Add inRanges() and validateRanges() methods to IpFilter class

classes/context/Context.class.php

@@ -1478,13 +1478,9 @@ class Context
 		}
 		
 		// Allow if the current user is in the list of allowed IPs.
-		$allowed_list = config('lock.allow');
-		foreach ($allowed_list as $allowed_ip)
+		if (Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, config('lock.allow')))
 		{
-			if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $allowed_ip))
-			{
-				return;
-			}
+			return;
 		}
 		
 		// Set headers and constants for backward compatibility.

classes/security/IpFilter.class.php

@@ -6,26 +6,12 @@ class IpFilter
 	public function filter($ip_list, $ip = NULL)
 	{
 		if(!$ip) $ip = $_SERVER['REMOTE_ADDR'];
-		foreach($ip_list as $filter)
-		{
-			if(Rhymix\Framework\IpFilter::inRange($ip, $filter))
-			{
-				return true;
-			}
-		}
-		return false;
+		return Rhymix\Framework\IpFilter::inRanges($ip, $ip_list);
 	}
 	
 	public function validate($ip_list = array())
 	{
-		foreach($ip_list as $filter)
-		{
-			if(!Rhymix\Framework\IpFilter::validateRange($filter))
-			{
-				return false;
-			}
-		}
-		return true;
+		return Rhymix\Framework\IpFilter::validateRanges($ip_list);
 	}
 	
 }

common/framework/debug.php

@@ -445,13 +445,9 @@ class Debug
 				return $cache = true;
 			
 			case 'ip':
-				$allowed_ip = Config::get('debug.allow');
-				foreach ($allowed_ip as $range)
+				if (IpFilter::inRanges(RX_CLIENT_IP, Config::get('debug.allow')))
 				{
-					if (IpFilter::inRange(RX_CLIENT_IP, $range))
-					{
-						return $cache = true;
-					}
+					return $cache = true;
 				}
 				return $cache = false;
 			

common/framework/ipfilter.php

@@ -66,6 +66,25 @@ class IpFilter
 		}
 	}
 	
+	/**
+	 * Check whether the given IP address belongs to a set of ranges.
+	 * 
+	 * @param string $ip
+	 * @param array $ranges
+	 * @return bool
+	 */
+	public static function inRanges($ip, array $ranges)
+	{
+		foreach ($ranges as $range)
+		{
+			if (self::inRange($ip, $range))
+			{
+				return true;
+			}
+		}
+		return false;
+	}
+	
 	/**
 	 * Check whether a range definition is valid.
 	 * 
@@ -91,6 +110,24 @@ class IpFilter
 		return false;
 	}
 	
+	/**
+	 * Check whether a set of range definitions is valid.
+	 * 
+	 * @param array $ranges
+	 * @return bool
+	 */
+	public static function validateRanges(array $ranges)
+	{
+		foreach ($ranges as $range)
+		{
+			if (!self::validateRange($range))
+			{
+				return false;
+			}
+		}
+		return true;
+	}
+	
 	/**
 	 * Get real IP from CloudFlare headers.
 	 * 

modules/admin/admin.admin.controller.php

@@ -587,7 +587,7 @@ class adminAdminController extends admin
 		$allowed_ip = array_unique(array_filter($allowed_ip, function($item) {
 			return $item !== '';
 		}));
-		if (!IpFilter::validate($whitelist)) {
+		if (!Rhymix\Framework\IpFilter::validateRanges($allowed_ip)) {
 			return new Object(-1, 'msg_invalid_ip');
 		}
 		
@@ -595,7 +595,7 @@ class adminAdminController extends admin
 		$denied_ip = array_unique(array_filter($denied_ip, function($item) {
 			return $item !== '';
 		}));
-		if (!IpFilter::validate($whitelist)) {
+		if (!Rhymix\Framework\IpFilter::validateRanges($denied_ip)) {
 			return new Object(-1, 'msg_invalid_ip');
 		}
 		
@@ -771,30 +771,17 @@ class adminAdminController extends admin
 		
 		if ($vars->sitelock_locked === 'Y')
 		{
-			$allowed_localhost = false;
-			$allowed_current = false;
-			foreach ($allowed_ip as $range)
-			{
-				if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range))
-				{
-					$allowed_localhost = true;
-				}
-				if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range))
-				{
-					$allowed_current = true;
-				}
-			}
-			if (!$allowed_localhost)
+			if (!Rhymix\Framework\IpFilter::inRanges('127.0.0.1', $allowed_ip))
 			{
 				array_unshift($allowed_ip, '127.0.0.1');
 			}
-			if (!$allowed_current)
+			if (!Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $allowed_ip))
 			{
 				array_unshift($allowed_ip, RX_CLIENT_IP);
 			}
 		}
 		
-		if (!IpFilter::validate($whitelist))
+		if (!Rhymix\Framework\IpFilter::validateRanges($allowed_ip))
 		{
 			return new Object(-1, 'msg_invalid_ip');
 		}

modules/admin/admin.admin.view.php

@@ -518,24 +518,11 @@ class adminAdminView extends admin
 		Context::set('sitelock_message', escape(Rhymix\Framework\Config::get('lock.message')));
 		
 		$allowed_ip = Rhymix\Framework\Config::get('lock.allow') ?: array();
-		$allowed_localhost = false;
-		$allowed_current = false;
-		foreach ($allowed_ip as $range)
-		{
-			if (Rhymix\Framework\IpFilter::inRange('127.0.0.1', $range))
-			{
-				$allowed_localhost = true;
-			}
-			if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range))
-			{
-				$allowed_current = true;
-			}
-		}
-		if (!$allowed_localhost)
+		if (!Rhymix\Framework\IpFilter::inRanges('127.0.0.1', $allowed_ip))
 		{
 			array_unshift($allowed_ip, '127.0.0.1');
 		}
-		if (!$allowed_current)
+		if (!Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $allowed_ip))
 		{
 			array_unshift($allowed_ip, RX_CLIENT_IP);
 		}

modules/member/member.admin.model.php

@@ -298,26 +298,12 @@ class memberAdminModel extends member
 	{
 		if ($allow_list = ($allow_list === null) ? config('admin.allow') : $allow_list)
 		{
-			foreach ($allow_list as $range)
-			{
-				if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range))
-				{
-					return true;
-				}
-			}
-			return false;
+			return Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $allow_list);
 		}
 		
 		if ($deny_list = ($deny_list === null) ? config('admin.deny') : $deny_list)
 		{
-			foreach ($deny_list as $range)
-			{
-				if (Rhymix\Framework\IpFilter::inRange(RX_CLIENT_IP, $range))
-				{
-					return false;
-				}
-			}
-			return true;
+			return !Rhymix\Framework\IpFilter::inRanges(RX_CLIENT_IP, $deny_list);
 		}
 		
 		return true;