Commit | Line | Data |
---|---|---|
77b78309 FB |
1 | <?php |
2 | /*************************************************************************** | |
12262f13 | 3 | * Copyright (C) 2003-2011 Polytechnique.org * |
77b78309 FB |
4 | * http://opensource.polytechnique.org/ * |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
22 | /****************************************************************************** | |
23 | * Security functions | |
24 | *****************************************************************************/ | |
25 | ||
26 | function check_ip($level) | |
27 | { | |
28 | if (empty($_SERVER['REMOTE_ADDR'])) { | |
29 | return false; | |
30 | } | |
31 | if (empty($_SESSION['check_ip'])) { | |
32 | $ips = array(); | |
33 | if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { | |
34 | $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); | |
35 | } | |
36 | $ips[] = $_SERVER['REMOTE_ADDR']; | |
a42116d3 FB |
37 | foreach ($ips as $key=>$ip) { |
38 | $v = ip_to_uint($ip); | |
39 | if (is_null($v)) { | |
40 | unset($ips[$key]); | |
41 | } else { | |
42 | $ips[$key] = '(ip & mask) = (' . $v . '& mask)'; | |
43 | } | |
77b78309 FB |
44 | } |
45 | $res = XDB::query('SELECT state, description | |
46 | FROM ip_watch | |
47 | WHERE ' . implode(' OR ', $ips) . ' | |
48 | ORDER BY state DESC'); | |
49 | if ($res->numRows()) { | |
50 | $state = $res->fetchOneAssoc(); | |
51 | $_SESSION['check_ip'] = $state['state']; | |
52 | $_SESSION['check_ip_desc'] = $state['description']; | |
53 | } else { | |
54 | $_SESSION['check_ip'] = 'safe'; | |
55 | } | |
56 | } | |
57 | $test = array(); | |
58 | switch ($level) { | |
59 | case 'unsafe': $test[] = 'unsafe'; | |
60 | case 'dangerous': $test[] = 'dangerous'; | |
61 | case 'ban': $test[] = 'ban'; break; | |
62 | default: return false; | |
63 | } | |
64 | return in_array($_SESSION['check_ip'], $test); | |
65 | } | |
66 | ||
67 | function check_email($email, $message) | |
68 | { | |
69 | $res = XDB::query("SELECT state, description | |
06f4daf9 | 70 | FROM email_watch |
77b78309 FB |
71 | WHERE state != 'safe' AND email = {?}", $email); |
72 | if ($res->numRows()) { | |
73 | send_warning_mail($message); | |
74 | return true; | |
75 | } | |
76 | return false; | |
77 | } | |
78 | ||
79 | function check_account() | |
80 | { | |
37381e7c SJ |
81 | if (S::user()) { |
82 | return S::user()->watch; | |
83 | } | |
84 | return false; | |
77b78309 FB |
85 | } |
86 | ||
87 | function check_redirect($red = null) | |
88 | { | |
89 | require_once 'emails.inc.php'; | |
90 | if (is_null($red)) { | |
2f410395 FB |
91 | $user = S::user(); |
92 | $red = new Redirect($user); | |
77b78309 FB |
93 | } |
94 | if ($red->get_uid() == S::v('uid')) { | |
95 | $_SESSION['no_redirect'] = !$red->other_active(''); | |
96 | $_SESSION['mx_failures'] = $red->get_broken_mx(); | |
97 | } | |
98 | } | |
99 | ||
100 | function send_warning_mail($title) | |
101 | { | |
102 | global $globals; | |
103 | $mailer = new PlMailer(); | |
104 | $mailer->setFrom("webmaster@" . $globals->mail->domain); | |
105 | $mailer->addTo($globals->core->admin_email); | |
106 | $mailer->setSubject("[Plat/al Security Alert] $title"); | |
107 | $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" | |
108 | ."Identifiants de connexion :\n" . var_export($_SERVER, true)); | |
109 | $mailer->send(); | |
110 | } | |
111 | ||
112 | function kill_sessions() | |
113 | { | |
dd70cd28 | 114 | assert(S::admin()); |
77b78309 FB |
115 | shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); |
116 | } | |
117 | ||
118 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: | |
119 | ?> |