* finish task #2501.
This commit is contained in:
chenfeiCF
@@ -81,6 +81,10 @@ $config->file = new stdclass();
|
||||
$config->file->dangers = 'php,php3,php4,phtml,php5,jsp,py,rb,asp,asa,cer,cdx,aspl'; // Dangerous files.
|
||||
$config->file->maxSize = 1024 * 1024; // Max size.
|
||||
|
||||
/* IP white list settings.*/
|
||||
$config->ip = new stdclass();
|
||||
$config->ip->whiteList = '*';
|
||||
|
||||
/* View type settings. */
|
||||
$config->viewPrefix['mhtml'] = 'm.';
|
||||
|
||||
|
||||
@@ -658,6 +658,9 @@ class user extends control
|
||||
if($this->app->getViewType() == 'json') die(helper::removeUTF8Bom(json_encode(array('status' => 'failed', 'reason' => $failReason))));
|
||||
die(js::error($failReason));
|
||||
}
|
||||
|
||||
/* Check the login ip is in white list or not. */
|
||||
if(!$this->user->checkIP($this->server->remote_addr)) die(js::error($this->lang->user->ipLimited));
|
||||
|
||||
$user = $this->user->identify($account, $password);
|
||||
|
||||
|
||||
@@ -111,6 +111,7 @@ $lang->user->loginFailed = "Login failed, please check your account and passwor
|
||||
$lang->user->lockWarning = "You only have %s times to try.";
|
||||
$lang->user->loginLocked = "You try the password too many times, please contact the administrator or try again after %s minutes.";
|
||||
$lang->user->weakPassword = "Your password strength is less than the system settings.";
|
||||
$lang->user->ipLimited = "Login failed, this ip is limited.";
|
||||
|
||||
$lang->user->roleList[''] = '';
|
||||
$lang->user->roleList['dev'] = 'Developer';
|
||||
|
||||
@@ -111,6 +111,7 @@ $lang->user->loginFailed = "登录失败,请检查您的用户名或密码是
|
||||
$lang->user->lockWarning = "您还有%s次尝试机会。";
|
||||
$lang->user->loginLocked = "密码尝试次数太多,请联系管理员解锁,或%s分钟后重试。";
|
||||
$lang->user->weakPassword = "您的密码强度小于系统设定。";
|
||||
$lang->user->ipLimited = "登录失败,管理员限制当前IP登录。";
|
||||
|
||||
$lang->user->roleList[''] = '';
|
||||
$lang->user->roleList['dev'] = '研发';
|
||||
|
||||
@@ -525,6 +525,46 @@ class userModel extends model
|
||||
}
|
||||
return !dao::isError();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the ip is in white list.
|
||||
*
|
||||
* @access public
|
||||
* @param string $ip
|
||||
* @return bool
|
||||
*/
|
||||
public function checkIP($ip)
|
||||
{
|
||||
$allowIPs = $this->config->ip->whiteList;
|
||||
|
||||
/* If the ip white list is '*'. */
|
||||
if($allowIPs == '*') return true;
|
||||
|
||||
/* The ip is same as ip in white list. */
|
||||
if($ip == $allowIPs) return true;
|
||||
|
||||
/* If the ip in white list is like 192.168.1.1-192.168.1.10. */
|
||||
if(strpos($allowIPs, '-') !== false)
|
||||
{
|
||||
list($min, $max) = explode('-', $allowIPs);
|
||||
$min = ip2long(trim($min));
|
||||
$max = ip2long(trim($max));
|
||||
$ip = ip2long(trim($ip));
|
||||
|
||||
return $ip >= $min and $ip <= $max;
|
||||
}
|
||||
|
||||
/* If the ip in white list is in IP/CIDR format eg 127.0.0.1/24. Thanks to zcat. */
|
||||
if(strpos($allowIPs, '/') == false) $allowIPs .= '/32';
|
||||
list($allowIPs, $netmask) = explode('/', $allowIPs, 2);
|
||||
|
||||
$allowIPs = ip2long($allowIPs);
|
||||
$ip = ip2long($ip);
|
||||
$wildcard = pow(2, (32 - $netmask)) - 1;
|
||||
$netmask = ~ $wildcard;
|
||||
|
||||
return (($ip & $netmask) == ($allowIPs & $netmask));
|
||||
}
|
||||
|
||||
/**
|
||||
* Identify a user.
|
||||
|
||||
Reference in New Issue
Block a user