maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

check remote-ip when ip-restriction is set in api_keys table

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-23 11:08:24 +01:00
parent d9ec214e17
commit 8930d2a1bf
3 changed files with 34 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api.php
View File

@@ -52,9 +52,13 @@ exit();
*
* @return void
*/
function json_response($status, $status_message, $data = null)
function json_response($status, $status_message = '', $data = null)
{
header("HTTP/1.1 " . $status);
$resheader = $_SERVER["SERVER_PROTOCOL"] . " " . $status;
if (! empty($status_message)) {
$resheader .= ' ' . $status_message;
}
header($resheader);
$response['status'] = $status;
$response['status_message'] = $status_message;

6
lib/classes/api/abstract.ApiCommand.php
View File

@@ -368,7 +368,11 @@ abstract class ApiCommand
*/
protected function response($status, $status_message, $data = null)
{
header("HTTP/1.1 " . $status);
$resheader = $_SERVER["SERVER_PROTOCOL"] . " " . $status;
if (! empty($status_message)) {
$resheader .= ' ' . $status_message;
}
header($resheader);
$response['status'] = $status;
$response['status_message'] = $status_message;

27
lib/classes/api/class.FroxlorRPC.php
View File

@@ -1,5 +1,20 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package API
* @since 0.10.0
*
*/
class FroxlorRPC
{
@@ -48,13 +63,17 @@ class FroxlorRPC
if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == -1 || $result['valid_until'] >= time())) {
if (!empty($result['allowed_from'])) {
$ip_list = explode(",", $result['allowed_from']);
$access_ip = $_SERVER['REMOTE_ADDR'];
// @fixme finish me
$ip_list = array_map('inet_pton', $ip_list);
$access_ip = inet_pton($_SERVER['REMOTE_ADDR']);
if (in_array($access_ip, $ip_list)) {
return true;
}
} else {
return true;
}
return true;
}
}
throw new Exception("Invalid authorization credentials", 400);
throw new Exception("Invalid authorization credentials", 403);
}
/**