Welcome, Guest. Please Login or Register.
News: All boards on this forum are being made "read only". If you have a question or issue regarding emAlbum, please contact me directly. -Eric
emAlbum Support  |  emAlbum Standard  |  Feedback (Moderator: Eric)  |  Topic: New Feature: IP Restrictions « prev next »
Pages: [1] :: Go Down Reply :: Notify of replies :: Send the topic :: Print
   Author  Topic: New Feature: IP Restrictions  (Read 1399 times)

Posts: 2

New Feature: IP Restrictions
« on: October 23, 2003, 05:10:10 PM »
Reply with quote

I have modified emAlbum slightly for my personal use, and I thought I'd share the modifications with the community. The change involves adding support for IP restrictions on certain forums:

- Disallow the viewing of certain forums from certain IP addresses.
- Restrict the viewing of certain forums to certain IP addresses.
- Ability to restrict to any network class (IE restrict forum to 123.456.*.*).
- Easy and powerful configuration file.

What's the benefit of this? I'll be honest and give my situation as an example. I'm in college. I have pictures that I only want my friends to see. I have pictures that I don't want my parents or other family to see. I also have pictures that they do want to see. Instead of setting up two different sites and having to try to hide the "friends" one, I can just use the same site and use IP restrictions.

There are two small changes that need to be made to emAlbum.cgi. I've attached my new modified version.  Changes:

On line 43:

$cgi_path =~ s/emAlbum.cgi//;

#Added by David Rusenko 10-23-2003
my $user_ip = $ENV{'REMOTE_ADDR'};
#End modifications

# Open config file

On line 128:

   my @contents = grep !/\./ && !/^_/, sort readdir(TMP);

   #Added by David Rusenko 10-23-2003
   if (-e "$album_path$slash.hidden-folders") {

      my @hiddenstuff = <HIDDEN>;

      foreach my $line (@hiddenstuff) {
         #Allow for comments and blank lines
         unless ($line =~ /^\#.*/ || $line !~ /.*\:.*\:.*/) {

            my $ip_matched = 0;

            #$dowhat: Is this instruction a restriction from or restriction to?
            #$ipmask: The IPs affected by this restriction
            #$folder: The specific folder in the album affected
            my ($dowhat, $ipmask, $folder) = split(/:/,$line);

            #IPs can be seperated by a ','
            my (@hidden_ips) = split(/,/,$ipmask);
            #If this command is a "Restrict To" command
            if ($dowhat eq "Restrict To") {
               #All IPs are initially matched
               $ip_matched = 1;
               #If the current rule IP is in the client IP, allow access
               foreach my $current_mask (@hidden_ips) {
                  $ip_matched = 0 if ($user_ip =~ /$current_mask/);
            #If this command is a "Restrict From" command
            if ($dowhat eq "Restrict From") {
               #If the rule IP is in the client IP, deny access
               foreach my $current_mask (@hidden_ips) {
                  $ip_matched = 1 if ($user_ip =~ /$current_mask/);
            #If the user's IP is not allowed to access this folder
            if ($ip_matched == 1) {
               #Loop through @contents and see if the folder is found
               for(my $x=0; $x<@contents; $x++) {
                  #If the folder is found, remove it from the array
                  if ($contents[$x] =~ /$folder/) { splice(@contents,$x,1) };





   #End modifications

   my $folder_count = @contents;
   if ($folder_count == 0) { &error("103|$album_path"); }


As you can see, anytime I've added something I've included a comment that shows that it's a modification at the head and a comment on where the modification ends.

The configuration file is located in albums/.hidden-folders

A sample of possible configurations:

#Restrict the folder called "Party" from IP
Restrict From:

#Restrict the folder called "Party" from IPs 10.123.*.*
Restrict From:10.123.:Party

#Restrict the folder called "Party" to 10.123.*.*, but restrict from and
Restrict To:10.123.:Party
Restrict From:,

I'm sure you get the idea. A few basic guidelines:

- IPs are seperated by commas.
- Only one folder can be specified at a time.
- If both To and From restrictions are both used on the same folder, "Restrict To" should come before "Restrict From".
- It will be fairly intelligent about parsing data, and ignore any lines that aren't set up right. However, it will be very picky about whitespace.
- As expected, if ".hidden-folders" doesn't exist, it won't do anything.

Let me know what you guys think.

NOTE: It wouldn't let me attach the emAlbum.cgi to this message, so I have it here: http://www.personal.psu.edu/jdr261/emAlbum.txt


Report to moderator   Logged
Pages: [1] :: Go Up Reply :: Notify of replies :: Send the topic :: Print 
emAlbum Support  |  emAlbum Standard  |  Feedback (Moderator: Eric)  |  Topic: New Feature: IP Restrictions « prev next »
Jump to: 
Support Forum Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.