR instead of REMOTE_ADDR
return getenv('REMOTE_ADDR');
}
/* Check that $url is a correct url (http:// or https:// or ftp://) */ /* Check that $url is a correct url (http:// or https:// or ftp://) */
function checkurl($url) { function checkurl($url) {
// TODO : add a path/file check // TODO : add a path/file check

3
bureau/class/m_err.php
View File

@ -142,8 +142,7 @@ class m_err {
global $mem,$cuid; global $mem,$cuid;
$f=@fopen($this->logfile,"ab"); $f=@fopen($this->logfile,"ab");
if ($f) { if ($f) {
if (!isset($_SERVER['REMOTE_ADDR'])) $_SERVER['REMOTE_ADDR']="::1"; fputs($f,date("d/m/Y H:i:s")." - " .get_remote_ip(). " - CALL - ");
fputs($f,date("d/m/Y H:i:s")." - " . $_SERVER['REMOTE_ADDR'] . " - CALL - ");
fputs($f,$mem->user["login"]." - "); fputs($f,$mem->user["login"]." - ");
fputs($f,$clsid." - ".$function." - ".$param."\n"); fputs($f,$clsid." - ".$function." - ".$param."\n");
fclose($f); fclose($f);

14
bureau/class/m_mem.php
View File

@ -104,18 +104,18 @@ class m_mem {
$aga = $authip->get_allowed('panel'); $aga = $authip->get_allowed('panel');
foreach ($aga as $k=>$v ) { foreach ($aga as $k=>$v ) {
if ( $authip->is_in_subnet(getenv("REMOTE_ADDR"), $v['ip'], $v['subnet']) ) $allowed=true ; if ( $authip->is_in_subnet(get_remote_ip(), $v['ip'], $v['subnet']) ) $allowed=true ;
} }
// Error if there is rules, the IP is not allowed and it's not in the whitelisted IP // Error if there is rules, the IP is not allowed and it's not in the whitelisted IP
if ( sizeof($aga)>1 && !$allowed_ip && !$authip->is_wl(getenv("REMOTE_ADDR")) ) { if ( sizeof($aga)>1 && !$allowed_ip && !$authip->is_wl(get_remote_ip()) ) {
$err->raise("mem",_("Your IP isn't allowed to connect")); $err->raise("mem",_("Your IP isn't allowed to connect"));
return false; return false;
} }
// End AuthIP // End AuthIP
if ($restrictip) { if ($restrictip) {
$ip="'".getenv("REMOTE_ADDR")."'"; $ip="'".get_remote_ip()."'";
} else $ip="''"; } else $ip="''";
/* Close sessions that are more than 2 days old. */ /* Close sessions that are more than 2 days old. */
$db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();"); $db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();");
@ -154,7 +154,7 @@ class m_mem {
$db->next_record(); $db->next_record();
$this->user=$db->Record; $this->user=$db->Record;
$cuid=$db->f("uid"); $cuid=$db->f("uid");
$ip=getenv("REMOTE_ADDR"); $ip=get_remote_ip();
$sess=md5(uniqid(mt_rand())); $sess=md5(uniqid(mt_rand()));
$_REQUEST["session"]=$sess; $_REQUEST["session"]=$sess;
$db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');"); $db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');");
@ -175,7 +175,7 @@ class m_mem {
function resetlast() { function resetlast() {
global $db,$cuid; global $db,$cuid;
$ip=addslashes(getenv("REMOTE_HOST")); $ip=addslashes(getenv("REMOTE_HOST"));
if (!$ip) $ip=addslashes(getenv("REMOTE_ADDR")); if (!$ip) $ip=addslashes(get_remote_ip());
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';"); $db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';");
} }
@ -227,7 +227,7 @@ class m_mem {
$err->raise("mem",_("Cookie incorrect, please accept the session cookie")); $err->raise("mem",_("Cookie incorrect, please accept the session cookie"));
return false; return false;
} }
$ip=getenv("REMOTE_ADDR"); $ip=get_remote_ip();
$db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'"); $db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'");
if ($db->num_rows()==0) { if ($db->num_rows()==0) {
$err->raise("mem",_("Session unknown, contact the administrator")); $err->raise("mem",_("Session unknown, contact the administrator"));
@ -306,7 +306,7 @@ class m_mem {
$err->raise("mem",_("Cookie incorrect, please accept the session cookie")); $err->raise("mem",_("Cookie incorrect, please accept the session cookie"));
return false; return false;
} }
$ip=getenv("REMOTE_ADDR"); $ip=get_remote_ip();
$db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'"); $db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'");
if ($db->num_rows()==0) { if ($db->num_rows()==0) {
$err->raise("mem",_("Session unknown, contact the administrator")); $err->raise("mem",_("Session unknown, contact the administrator"));