1<?php
2/**
3 * Action Plugin to limit logins to selected ip addresses
4 * @author  Myron Turner
5 *
6 */
7
8if (!defined('DOKU_INC'))
9{
10    die();
11}
12
13class action_plugin_abortlogin extends DokuWiki_Action_Plugin
14{
15
16    function register(Doku_Event_Handler $controller)
17    {
18        $controller->register_hook('DOKUWIKI_STARTED', 'BEFORE', $this, 'dw_start');
19    }
20
21    function dw_start(&$event, $param)
22    {
23      global $ACT, $INPUT, $USERINFO;
24      $ip = $_SERVER['REMOTE_ADDR'];
25      if(!$this->getConf('enable_test')) {
26         return;
27      }
28     if(file_exists(DOKU_PLUGIN . 'abortlogin/disabled')) {
29          msg("Remove the disabled file from the plugin directory when you are finished setting up. Your current IP is $ip",2);
30         return;
31     }
32      if($ACT != 'login') return;
33
34      $u = $INPUT->str('u'); $p=$INPUT->str('p');  $action = $INPUT->post->str('do');
35      $test = $this->getConf('test');
36      $allowed = $this->getConf('allowed');
37
38      if($_REQUEST['do'] =='admin' && empty($_REQUEST['http_credentials']) && empty($USERINFO)) {
39             header("HTTP/1.0 403 Forbidden");
40             exit("<div style='text-align:center; padding-top:2em;'><h1>403: Login Forbidden</h1></div>");
41       }
42
43      if( !empty($u) && !empty($p) && $action != 'login'  ) {
44              header("HTTP/1.0 403 Forbidden");
45              exit("<div style='text-align:center; padding-top:2em;'><h1>403: Login Forbidden</h1></div>");
46      }
47
48
49       if( empty($u) && empty($p) && empty($_REQUEST['http_credentials']) && !empty($USERINFO) && !$this->is_allowed($allowed, $ip)){
50             unset($USERINFO) ;
51             global $ACT;  $ACT = 'logout';
52      }
53
54      if($test && isset($USERINFO) && in_array('admin', $USERINFO['grps'])) {
55          $tests = explode(',',$test);
56          foreach ($tests as $test) {
57              $test = trim($test);
58              if(!$this->is_allowed($allowed, $test)) {
59                  msg("$test is not a valid IP");
60              }
61               else  msg("$test is a valid IP",2);
62          }
63          return;
64      }
65
66      if($ACT == 'login' && !$this->is_allowed($allowed, $ip)) {
67              if($this->getConf('log')) {
68              $this->log($ip);
69             }
70              header("HTTP/1.0 403 Forbidden");
71              exit("<div style='text-align:center; padding-top:2em;'><h1>403: Login Not Available</h1></div>");
72
73        }
74    }
75
76     function is_allowed($allowed, $ip) {
77         static $cache = '';
78
79         if($cache) {
80              $allowed = $cache;
81         }
82         else {
83         $allowed = trim($allowed,', ');
84         $allowed = preg_quote($allowed);
85         $allowed=str_replace(array(' ', ','), array("",'|'),$allowed);
86             $cache = $allowed;
87         }
88
89         if(!$allowed ) return false;  // if allowed string is empty then all ips are allowed
90         if( preg_match("/" . $allowed . "/", $ip) ) {
91               return true;
92        }
93        return false;
94     }
95
96     function log($ip) {
97        $log = metaFN('abortlogin:aborted_ip','.log');
98        io_saveFile($log,"$ip\n",1);
99     }
100}
101?>
102