emAlbum.com
Welcome, Guest. Please Login or Register.
 
News: All boards on this forum are being made "read only". If you have a question or issue regarding emAlbum, please contact me directly. -Eric
emAlbum Support  |  emAlbum Standard  |  Feedback (Moderator: Eric)  |  Topic: New Feature: IP Restrictions « prev next »
Pages: [1] :: Go Down Reply :: Notify of replies :: Send the topic :: Print
   Author  Topic: New Feature: IP Restrictions  (Read 1399 times)
pandabear
Newbie
*

Posts: 2


New Feature: IP Restrictions
« on: October 23, 2003, 05:10:10 PM »
Reply with quote

I have modified emAlbum slightly for my personal use, and I thought I'd share the modifications with the community. The change involves adding support for IP restrictions on certain forums:

Features:
- Disallow the viewing of certain forums from certain IP addresses.
- Restrict the viewing of certain forums to certain IP addresses.
- Ability to restrict to any network class (IE restrict forum to 123.456.*.*).
- Easy and powerful configuration file.

What's the benefit of this? I'll be honest and give my situation as an example. I'm in college. I have pictures that I only want my friends to see. I have pictures that I don't want my parents or other family to see. I also have pictures that they do want to see. Instead of setting up two different sites and having to try to hide the "friends" one, I can just use the same site and use IP restrictions.

There are two small changes that need to be made to emAlbum.cgi. I've attached my new modified version.  Changes:

On line 43:

$cgi_path =~ s/emAlbum.cgi//;

#Added by David Rusenko 10-23-2003
my $user_ip = $ENV{'REMOTE_ADDR'};
#End modifications

# Open config file

-------------------------
On line 128:

   my @contents = grep !/\./ && !/^_/, sort readdir(TMP);
   closedir(TMP);

   #Added by David Rusenko 10-23-2003
   if (-e "$album_path$slash.hidden-folders") {

      open(HIDDEN,"$album_path$slash.hidden-folders");
      my @hiddenstuff = <HIDDEN>;
      close(HIDDEN);

      foreach my $line (@hiddenstuff) {
            
         #Allow for comments and blank lines
         unless ($line =~ /^\#.*/ || $line !~ /.*\:.*\:.*/) {

            my $ip_matched = 0;

            #$dowhat: Is this instruction a restriction from or restriction to?
            #$ipmask: The IPs affected by this restriction
            #$folder: The specific folder in the album affected
            my ($dowhat, $ipmask, $folder) = split(/:/,$line);

            chomp($folder);
         
            #IPs can be seperated by a ','
            my (@hidden_ips) = split(/,/,$ipmask);
   
            #If this command is a "Restrict To" command
            if ($dowhat eq "Restrict To") {
   
               #All IPs are initially matched
               $ip_matched = 1;
   
               #If the current rule IP is in the client IP, allow access
               foreach my $current_mask (@hidden_ips) {
   
                  $ip_matched = 0 if ($user_ip =~ /$current_mask/);
   
               }
            }
   
            #If this command is a "Restrict From" command
            if ($dowhat eq "Restrict From") {
   
               #If the rule IP is in the client IP, deny access
               foreach my $current_mask (@hidden_ips) {
   
                  $ip_matched = 1 if ($user_ip =~ /$current_mask/);
      
               }
            }
   
            #If the user's IP is not allowed to access this folder
            if ($ip_matched == 1) {
   
               #Loop through @contents and see if the folder is found
               for(my $x=0; $x<@contents; $x++) {
   
                  #If the folder is found, remove it from the array
                  if ($contents[$x] =~ /$folder/) { splice(@contents,$x,1) };

               }

            }

         }

      }

   }
   #End modifications

   my $folder_count = @contents;
   if ($folder_count == 0) { &error("103|$album_path"); }

-------------------------

As you can see, anytime I've added something I've included a comment that shows that it's a modification at the head and a comment on where the modification ends.

The configuration file is located in albums/.hidden-folders

A sample of possible configurations:

#Restrict the folder called "Party" from IP 10.123.123.1
Restrict From:10.123.123.1:Party

#Restrict the folder called "Party" from IPs 10.123.*.*
Restrict From:10.123.:Party

#Restrict the folder called "Party" to 10.123.*.*, but restrict from 10.123.123.1 and 10.123.123.2
Restrict To:10.123.:Party
Restrict From:10.123.123.1,10.123.123.2:Party

I'm sure you get the idea. A few basic guidelines:

- IPs are seperated by commas.
- Only one folder can be specified at a time.
- If both To and From restrictions are both used on the same folder, "Restrict To" should come before "Restrict From".
- It will be fairly intelligent about parsing data, and ignore any lines that aren't set up right. However, it will be very picky about whitespace.
- As expected, if ".hidden-folders" doesn't exist, it won't do anything.

Let me know what you guys think.

NOTE: It wouldn't let me attach the emAlbum.cgi to this message, so I have it here: http://www.personal.psu.edu/jdr261/emAlbum.txt

Thanks!

David
Report to moderator   Logged
Pages: [1] :: Go Up Reply :: Notify of replies :: Send the topic :: Print 
emAlbum Support  |  emAlbum Standard  |  Feedback (Moderator: Eric)  |  Topic: New Feature: IP Restrictions « prev next »
Jump to: 
Support Forum Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.