diff --git a/config/config.php b/config/config.php index 3e26e09ff0..8644742c1e 100644 --- a/config/config.php +++ b/config/config.php @@ -81,6 +81,10 @@ $config->file = new stdclass(); $config->file->dangers = 'php,php3,php4,phtml,php5,jsp,py,rb,asp,asa,cer,cdx,aspl'; // Dangerous files. $config->file->maxSize = 1024 * 1024; // Max size. +/* IP white list settings.*/ +$config->ip = new stdclass(); +$config->ip->whiteList = '*'; + /* View type settings. */ $config->viewPrefix['mhtml'] = 'm.'; diff --git a/module/user/control.php b/module/user/control.php index ddc9243456..e0a4b69c3b 100644 --- a/module/user/control.php +++ b/module/user/control.php @@ -658,6 +658,9 @@ class user extends control if($this->app->getViewType() == 'json') die(helper::removeUTF8Bom(json_encode(array('status' => 'failed', 'reason' => $failReason)))); die(js::error($failReason)); } + + /* Check the login ip is in white list or not. */ + if(!$this->user->checkIP($this->server->remote_addr)) die(js::error($this->lang->user->ipLimited)); $user = $this->user->identify($account, $password); diff --git a/module/user/lang/en.php b/module/user/lang/en.php index a974237dc5..ed4dd732b5 100644 --- a/module/user/lang/en.php +++ b/module/user/lang/en.php @@ -111,6 +111,7 @@ $lang->user->loginFailed = "Login failed, please check your account and passwor $lang->user->lockWarning = "You only have %s times to try."; $lang->user->loginLocked = "You try the password too many times, please contact the administrator or try again after %s minutes."; $lang->user->weakPassword = "Your password strength is less than the system settings."; +$lang->user->ipLimited = "Login failed, this ip is limited."; $lang->user->roleList[''] = ''; $lang->user->roleList['dev'] = 'Developer'; diff --git a/module/user/lang/zh-cn.php b/module/user/lang/zh-cn.php index 3b4e2fd723..4bbed95909 100644 --- a/module/user/lang/zh-cn.php +++ b/module/user/lang/zh-cn.php @@ -111,6 +111,7 @@ $lang->user->loginFailed = "登录失败,请检查您的用户名或密码是 $lang->user->lockWarning = "您还有%s次尝试机会。"; $lang->user->loginLocked = "密码尝试次数太多,请联系管理员解锁,或%s分钟后重试。"; $lang->user->weakPassword = "您的密码强度小于系统设定。"; +$lang->user->ipLimited = "登录失败,管理员限制当前IP登录。"; $lang->user->roleList[''] = ''; $lang->user->roleList['dev'] = '研发'; diff --git a/module/user/model.php b/module/user/model.php index d6709702a2..4c474010f6 100644 --- a/module/user/model.php +++ b/module/user/model.php @@ -525,6 +525,46 @@ class userModel extends model } return !dao::isError(); } + + /** + * Check if the ip is in white list. + * + * @access public + * @param string $ip + * @return bool + */ + public function checkIP($ip) + { + $allowIPs = $this->config->ip->whiteList; + + /* If the ip white list is '*'. */ + if($allowIPs == '*') return true; + + /* The ip is same as ip in white list. */ + if($ip == $allowIPs) return true; + + /* If the ip in white list is like 192.168.1.1-192.168.1.10. */ + if(strpos($allowIPs, '-') !== false) + { + list($min, $max) = explode('-', $allowIPs); + $min = ip2long(trim($min)); + $max = ip2long(trim($max)); + $ip = ip2long(trim($ip)); + + return $ip >= $min and $ip <= $max; + } + + /* If the ip in white list is in IP/CIDR format eg 127.0.0.1/24. Thanks to zcat. */ + if(strpos($allowIPs, '/') == false) $allowIPs .= '/32'; + list($allowIPs, $netmask) = explode('/', $allowIPs, 2); + + $allowIPs = ip2long($allowIPs); + $ip = ip2long($ip); + $wildcard = pow(2, (32 - $netmask)) - 1; + $netmask = ~ $wildcard; + + return (($ip & $netmask) == ($allowIPs & $netmask)); + } /** * Identify a user.