external-repos/pictshare
1
0
Fork 0
mirror of https://github.com/HaschekSolutions/pictshare.git synced 2025-11-20 15:08:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

added client subnet filter

Browse Source
This commit is contained in:
Anton Mitsengendler
2019-02-20 17:12:06 +03:00
parent 5f5b836a22
commit 8da3573ffb
4 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
inc/core.php
View File

@@ -24,6 +24,12 @@ function architect($url)
//just show the site
if( ( (!defined('UPLOAD_FORM_LOCATION') || (defined('UPLOAD_FORM_LOCATION') && !UPLOAD_FORM_LOCATION)) && count($u)==0) || (defined('UPLOAD_FORM_LOCATION') && UPLOAD_FORM_LOCATION && '/'.implode('/',$u)==UPLOAD_FORM_LOCATION) )
{
// check if client address is allowed
if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
{
header("HTTP/1.1 401 Unauthorized");
exit;
}
renderTemplate('main');
return;
}
@@ -500,4 +506,25 @@ function deleteHash($hash)
$c->deleteFile($hash);
}
}
}
/**
* Check if a given ip is in a network
* @param string $ip IP to check in IPV4 format eg. 127.0.0.1
* @param string $range IP/CIDR netmask eg. 127.0.0.0/24, also 127.0.0.1 is accepted and /32 assumed
* @return boolean true if the ip is in this range / false if not.
* via https://gist.github.com/tott/7684443
*/
function isIPInRange( $ip, $range ) {
if ( strpos( $range, '/' ) == false )
{
$range .= '/32';
}
// $range is in IP/CIDR format eg 127.0.0.1/24
list( $range, $netmask ) = explode( '/', $range, 2 );
$range_decimal = ip2long( $range );
$ip_decimal = ip2long( $ip );
$wildcard_decimal = pow( 2, ( 32 - $netmask ) ) - 1;
$netmask_decimal = ~ $wildcard_decimal;
return ( ( $ip_decimal & $netmask_decimal ) == ( $range_decimal & $netmask_decimal ) );
}