Fixed control for IP Ranges

2022-09-12 18:29:58 +02:00 · 2022-09-12 18:29:58 +02:00 · 51a2da89c9
parent 9cdb8788ff
commit 51a2da89c9
2 changed files with 59 additions and 1 deletions
--- a/pandora_console/include/functions_users.php
+++ b/pandora_console/include/functions_users.php
@ -877,3 +877,52 @@ function users_get_users_group_by_group($id_group)
    return $users;
 }
 /**
 * Check if IP is in range. Check wildcard `*`, single IP and IP ranges.
 *
 * @param array  $arrayIP List of IPs.
 * @param string $userIP  IP for determine if is in the list.
 *
 * @return boolean True if IP is in range.
 */
 function checkIPInRange(
    array $arrayIP,
    string $userIP=''
 ) {
    $output = false;
    if (empty($userIP) === true) {
        $userIP = $_SERVER['REMOTE_ADDR'];
    }
    if (empty($arrayIP) === false) {
        foreach ($arrayIP as $ip) {
            if ($ip === '*') {
                // The list has wildcard, this accept all IPs.
                $output = true;
                break;
            } else if ($ip === $userIP) {
                $output = true;
                break;
            } else if (preg_match('/([0-2]?[0-9]{1,2})[.]([0-2]?[0-9]{1,2})[.]([0-2]?[0-9]{0,2})[.](0){1}/', $ip) > 0) {
                $rangeArrayIP = explode('.', $ip);
                $userArrayIP = explode('.', $userIP);
                foreach ($rangeArrayIP as $position => $segmentIP) {
                    if ($segmentIP === $userArrayIP[$position]) {
                        $output = true;
                    } else if ((string) $segmentIP === '0') {
                        break 2;
                    } else {
                        $output = false;
                    }
                }
            } else {
                $output = false;
            }
        }
    }
    return $output;
 }
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -303,7 +303,16 @@ if (isset($config['id_user']) === false) {
        $user_info = users_get_user_by_id($nick);
        if ((bool) $user_info['allowed_ip_active'] === true) {
            $userIP = $_SERVER['REMOTE_ADDR'];
-            if ((strpos($user_info['allowed_ip_list'], '*') !== false || strpos($user_info['allowed_ip_list'], $userIP) !== false) === false) {
+            $allowedIP = false;
            $arrayIP = explode(',', $user_info['allowed_ip_list']);
            // By default, if the IP definition is no correct, allows all.
            if (empty($arrayIP) === true) {
                $allowedIP = true;
            } else {
                $allowedIP = checkIPInRange($arrayIP, $userIP);
            }
            if ($allowedIP === false) {
                $config['auth_error'] = 'IP not allowed';
                $login_failed = true;
                include_once 'general/login_page.php';