update ADMINIP checks to work with array or single var

2024-04-01 15:51:24 -07:00 · 2024-04-01 15:51:24 -07:00 · 5f494efeb0
commit 5f494efeb0
parent 119d180e87
2 changed files with 19 additions and 4 deletions
--- a/panel/classes/Panel/Login.php
+++ b/panel/classes/Panel/Login.php
@ -19,15 +19,30 @@ class Login extends \Panel {

  static function get($f3) {

-    /* requests from ADMINIP are automatically authenticated */
-    if ($f3->get('ADMINIP') != '' && $f3->get('ADMINIP') == $f3->get('IP')) {
+    /**
+     * Requests from ADMINIP are automatically authenticated
+     * ADMINIP can either be a single IP, or an array
+     */
+
+    $autologin = FALSE;
+    if ($f3->get('ADMINIP') != '') {
+      if (is_array($f3->get('ADMINIP'))) {
+        if (in_array($f3->get('IP'), $f3->get('ADMINIP'))) {
+          $autologin = TRUE;
+        }
+      } elseif (($f3->get('ADMINIP') == $f3->get('IP'))) {
+        $autologin = TRUE;
+      }
+    }
+
+    if ($autologin === TRUE) {
      $f3->set('SESSION.expiration', time() + $f3->get('TIMEOUT'));
      $f3->set('SESSION.access', 'admin');
      $messages[] = "You have been automatically logged in with connection from Admin IP " . $f3->get('IP');
      $f3->set('SESSION.messages', $messages);
      $f3->reroute('/');
    } else {
-      /* all others must log in with valid username */
+      /* ADMINIP checks returned false, client must log in with valid username */
      echo \Template::instance()->render('login.html');
    }

--- a/panel/config/config.ini
+++ b/panel/config/config.ini
@ -18,7 +18,7 @@ CASELESS=FALSE
 CACHE=TRUE
 ; Session lifetime in seconds
 TIMEOUT=900
-; Remote IP address that is automatically logged in without auth
+; Remote IP address that is automatically logged in without auth (can be single IP or comma separated array of IPs)
 ADMINIP=
 ; Jail new users by default. 1 = Yes, blank or 0 = No
 JAILUSER=1