} else {
die("No command found. Should be admin.php <clean_expired|clean_async>.\n");
}
-} else {
+// Second check: Challenge by IP
+} elseif (true === jirafeau_challenge_admin_ip($cfg, get_ip_address($cfg))) {
/* Disable admin interface if we have a empty admin password. */
if (empty($cfg['admin_password']) && empty($cfg['admin_http_auth_user'])) {
require(JIRAFEAU_ROOT . 'lib/template/header.php');
}
require(JIRAFEAU_ROOT.'lib/template/footer.php');
+} else {
+ jirafeau_fatal_error(t('ACCESS_KO'), $cfg);
}
?>
Available options:
- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated.
+- `ADMIN_IP`: set one or more ip allowed to access admin interface (separated by comma).
- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/').
- `VAR_ROOT`: setup a specific path where to place files. default: '/data'.
- `FILE_HASH`: can be set to `md5`, `partial_md5` or `random` (default).
env_2_cfg_int($cfg, 'maximal_upload_size');
env_2_cfg_string_array($cfg, 'upload_password');
env_2_cfg_string_array($cfg, 'upload_ip');
+ env_2_cfg_string_array($cfg, 'admin_ip');
env_2_cfg_string_array($cfg, 'upload_ip_nopassword');
env_2_cfg_string_array($cfg, 'proxy_ip');
env_2_cfg_bool($cfg, 'store_uploader_ip');
*/
$cfg['admin_http_auth_user'] = '';
+/* List of IP allowed to access the admin interface.
+ * If the list is empty, then there is no admin interface restriction based on IP.
+ * Elements of the list can be a single IP (e.g. "123.45.67.89") or
+ * an IP range (e.g. "123.45.0.0/16").
+ * Note that CIDR notation is available for IPv4 only for the moment.
+ */
+$cfg['admin_ip'] = array();
+
/* Allow user to select different options for file expiration time.
* Possible values in array:
* 'minute': file is available for one minute
(jirafeau_challenge_upload_password($cfg, $password) && jirafeau_challenge_upload_ip($cfg, $ip));
}
+/**
+ * Check if Jirafeau has a restriction on the IP address for accessing the admin interface.
+ * @return true if admin interface is IP restricted, false otherwise.
+ */
+function jirafeau_admin_has_ip_restriction($cfg)
+{
+ return count($cfg['admin_ip']) > 0;
+}
+
+/**
+ * Test if visitor's IP is authorized to access the admin interface.
+ *
+ * @param $cfg configuration
+ * @param $challengedIp IP to be challenged
+ * @return true if IP is authorized, false otherwise.
+ */
+function jirafeau_challenge_admin_ip($cfg, $challengedIp)
+{
+ // If no IP address have been listed, allow upload from any IP
+ if (!jirafeau_admin_has_ip_restriction($cfg)) {
+ return true;
+ }
+ return jirafeau_challenge_ip($cfg['admin_ip'], $challengedIp);
+}
+
/** Tell if we have some HTTP headers generated by a proxy */
function has_http_forwarded()
{
git.p6c8.net / jirafeau.git / commitdiff