mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-02 01:52:10 +09:00
isCrawler, 관리자페이지 IP잠금, 사이트잠금 기능에서 ipfilter를 사용하도록 변경
This commit is contained in:
khongchi
parent
98d3408919
commit
5fae27d53c
11 changed files with 85 additions and 67 deletions
|
|
@ -215,10 +215,9 @@ class Context
|
|||
$this->loadDBInfo();
|
||||
if($this->db_info->use_sitelock == 'Y')
|
||||
{
|
||||
$whitelist = array('127.0.0.1', '::1', 'fe80::1');
|
||||
if(is_array($this->db_info->sitelock_whitelist)) $whitelist = array_merge($whitelist, $this->db_info->sitelock_whitelist);
|
||||
|
||||
if(!in_array($_SERVER['REMOTE_ADDR'], $whitelist))
|
||||
if(is_array($this->db_info->sitelock_whitelist)) $whitelist = $this->db_info->sitelock_whitelist;
|
||||
|
||||
if(!IpFilter::filter($whitelist))
|
||||
{
|
||||
$title = ($this->db_info->sitelock_title) ? $this->db_info->sitelock_title : 'Maintenance in progress...';
|
||||
$message = $this->db_info->sitelock_message;
|
||||
|
|
@ -486,7 +485,7 @@ class Context
|
|||
$self->set('_https_port', $db_info->https_port);
|
||||
|
||||
if(!$db_info->sitelock_whitelist) {
|
||||
$db_info->sitelock_whitelist = '127.0.0.1,::1,fe80::1';
|
||||
$db_info->sitelock_whitelist = '127.0.0.1';
|
||||
}
|
||||
|
||||
if(is_string($db_info->sitelock_whitelist)) {
|
||||
|
|
|
|||
|
|
@ -3,11 +3,12 @@
|
|||
|
||||
class IpFilter
|
||||
{
|
||||
public function filter($ip_list, $ip)
|
||||
public function filter($ip_list, $ip = NULL)
|
||||
{
|
||||
if(!$ip) $ip = $_SERVER['REMOTE_ADDR'];
|
||||
$long_ip = ip2long($ip);
|
||||
foreach($ip_list as $filter_ip)
|
||||
{
|
||||
{
|
||||
$range = explode('-', $filter_ip);
|
||||
if(!$range[1]) // single address type
|
||||
{
|
||||
|
|
@ -16,9 +17,9 @@ class IpFilter
|
|||
{
|
||||
if(strncmp($filter_ip, $ip, $star_pos)===0) return true;
|
||||
}
|
||||
else
|
||||
else if(strcmp($filter_ip, $ip)===0)
|
||||
{
|
||||
if(strcmp($filter_ip, $ip)===0) return true;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
else if(ip2long($range[0]) <= $long_ip && ip2long($range[1]) >= $long_ip)
|
||||
|
|
@ -26,7 +27,6 @@ class IpFilter
|
|||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -56,28 +56,26 @@ class IpFilter
|
|||
{
|
||||
/* 사용가능한 표현
|
||||
192.168.2.10 - 4자리의 정확한 ip주소
|
||||
192.168.*.* - 와일드카드(*)가 사용된 4자리의 ip주소, a클래스에는 와일드카드 사용불가, 와일드카드 이후의 아이피주소 허용(but, 처리시 와일드카드로 처리)
|
||||
192.168.*.* - 와일드카드(*)가 사용된 4자리의 ip주소, a클래스에는 와일드카드 사용불가,
|
||||
와일드카드 이후의 아이피주소 허용(단, filter()를 쓸 경우 와일드카드 이후 주소는 무시됨
|
||||
192.168.1.1-192.168.1.10 - '-'로 구분된 정확한 4자리의 ip주소 2개
|
||||
*/
|
||||
$regex = "/^
|
||||
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)
|
||||
(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
|
||||
(?:
|
||||
(?:
|
||||
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}
|
||||
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)-){1}
|
||||
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}
|
||||
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
|
||||
(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}
|
||||
(?:-(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){1}
|
||||
(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}
|
||||
)
|
||||
|
|
||||
(?:
|
||||
(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:\*))\.){2}
|
||||
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:\*))
|
||||
(?:\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|\*)){3}
|
||||
)
|
||||
)
|
||||
$/";
|
||||
|
||||
$regex = str_replace(array("\r\n", "\n", "\r","\t"," "), '', $regex);
|
||||
$regex = '/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)(?:(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)-){1}(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$))|(?:(?:(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:\*))\.){2}(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:\*))))$/';
|
||||
|
||||
foreach($ip_list as $i => $ip)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2617,6 +2617,14 @@
|
|||
<value xml:lang="vi"><![CDATA[Để trang trí giao diện bằng các Module. Bạn có thể điều chỉnh chúng bằng Menu trên đầu trang.]]></value>
|
||||
<value xml:lang="mn"><![CDATA[Лэйаут нь модиулын гадаад байдлыг чимж өгнө. Дээрх лэйаут менюнээс удирдаж болно]]></value>
|
||||
</item>
|
||||
<item name="about_ipaddress_input">
|
||||
<value xml:lang="ko"><![CDATA[IP주소 입력형식<br />1. 와일드카드(*) 사용가능(예: 192.168.0.*)<br />2. 하이픈(-)을 사용하여 대역으로 입력가능<br />(단, 대역폭으로 입력할 경우 와일드카드 사용불가. 예: 192.168.0.1-192.168.0.254)<br />3.여러개의 항목은 줄을 바꾸어 입력하세요]]></value>
|
||||
<value xml:lang="en"><![CDATA[IP address input format<br />You can use wildcard(*) (ex: 192.168.0.*)<br />You can use hyphen(*) for ip range (you can't use wild card with hyphen, ex: 192.168.0.1-192.168.0.254)<br />]]></value>
|
||||
</item>
|
||||
<item name="msg_invalid_ip">
|
||||
<value xml:lang="ko"><![CDATA[잘못된 IP주소 형식입니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[Specified IP address is invalid.]]></value>
|
||||
</item>
|
||||
<item name="msg_no_root">
|
||||
<value xml:lang="ko"><![CDATA[루트는 선택 할 수 없습니다.]]></value>
|
||||
<value xml:lang="en"><![CDATA[You cannot select a root.]]></value>
|
||||
|
|
|
|||
|
|
@ -265,6 +265,7 @@ if(!defined('__XE_LOADED_CLASS__'))
|
|||
require(_XE_PATH_ . 'classes/validator/Validator.class.php');
|
||||
require(_XE_PATH_ . 'classes/frontendfile/FrontEndFileHandler.class.php');
|
||||
require(_XE_PATH_ . 'classes/security/Security.class.php');
|
||||
require(_XE_PATH_ . 'classes/security/IpFilter.class.php');
|
||||
if(__DEBUG__)
|
||||
$GLOBALS['__elapsed_class_load__'] = getMicroTime() - __ClassLoadStartTime__;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1318,7 +1318,7 @@ function isCrawler($agent = NULL)
|
|||
|
||||
$check_agent = array('bot', 'spider', 'google', 'yahoo', 'daum', 'teoma', 'fish', 'hanrss', 'facebook');
|
||||
$check_ip = array(
|
||||
'211.245.21.11*' /* mixsh */
|
||||
'211.245.21.110-211.245.21.119' /* mixsh */
|
||||
);
|
||||
|
||||
foreach($check_agent as $str)
|
||||
|
|
@ -1329,17 +1329,7 @@ function isCrawler($agent = NULL)
|
|||
}
|
||||
}
|
||||
|
||||
$check_ip = '/^(' . implode($check_ip, '|') . ')/';
|
||||
$check_ip = str_replace('.', '\.', $check_ip);
|
||||
$check_ip = str_replace('*', '.+', $check_ip);
|
||||
$check_ip = str_replace('?', '.?', $check_ip);
|
||||
|
||||
if(preg_match($check_ip, $_SERVER['REMOTE_ADDR'], $matches))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
return IpFilter::filter($check_ip, '211.245.21.113');
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -489,11 +489,31 @@ class adminAdminController extends admin
|
|||
$db_info->use_sitelock = ($vars->use_sitelock) ? $vars->use_sitelock : 'N';
|
||||
$db_info->sitelock_title = $vars->sitelock_title;
|
||||
$db_info->sitelock_message = $vars->sitelock_message;
|
||||
$db_info->sitelock_whitelist = $vars->sitelock_whitelist;
|
||||
if(!$db_info->sitelock_whitelist) $db_info->sitelock_whitelist = '127.0.0.1';
|
||||
|
||||
$whitelist = $vars->sitelock_whitelist;
|
||||
$whitelist = preg_replace("/[\r|\n|\r\n]+/",",",$whitelist);
|
||||
$whitelist = preg_replace("/\s+/","",$whitelist);
|
||||
if(preg_match('/(<\?|<\?php|\?>)/xsm', $whitelist))
|
||||
{
|
||||
$whitelist = '';
|
||||
}
|
||||
$whitelist .= ',127.0.0.1';
|
||||
$whitelist = explode(',',trim($whitelist, ','));
|
||||
$whitelist = array_unique($whitelist);
|
||||
|
||||
FileHandler::writeFile(Context::getConfigFile(), $oInstallController->_getDBConfigFileContents($db_info));
|
||||
if(!IpFilter::validate($whitelist)) {
|
||||
return new Object(-1, 'msg_invalid_ip');
|
||||
}
|
||||
|
||||
$db_info->sitelock_whitelist = $whitelist;
|
||||
|
||||
$oInstallController = &getController('install');
|
||||
if(!$oInstallController->makeConfigFile())
|
||||
{
|
||||
return new Object(-1, 'msg_invalid_request');
|
||||
}
|
||||
|
||||
|
||||
if(!in_array(Context::getRequestMethod(), array('XMLRPC','JSON')))
|
||||
{
|
||||
$returnUrl = Context::get('success_return_url');
|
||||
|
|
@ -501,6 +521,12 @@ class adminAdminController extends admin
|
|||
header('location:' . $returnUrl);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -419,13 +419,15 @@ class adminAdminView extends admin
|
|||
Context::set('use_sitelock', $db_info->use_sitelock);
|
||||
Context::set('sitelock_title', $db_info->sitelock_title);
|
||||
Context::set('sitelock_message', htmlspecialchars($db_info->sitelock_message, ENT_COMPAT | ENT_HTML401, 'UTF-8', false));
|
||||
Context::set('sitelock_whitelist', implode(PHP_EOL, $db_info->sitelock_whitelist));
|
||||
|
||||
$whitelist = implode("\r\n", $db_info->sitelock_whitelist);
|
||||
Context::set('sitelock_whitelist', $whitelist);
|
||||
|
||||
$admin_ip_list = implode("\r\n", $db_info->admin_ip_list);
|
||||
Context::set('admin_ip_list', $admin_ip_list);
|
||||
|
||||
Context::set('lang_selected', Context::loadLangSelected());
|
||||
|
||||
$admin_ip_list = preg_replace("/[,]+/", "\r\n", $db_info->admin_ip_list);
|
||||
Context::set('admin_ip_list', $admin_ip_list);
|
||||
|
||||
$oAdminModel = getAdminModel('admin');
|
||||
$favicon_url = $oAdminModel->getFaviconUrl();
|
||||
$mobicon_url = $oAdminModel->getMobileIconUrl();
|
||||
|
|
|
|||
|
|
@ -140,7 +140,8 @@
|
|||
<div class="x_control-group">
|
||||
<label class="x_control-label" for="admin_ip_list">{$lang->admin_ip_limit} <a class="x_icon-question-sign" href="./admin/help/index.html#UMAN_config_general_admin_iplist" target="_blank">{$lang->help}</a></label>
|
||||
<div class="x_controls">
|
||||
<textarea name="admin_ip_list" id="admin_ip_list" rows="4" cols="42" placeholder="{$IP}({$lang->local_ip_address})" style="float:left;margin-right:10px">{$admin_ip_list}</textarea>
|
||||
<textarea name="admin_ip_list" id="admin_ip_list" rows="4" cols="42" placeholder="{$IP}({$lang->local_ip_address})" style="margin-right:10px">{$admin_ip_list}</textarea>
|
||||
<p class="x_help-block">{$lang->about_ipaddress_input}</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
|
|
@ -222,6 +223,8 @@
|
|||
<textarea name="sitelock_whitelist" id="sitelock_whitelist" rows="4" cols="42" placeholder="{$IP}({$lang->local_ip_address})" style="margin-right:10px">{$sitelock_whitelist}</textarea>
|
||||
<span class="x_help-block">{$lang->sitelock_warning_whitelist}</span>
|
||||
<span class="x_help-block">{$lang->your_ip} : {$remote_addr}</span>
|
||||
<br />
|
||||
<p class="x_help-block">{$lang->about_ipaddress_input}</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="x_control-group">
|
||||
|
|
|
|||
|
|
@ -49,15 +49,25 @@ class installAdminController extends install
|
|||
*/
|
||||
function procInstallAdminSaveTimeZone()
|
||||
{
|
||||
$db_info = Context::getDBInfo();
|
||||
|
||||
$admin_ip_list = Context::get('admin_ip_list');
|
||||
|
||||
$admin_ip_list = preg_replace("/[\r|\n|\r\n]+/",",",$admin_ip_list);
|
||||
$admin_ip_list = preg_replace("/\s+/","",$admin_ip_list);
|
||||
if(preg_match('/(<\?|<\?php|\?>)/xsm', $admin_ip_list))
|
||||
if($admin_ip_list)
|
||||
{
|
||||
$admin_ip_list = '';
|
||||
$admin_ip_list = preg_replace("/[\r|\n|\r\n]+/",",",$admin_ip_list);
|
||||
$admin_ip_list = preg_replace("/\s+/","",$admin_ip_list);
|
||||
if(preg_match('/(<\?|<\?php|\?>)/xsm', $admin_ip_list))
|
||||
{
|
||||
$admin_ip_list = '';
|
||||
}
|
||||
$admin_ip_list = explode(',',trim($admin_ip_list, ','));
|
||||
$admin_ip_list = array_unique($admin_ip_list);
|
||||
if(!IpFilter::validate($admin_ip_list)) {
|
||||
return new Object(-1, 'msg_invalid_ip');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$default_url = Context::get('default_url');
|
||||
if($default_url && strncasecmp('http://', $default_url, 7) !== 0 && strncasecmp('https://', $default_url, 8) !== 0) $default_url = 'http://'.$default_url;
|
||||
|
||||
|
|
@ -82,7 +92,6 @@ class installAdminController extends install
|
|||
$use_html5 = Context::get('use_html5');
|
||||
if(!$use_html5) $use_html5 = 'N';
|
||||
|
||||
$db_info = Context::getDBInfo();
|
||||
$db_info->default_url = $default_url;
|
||||
$db_info->qmail_compatibility = $qmail_compatibility;
|
||||
$db_info->use_db_session = $use_db_session;
|
||||
|
|
|
|||
|
|
@ -553,10 +553,8 @@ class installController extends install
|
|||
{
|
||||
$tmpValue = $this->_getDbConnText($key, $val, true);
|
||||
}
|
||||
else if($key == 'sitelock_whitelist')
|
||||
else if($key == 'sitelock_whitelist' || $key == 'admin_ip_list')
|
||||
{
|
||||
if(!is_array($val)) $val = preg_split("/[\r\n|\r|\n]+/", $val);
|
||||
$val = array_unique($val);
|
||||
$tmpValue = sprintf('$db_info->%s = array(\'%s\');' . PHP_EOL, $key, implode('\', \'', $val));
|
||||
}
|
||||
else
|
||||
|
|
@ -578,7 +576,6 @@ class installController extends install
|
|||
|
||||
$buff[] = $tmpValue;
|
||||
}
|
||||
$buff[] = "?>";
|
||||
|
||||
return implode(PHP_EOL, $buff);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -294,24 +294,9 @@ class memberAdminModel extends member
|
|||
{
|
||||
$db_info = Context::getDBInfo();
|
||||
$admin_ip_list = $db_info->admin_ip_list;
|
||||
$admin_ip_list = explode(",",$admin_ip_list);
|
||||
$oMemberModel = &getModel('member');
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
$falg = false;
|
||||
foreach($admin_ip_list as $admin_ip_list_key => $admin_ip_value)
|
||||
{
|
||||
if(preg_match('/^\d{1,3}(?:.(\d{1,3}|\*)){3}\s*$/', $admin_ip_value, $matches) && $ip)
|
||||
{
|
||||
$admin_ip = $matches[0];
|
||||
$admin_ip = str_replace('*','',$admin_ip);
|
||||
$admin_ip_patterns[] = preg_quote($admin_ip);
|
||||
$admin_ip_pattern = '/^('.implode($admin_ip_patterns,'|').')/';
|
||||
if(preg_match($admin_ip_pattern, $ip, $matches)) return true;
|
||||
$flag = true;
|
||||
}
|
||||
}
|
||||
if(!$flag) return true;
|
||||
return false;
|
||||
if(!is_array($admin_ip_list)) $admin_ip_list = explode(',',$admin_ip_list);
|
||||
if(!count($admin_ip_list) || IpFilter::filter($admin_ip_list)) return true;
|
||||
else return false;
|
||||
}
|
||||
}
|
||||
/* End of file member.admin.model.php */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue