MDL-15244, add ability to block ip addresses.

2025-08-04 16:36:37 +02:00 · 2008-07-16 02:16:42 +00:00 · 2008-07-16 02:16:42 +00:00 · 4e63912156
commit 4e63912156
parent 972485277e
5 changed files with 90 additions and 79 deletions
--- a/admin/ipblocker.php
+++ b/admin/ipblocker.php
@ -1,44 +0,0 @@
-<?php // $Id$
-    require('../config.php');
-    require_once($CFG->libdir.'/adminlib.php');
-    $iplist = optional_param('list', '', PARAM_CLEAN);
-    admin_externalpage_setup('ipblocker');
-
-    if ($form = data_submitted()) {
-        if (confirm_sesskey()) {
-            $ips = explode("\n", $iplist); 
-            $result = array();
-            foreach($ips as $ip) {
-                if(preg_match('#^(\d{1,3})(\.\d{1,3}){0,3}$#', $ip, $match) ||
-                       preg_match('#^(\d{1,3})(\.\d{1,3}){0,3}(\/\d{1,2})$#', $ip, $match) ||
-                       preg_match('#^(\d{1,3})(\.\d{1,3}){3}(-\d{1,3})$#', $ip, $match)) {
-                    $result[] = $ip;
-                }
-            }
-            set_config('blockedip', serialize($result));
-        }
-    }
-
-    admin_externalpage_print_header();
-    $iplist = unserialize(get_config(null, 'blockedip'));
-    if(empty($iplist)) {
-        $iplist = array();
-    }
-    $str = '';
-    foreach($iplist as $ip){
-        $str .= $ip."\n";
-    }
-
-    echo '<div style="text-align:center;">';
-    echo '<form method="post">';
-    echo '<h1>'.get_string('blockediplist', 'admin').'</h1>';
-    print_textarea(false, 20, 50, 600, 400, "list", $str);
-    echo '<p><input type="hidden" name="sesskey" value="'.sesskey().'" />';
-    echo '<input type="submit" value="'.get_string('submit').'" />';
-    echo helpbutton('blockip', 'Help');
-    echo '</p>';
-    echo '</form>';
-    echo '</div>';
-
-    admin_externalpage_print_footer();
-?>
--- a/admin/settings/server.php
+++ b/admin/settings/server.php
@ -161,8 +161,13 @@ $ADMIN->add('server', $temp);

 $ADMIN->add('server', new admin_externalpage('maintenancemode', get_string('sitemaintenancemode', 'admin'), "$CFG->wwwroot/$CFG->admin/maintenance.php"));

-$ADMIN->add('server', new admin_externalpage('ipblocker', get_string('ipblocker', 'admin'), "$CFG->wwwroot/$CFG->admin/ipblocker.php"));
-
+$temp = new admin_settingpage('ipblocker', get_string('ipblocker', 'admin'));
+$temp->add(new admin_setting_configcheckbox('enableallowedip', get_string('enableallowedip', 'admin'), get_string('enableallowedipdesc', 'admin'), 0));
+$temp->add(new admin_setting_configiplist('allowedip', get_string('allowediplist', 'admin'),
+                                            '', ''));
+$temp->add(new admin_setting_configiplist('blockedip', get_string('blockediplist', 'admin'),
+                                            '', ''));
+$ADMIN->add('server', $temp);

 $temp = new admin_settingpage('cleanup', get_string('cleanup', 'admin'));
 $temp->add(new admin_setting_configselect('longtimenosee', get_string('longtimenosee', 'admin'), get_string('configlongtimenosee', 'admin'), 120, array(0 => get_string('never'),
--- a/lang/en_utf8/admin.php
+++ b/lang/en_utf8/admin.php
@ -7,6 +7,7 @@ $string['adminseesownevents'] = 'Administrators are just like other users';
 $string['allowcategorythemes'] = 'Allow category themes';
 $string['allowcoursethemes'] = 'Allow course themes';
 $string['allowdeletes'] = 'Allow deletes';
+$string['allowediplist'] = 'Allowed IP list';
 $string['allowemailaddresses'] = 'Allowed email domains';
 $string['allowobjectembed'] = 'Allow EMBED and OBJECT tags';
 $string['allowrenames'] = 'Allow renames';
@ -27,7 +28,7 @@ $string['backups'] = 'Backups';
 $string['badwordsconfig'] = 'Enter your list of bad words separated by commas.';
 $string['badwordsdefault'] = 'If the custom list is empty, a default list from the language pack will be used.';
 $string['badwordslist'] = 'Custom bad words list';
-$string['blockediplist'] = 'Blocked IP Address List';
+$string['blockediplist'] = 'Blocked IP List';
 $string['blockinstances'] = 'Instances';
 $string['blockmultiple'] = 'Multiple';
 $string['blocksettings'] = 'Manage blocks';
@ -334,6 +335,8 @@ $string['enablerecordcache'] = 'Enable Record Cache';
 $string['enablerssfeeds'] = 'Enable RSS feeds';
 $string['enablestats'] = 'Enable statistics';
 $string['enabletrusttext'] = 'Enable Trusted Content';
+$string['enableallowedip'] = 'Allow clients from these IPs';
+$string['enableallowedipdesc'] = 'If this option enabled, only IPs entered in allowed list are permitted, IPs are in blocked list are blocked at the same time.';
 $string['encoding'] = 'Encoding';
 $string['enrolmultipleusers'] = 'Enrol the users';
 $string['environment'] = 'Environment';
@ -415,6 +418,8 @@ $string['intcachemax'] = 'Int. cache max';
 $string['invalidsection'] = 'Invalid section.';
 $string['invaliduserchangeme'] = 'Username \"changeme\" is reserved -- you cannot create an account with it.';
 $string['ipblocker'] = 'IP Blocker';
+$string['ipinblockedlist'] = 'This site is not available currently.';
+$string['ipoutallowedlist'] = 'This site is not available currently.';
 $string['iplookup'] = 'IP address lookup';
 $string['iplookupinfo'] = '
 By default Moodle uses the free online NetGeo (The Internet Geographic Database) server to lookup location of IP addresses, unfortunately this database is not maintained anymore and may return <em>wildly incorrect</em> data.
--- a/lib/adminlib.php
+++ b/lib/adminlib.php
@ -2585,6 +2585,33 @@ class admin_setting_configtime extends admin_setting {

 }

+class admin_setting_configiplist extends admin_setting_configtextarea {
+    function validate($data) {
+        if(!empty($data)) {
+            $ips = explode("\n", $data); 
+        } else {
+            return true;
+        }
+        $result = true;
+        foreach($ips as $ip) {
+            $ip = trim($ip);
+            if(preg_match('#^(\d{1,3})(\.\d{1,3}){0,3}$#', $ip, $match) ||
+                   preg_match('#^(\d{1,3})(\.\d{1,3}){0,3}(\/\d{1,2})$#', $ip, $match) ||
+                   preg_match('#^(\d{1,3})(\.\d{1,3}){3}(-\d{1,3})$#', $ip, $match)) {
+                $result = true;
+            } else {
+                $result = false;
+                break;
+            }
+        }
+        if($result){
+            return true;
+        } else {
+            return get_string('validateerror', 'admin');
+        }
+    }
+}
+
 /**
 * Special checkbox for calendar - resets SESSION vars.
 */
--- a/lib/setup.php
+++ b/lib/setup.php
@ -527,14 +527,32 @@ global $HTTPSPAGEREQUIRED;
        }
    }

-    $iplist = unserialize(get_config(null, 'blockedip'));
-    if(!empty($iplist)) {
-        foreach($iplist as $ip) {
+    $allowediponly = get_config(null, 'enableallowedip');
+    if(!empty($allowediponly)){
+        $allowediplist = get_config(null, 'allowedip');
+        $blockediplist = get_config(null, 'blockedip');
+    } else {
+        $blockediplist = get_config(null, 'blockedip');
+    }
+    if(!empty($blockediplist)) {
+        $blockediplist = explode("\n", $blockediplist);
+        foreach($blockediplist as $ip) {
+            $ip = trim($ip);
            if(address_in_subnet(getremoteaddr(), $ip)){
                // Telling the banned user the site is not
                // available currently.
-                echo get_string('sitemaintenance', 'admin');
-                die;
+                die(get_string('ipinblockedlist', 'admin'));
+            } 
+        }
+    }
+    if(!empty($allowediplist)) {
+        $allowediplist = explode("\n", $allowediplist);
+        foreach($allowediplist as $ip) {
+            $ip = trim($ip);
+            if(!address_in_subnet(getremoteaddr(), $ip)){
+                // Telling users only specfied users are 
+                // allowed accessing this site.
+                die(get_string('ipoutallowedlist', 'admin'));
            } 
        }
    }