diff --git a/panel/classes/Panel/Login.php b/panel/classes/Panel/Login.php index 909e9e1..5ec3d7b 100644 --- a/panel/classes/Panel/Login.php +++ b/panel/classes/Panel/Login.php @@ -19,15 +19,30 @@ class Login extends \Panel { static function get($f3) { - /* requests from ADMINIP are automatically authenticated */ - if ($f3->get('ADMINIP') != '' && $f3->get('ADMINIP') == $f3->get('IP')) { + /** + * Requests from ADMINIP are automatically authenticated + * ADMINIP can either be a single IP, or an array + */ + + $autologin = FALSE; + if ($f3->get('ADMINIP') != '') { + if (is_array($f3->get('ADMINIP'))) { + if (in_array($f3->get('IP'), $f3->get('ADMINIP'))) { + $autologin = TRUE; + } + } elseif (($f3->get('ADMINIP') == $f3->get('IP'))) { + $autologin = TRUE; + } + } + + if ($autologin === TRUE) { $f3->set('SESSION.expiration', time() + $f3->get('TIMEOUT')); $f3->set('SESSION.access', 'admin'); $messages[] = "You have been automatically logged in with connection from Admin IP " . $f3->get('IP'); $f3->set('SESSION.messages', $messages); $f3->reroute('/'); } else { - /* all others must log in with valid username */ + /* ADMINIP checks returned false, client must log in with valid username */ echo \Template::instance()->render('login.html'); } diff --git a/panel/config/config.ini b/panel/config/config.ini index 96c9a62..9f1f339 100644 --- a/panel/config/config.ini +++ b/panel/config/config.ini @@ -18,7 +18,7 @@ CASELESS=FALSE CACHE=TRUE ; Session lifetime in seconds TIMEOUT=900 -; Remote IP address that is automatically logged in without auth +; Remote IP address that is automatically logged in without auth (can be single IP or comma separated array of IPs) ADMINIP= ; Jail new users by default. 1 = Yes, blank or 0 = No JAILUSER=1