File: Net.php

package info (click to toggle)
simplesamlphp 1.19.7-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 42,920 kB
  • sloc: php: 202,044; javascript: 14,867; xml: 2,700; sh: 225; perl: 82; makefile: 70; python: 5
file content (87 lines) | stat: -rw-r--r-- 2,545 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
<?php

declare(strict_types=1);

namespace SimpleSAML\Utils;

/**
 * Net-related utility methods.
 *
 * @package SimpleSAMLphp
 */
class Net
{
    /**
     * Check whether an IP address is part of a CIDR.
     *
     * @param string $cidr The network CIDR address.
     * @param string $ip The IP address to check. Optional. Current remote address will be used if none specified. Do
     * not rely on default parameter if running behind load balancers.
     *
     * @return boolean True if the IP address belongs to the specified CIDR, false otherwise.
     *
     * @author Andreas Åkre Solberg, UNINETT AS <andreas.solberg@uninett.no>
     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
     * @author Brook Schofield, GÉANT
     * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
     */
    public static function ipCIDRcheck($cidr, $ip = null)
    {
        if ($ip === null) {
            $ip = $_SERVER['REMOTE_ADDR'];
        }
        if (strpos($cidr, '/') === false) {
            return false;
        }

        list ($net, $mask) = explode('/', $cidr);
        $mask = intval($mask);

        $ip_ip = [];
        $ip_net = [];
        if (strstr($ip, ':') || strstr($net, ':')) {
            // Validate IPv6 with inet_pton, convert to hex with bin2hex
            // then store as a long with hexdec

            $ip_pack = @inet_pton($ip);
            $net_pack = @inet_pton($net);

            if ($ip_pack === false || $net_pack === false) {
                // not valid IPv6 address (warning silenced)
                return false;
            }

            $ip_ip = str_split(bin2hex($ip_pack), 8);
            foreach ($ip_ip as &$value) {
                $value = hexdec($value);
            }

            $ip_net = str_split(bin2hex($net_pack), 8);
            foreach ($ip_net as &$value) {
                $value = hexdec($value);
            }
        } else {
            $ip_ip[0] = ip2long($ip);
            $ip_net[0] = ip2long($net);
        }

        for ($i = 0; $mask > 0 && $i < sizeof($ip_ip); $i++) {
            if ($mask > 32) {
                $iteration_mask = 32;
            } else {
                $iteration_mask = $mask;
            }
            $mask -= 32;

            $ip_mask = ~((1 << (32 - $iteration_mask)) - 1);

            $ip_net_mask = intval($ip_net[$i]) & $ip_mask;
            $ip_ip_mask = intval($ip_ip[$i]) & $ip_mask;

            if ($ip_ip_mask != $ip_net_mask) {
                return false;
            }
        }
        return true;
    }
}