mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-05-06 15:46:37 +02:00
Basic IP white- and blacklisting (#178)
This commit is contained in:
Kevin @ Navigram
Prasath Mani
parent
4b4b48242e
commit
498804f8a5
13
.editorconfig
Normal file
13
.editorconfig
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
# Editor configuration, see https://editorconfig.org
|
||||
root = true
|
||||
|
||||
[*]
|
||||
charset = utf-8
|
||||
indent_style = space
|
||||
indent_size = 4
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
[*.md]
|
||||
max_line_length = off
|
||||
trim_trailing_whitespace = false
|
||||
|
|
@ -15,6 +15,7 @@ define('VERSION', '2.3.5');
|
|||
define('APP_TITLE', 'Tiny File Manager');
|
||||
|
||||
// Auth with login/password (set true/false to enable/disable it)
|
||||
// Is independent from IP white- and blacklisting
|
||||
$use_auth = true;
|
||||
|
||||
// Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
|
||||
|
|
@ -29,6 +30,27 @@ $readonly_users = array(
|
|||
'user'
|
||||
);
|
||||
|
||||
// Possible rules are 'OFF', 'AND' or 'OR'
|
||||
// OFF => Don't check connection IP, defaults to OFF
|
||||
// AND => Connection must be on the whitelist, and not on the blacklist
|
||||
// OR => Connection must be on the whitelist, or not on the blacklist
|
||||
$ip_ruleset = 'OFF';
|
||||
|
||||
// Should users be notified of their block?
|
||||
$ip_silent = true;
|
||||
|
||||
// IP-addresses, both ipv4 and ipv6
|
||||
$ip_whitelist = array(
|
||||
'127.0.0.1', // local ipv4
|
||||
'::1' // local ipv6
|
||||
);
|
||||
|
||||
// IP-addresses, both ipv4 and ipv6
|
||||
$ip_blacklist = array(
|
||||
'0.0.0.0', // non-routable meta ipv4
|
||||
'::' // non-routable meta ipv6
|
||||
);
|
||||
|
||||
// user specific directories
|
||||
// array('Username' => 'Directory path', 'Username2' => 'Directory path', ...)
|
||||
$directories_users = array();
|
||||
|
|
@ -167,6 +189,39 @@ if (isset($_GET['img'])) {
|
|||
fm_show_image($_GET['img']);
|
||||
}
|
||||
|
||||
// Validate connection IP
|
||||
if($ip_ruleset != 'OFF'){
|
||||
$clientIp = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
$proceed = false;
|
||||
|
||||
$whitelisted = in_array($clientIp, $ip_whitelist);
|
||||
$blacklisted = in_array($clientIp, $ip_blacklist);
|
||||
|
||||
if($ip_ruleset == 'AND'){
|
||||
if($whitelisted == true && $blacklisted == false){
|
||||
$proceed = true;
|
||||
}
|
||||
} else
|
||||
if($ip_ruleset == 'OR'){
|
||||
if($whitelisted == true || $blacklisted == false){
|
||||
$proceed = true;
|
||||
}
|
||||
}
|
||||
|
||||
if($proceed == false){
|
||||
trigger_error('User connection denied from: ' . $clientIp, E_USER_WARNING);
|
||||
|
||||
if($ip_silent == false){
|
||||
fm_set_msg('Access denied. IP restriction applicable', 'error');
|
||||
fm_show_header_login();
|
||||
fm_show_message();
|
||||
}
|
||||
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
// Auth
|
||||
if ($use_auth) {
|
||||
if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']])) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue