diff options
| author | Dries Buytaert <dries@buytaert.net> | 2008-04-08 22:50:55 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2008-04-08 22:50:55 +0000 |
| commit | 08aa23227e45053117d273e517d7f386edc117ff (patch) | |
| tree | 49dbd259c7f3551ef8ab8c12cd665759d605c87f /includes/bootstrap.inc | |
| parent | 1dfd1717c13db5d3ad0e6d64197241d33e6b5fb9 (diff) | |
| download | brdo-08aa23227e45053117d273e517d7f386edc117ff.tar.gz brdo-08aa23227e45053117d273e517d7f386edc117ff.tar.bz2 | |
- Patch #228594 by catch et al: removed access rule functionality from core.
The access rules capability of user module has been stripped down to a
simple method for blocking IP addresses. E-mail and username restrictions
are now available in a contributed module. IP address range blocking is
no longer supported and should be done at the server level.
This patch is partly motiviated by the fact that at the usability testing,
it frequently came up that users went to "access rules" when trying to
configure their site settings.
Diffstat (limited to 'includes/bootstrap.inc')
| -rw-r--r-- | includes/bootstrap.inc | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 3bc24f1e6..106320c25 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -847,31 +847,30 @@ function drupal_get_messages($type = NULL, $clear_queue = TRUE) { } /** - * Perform an access check for a given mask and rule type. Rules are usually - * created via admin/user/rules page. + * Check to see if an IP address has been blocked. * - * If any allow rule matches, access is allowed. Otherwise, if any deny rule - * matches, access is denied. If no rule matches, access is allowed. + * Blocked IP addresses are stored in the database by default. However for + * performance reasons we allow an override in settings.php. This allows us + * to avoid querying the database at this critical stage of the bootstrap if + * an administrative interface for IP address blocking is not required. * - * @param $type string - * Type of access to check: Allowed values are: - * - 'host': host name or IP address - * - 'mail': e-mail address - * - 'user': username - * @param $mask string - * String or mask to test: '_' matches any character, '%' matches any - * number of characters. + * @param $ip string + * IP address to check. * @return bool * TRUE if access is denied, FALSE if access is allowed. */ -function drupal_is_denied($type, $mask) { - // Because this function is called for every page request, both cached - // and non-cached pages, we tried to optimize it as much as possible. - // We deny access if the only matching records in the {access} table have - // status 0 (deny). If any have status 1 (allow), or if there are no - // matching records, we allow access. - $sql = "SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = %d"; - return db_result(db_query_range($sql, $type, $mask, 0, 0, 1)) && !db_result(db_query_range($sql, $type, $mask, 1, 0, 1)); +function drupal_is_denied($ip) { + // Because this function is called on every page request, we first check + // for an array of IP addresses in settings.php before querying the + // database. + $blocked_ips = variable_get('blocked_ips', NULL); + if (isset($blocked_ips) && is_array($blocked_ips)) { + return in_array($ip, $blocked_ips); + } + else { + $sql = "SELECT 1 FROM {blocked_ips} WHERE ip = '%s'"; + return (bool) db_result(db_query($sql, $ip)); + } } /** @@ -953,8 +952,8 @@ function _drupal_bootstrap($phase) { break; case DRUPAL_BOOTSTRAP_ACCESS: - // Deny access to hosts which were banned - t() is not yet available. - if (drupal_is_denied('host', ip_address())) { + // Deny access to blocked IP addresses - t() is not yet available. + if (drupal_is_denied(ip_address())) { header('HTTP/1.1 403 Forbidden'); print 'Sorry, '. check_plain(ip_address()) .' has been banned.'; exit(); |