KUNTUL | JINGKONTOT
JINGKONTOT


Server : Apache/2.4.41 (Ubuntu)
System : Linux journalup 5.4.0-198-generic #218-Ubuntu SMP Fri Sep 27 20:18:53 UTC 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Directory :  /var/www/phpwinfx/libraries/classes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/phpwinfx/libraries/classes/IpAllowDeny.php
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * This library is used with the server IP allow/deny host authentication
 * feature
 *
 * @package PhpMyAdmin
 */
namespace PhpMyAdmin;

use PhpMyAdmin\Core;

require_once './libraries/hash.lib.php';

/**
 * PhpMyAdmin\IpAllowDeny class
 *
 * @package PhpMyAdmin
 */
class IpAllowDeny
{
    /**
     * Matches for IPv4 or IPv6 addresses
     *
     * @param string $testRange string of IP range to match
     * @param string $ipToTest  string of IP to test against range
     *
     * @return boolean    whether the IP mask matches
     *
     * @access  public
     */
    public static function ipMaskTest($testRange, $ipToTest)
    {
        if (mb_strpos($testRange, ':') > -1
            || mb_strpos($ipToTest, ':') > -1
        ) {
            // assume IPv6
            $result = self::ipv6MaskTest($testRange, $ipToTest);
        } else {
            $result = self::ipv4MaskTest($testRange, $ipToTest);
        }

        return $result;
    } // end of the "self::ipMaskTest()" function

    /**
     * Based on IP Pattern Matcher
     * Originally by J.Adams <[email protected]>
     * Found on <https://secure.php.net/manual/en/function.ip2long.php>
     * Modified for phpMyAdmin
     *
     * Matches:
     * xxx.xxx.xxx.xxx        (exact)
     * xxx.xxx.xxx.[yyy-zzz]  (range)
     * xxx.xxx.xxx.xxx/nn     (CIDR)
     *
     * Does not match:
     * xxx.xxx.xxx.xx[yyy-zzz]  (range, partial octets not supported)
     *
     * @param string $testRange string of IP range to match
     * @param string $ipToTest  string of IP to test against range
     *
     * @return boolean    whether the IP mask matches
     *
     * @access  public
     */
    public static function ipv4MaskTest($testRange, $ipToTest)
    {
        $result = true;
        $match = preg_match(
            '|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|',
            $testRange,
            $regs
        );
        if ($match) {
            // performs a mask match
            $ipl    = ip2long($ipToTest);
            $rangel = ip2long(
                $regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]
            );

            $maskl  = 0;

            for ($i = 0; $i < 31; $i++) {
                if ($i < $regs[5] - 1) {
                    $maskl = $maskl + pow(2, (30 - $i));
                } // end if
            } // end for

            return ($maskl & $rangel) == ($maskl & $ipl);
        }

        // range based
        $maskocts = explode('.', $testRange);
        $ipocts   = explode('.', $ipToTest);

        // perform a range match
        for ($i = 0; $i < 4; $i++) {
            if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
                if (($ipocts[$i] > $regs[2]) || ($ipocts[$i] < $regs[1])) {
                    $result = false;
                } // end if
            } else {
                if ($maskocts[$i] <> $ipocts[$i]) {
                    $result = false;
                } // end if
            } // end if/else
        } //end for

        return $result;
    } // end of the "self::ipv4MaskTest()" function

    /**
     * IPv6 matcher
     * CIDR section taken from https://stackoverflow.com/a/10086404
     * Modified for phpMyAdmin
     *
     * Matches:
     * xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
     * (exact)
     * xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:[yyyy-zzzz]
     * (range, only at end of IP - no subnets)
     * xxxx:xxxx:xxxx:xxxx/nn
     * (CIDR)
     *
     * Does not match:
     * xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx[yyy-zzz]
     * (range, partial octets not supported)
     *
     * @param string $test_range string of IP range to match
     * @param string $ip_to_test string of IP to test against range
     *
     * @return boolean    whether the IP mask matches
     *
     * @access  public
     */
    public static function ipv6MaskTest($test_range, $ip_to_test)
    {
        $result = true;

        // convert to lowercase for easier comparison
        $test_range = mb_strtolower($test_range);
        $ip_to_test = mb_strtolower($ip_to_test);

        $is_cidr = mb_strpos($test_range, '/') > -1;
        $is_range = mb_strpos($test_range, '[') > -1;
        $is_single = ! $is_cidr && ! $is_range;

        $ip_hex = bin2hex(inet_pton($ip_to_test));

        if ($is_single) {
            $range_hex = bin2hex(inet_pton($test_range));
            $result = hash_equals($ip_hex, $range_hex);
            return $result;
        }

        if ($is_range) {
            // what range do we operate on?
            $range_match = array();
            $match = preg_match(
                '/\[([0-9a-f]+)\-([0-9a-f]+)\]/', $test_range, $range_match
            );
            if ($match) {
                $range_start = $range_match[1];
                $range_end   = $range_match[2];

                // get the first and last allowed IPs
                $first_ip  = str_replace($range_match[0], $range_start, $test_range);
                $first_hex = bin2hex(inet_pton($first_ip));
                $last_ip   = str_replace($range_match[0], $range_end, $test_range);
                $last_hex  = bin2hex(inet_pton($last_ip));

                // check if the IP to test is within the range
                $result = ($ip_hex >= $first_hex && $ip_hex <= $last_hex);
            }
            return $result;
        }

        if ($is_cidr) {
            // Split in address and prefix length
            list($first_ip, $subnet) = explode('/', $test_range);

            // Parse the address into a binary string
            $first_bin = inet_pton($first_ip);
            $first_hex = bin2hex($first_bin);

            $flexbits = 128 - $subnet;

            // Build the hexadecimal string of the last address
            $last_hex = $first_hex;

            $pos = 31;
            while ($flexbits > 0) {
                // Get the character at this position
                $orig = mb_substr($last_hex, $pos, 1);

                // Convert it to an integer
                $origval = hexdec($orig);

                // OR it with (2^flexbits)-1, with flexbits limited to 4 at a time
                $newval = $origval | (pow(2, min(4, $flexbits)) - 1);

                // Convert it back to a hexadecimal character
                $new = dechex($newval);

                // And put that character back in the string
                $last_hex = substr_replace($last_hex, $new, $pos, 1);

                // We processed one nibble, move to previous position
                $flexbits -= 4;
                --$pos;
            }

            // check if the IP to test is within the range
            $result = ($ip_hex >= $first_hex && $ip_hex <= $last_hex);
        }

        return $result;
    } // end of the "self::ipv6MaskTest()" function

    /**
     * Runs through IP Allow/Deny rules the use of it below for more information
     *
     * @param string $type 'allow' | 'deny' type of rule to match
     *
     * @return bool   Whether rule has matched
     *
     * @access  public
     *
     * @see     Core::getIp()
     */
    public static function allowDeny($type)
    {
        global $cfg;

        // Grabs true IP of the user and returns if it can't be found
        $remote_ip = Core::getIp();
        if (empty($remote_ip)) {
            return false;
        }

        // copy username
        $username  = $cfg['Server']['user'];

        // copy rule database
        if (isset($cfg['Server']['AllowDeny']['rules'])) {
            $rules     = $cfg['Server']['AllowDeny']['rules'];
            if (! is_array($rules)) {
                $rules = array();
            }
        } else {
            $rules = array();
        }

        // lookup table for some name shortcuts
        $shortcuts = array(
            'all'       => '0.0.0.0/0',
            'localhost' => '127.0.0.1/8'
        );

        // Provide some useful shortcuts if server gives us address:
        if (Core::getenv('SERVER_ADDR')) {
            $shortcuts['localnetA'] = Core::getenv('SERVER_ADDR') . '/8';
            $shortcuts['localnetB'] = Core::getenv('SERVER_ADDR') . '/16';
            $shortcuts['localnetC'] = Core::getenv('SERVER_ADDR') . '/24';
        }

        foreach ($rules as $rule) {
            // extract rule data
            $rule_data = explode(' ', $rule);

            // check for rule type
            if ($rule_data[0] != $type) {
                continue;
            }

            // check for username
            if (($rule_data[1] != '%') //wildcarded first
                && (! hash_equals($rule_data[1], $username))
            ) {
                continue;
            }

            // check if the config file has the full string with an extra
            // 'from' in it and if it does, just discard it
            if ($rule_data[2] == 'from') {
                $rule_data[2] = $rule_data[3];
            }

            // Handle shortcuts with above array
            if (isset($shortcuts[$rule_data[2]])) {
                $rule_data[2] = $shortcuts[$rule_data[2]];
            }

            // Add code for host lookups here
            // Excluded for the moment

            // Do the actual matching now
            if (self::ipMaskTest($rule_data[2], $remote_ip)) {
                return true;
            }
        } // end while

        return false;
    } // end of the "self::allowDeny()" function
}

KUNTUL | JINGKONTOT |