kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ToDo : Lien pour l'envoie de mail pour désactiver temporairement l'auth IP

This commit is contained in:
Alan Garcia 2011-06-03 17:08:44 +00:00
parent 9197261a1f
commit 9e2309c576
5 changed files with 109 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bureau/admin/index.php
View File

@ -59,6 +59,7 @@ if (!isset($restrictip)) {
<p>&nbsp;</p>
<?php if (isset($error) && $error) echo "<font color=red>$error</font>"; ?>
<?php
$authip_token=$_GET['authip_token'];
/*
if (!$_SERVER[HTTPS]) {
echo "<h4>ATTENTION : vous allez accéder à votre panel en mode *non sécurisé*<br/>
@ -69,6 +70,7 @@ if (!$_SERVER[HTTPS]) {
<div style="position: relative; left: 100px">
<table><tr><td style="width: 320px">
<?php __("To connect to the hosting control panel, enter your AlternC's login and password in the following form and click 'Enter'"); ?>
<?php if (!empty($authip_token)) { echo "<p style='color:red;'>";__("You are attemping to connect without IP restriction."); echo "</p>"; } ?>
</td><td>
<form action="login.php" method="post" target="_top">
<table border="0" style="border: 1px solid #202020;" cellspacing="0" cellpadding="3" width="300px" >
@ -77,6 +79,7 @@ if (!$_SERVER[HTTPS]) {
<tr><th align="right"><label for="password"><?php echo _("Password"); ?></label></th><td><input type="password" class="int" name="password" id="password" value="" maxlength="128" size="15" /></td></tr>
<tr><td colspan="2" align="center"><input type="submit" class="inb" name="submit" value="<?php __("Enter"); ?>" /><input type="hidden" id="restrictip" name="restrictip" value="1" /></td></tr>
</table>
<input type="hidden" id="authip_token" name="authip_token" value="<?php echo htmlentities($authip_token) ?>" />
</form>
</td></tr>

16
bureau/admin/ip_main.php
View File

@ -90,17 +90,25 @@ $lac = $authip->list_affected();
<p>
<input type="radio" name="s_protocol" id="s_protocol_<?php echo htmlentities($a['protocol']);?>" value="<?php echo htmlentities($a['protocol']);?>" />
<label for="s_protocol_<?php echo htmlentities($a['protocol']);?>"><?php echo htmlentities($a['name']); ?></label>
<select name="s_affect_<?php echo htmlentities($a['protocol']);?>" id="s_affect_<?php echo htmlentities($a['protocol']);?>">
<?php if ( sizeof($a['values']) > 1 ) { ?>
<select name="s_affect_<?php echo htmlentities($a['protocol']);?>" id="s_affect_<?php echo htmlentities($a['protocol']);?>">
<?php foreach ($a['values'] as $k => $v) { ?>
<option value="<?php echo htmlentities($k); ?>"><?php echo htmlentities($v); ?></option>
<?php } ?>
</select>
<?php } else { ?>
<?php foreach ($a['values'] as $k => $v) { ?>
<option value="<?php echo htmlentities($k); ?>"><?php echo htmlentities($v); ?></option>
<label><b><?php echo htmlentities($v); ?></b></label>
<input type=hidden name="s_affect_<?php echo htmlentities($a['protocol']);?>" id="s_affect_<?php echo htmlentities($a['protocol']);?>" value="<?php echo htmlentities($k); ?>" readonly>
<?php } ?>
</select>
<?php } ?>
</p>
<?php } ?>
</td><td valign="middle">
<p>
<select name="s_ipsub">
<?php foreach ($list_ip as $li) { ?>
<?php foreach ($list_ip as $li) { ?>
<option value="<?php echo $li['id']; ?>"><?php echo htmlentities($li['infos']); echo " - ".$li['ip'] ; if (!($li['subnet']==32 || $li['subnet'] == 128)) echo "/".$li['subnet'];?></option>
<?php } ?>
</select>

3
bureau/class/config.php
View File

@ -149,6 +149,7 @@ include_once("lang_env.php");
$mem=new m_mem();
$err=new m_err();
$authip=new m_authip();
/* Check the User identity (if required) */
if (!defined('NOCHECK')) {
@ -160,7 +161,7 @@ if (!defined('NOCHECK')) {
}
for($i=0;$i<count($classes);$i++) {
if ($classes[$i]!="mem" && $classes[$i]!="err") {
if (! in_array($classes[$i],Array('mem', 'err', 'authip'))) {
$name2=$classes[$i];
$name1="m_".$name2;
$$name2= new $name1();

45
bureau/class/m_authip.php
View File

@ -88,6 +88,51 @@ class m_authip {
return true;
}
/*
* Liste les IP et subnet authorisés
* pour une classe donnée
*
* @param string $s classe concernée
* @return array Retourne un tableau
*/
function get_allowed($s) {
global $db, $cuid;
if (! $db->query("select ai.ip, ai.subnet, ai.infos, aia.parameters from authorised_ip ai, authorised_ip_affected aia where aia.protocol='$s' and aia.authorised_ip_id = ai.id and ai.uid='$cuid';") ) {
echo "query failed: ".$db->Error;
return false;
}
$r=Array();
while ($db->next_record()) {
$r[]=Array("ip"=>$db->f("ip"), "subnet"=>$db->f("subnet"), "infos"=>$db->f("infos"), "parameters"=>$db->f("parameters"));
}
return $r;
}
function is_wl($ip) {
global $db;
if (! $db->query("select ai.ip, ai.subnet from authorised_ip ai where ai.uid='0';") ) {
echo "query failed: ".$db->Error;
return false;
}
while ($db->next_record()) {
if ( $this->is_in_subnet($ip, $db->f('ip'), $db->f('subnet') ) ) return true;
}
return false;
}
/*
* Retourne si l'ip appartient au subnet.
*
*/
function is_in_subnet($o, $ip, $sub) {
$o = inet_pton($o);
$ip = inet_pton($ip);
$sub = pow(2, $sub);
if ( $o >= $ip && $o <= ($ip+$sub) ) return true;
return false;
}
/*
* Sauvegarde une IP dans les IP TOUJOURS authorisée
*

53
bureau/class/m_mem.php
View File

@ -75,8 +75,8 @@ class m_mem {
* @param $password string User Password.
* @return boolean TRUE if the user has been successfully connected, or FALSE if an error occured.
*/
function login($username,$password,$restrictip=0) {
global $db,$err,$cuid;
function login($username,$password,$restrictip=0,$authip_token=false) {
global $db,$err,$cuid, $authip;
$err->log("mem","login",$username);
// $username=addslashes($username);
// $password=addslashes($password);
@ -97,6 +97,23 @@ class m_mem {
}
$this->user=$db->Record;
$cuid=$db->f("uid");
// AuthIP
$allowed_ip=false;
if ( $authip_token ) $allowed_ip = $this->authip_tokencheck($authip_token);
$aga = $authip->get_allowed('panel');
foreach ($aga as $k=>$v ) {
if ( $authip->is_in_subnet(getenv("REMOTE_ADDR"), $v['ip'], $v['subnet']) ) $allowed=true ;
}
// Error if there is rules, the IP is not allowed and it's not in the whitelisted IP
if ( sizeof($aga)>1 && !$allowed_ip && !$authip->is_wl(getenv("REMOTE_ADDR")) ) {
$err->raise("mem",42); // FIXME have a real error code -- Votre ip est pas authorisée
return false;
}
// End AuthIP
if ($restrictip) {
$ip="'".getenv("REMOTE_ADDR")."'";
} else $ip="''";
@ -160,6 +177,30 @@ class m_mem {
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';");
}
function authip_token($bis=false) {
global $db,$cuid;
$db->query("select pass from membres where uid='$cuid';");
$db->next_record();
$i=intval(time()/3600);
if ($bis) ++$i;
return md5("$i--".$db->f('pass'));
}
function authip_tokencheck($t) {
if ($t==$this->authip_token() || $t==$this->authip_token(true) ) return true;
return false;
}
function authip_class() {
global $cuid;
$c = Array();
$c['name']="Panel access";
$c['protocol']="panel";
$c['values']=Array($cuid=>'');
return $c;
}
/* ----------------------------------------------------------------- */
/** Vérifie que la session courante est correcte (cookie ok et ip valide).
* Si besoin, et si réception des champs username & password, crée une nouvelle
@ -171,7 +212,7 @@ class m_mem {
* @return TRUE si la session est correcte, FALSE sinon.
*/
function checkid() {
global $db,$err,$cuid,$restrictip;
global $db,$err,$cuid,$restrictip,$authip;
if ($_REQUEST["username"] && $_REQUEST["password"]) {
return $this->login($_REQUEST["username"],$_REQUEST["password"],$_REQUEST["restrictip"]);
}
@ -189,8 +230,8 @@ class m_mem {
$db->next_record();
if ($db->f("ip")) {
if ($db->f("me")!=$db->f("ip")) {
$err->raise("mem",5);
return false;
$err->raise("mem",5);
return false;
}
}
$cuid=$db->f("uid");
@ -215,7 +256,7 @@ class m_mem {
function su($uid) {
global $cuid,$db,$err;
if (!$this->olduid)
$this->olduid=$cuid;
$this->olduid=$cuid;
$db->query("select * from membres where uid='$uid';");
if ($db->num_rows()==0) {
$err->raise("mem",1);