Gecko [ 8.222.176.185 ]

Name	Size	Permission
Charsets	[ DIR ]	drwxrwxrwx
Command	[ DIR ]	drwxrwxrwx
Config	[ DIR ]	drwxrwxrwx
ConfigStorage	[ DIR ]	drwxrwxrwx
Controllers	[ DIR ]	drwxrwxrwx
Crypto	[ DIR ]	drwxrwxrwx
Database	[ DIR ]	drwxrwxrwx
Dbal	[ DIR ]	drwxrwxrwx
Display	[ DIR ]	drwxrwxrwx
Engines	[ DIR ]	drwxrwxrwx
Exceptions	[ DIR ]	drwxrwxrwx
Export	[ DIR ]	drwxrwxrwx
Gis	[ DIR ]	drwxrwxrwx
Html	[ DIR ]	drwxrwxrwx
Http	[ DIR ]	drwxrwxrwx
Image	[ DIR ]	drwxrwxrwx
Import	[ DIR ]	drwxrwxrwx
Navigation	[ DIR ]	drwxrwxrwx
Partitioning	[ DIR ]	drwxrwxrwx
Plugins	[ DIR ]	drwxrwxrwx
Properties	[ DIR ]	drwxrwxrwx
Providers	[ DIR ]	drwxrwxrwx
Query	[ DIR ]	drwxrwxrwx
Server	[ DIR ]	drwxrwxrwx
Setup	[ DIR ]	drwxrwxrwx
Table	[ DIR ]	drwxrwxrwx
Twig	[ DIR ]	drwxrwxrwx
Utils	[ DIR ]	drwxrwxrwx
WebAuthn	[ DIR ]	drwxrwxrwx
Advisor.php	12.32 KB	-rw-rw-rw-
Bookmark.php	9.19 KB	-rw-rw-rw-
BrowseForeigners.php	10.63 KB	-rw-rw-rw-
Cache.php	1.5 KB	-rw-rw-rw-
Charsets.php	6.82 KB	-rw-rw-rw-
CheckUserPrivileges.php	11.3 KB	-rw-rw-rw-
Common.php	19.4 KB	-rw-rw-rw-
Config.php	41.65 KB	-rw-rw-rw-
Console.php	3.25 KB	-rw-rw-rw-
Core.php	28.91 KB	-rw-rw-rw-
CreateAddField.php	15.83 KB	-rw-rw-rw-
DatabaseInterface.php	71.73 KB	-rw-rw-rw-
DbTableExists.php	2.86 KB	-rw-rw-rw-
Encoding.php	8.41 KB	-rw-rw-rw-
Error.php	13.63 KB	-rw-rw-rw-
ErrorHandler.php	18.63 KB	-rw-rw-rw-
ErrorReport.php	8.99 KB	-rw-rw-rw-
Export.php	45.7 KB	-rw-rw-rw-
FieldMetadata.php	11.11 KB	-rw-rw-rw-
File.php	19.75 KB	-rw-rw-rw-
FileListing.php	2.88 KB	-rw-rw-rw-
FlashMessages.php	1.22 KB	-rw-rw-rw-
Font.php	5.58 KB	-rw-rw-rw-
Footer.php	8.06 KB	-rw-rw-rw-
Git.php	18 KB	-rw-rw-rw-
Header.php	20 KB	-rw-rw-rw-
Import.php	48.72 KB	-rw-rw-rw-
Index.php	14.83 KB	-rw-rw-rw-
IndexColumn.php	4.75 KB	-rw-rw-rw-
InsertEdit.php	89.05 KB	-rw-rw-rw-
InternalRelations.php	17.31 KB	-rw-rw-rw-
IpAllowDeny.php	9.13 KB	-rw-rw-rw-
Language.php	4.47 KB	-rw-rw-rw-
LanguageManager.php	22.74 KB	-rw-rw-rw-
Linter.php	4.99 KB	-rw-rw-rw-
ListAbstract.php	1.67 KB	-rw-rw-rw-
ListDatabase.php	4.11 KB	-rw-rw-rw-
Logging.php	2.69 KB	-rw-rw-rw-
Menu.php	20.4 KB	-rw-rw-rw-
Message.php	18.68 KB	-rw-rw-rw-
Mime.php	918 B	-rw-rw-rw-
Normalization.php	41.53 KB	-rw-rw-rw-
OpenDocument.php	8.62 KB	-rw-rw-rw-
Operations.php	35.11 KB	-rw-rw-rw-
OutputBuffering.php	4.1 KB	-rw-rw-rw-
ParseAnalyze.php	2.34 KB	-rw-rw-rw-
Pdf.php	4.17 KB	-rw-rw-rw-
Plugins.php	21.83 KB	-rw-rw-rw-
Profiling.php	2.16 KB	-rw-rw-rw-
RecentFavoriteTable.php	11.44 KB	-rw-rw-rw-
Replication.php	4.81 KB	-rw-rw-rw-
ReplicationGui.php	21.24 KB	-rw-rw-rw-
ReplicationInfo.php	4.79 KB	-rw-rw-rw-
ResponseRenderer.php	13.5 KB	-rw-rw-rw-
Routing.php	6.55 KB	-rw-rw-rw-
Sanitize.php	11.98 KB	-rw-rw-rw-
SavedSearches.php	11.33 KB	-rw-rw-rw-
Scripts.php	3.74 KB	-rw-rw-rw-
Session.php	8.16 KB	-rw-rw-rw-
Sql.php	64.01 KB	-rw-rw-rw-
SqlQueryForm.php	6.74 KB	-rw-rw-rw-
StorageEngine.php	15.71 KB	-rw-rw-rw-
SystemDatabase.php	3.98 KB	-rw-rw-rw-
Table.php	90.33 KB	-rw-rw-rw-
Template.php	4.5 KB	-rw-rw-rw-
Theme.php	7.32 KB	-rw-rw-rw-
ThemeManager.php	7 KB	-rw-rw-rw-
Tracker.php	30.34 KB	-rw-rw-rw-
Tracking.php	36.11 KB	-rw-rw-rw-
Transformations.php	16.31 KB	-rw-rw-rw-
TwoFactor.php	7.49 KB	-rw-rw-rw-
Types.php	25.85 KB	-rw-rw-rw-
Url.php	10.61 KB	-rw-rw-rw-
UrlRedirector.php	1.74 KB	-rw-rw-rw-
UserPassword.php	6.86 KB	-rw-rw-rw-
UserPreferences.php	10.49 KB	-rw-rw-rw-
Util.php	86.45 KB	-rw-rw-rw-
Version.php	556 B	-rw-rw-rw-
VersionInformation.php	7.3 KB	-rw-rw-rw-
ZipExtension.php	10.33 KB	-rw-rw-rw-

Code Editor : IpAllowDeny.php

<?php
/**
 * This library is used with the server IP allow/deny host authentication
 * feature
 */

declare(strict_types=1);

namespace PhpMyAdmin;

use function bin2hex;
use function dechex;
use function explode;
use function hash_equals;
use function hexdec;
use function inet_pton;
use function ip2long;
use function is_array;
use function mb_strpos;
use function mb_strtolower;
use function mb_substr;
use function min;
use function preg_match;
use function str_replace;
use function substr_replace;

/**
 * PhpMyAdmin\IpAllowDeny class
 */
class IpAllowDeny
{
    /**
     * Matches for IPv4 or IPv6 addresses
     *
     * @param string $testRange string of IP range to match
     * @param string $ipToTest  string of IP to test against range
     */
    public function ipMaskTest($testRange, $ipToTest): bool
    {
        if (mb_strpos($testRange, ':') > -1 || mb_strpos($ipToTest, ':') > -1) {
            // assume IPv6
            $result = $this->ipv6MaskTest($testRange, $ipToTest);
        } else {
            $result = $this->ipv4MaskTest($testRange, $ipToTest);
        }

return $result;
    }

/**
     * Based on IP Pattern Matcher
     * Originally by J.Adams <jna@retina.net>
     * Found on <https://www.php.net/manual/en/function.ip2long.php>
     * Modified for phpMyAdmin
     *
     * Matches:
     * xxx.xxx.xxx.xxx        (exact)
     * xxx.xxx.xxx.[yyy-zzz]  (range)
     * xxx.xxx.xxx.xxx/nn     (CIDR)
     *
     * Does not match:
     * xxx.xxx.xxx.xx[yyy-zzz]  (range, partial octets not supported)
     *
     * @param string $testRange string of IP range to match
     * @param string $ipToTest  string of IP to test against range
     */
    public function ipv4MaskTest($testRange, $ipToTest): bool
    {
        $result = true;
        $match = preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs);
        if ($match) {
            // performs a mask match
            $ipl = ip2long($ipToTest);
            $rangel = ip2long($regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]);

$maskl = 0;

for ($i = 0; $i < 31; $i++) {
                if ($i >= $regs[5] - 1) {
                    continue;
                }

$maskl += 2 ** (30 - $i);
            }

return ($maskl & $rangel) == ($maskl & $ipl);
        }

// range based
        $maskocts = explode('.', $testRange);
        $ipocts = explode('.', $ipToTest);

// perform a range match
        for ($i = 0; $i < 4; $i++) {
            if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
                if (($ipocts[$i] > $regs[2]) || ($ipocts[$i] < $regs[1])) {
                    $result = false;
                }
            } else {
                if ($maskocts[$i] <> $ipocts[$i]) {
                    $result = false;
                }
            }
        }

return $result;
    }

/**
     * IPv6 matcher
     * CIDR section taken from https://stackoverflow.com/a/10086404
     * Modified for phpMyAdmin
     *
     * Matches:
     * xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
     * (exact)
     * xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:[yyyy-zzzz]
     * (range, only at end of IP - no subnets)
     * xxxx:xxxx:xxxx:xxxx/nn
     * (CIDR)
     *
     * Does not match:
     * xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx[yyy-zzz]
     * (range, partial octets not supported)
     *
     * @param string $test_range string of IP range to match
     * @param string $ip_to_test string of IP to test against range
     */
    public function ipv6MaskTest($test_range, $ip_to_test): bool
    {
        $result = true;

// convert to lowercase for easier comparison
        $test_range = mb_strtolower($test_range);
        $ip_to_test = mb_strtolower($ip_to_test);

$is_cidr = mb_strpos($test_range, '/') > -1;
        $is_range = mb_strpos($test_range, '[') > -1;
        $is_single = ! $is_cidr && ! $is_range;

$ip_hex = bin2hex((string) inet_pton($ip_to_test));

if ($is_single) {
            $range_hex = bin2hex((string) inet_pton($test_range));

return hash_equals($ip_hex, $range_hex);
        }

if ($is_range) {
            // what range do we operate on?
            $range_match = [];
            $match = preg_match('/\[([0-9a-f]+)\-([0-9a-f]+)\]/', $test_range, $range_match);
            if ($match) {
                $range_start = $range_match[1];
                $range_end = $range_match[2];

// get the first and last allowed IPs
                $first_ip = str_replace($range_match[0], $range_start, $test_range);
                $first_hex = bin2hex((string) inet_pton($first_ip));
                $last_ip = str_replace($range_match[0], $range_end, $test_range);
                $last_hex = bin2hex((string) inet_pton($last_ip));

// check if the IP to test is within the range
                $result = ($ip_hex >= $first_hex && $ip_hex <= $last_hex);
            }

return $result;
        }

if ($is_cidr) {
            // Split in address and prefix length
            [$first_ip, $subnet] = explode('/', $test_range);

// Parse the address into a binary string
            $first_bin = inet_pton($first_ip);
            $first_hex = bin2hex((string) $first_bin);

$flexbits = 128 - (int) $subnet;

// Build the hexadecimal string of the last address
            $last_hex = $first_hex;

$pos = 31;
            while ($flexbits > 0) {
                // Get the character at this position
                $orig = mb_substr($last_hex, $pos, 1);

// Convert it to an integer
                $origval = hexdec($orig);

// OR it with (2^flexbits)-1, with flexbits limited to 4 at a time
                $newval = $origval | 2 ** min(4, $flexbits) - 1;

// Convert it back to a hexadecimal character
                $new = dechex($newval);

// And put that character back in the string
                $last_hex = substr_replace($last_hex, $new, $pos, 1);

// We processed one nibble, move to previous position
                $flexbits -= 4;
                --$pos;
            }

// check if the IP to test is within the range
            $result = ($ip_hex >= $first_hex && $ip_hex <= $last_hex);
        }

return $result;
    }

/**
     * Runs through IP Allow rules the use of it below for more information
     *
     * @see     Core::getIp()
     */
    public function allow(): bool
    {
        return $this->allowDeny('allow');
    }

/**
     * Runs through IP Deny rules the use of it below for more information
     *
     * @see     Core::getIp()
     */
    public function deny(): bool
    {
        return $this->allowDeny('deny');
    }

/**
     * Runs through IP Allow/Deny rules the use of it below for more information
     *
     * @see     Core::getIp()
     *
     * @param string $type 'allow' | 'deny' type of rule to match
     */
    private function allowDeny($type): bool
    {
        global $cfg;

// Grabs true IP of the user and returns if it can't be found
        $remote_ip = Core::getIp();
        if (empty($remote_ip)) {
            return false;
        }

// copy username
        $username = $cfg['Server']['user'];

// copy rule database
        if (isset($cfg['Server']['AllowDeny']['rules'])) {
            $rules = $cfg['Server']['AllowDeny']['rules'];
            if (! is_array($rules)) {
                $rules = [];
            }
        } else {
            $rules = [];
        }

// lookup table for some name shortcuts
        $shortcuts = [
            'all' => '0.0.0.0/0',
            'localhost' => '127.0.0.1/8',
        ];

// Provide some useful shortcuts if server gives us address:
        if (Core::getenv('SERVER_ADDR')) {
            $shortcuts['localnetA'] = Core::getenv('SERVER_ADDR') . '/8';
            $shortcuts['localnetB'] = Core::getenv('SERVER_ADDR') . '/16';
            $shortcuts['localnetC'] = Core::getenv('SERVER_ADDR') . '/24';
        }

foreach ($rules as $rule) {
            // extract rule data
            $rule_data = explode(' ', $rule);

// check for rule type
            if ($rule_data[0] != $type) {
                continue;
            }

// check for username
            if (
                ($rule_data[1] !== '%') //wildcarded first
                && (! hash_equals($rule_data[1], $username))
            ) {
                continue;
            }

// check if the config file has the full string with an extra
            // 'from' in it and if it does, just discard it
            if ($rule_data[2] === 'from') {
                $rule_data[2] = $rule_data[3];
            }

// Handle shortcuts with above array
            if (isset($shortcuts[$rule_data[2]])) {
                $rule_data[2] = $shortcuts[$rule_data[2]];
            }

// Add code for host lookups here
            // Excluded for the moment

// Do the actual matching now
            if ($this->ipMaskTest($rule_data[2], $remote_ip)) {
                return true;
            }
        }

return false;
    }
}

${this.title}

Code Editor : IpAllowDeny.php