| [ Index ] |
|
Code source de Horde 3.1.3 |
1 <?php 2 /** 3 * The Auth_ipbasic class provides access control based on CIDR masks 4 * (client IP addresses). It is not meant for user-based systems, but 5 * for times when you want a block of IPs to be able to access a site, 6 * and that access is simply on/off - no preferences, etc. If you need 7 * more sophisticated IP-based authentication, you should look at the 8 * Auth_ipmap class which lets you map IP blocks to specific 9 * usernames. 10 * 11 * Parameters: 12 * 'blocks' An array of CIDR masks which are allowed access. 13 * 14 * $Horde: framework/Auth/Auth/ipbasic.php,v 1.20.10.7 2006/01/01 21:28:07 jan Exp $ 15 * 16 * Copyright 1999-2006 Chuck Hagenbuch <chuck@horde.org> 17 * 18 * See the enclosed file COPYING for license information (LGPL). If you 19 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. 20 * 21 * @author Chuck Hagenbuch <chuck@horde.org> 22 * @since Horde 1.3 23 * @package Horde_Auth 24 */ 25 class Auth_ipbasic extends Auth { 26 27 /** 28 * An array of capabilities, so that the driver can report which 29 * operations it supports and which it doesn't. 30 * 31 * @var array 32 */ 33 var $capabilities = array('add' => false, 34 'update' => false, 35 'resetpassword' => false, 36 'remove' => false, 37 'list' => false, 38 'transparent' => true); 39 40 /** 41 * Constructs a new Basic IP authentication object. 42 * 43 * @param array $params A hash containing parameters. 44 */ 45 function Auth_ipbasic($params = array()) 46 { 47 $this->_setParams($params); 48 } 49 50 /** 51 * Set parameters for the Auth_ipbasic object. 52 * 53 * @access private 54 * 55 * @param array $params Should contain 'blocks', an array of CIDR masks. 56 */ 57 function _setParams($params) 58 { 59 if (empty($params['blocks'])) { 60 $params['blocks'] = array(); 61 } elseif (!is_array($params['blocks'])) { 62 $params['blocks'] = array($params['blocks']); 63 } 64 65 $this->_params = $params; 66 } 67 68 /** 69 * Automatic authentication: Find out if the client matches an allowed IP 70 * block. 71 * 72 * @return boolean Whether or not the client is allowed. 73 */ 74 function transparent() 75 { 76 if (!isset($_SERVER['REMOTE_ADDR'])) { 77 $this->_setAuthError(AUTH_REASON_MESSAGE, _("IP Address not available.")); 78 return false; 79 } 80 81 $client = $_SERVER['REMOTE_ADDR']; 82 foreach ($this->_params['blocks'] as $cidr) { 83 if ($this->_addressWithinCIDR($client, $cidr)) { 84 $this->setAuth($cidr, array('transparent' => 1)); 85 return true; 86 } 87 } 88 89 $this->_setAuthError(AUTH_REASON_MESSAGE, _("IP Address not within allowed CIDR block.")); 90 return false; 91 } 92 93 /** 94 * Determine if an IP address is within a CIDR block. 95 * 96 * @access private 97 * 98 * @param string $address The IP address to check. 99 * @param string $cidr The block (e.g. 192.168.0.0/16) to test against. 100 * 101 * @return boolean Whether or not the address matches the mask. 102 */ 103 function _addressWithinCIDR($address, $cidr) 104 { 105 $address = ip2long($address); 106 list($quad, $bits) = explode('/', $cidr); 107 $bits = intval($bits); 108 $quad = ip2long($quad); 109 110 return (($address >> (32 - $bits)) == ($quad >> (32 - $bits))); 111 } 112 113 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 18:01:28 2007 | par Balluche grâce à PHPXref 0.7 |