Loading...
 
Skip to main content

Adding an IP range option for clients in InterTiki

Status
Pending
Subject
Adding an IP range option for clients in InterTiki
Version
3.x
Category
  • Feature request
Feature
InterTiki
Rating
(0)
Description

The server settings for InterTiki do not allow user to specify an IP range of known IP's.

It'd be great if this could be added in the future in situations where the client does not have a static IP.

A quick fix is presented below for someone who really needs it-but I hope we can have a more permanent solution eventually. It allows the user to specify either an IP or an IP range in the server settings and validates the IP of the client accordingly. The IP range should be specified as:
xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy

Solution

In the file remote.php in the main tiki directory on the server machine, change the function validate to the following:

function validate($params) {
global $tikilib,$userlib,$prefs,$logslib;

$key = $params->getParam(0); $key = $key->scalarval();
$login = $params->getParam(1); $login = $login->scalarval();
$pass = $params->getParam(2); $pass = $pass->scalarval();
$slave = $params->getParam(3); $slave = $slave->scalarval();
$hashkey = $params->getParam(4); $hashkey = $hashkey->scalarval();

//Verify IP address
//Handle IP range
if ($pos = strpos($prefs'known_hosts'$key'ip', '-')){
$length=strlen($prefs'known_hosts'$key'ip');

$ipstart = ip2long'known_hosts'$key'ip',0, $pos" class="wiki wikinew text-danger tips substr">$prefs'known_hosts'$key'ip',0, $pos;
if ($ipstart < 0) $ipstart += pow(2,32);

$ipend = ip2long'known_hosts'$key'ip',$pos+1,$length-$pos" class="wiki wikinew text-danger tips substr">$prefs'known_hosts'$key'ip',$pos+1,$length-$pos;
if ($ipend < 0) $ipend += pow(2,32);

$ipserver = ip2long($_SERVER'REMOTE_ADDR');
if ($ipserver < 0) $ipserver += pow(2,32);

if($ipstart < $ipserver && $ipend > $ipserver ) { //check if REMOTE IP is within the range
$verified_ip = true;
}
} else {
//Handle single IP address
if ($prefs'known_hosts'$key'ip' == $_SERVER'REMOTE_ADDR') $verified_ip = true; //check known host IP with REMOTE IP
}


if (!isset($prefs'known_hosts'$key) or $verified_ip!=true ) { // changed if statement to look for verified_ip - last change by zorp
$msg = tra('Invalid server key').$_SERVER'REMOTE_ADDR';
if ($prefs'intertiki_errfile') logit($prefs'intertiki_errfile',$msg,$key,INTERTIKI_BADKEY,$prefs'known_hosts'$key'name');
$logslib->add_log('intertiki',$msg.' from '.$prefs'known_hosts'$key'name',$login);
return new XML_RPC_Response(0, 101, $msg);
}

list($isvalid, $dummy, $error) = $userlib->validate_user($login,$pass,,);
if(!$isvalid) {
$msg = tra('Invalid username or password');
if ($prefs'intertiki_errfile') logit($prefs'intertiki_errfile',$msg,$login,INTERTIKI_BADUSER,$prefs'known_hosts'$key'name');
$logslib->add_log('intertiki',$msg.' from '.$prefs'known_hosts'$key'name',$login);
if (!$userlib->user_exists($login)) {
// slave client is supposed to disguise 102 code as 101 not to show
// crackers that user does not exists. 102 is required for telling slave
// to delete user there
return new XML_RPC_Response(0, 102, $msg);
} else {
return new XML_RPC_Response(0, 101, $msg);
}
}
if ($prefs'intertiki_logfile') logit($prefs'intertiki_logfile',"logged",$login,INTERTIKI_OK,$prefs'known_hosts'$key'name');
$userlib->create_user_cookie($login,$hashkey);

if ($slave) {
$logslib->add_log('intertiki','auth granted from '.$prefs'known_hosts'$key'name',$login);
global $userlib;
$user_details = $userlib->get_user_details($login);
$user_info = $userlib->get_user_info($login);
$ret'avatarData' = new XML_RPC_Value($user_info'avatarData', "base64");
$ret'user_details' = new XML_RPC_Value(serialize($user_details), "string");
//$fp=fopen('temp/toto', 'w+');fwrite($fp, var_export($ret, true));fclose($fp);
return new XML_RPC_Response(new XML_RPC_Value($ret, "struct"));
} else {
$logslib->add_log('intertiki','auth granted from '.$prefs'known_hosts'$key'name',$login);
return new XML_RPC_Response(new XML_RPC_Value(1, "boolean"));
}
}

Importance
3
Priority
15
Demonstrate Bug on Tiki 19+
Demonstrate Bug (older Tiki versions)
Ticket ID
1878
Created
Tuesday 15 July, 2008 17:28:32 UTC
by Unknown
LastModif
Tuesday 15 July, 2008 17:30:14 UTC


Show PHP error messages