View source
<?php
function restrict_ip_menu() {
$menu['admin/config/people/restrict_ip'] = array(
'title' => 'IP Address Whitelist',
'description' => 'Set the list of IP addresses that will be allowed to access the site',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'restrict_ip_settings',
),
'access arguments' => array(
'Administer Restricted IP addresses',
),
);
$menu['restrict_ip/access_denied'] = array(
'title' => 'Access Denied',
'page callback' => 'denied',
);
return $menu;
}
function restrict_ip_permission() {
return array(
'Administer Restricted IP addresses' => array(
'title' => 'Administer Restricted IP addresses',
'description' => 'Allows the user to set admitted IP addresses',
),
);
}
function restrict_ip_settings() {
$form['restrict_ip_address_description'] = array(
'#markup' => '<h2>' . t('Enter the list of allowed IP addresses below') . '</h2><p><strong style="color:red">' . t("Warning: If you don't enter your current IP address into the list, you will immediately be locked out of the system upon save, and will not be able to access the system until you are in a location with an allowed IP address.") . '</strong></p><p><strong>' . t('Your current IP address is: !ip_address', array(
'!ip_address' => '<em>' . ip_address() . '</em>',
)) . '</strong></p>',
);
$form['restrict_ip_address_list'] = array(
'#title' => t('Allowed IP Address List'),
'#description' => t('Enter the list of IP Addresses that are allowed to access the site. If this field is left empty, all IP addresses will be able to access the site. Enter one IP address per line. You may also enter a range of IP addresses in the format AAA.BBB.CCC.XXX - AAA.BBB.CCC.YYY'),
'#type' => 'textarea',
'#default_value' => variable_get('restrict_ip_address_list', ''),
);
$form['restrict_ip_mail_address'] = array(
'#title' => t('Email Address'),
'#type' => 'textfield',
'#description' => t('If you would like to include a contact email address in the error message that is shown to users that do not have an allowed IP address, enter the email address here.'),
'#default_value' => trim(variable_get('restrict_ip_mail_address', '')),
);
return system_settings_form($form);
}
function restrict_ip_settings_validate($form, &$form_state) {
$ip_addresses = $form_state['values']['restrict_ip_address_list'];
if (strlen(trim($ip_addresses))) {
$ip_addresses = explode(PHP_EOL, trim($form_state['values']['restrict_ip_address_list']));
foreach ($ip_addresses as $ip_address) {
if ($ip_address != '::1') {
if (!preg_match('~^\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b$~', trim($ip_address))) {
$pieces = explode('-', $ip_address);
if (count($pieces) !== 2) {
form_set_error('restrict_ip_address_list', t('!ip_address is not a valid IP address.', array(
'!ip_address' => $ip_address,
)));
}
else {
$ip1 = trim($pieces[0]);
$ip2 = trim($pieces[1]);
$both_valid = TRUE;
if (!preg_match('~^\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b$~', $ip1)) {
form_set_error('restrict_ip_address_list', t('!ip_address is not a valid IP address.', array(
'!ip_address' => $ip1,
)));
$both_valid = FALSE;
}
if (!preg_match('~^\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b$~', $ip2)) {
form_set_error('restrict_ip_address_list', t('!ip_address is not a valid IP address.', array(
'!ip_address' => $ip2,
)));
$both_valid = FALSE;
}
if ($both_valid) {
$first_parts_equal = TRUE;
$last_part_ok = TRUE;
$ip1_pieces = explode('.', $ip1);
$ip2_pieces = explode('.', $ip2);
for ($i = 0; $i < 3; $i++) {
if ($ip1_pieces[$i] != $ip2_pieces[$i]) {
$first_parts_equal = FALSE;
break;
}
}
if ($first_parts_equal) {
if ($ip2_pieces[3] <= $ip1_pieces[3]) {
$last_part_ok = FALSE;
}
}
if (!$first_parts_equal || !$last_part_ok) {
form_set_error('restrict_ip_address_list', t('@ip_address is not a valid range of IP addresses.', array(
'@ip_address' => $ip_address,
)));
}
}
}
}
}
}
}
}
function restrict_ip_value($block = FALSE) {
$blocked =& drupal_static(__FUNCTION__);
if (is_null($blocked)) {
$blocked = FALSE;
}
if ($block) {
$blocked = TRUE;
}
return $blocked;
}
function restrict_ip_init() {
global $restricted_ip;
$restricted_ip = FALSE;
$ip_addresses = trim(variable_get('restrict_ip_address_list', ''));
if (strlen($ip_addresses)) {
$ip_addresses = explode(PHP_EOL, $ip_addresses);
$users_ip = ip_address();
$access_denied = TRUE;
foreach ($ip_addresses as $ip_address) {
if (!preg_match('~^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$~', trim($ip_address)) && $ip_address != '::1') {
$pieces = explode('-', trim($ip_address));
$ip1_pieces = explode('.', trim($pieces[0]));
$users_ip_pieces = explode('.', $users_ip);
$first_parts_equal = TRUE;
for ($i = 0; $i < 3; $i++) {
if ($users_ip_pieces[$i] != $ip1_pieces[$i]) {
$first_parts_equal = FALSE;
}
if ($first_parts_equal) {
$ip1_end = $ip1_pieces[3];
$ip2_pieces = explode('.', trim($pieces[1]));
$ip2_end = $ip2_pieces[3];
$user_end = $users_ip_pieces[3];
if ($user_end >= $ip1_end && $user_end <= $ip2_end) {
$access_denied = FALSE;
break;
}
}
}
}
elseif (trim($ip_address) == $users_ip) {
$access_denied = FALSE;
break;
}
}
if ($access_denied) {
if (current_path() != 'restrict_ip/access_denied') {
drupal_goto('restrict_ip/access_denied');
}
$contact_mail = trim(variable_get('restrict_ip_mail_address', ''));
if (strlen($contact_mail)) {
$contact_mail = str_replace('@', '[at]', $contact_mail);
}
$contact_text = strlen($contact_mail) ? ' ' . t('If you feel this is in error, please contact an administrator at !email.', array(
'!email' => '<span id="restrict_ip_contact_mail">' . $contact_mail . '</span>',
)) : FALSE;
drupal_set_message(t('This site cannot be accessed from your IP address.') . $contact_text, 'error', FALSE);
restrict_ip_value(TRUE);
drupal_add_js(drupal_get_path('module', 'restrict_ip') . '/js/restrict_ip.js');
}
elseif (current_path() == drupal_get_normal_path('restrict_ip/access_denied')) {
drupal_goto('<front>');
}
}
}
function restrict_ip_preprocess_block(&$items) {
if (restrict_ip_value()) {
unset($items['elements']);
unset($items['title_prefix']);
unset($items['title_suffix']);
}
}
function restrict_ip_preprocess_page(&$items) {
if (restrict_ip_value()) {
global $theme;
$regions = system_region_list($theme, REGIONS_ALL);
foreach (array_keys($regions) as $region) {
if (isset($items['page'][$region])) {
$items['page'][$region] = '';
}
}
if (isset($items['tabs'])) {
if (isset($items['tabs']['#primary'])) {
$items['tabs']['#primary'] = array();
}
if (isset($items['tabs']['#secondary'])) {
$items['tabs']['#primary'] = array();
}
}
$items['title_prefix'] = array();
$items['title_suffix'] = array();
$items['main_menu'] = array();
$items['secondary_menu'] = array();
$items['action_links'] = array();
}
}
function restrict_ip_preprocess_html(&$items) {
if (restrict_ip_value()) {
if (isset($items['page']['page_top'])) {
unset($items['page']['page_top']);
}
if (isset($items['page']['page_top'])) {
unset($items['page']['page_bottom']);
}
}
}
function restrict_ip_js_alter(&$javascript) {
if (restrict_ip_value()) {
$restrict_ip_js_path = drupal_get_path('module', 'restrict_ip') . '/js/restrict_ip.js';
foreach (array_keys($javascript) as $key) {
if ($key != $restrict_ip_js_path && $key != 'misc/jquery.js') {
unset($javascript[$key]);
}
}
}
}