File Horde/Auth/Ipbasic.php

  1: <?php
  2: /**
  3:  * The Horde_Auth_Ipbasic class provides access control based on CIDR masks
  4:  * (client IP addresses). It is not meant for user-based systems, but
  5:  * for times when you want a block of IPs to be able to access a site,
  6:  * and that access is simply on/off - no preferences, etc.
  7:  *
  8:  * Copyright 1999-2012 Horde LLC (http://www.horde.org/)
  9:  *
 10:  * See the enclosed file COPYING for license information (LGPL). If you did
 11:  * not receive this file, http://www.horde.org/licenses/lgpl21
 12:  *
 13:  * @author   Chuck Hagenbuch <chuck@horde.org>
 14:  * @category Horde
 15:  * @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
 16:  * @package  Auth
 17:  */
 18: class Horde_Auth_Ipbasic extends Horde_Auth_Base
 19: {
 20:     /**
 21:      * An array of capabilities, so that the driver can report which
 22:      * operations it supports and which it doesn't.
 23:      *
 24:      * @var array
 25:      */
 26:     protected $_capabilities = array(
 27:         'transparent' => true
 28:     );
 29: 
 30:     /**
 31:      * Constructor.
 32:      *
 33:      * @param array $params  Optional Parameters:
 34:      * <pre>
 35:      * 'blocks' - (array) CIDR masks which are allowed access.
 36:      * </pre>
 37:      */
 38:     public function __construct(array $params = array())
 39:     {
 40:         if (empty($params['blocks'])) {
 41:             $params['blocks'] = array();
 42:         } elseif (!is_array($params['blocks'])) {
 43:             $params['blocks'] = array($params['blocks']);
 44:         }
 45: 
 46:         parent::__construct($params);
 47:     }
 48: 
 49:     /**
 50:      * Automatic authentication: Find out if the client matches an allowed IP
 51:      * block.
 52:      *
 53:      * @return boolean  Whether or not the client is allowed.
 54:      */
 55:     public function transparent()
 56:     {
 57:         if (isset($_SERVER['REMOTE_ADDR'])) {
 58:             foreach ($this->_params['blocks'] as $cidr) {
 59:                 if ($this->_addressWithinCIDR($_SERVER['REMOTE_ADDR'], $cidr)) {
 60:                     $this->_credentials['userId'] = $cidr;
 61:                     return true;
 62:                 }
 63:             }
 64:         }
 65: 
 66:         return false;
 67:     }
 68: 
 69:     /**
 70:      * Authentication stub.
 71:      *
 72:      * On failure, Horde_Auth_Exception should pass a message string (if any)
 73:      * in the message field, and the Horde_Auth::REASON_* constant in the code
 74:      * field (defaults to Horde_Auth::REASON_MESSAGE).
 75:      *
 76:      * @param string $userID      The userID to check.
 77:      * @param array $credentials  An array of login credentials.
 78:      *
 79:      * @throws Horde_Auth_Exception
 80:      */
 81:     protected function _authenticate($userId, $credentials)
 82:     {
 83:         throw new Horde_Auth_Exception('Unsupported.');
 84:     }
 85: 
 86:     /**
 87:      * Determine if an IP address is within a CIDR block.
 88:      *
 89:      * @param string $address  The IP address to check.
 90:      * @param string $cidr     The block (e.g. 192.168.0.0/16) to test against.
 91:      *
 92:      * @return boolean  Whether or not the address matches the mask.
 93:      */
 94:     protected function _addressWithinCIDR($address, $cidr)
 95:     {
 96:         $address = ip2long($address);
 97:         list($quad, $bits) = explode('/', $cidr);
 98:         $bits = intval($bits);
 99:         $quad = ip2long($quad);
100: 
101:         return (($address >> (32 - $bits)) == ($quad >> (32 - $bits)));
102:     }
103: 
104: }
105:
Packages

Classes
