Context Navigation

source: trunk/lib/Auth_SQL.inc.php @ 484

Last change on this file since 484 was 484, checked in by anonymous, 10 years ago
Changed private methods and properties to protected. A few minor bug fixes.
File size: 49.8 KB

Line
1	<?php
2	/**
3	* The Strangecode Codebase - a general application development framework for PHP
4	* For details visit the project site: <http://trac.strangecode.com/codebase/>
5	* Copyright 2001-2012 Strangecode, LLC
6	*
7	* This file is part of The Strangecode Codebase.
8	*
9	* The Strangecode Codebase is free software: you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License as published by the
11	* Free Software Foundation, either version 3 of the License, or (at your option)
12	* any later version.
13	*
14	* The Strangecode Codebase is distributed in the hope that it will be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17	* details.
18	*
19	* You should have received a copy of the GNU General Public License along with
20	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	/*
24	* The Auth_SQL class provides a SQL implementation for authentication.
25	*
26	* @author Quinn Comendant <quinn@strangecode.com>
27	* @version 2.1
28	*/
29
30	require_once dirname(__FILE__) . '/Email.inc.php';
31
32	class Auth_SQL {
33
34	// Available encryption types for class Auth_SQL.
35	const ENCRYPT_PLAINTEXT = 1;
36	const ENCRYPT_CRYPT = 2;
37	const ENCRYPT_SHA1 = 3;
38	const ENCRYPT_SHA1_HARDENED = 4;
39	const ENCRYPT_MD5 = 5;
40	const ENCRYPT_MD5_HARDENED = 6;
41
42	// Namespace of this auth object.
43	protected $_ns;
44
45	// Static var for test.
46	protected $_authentication_tested;
47
48	// Parameters to be configured by setParam.
49	protected $_params = array();
50	protected $_default_params = array(
51
52	// Automatically create table and verify columns. Better set to false after site launch.
53	// This value is overwritten by the $app->getParam('db_create_tables') setting if it is available.
54	'create_table' => true,
55
56	// The database table containing users to authenticate.
57	'db_table' => 'user_tbl',
58
59	// The name of the primary key for the db_table.
60	'db_primary_key' => 'user_id',
61
62	// The name of the username key for the db_table.
63	'db_username_column' => 'username',
64
65	// If using the db_login_table feature, specify the db_login_table. The primary key must match the primary key for the db_table.
66	'db_login_table' => 'user_login_tbl',
67
68	// The type of encryption to use for passwords stored in the db_table. Use one of the Auth_SQL::ENCRYPT_* types specified above.
69	// Hardened password hashes rely on the same key/salt being used to compare encryptions.
70	// Be aware that when using one of the hardened types the App signing_key or $more_salt below cannot change!
71	'encryption_type' => self::ENCRYPT_MD5,
72
73	// The URL to the login script.
74	'login_url' => '/',
75
76	// The maximum amount of time a user is allowed to be logged in. They will be forced to login again if they expire.
77	// In seconds. 21600 seconds = 6 hours.
78	'login_timeout' => 21600,
79
80	// The maximum amount of time a user is allowed to be idle before their session expires. They will be forced to login again if they expire.
81	// In seconds. 3600 seconds = 1 hour.
82	'idle_timeout' => 3600,
83
84	// The period of time to compare login abuse attempts. If a threshold of logins is reached in this amount of time the account is blocked.
85	// Days and hours, like this: 'DD:HH'
86	'login_abuse_timeframe' => '04:00',
87
88	// The number of warnings a user will receive (and their password reset each time) before their account is completely blocked.
89	'login_abuse_warnings' => 3,
90
91	// The maximum number of IP addresses a user can login with over the timeout period before their account is blocked.
92	'login_abuse_max_ips' => 5,
93
94	// The IP address subnet size threshold. Uses a CIDR notation network mask (see CIDR cheat-sheet at bottom).
95	// Any integer between 0 and 32 is permitted. Setting this to '24' permits any address in a
96	// class C network (255.255.255.0) to be considered the same. Setting to '32' compares each IP absolutely.
97	// Setting to '0' ignores all IPs, thus disabling login_abuse checking.
98	'login_abuse_ip_bitmask' => 32,
99
100	// Specify usernames to exclude from the account abuse detection system. This is specified as a hardcoded array provided at
101	// class instantiation time, or can be saved in the db_table under the login_abuse_exempt field.
102	'login_abuse_exempt_usernames' => array(),
103
104	// Specify usernames to exclude from remote_ip matching. Users behind proxy servers should be appended to this array so their shifting remote IP will not log them out.
105	'match_remote_ip_exempt_usernames' => array(),
106
107	// Match the user's current remote IP against the one they logged in with.
108	'match_remote_ip' => true,
109
110	// An array of IP blocks that are bypass the remote_ip comparison check. Useful for dynamic IPs or those behind proxy servers.
111	'trusted_networks' => array(),
112
113	// Allow user accounts to be blocked? Requires the user table to have the columns 'blocked' and 'blocked_reason'
114	'blocking' => false,
115
116	// Use a db_login_table to detect excessive logins. This requires blocking to be enabled.
117	'abuse_detection' => false,
118
119	// Allow users to save login form passwords in their browser? Setting to 'true' may pose a potential security risk.
120	'login_form_allow_autocomplete' => false,
121	);
122
123	/**
124	* Constructs a new authentication object.
125	*
126	* @access public
127	* @param optional array $params A hash containing parameters.
128	*/
129	public function __construct($namespace='')
130	{
131	$app =& App::getInstance();
132
133	$this->_ns = $namespace;
134
135	// Initialize default parameters.
136	$this->setParam($this->_default_params);
137
138	// Get create tables config from global context.
139	if (!is_null($app->getParam('db_create_tables'))) {
140	$this->setParam(array('create_table' => $app->getParam('db_create_tables')));
141	}
142
143	if (!isset($_SESSION['_auth_sql'][$this->_ns])) {
144	$this->clear();
145	}
146	}
147
148	/**
149	* Setup the database tables for this class.
150	*
151	* @access public
152	* @author Quinn Comendant <quinn@strangecode.com>
153	* @since 26 Aug 2005 17:09:36
154	*/
155	public function initDB($recreate_db=false)
156	{
157	$app =& App::getInstance();
158	$db =& DB::getInstance();
159
160
161	static $_db_tested = false;
162
163	if ($recreate_db \|\| !$_db_tested && $this->getParam('create_table')) {
164
165	// User table.
166	if ($recreate_db) {
167	$db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table'));
168	$app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_INFO, __FILE__, __LINE__);
169	}
170
171	// The minimal columns for a table compatable with the Auth_SQL class.
172	$db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " (
173	" . $this->getParam('db_primary_key') . " MEDIUMINT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
174	" . $this->getParam('db_username_column') . " varchar(255) NOT NULL default '',
175	userpass VARCHAR(255) NOT NULL DEFAULT '',
176	first_name VARCHAR(255) NOT NULL DEFAULT '',
177	last_name VARCHAR(255) NOT NULL DEFAULT '',
178	email VARCHAR(255) NOT NULL DEFAULT '',
179	login_abuse_exempt ENUM('TRUE') DEFAULT NULL,
180	blocked ENUM('TRUE') DEFAULT NULL,
181	blocked_reason VARCHAR(255) NOT NULL DEFAULT '',
182	abuse_warning_level TINYINT(4) NOT NULL DEFAULT '0',
183	seconds_online INT(11) NOT NULL DEFAULT '0',
184	last_login_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
185	last_access_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
186	last_login_ip VARCHAR(255) NOT NULL DEFAULT '0.0.0.0',
187	added_by_user_id SMALLINT(11) DEFAULT NULL,
188	modified_by_user_id SMALLINT(11) DEFAULT NULL,
189	added_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
190	modified_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
191	KEY " . $this->getParam('db_username_column') . " (" . $this->getParam('db_username_column') . "),
192	KEY userpass (userpass),
193	KEY email (email)
194	)");
195
196	if (!$db->columnExists($this->getParam('db_table'), array(
197	$this->getParam('db_primary_key'),
198	$this->getParam('db_username_column'),
199	'userpass',
200	'first_name',
201	'last_name',
202	'email',
203	'login_abuse_exempt',
204	'blocked',
205	'blocked_reason',
206	'abuse_warning_level',
207	'seconds_online',
208	'last_login_datetime',
209	'last_access_datetime',
210	'last_login_ip',
211	'added_by_user_id',
212	'modified_by_user_id',
213	'added_datetime',
214	'modified_datetime',
215	), false, false)) {
216	$app->logMsg(sprintf('Database table %s has invalid columns. Please update this table manually.', $this->getParam('db_table')), LOG_ALERT, __FILE__, __LINE__);
217	trigger_error(sprintf('Database table %s has invalid columns. Please update this table manually.', $this->getParam('db_table')), E_USER_ERROR);
218	}
219
220	// Login table is used for abuse_detection features.
221	if ($this->getParam('abuse_detection')) {
222	if ($recreate_db) {
223	$db->query("DROP TABLE IF EXISTS " . $this->getParam('db_login_table'));
224	$app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_login_table')), LOG_INFO, __FILE__, __LINE__);
225	}
226	$db->query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_login_table') . " (
227	" . $this->getParam('db_primary_key') . " MEDIUMINT UNSIGNED NOT NULL DEFAULT '0',
228	login_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
229	remote_ip_binary CHAR(32) NOT NULL DEFAULT '',
230	KEY " . $this->getParam('db_primary_key') . " (" . $this->getParam('db_primary_key') . "),
231	KEY login_datetime (login_datetime),
232	KEY remote_ip_binary (remote_ip_binary)
233	)");
234
235	if (!$db->columnExists($this->getParam('db_login_table'), array(
236	$this->getParam('db_primary_key'),
237	'login_datetime',
238	'remote_ip_binary',
239	), false, false)) {
240	$app->logMsg(sprintf('Database table %s has invalid columns. Please update this table manually.', $this->getParam('db_login_table')), LOG_ALERT, __FILE__, __LINE__);
241	trigger_error(sprintf('Database table %s has invalid columns. Please update this table manually.', $this->getParam('db_login_table')), E_USER_ERROR);
242	}
243	}
244	}
245	$_db_tested = true;
246	}
247
248	/**
249	* Set the params of an auth object.
250	*
251	* @param array $params Array of parameter keys and value to set.
252	* @return bool true on success, false on failure
253	*/
254	public function setParam($params)
255	{
256	if (isset($params['match_remote_ip_exempt_usernames'])) {
257	$params['match_remote_ip_exempt_usernames'] = array_map('strtolower', $params['match_remote_ip_exempt_usernames']);
258	}
259	if (isset($params['login_abuse_exempt_usernames'])) {
260	$params['login_abuse_exempt_usernames'] = array_map('strtolower', $params['login_abuse_exempt_usernames']);
261	}
262	if (isset($params) && is_array($params)) {
263	// Merge new parameters with old overriding only those passed.
264	$this->_params = array_merge($this->_params, $params);
265	}
266	}
267
268	/**
269	* Return the value of a parameter, if it exists.
270	*
271	* @access public
272	* @param string $param Which parameter to return.
273	* @return mixed Configured parameter value.
274	*/
275	public function getParam($param)
276	{
277	$app =& App::getInstance();
278
279	if (array_key_exists($param, $this->_params)) {
280	return $this->_params[$param];
281	} else {
282	$app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);
283	return null;
284	}
285	}
286
287	/**
288	* Clear any authentication tokens in the current session. A.K.A. logout.
289	*
290	* @access public
291	*/
292	public function clear()
293	{
294	$db =& DB::getInstance();
295
296	$this->initDB();
297
298	if ($this->get('user_id', false)) {
299	// FIX ME: Should we check if the session is active?
300	$db->query("
301	UPDATE " . $this->_params['db_table'] . " SET
302	seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)),
303	last_login_datetime = '0000-00-00 00:00:00'
304	WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'
305	");
306	}
307	$_SESSION['_auth_sql'][$this->_ns] = array(
308	'authenticated' => false,
309	'user_id' => null,
310	'username' => null,
311	'login_datetime' => null,
312	'last_access_datetime' => null,
313	'remote_ip' => getRemoteAddr(),
314	'login_abuse_exempt' => null,
315	'match_remote_ip_exempt'=> null,
316	'user_data' => null,
317	);
318	}
319
320	/**
321	* Sets a variable into a registered auth session.
322	*
323	* @access public
324	* @param mixed $key Which value to set.
325	* @param mixed $val Value to set variable to.
326	*/
327	public function set($key, $val)
328	{
329	if (!isset($_SESSION['_auth_sql'][$this->_ns]['user_data'])) {
330	$_SESSION['_auth_sql'][$this->_ns]['user_data'] = array();
331	}
332	$_SESSION['_auth_sql'][$this->_ns]['user_data'][$key] = $val;
333	}
334
335	/**
336	* Returns a specified value from a registered auth session.
337	*
338	* @access public
339	* @param mixed $key Which value to return.
340	* @param mixed $default Value to return if key not found in user_data.
341	* @return mixed Value stored in session.
342	*/
343	public function get($key, $default='')
344	{
345	if (isset($_SESSION['_auth_sql'][$this->_ns][$key])) {
346	return $_SESSION['_auth_sql'][$this->_ns][$key];
347	} else if (isset($_SESSION['_auth_sql'][$this->_ns]['user_data'][$key])) {
348	return $_SESSION['_auth_sql'][$this->_ns]['user_data'][$key];
349	} else {
350	return $default;
351	}
352	}
353
354	/**
355	* Find out if a set of login credentials are valid.
356	*
357	* @access private
358	* @param string $username The username to check.
359	* @param string $password The password to compare to username.
360	* @return mixed False if credentials not found in DB, or returns DB row matching credentials.
361	*/
362	public function authenticate($username, $password)
363	{
364	$app =& App::getInstance();
365	$db =& DB::getInstance();
366
367	$this->initDB();
368
369	switch ($this->_params['encryption_type']) {
370	case self::ENCRYPT_CRYPT :
371	// Query DB for user matching credentials. Compare cyphertext with salted-encrypted password.
372	$qid = $db->query("
373	SELECT *, " . $this->_params['db_primary_key'] . " AS user_id
374	FROM " . $this->_params['db_table'] . "
375	WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "'
376	AND BINARY userpass = ENCRYPT('" . $db->escapeString($password) . "', LEFT(userpass, 2)))
377	");
378	break;
379	case self::ENCRYPT_PLAINTEXT :
380	case self::ENCRYPT_MD5 :
381	case self::ENCRYPT_SHA1 :
382	default :
383	// Query DB for user matching credentials. Directly compare cyphertext with result from encryptPassword().
384	$qid = $db->query("
385	SELECT *, " . $this->_params['db_primary_key'] . " AS user_id
386	FROM " . $this->_params['db_table'] . "
387	WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "'
388	AND BINARY userpass = '" . $db->escapeString($this->encryptPassword($password)) . "'
389	");
390	break;
391	}
392
393	// Return user data if found.
394	if ($user_data = mysql_fetch_assoc($qid)) {
395	// Don't return password value.
396	unset($user_data['userpass']);
397	$app->logMsg(sprintf('Authentication successful for user_id %s (%s)', $user_data['user_id'], $username), LOG_INFO, __FILE__, __LINE__);
398	return $user_data;
399	} else {
400	$app->logMsg(sprintf('Authentication failed for username %s (encrypted attempted password: %s)', $username, $this->encryptPassword($password)), LOG_NOTICE, __FILE__, __LINE__);
401	return false;
402	}
403	}
404
405	/**
406	* If user authenticated, register login into session.
407	*
408	* @access private
409	* @param string $username The username to check.
410	* @param string $password The password to compare to username.
411	* @return boolean Whether or not the credentials are valid.
412	*/
413	public function login($username, $password)
414	{
415	$app =& App::getInstance();
416	$db =& DB::getInstance();
417
418	$this->initDB();
419
420	$this->clear();
421
422	if (!($user_data = $this->authenticate($username, $password))) {
423	// No login: failed authentication!
424	return false;
425	}
426
427	// Convert 'priv' to 'user_type' nomenclature to support older implementations.
428	if (isset($user_data['priv'])) {
429	$user_data['user_type'] = $user_data['priv'];
430	}
431
432	// Register authenticated session.
433	$_SESSION['_auth_sql'][$this->_ns] = array(
434	'authenticated' => true,
435	'user_id' => $user_data['user_id'],
436	'username' => $username,
437	'login_datetime' => date('Y-m-d H:i:s'),
438	'last_access_datetime' => date('Y-m-d H:i:s'),
439	'remote_ip' => getRemoteAddr(),
440	'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($username), $this->_params['login_abuse_exempt_usernames']),
441	'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($username), $this->_params['match_remote_ip_exempt_usernames']),
442	'user_data' => $user_data
443	);
444
445	/**
446	* Check if the account is blocked, respond in context to reason. Cancel the login if blocked.
447	*/
448	if ($this->getParam('blocking')) {
449	if (!empty($user_data['blocked'])) {
450
451	$app->logMsg(sprintf('User_id %s (%s) login failed due to blocked account: %s', $this->get('user_id'), $this->get('username'), $this->get('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__);
452
453	switch ($user_data['blocked_reason']) {
454	case 'account abuse' :
455	$app->raiseMsg(sprintf(_("This account has been blocked due to possible account abuse. Please contact us to reactivate."), null), MSG_WARNING, __FILE__, __LINE__);
456	break;
457	default :
458	$app->raiseMsg(sprintf(_("This account is currently not active. %s"), $user_data['blocked_reason']), MSG_WARNING, __FILE__, __LINE__);
459	break;
460	}
461
462	// No login: user is blocked!
463	$this->clear();
464	return false;
465	}
466	}
467
468	/**
469	* Check the db_login_table for too many logins under this account.
470	* (1) Count the number of unique IP addresses that logged in under this user within the login_abuse_timeframe
471	* (2) If this number exceeds the login_abuse_max_ips, assume multiple people are logging in under the same account.
472	**/
473	if ($this->getParam('abuse_detection') && !$this->get('login_abuse_exempt')) {
474	$qid = $db->query("
475	SELECT COUNT(DISTINCT LEFT(remote_ip_binary, " . $this->_params['login_abuse_ip_bitmask'] . "))
476	FROM " . $this->_params['db_login_table'] . "
477	WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'
478	AND DATE_ADD(login_datetime, INTERVAL '" . $this->_params['login_abuse_timeframe'] . "' DAY_HOUR) > NOW()
479	");
480	list($distinct_ips) = mysql_fetch_row($qid);
481	if ($distinct_ips > $this->_params['login_abuse_max_ips']) {
482	if ($this->get('abuse_warning_level') < $this->_params['login_abuse_warnings']) {
483	// Warn the user with a password reset.
484	$this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share login information with others. If further account abuse is detected this account will be blocked."));
485	$app->raiseMsg(_("Your password has been reset as a security precaution. Please check your email for more information."), MSG_NOTICE, __FILE__, __LINE__);
486	$app->logMsg(sprintf('Account abuse detected for user_id %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_WARNING, __FILE__, __LINE__);
487	} else {
488	// Block the account with the reason of account abuse.
489	$this->blockAccount(null, 'account abuse');
490	$app->raiseMsg(_("Your account has been blocked as a security precaution. Please contact us for more information."), MSG_NOTICE, __FILE__, __LINE__);
491	$app->logMsg(sprintf('Account blocked for user_id %s (%s) from IP %s', $this->get('user_id'), $this->get('username'), $this->get('remote_ip')), LOG_ALERT, __FILE__, __LINE__);
492	}
493	// Increment user's warning level.
494	$db->query("UPDATE " . $this->_params['db_table'] . " SET abuse_warning_level = abuse_warning_level + 1 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'");
495	// Reset the login counter for this user.
496	$db->query("DELETE FROM " . $this->_params['db_login_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'");
497	// No login: reset password because of account abuse!
498	$this->clear();
499	return false;
500	}
501
502	// Update the login counter table with this login access. Convert IP to binary.
503	// TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED.
504	$db->query("
505	INSERT INTO " . $this->_params['db_login_table'] . " (
506	" . $this->_params['db_primary_key'] . ",
507	login_datetime,
508	remote_ip_binary
509	) VALUES (
510	'" . $this->get('user_id') . "',
511	'" . $this->get('login_datetime') . "',
512	'" . sprintf('%032b', ip2long($this->get('remote_ip'))) . "'
513	)
514	");
515	}
516
517	// Update user table with this login.
518	$db->query("
519	UPDATE " . $this->_params['db_table'] . " SET
520	last_login_datetime = '" . $this->get('login_datetime') . "',
521	last_access_datetime = '" . $this->get('login_datetime') . "',
522	last_login_ip = '" . $this->get('remote_ip') . "'
523	WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'
524	");
525
526	// We're logged-in!
527	return true;
528	}
529
530	/**
531	* Test if user has a currently logged-in session.
532	* - authentication flag set to true
533	* - username not empty
534	* - total logged-in time is not greater than login_timeout
535	* - idle time is not greater than idle_timeout
536	* - remote address is the same as the login remote address (aol users excluded).
537	*
538	* @access public
539	*/
540	public function isLoggedIn($user_id=null)
541	{
542	$app =& App::getInstance();
543	$db =& DB::getInstance();
544
545	$this->initDB();
546
547	if (isset($user_id)) {
548	// Check the login status of a specific user.
549	$qid = $db->query("
550	SELECT 1 FROM " . $this->_params['db_table'] . "
551	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
552	AND DATE_ADD(last_login_datetime, INTERVAL '" . $this->_params['login_timeout'] . "' SECOND) > NOW()
553	AND DATE_ADD(last_access_datetime, INTERVAL '" . $this->_params['idle_timeout'] . "' SECOND) > NOW()
554	");
555	$login_status = (mysql_num_rows($qid) > 0);
556	$app->logMsg(sprintf('Returning %s login status for user_id %s', ($login_status ? 'true' : 'false'), $user_id), LOG_DEBUG, __FILE__, __LINE__);
557	return $login_status;
558	}
559
560	// User login test need only be run once per script execution. We cache the result in the session.
561	if ($this->_authentication_tested && isset($_SESSION['_auth_sql'][$this->_ns]['authenticated'])) {
562	$app->logMsg(sprintf('Returning cached authentication status: %s', ($_SESSION['_auth_sql'][$this->_ns]['authenticated'] ? 'true' : 'false')), LOG_DEBUG, __FILE__, __LINE__);
563	return $_SESSION['_auth_sql'][$this->_ns]['authenticated'];
564	}
565
566	// Tesing login should occur once. This is the first time. Set flag.
567	$this->_authentication_tested = true;
568
569	// Some users will access from networks with a changing IP number (i.e. behind a proxy server).
570	// These users must be allowed entry by adding their IP to the list of trusted_networks, or their usernames to the list of match_remote_ip_exempt_usernames.
571	if ($trusted_net = ipInRange(getRemoteAddr(), $this->_params['trusted_networks'])) {
572	$user_in_trusted_network = true;
573	$app->logMsg(sprintf('User_id %s accessing from trusted network %s',
574	($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown'),
575	$trusted_net
576	), LOG_DEBUG, __FILE__, __LINE__);
577	} else if (preg_match('/proxy.aol.com$/i', getRemoteAddr(true))) {
578	$user_in_trusted_network = true;
579	$app->logMsg(sprintf('User_id %s accessing from trusted network proxy.aol.com',
580	($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown')
581	), LOG_DEBUG, __FILE__, __LINE__);
582	} else {
583	$user_in_trusted_network = false;
584	}
585
586	// Do we match the user's remote IP at all? Yes, if set in config and not disabled for specific user.
587	if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt')) {
588	$remote_ip_is_matched = (isset($_SESSION['_auth_sql'][$this->_ns]['remote_ip']) && $_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr()) \|\| $user_in_trusted_network;
589	} else {
590	$app->logMsg(sprintf('User_id %s exempt from remote_ip match (comparing %s == %s)',
591	($this->get('user_id') ? $this->get('user_id') . ' (' . $this->get('username') . ')' : 'unknown'),
592	$_SESSION['_auth_sql'][$this->_ns]['remote_ip'],
593	getRemoteAddr()
594	), LOG_DEBUG, __FILE__, __LINE__);
595	$remote_ip_is_matched = true;
596	}
597
598	// Test login with information stored in session. Skip IP matching for users from trusted networks.
599	if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated'])
600	&& true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']
601	&& isset($_SESSION['_auth_sql'][$this->_ns]['username'])
602	&& !empty($_SESSION['_auth_sql'][$this->_ns]['username'])
603	&& isset($_SESSION['_auth_sql'][$this->_ns]['login_datetime'])
604	&& strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout']
605	&& isset($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'])
606	&& strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout']
607	&& $remote_ip_is_matched
608	) {
609	// User is authenticated!
610	$_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'] = date('Y-m-d H:i:s');
611
612	// Update the DB with the last_access_datetime and increment the seconds_online.
613	$db->query("
614	UPDATE " . $this->_params['db_table'] . " SET
615	seconds_online = seconds_online + (UNIX_TIMESTAMP() - UNIX_TIMESTAMP(last_access_datetime)) + 1,
616	last_access_datetime = '" . $this->get('last_access_datetime') . "'
617	WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "'
618	");
619	if (mysql_affected_rows($db->getDBH()) > 0) {
620	// User record still exists in DB. Do this to ensure user was not delete from DB between accesses. Notice "+ 1" in SQL above to ensure record is modified.
621	return true;
622	} else {
623	$app->logMsg(sprintf('Session update failed; record not found for user_id %s (%s).', $this->get('user_id'), $this->get('username')), LOG_NOTICE, __FILE__, __LINE__);
624	}
625	} else if (isset($_SESSION['_auth_sql'][$this->_ns]['authenticated']) && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']) {
626	// User is authenticated, but login has expired.
627	if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - 43200) {
628	// Only raise message if last session is less than 12 hours old.
629	$app->raiseMsg(_("Your session has expired. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__);
630	}
631
632	// Log the reason for login expiration.
633	$expire_reasons = array();
634	if (empty($_SESSION['_auth_sql'][$this->_ns]['username'])) {
635	$expire_reasons[] = 'username not found';
636	}
637	if (strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) {
638	$expire_reasons[] = sprintf('login_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['login_datetime'], $this->_params['login_timeout']);
639	}
640	if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) {
641	$expire_reasons[] = sprintf('idle_timeout expired (%s older than %s seconds ago)', $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'], $this->_params['idle_timeout']);
642	}
643	if ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr()) {
644	if ($this->getParam('match_remote_ip') && !$this->get('match_remote_ip_exempt') && !$user_in_trusted_network) {
645	// There are three cases when a remote IP match will be the cause of a session termination:
646	// 1. match_remote_ip config is enabled
647	// 2. user is not match_remote_ip_exempt (set in the user_data, or in the match_remote_ip_exempt_usernames list)
648	// 3. the user is connecting from a trusted network (their IP is listed in the trusted_networks or from *.proxy.aol.com)
649	$expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());
650	} else {
651	$expire_reasons[] = sprintf('remote_ip not matched but user was exempt from this check (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr());
652	}
653	}
654	$app->logMsg(sprintf('User_id %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);
655	}
656
657	// User is not authenticated.
658	$this->clear();
659	return false;
660	}
661
662	/**
663	* Redirect user to login page if they are not logged in.
664	*
665	* @param string $message The text description of a message to raise.
666	* @param int $type The type of message: MSG_NOTICE,
667	* MSG_SUCCESS, MSG_WARNING, or MSG_ERR.
668	* @param string $file __FILE__.
669	* @param string $line __LINE__.
670	* @access public
671	*/
672	public function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null)
673	{
674	$app =& App::getInstance();
675
676	if (!$this->isLoggedIn()) {
677	// Display message for requiring login. (RaiseMsg will ignore empty strings.)
678	if ('' != $message) {
679	$app->raiseMsg($message, $type, $file, $line);
680	}
681
682	// Login scripts must have the same 'login' tag for boomerangURL verification/manipulation.
683	$app->setBoomerangURL(absoluteMe(), 'login');
684	$app->dieURL($this->_params['login_url']);
685	}
686	}
687
688	/**
689	* This sets the 'blocked' field for a user in the db_table, and also
690	* adds an optional reason
691	*
692	* @param string $reason The reason for blocking the account.
693	*/
694	public function blockAccount($user_id=null, $reason='')
695	{
696	$app =& App::getInstance();
697	$db =& DB::getInstance();
698
699	$this->initDB();
700
701	if ($this->getParam('blocking')) {
702	if (mb_strlen($db->escapeString($reason)) > 255) {
703	// blocked_reason field is varchar(255).
704	$app->logMsg(sprintf('Blocked reason provided is greater than 255 characters: %s', $reason), LOG_WARNING, __FILE__, __LINE__);
705	}
706
707	// Get user_id if specified.
708	$user_id = isset($user_id) ? $user_id : $this->get('user_id');
709	$db->query("
710	UPDATE " . $this->_params['db_table'] . " SET
711	blocked = 'true',
712	blocked_reason = '" . $db->escapeString($reason) . "'
713	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
714	");
715	}
716	}
717
718	/**
719	* Tests if the "blocked" flag is set for a user.
720	*
721	* @param int $user_id User id to look for.
722	* @return boolean True if the user is blocked, false otherwise.
723	*/
724	public function isBlocked($user_id=null)
725	{
726	$db =& DB::getInstance();
727
728	$this->initDB();
729
730	if ($this->getParam('blocking')) {
731	// Get user_id if specified.
732	$user_id = isset($user_id) ? $user_id : $this->getVal('user_id');
733	$qid = $db->query("
734	SELECT 1
735	FROM " . $this->_params['db_table'] . "
736	WHERE blocked = 'true'
737	AND " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
738	");
739	return mysql_num_rows($qid) === 1;
740	}
741	}
742
743	/**
744	* Unblocks a user in the db_table, and clears any blocked_reason.
745	*/
746	public function unblockAccount($user_id=null)
747	{
748	$db =& DB::getInstance();
749
750	$this->initDB();
751
752	if ($this->getParam('blocking')) {
753	// Get user_id if specified.
754	$user_id = isset($user_id) ? $user_id : $this->get('user_id');
755	$db->query("
756	UPDATE " . $this->_params['db_table'] . " SET
757	blocked = '',
758	blocked_reason = ''
759	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
760	");
761	}
762	}
763
764	/**
765	* Returns true if username already exists in database.
766	*
767	* @param string $username Username to look for.
768	* @return bool True if username exists.
769	*/
770	public function usernameExists($username)
771	{
772	$db =& DB::getInstance();
773
774	$this->initDB();
775
776	$qid = $db->query("
777	SELECT 1
778	FROM " . $this->_params['db_table'] . "
779	WHERE " . $this->_params['db_username_column'] . " = '" . $db->escapeString($username) . "'
780	");
781	return (mysql_num_rows($qid) > 0);
782	}
783
784	/**
785	* Returns a username for a specified user id.
786	*
787	* @param string $user_id User id to look for.
788	* @return string Username, or false if none found.
789	*/
790	public function getUsername($user_id)
791	{
792	$db =& DB::getInstance();
793
794	$this->initDB();
795
796	$qid = $db->query("
797	SELECT " . $this->_params['db_username_column'] . "
798	FROM " . $this->_params['db_table'] . "
799	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
800	");
801	if (list($username) = mysql_fetch_row($qid)) {
802	return $username;
803	} else {
804	return false;
805	}
806	}
807
808	/**
809	* Returns a randomly generated password based on $pattern. The pattern is any
810	* sequence of 'x', 'V', 'C', 'v', 'c', or 'd' and if it is something like 'cvccv' this
811	* function will generate a pronounceable password. Recommend using more complex
812	* patterns, at minimum the US State Department standard: cvcddcvc.
813	*
814	* - x A random upper or lower character, digit, or punctuation.
815	* - C A random upper or lower consonant.
816	* - V A random upper or lower vowel.
817	* - c A random lowercase consonant.
818	* - v A random lowercase vowel.
819	* - d A random digit.
820	*
821	* @param string $pattern a sequence of character types, above.
822	* @return string a password
823	*/
824	public function generatePassword($pattern='CvcdCvc')
825	{
826	$app =& App::getInstance();
827	if (preg_match('/[^xCVcvd]/', $pattern)) {
828	$app->logMsg(sprintf('Invalid pattern: %s', $pattern), LOG_WARNING, __FILE__, __LINE__);
829	$pattern='CvcdCvc';
830	}
831	$str = '';
832	for ($i=0; $i<mb_strlen($pattern); $i++) {
833	$x = mb_substr('bcdfghjklmnprstvwxzBCDFGHJKLMNPRSTVWXZaeiouyAEIOUY0123456789!@#%&*-=+.?', (mt_rand() % 71), 1);
834	$c = mb_substr('bcdfghjklmnprstvwxz', (mt_rand() % 19), 1);
835	$C = mb_substr('bcdfghjklmnprstvwxzBCDFGHJKLMNPRSTVWXZ', (mt_rand() % 38), 1);
836	$v = mb_substr('aeiouy', (mt_rand() % 6), 1);
837	$V = mb_substr('aeiouyAEIOUY', (mt_rand() % 12), 1);
838	$d = mb_substr('0123456789', (mt_rand() % 10), 1);
839	$str .= $$pattern[$i];
840	}
841	return $str;
842	}
843
844	/**
845	*
846	*/
847	public function encryptPassword($password, $salt=null)
848	{
849	$app =& App::getInstance();
850
851	// Existing password hashes rely on the same key/salt being used to compare encryptions.
852	// Don't change this (or the value applied to signing_key) unless you know existing hashes or signatures will not be affected!
853	$more_salt = 'B36D18E5-3FE4-4D58-8150-F26642852B81';
854
855	switch ($this->_params['encryption_type']) {
856	case self::ENCRYPT_PLAINTEXT :
857	return $password;
858	break;
859
860	case self::ENCRYPT_CRYPT :
861	// If comparing plaintext password with a hash, provide first two chars of the hash as the salt.
862	return isset($salt) ? crypt($password, mb_substr($salt, 0, 2)) : crypt($password);
863	break;
864
865	case self::ENCRYPT_SHA1 :
866	return sha1($password);
867	break;
868
869	case self::ENCRYPT_SHA1_HARDENED :
870	$hash = sha1($app->getParam('signing_key') . $password . $more_salt);
871	// Increase key strength by 12 bits.
872	for ($i=0; $i < 4096; $i++) {
873	$hash = sha1($hash);
874	}
875	return $hash;
876	break;
877
878	case self::ENCRYPT_MD5 :
879	return md5($password);
880	break;
881
882	case self::ENCRYPT_MD5_HARDENED :
883	// Include salt to improve hash
884	$hash = md5($app->getParam('signing_key') . $password . $more_salt);
885	// Increase key strength by 12 bits.
886	for ($i=0; $i < 4096; $i++) {
887	$hash = md5($hash);
888	}
889	return $hash;
890	break;
891
892	default :
893	$app->logMsg(sprintf('Authentication encrypt type specified is unrecognized: %s', $this->_params['encryption_type']), LOG_NOTICE, __FILE__, __LINE__);
894	return false;
895	break;
896	}
897	}
898
899	/**
900	*
901	*/
902	public function setPassword($user_id=null, $password)
903	{
904	$app =& App::getInstance();
905	$db =& DB::getInstance();
906
907	$this->initDB();
908
909	// Get user_id if specified.
910	$user_id = isset($user_id) ? $user_id : $this->get('user_id');
911
912	// Get old password.
913	$qid = $db->query("
914	SELECT userpass
915	FROM " . $this->_params['db_table'] . "
916	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
917	");
918	if (!list($old_encrypted_password) = mysql_fetch_row($qid)) {
919	$app->logMsg(sprintf('Cannot set password for nonexistent user_id %s', $user_id), LOG_NOTICE, __FILE__, __LINE__);
920	return false;
921	}
922
923	// Compare old with new to ensure we're actually changing the password.
924	$encrypted_password = $this->encryptPassword($password);
925	if ($old_encrypted_password == $encrypted_password) {
926	$app->logMsg(sprintf('Not setting password: new is the same as old.', null), LOG_INFO, __FILE__, __LINE__);
927	return false;
928	}
929
930	// Issue the password change query.
931	$db->query("
932	UPDATE " . $this->_params['db_table'] . "
933	SET userpass = '" . $db->escapeString($encrypted_password) . "'
934	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
935	");
936
937	if (mysql_affected_rows($db->getDBH()) != 1) {
938	$app->logMsg(sprintf('Failed to update password for user_id %s', $user_id), LOG_WARNING, __FILE__, __LINE__);
939	return false;
940	}
941
942	return true;
943	}
944
945	/**
946	* Resets the password for the user with the specified id.
947	*
948	* @param string $user_id The id of the user to reset.
949	* @param string $reason Additional message to add to the reset email.
950	* @return string The user's new password.
951	*/
952	public function resetPassword($user_id=null, $reason='')
953	{
954	$app =& App::getInstance();
955	$db =& DB::getInstance();
956
957	$this->initDB();
958
959	// Get user_id if specified.
960	$user_id = isset($user_id) ? $user_id : $this->get('user_id');
961
962	// Reset password of a specific user.
963	$qid = $db->query("
964	SELECT * FROM " . $this->_params['db_table'] . "
965	WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "'
966	");
967	if (!$user_data = mysql_fetch_assoc($qid)) {
968	$app->logMsg(sprintf('Reset password failed. User_id %s not found.', $user_id), LOG_NOTICE, __FILE__, __LINE__);
969	return false;
970	}
971
972	// Get new password.
973	$password = $this->generatePassword();
974
975	// Update password query.
976	$this->setPassword($user_id, $password);
977
978	// Make sure user has an email on record before continuing.
979	if (!isset($user_data['email']) \|\| '' == trim($user_data['email'])) {
980	$app->logMsg(sprintf('Password reset but notification failed, no email address for user_id %s (%s).', $user_data[$this->_params['db_primary_key']], $user_data[$this->_params['db_username_column']]), LOG_NOTICE, __FILE__, __LINE__);
981	} else {
982	// Send the new password in an email.
983	$email = new Email(array(
984	'to' => $user_data['email'],
985	'from' => sprintf('%s <%s>', $app->getParam('site_name'), $app->getParam('site_email')),
986	'subject' => sprintf('%s password change', $app->getParam('site_name'))
987	));
988	$email->setTemplate('codebase/services/templates/email_reset_password.txt');
989	$email->replace(array(
990	'SITE_NAME' => $app->getParam('site_name'),
991	'SITE_URL' => $app->getParam('site_url'),
992	'SITE_EMAIL' => $app->getParam('site_email'),
993	'NAME' => ('' != $user_data['first_name'] . $user_data['last_name'] ? $user_data['first_name'] . ' ' . $user_data['last_name'] : $user_data[$this->_params['db_username_column']]),
994	'USERNAME' => $user_data[$this->_params['db_username_column']],
995	'PASSWORD' => $password,
996	'REASON' => ('' == trim($reason) ? '' : trim($reason) . ' '), // Add a space after the reason if it exists for better formatting.
997	));
998	$email->send();
999	}
1000
1001	return array(
1002	'username' => $user_data[$this->_params['db_username_column']],
1003	'userpass' => $password
1004	);
1005	}
1006
1007	/**
1008	* If the current user has access to the specified $security_zone, return true.
1009	* If the optional $user_type is supplied, test that against the zone.
1010	*
1011	* NOTE: "user_type" used to be called "priv" in some older implementations.
1012	*
1013	* @param constant $security_zone string of comma delimited privileges for the zone
1014	* @param string $user_type a privilege that might be found in a zone
1015	* @return bool true if user is a member of security zone, false otherwise
1016	*/
1017	public function inClearanceZone($security_zone, $user_type='')
1018	{
1019	$zone_members = preg_split('/,\s*/', $security_zone);
1020	$user_type = empty($user_type) ? $this->get('user_type') : $user_type;
1021
1022	// If the current user's privilege level is NOT in that array or if the
1023	// user has no privilege, return false. Otherwise the user is clear.
1024	if (!in_array($user_type, $zone_members) \|\| empty($user_type)) {
1025	return false;
1026	} else {
1027	return true;
1028	}
1029	}
1030
1031	/**
1032	* This function tests a list of arguments $security_zone against the priv that the current user has.
1033	* If the user doesn't have one of the supplied privs, die.
1034	*
1035	* NOTE: "user_type" used to be called "priv" in some older implementations.
1036	*
1037	* @param constant $security_zone string of comma delimited privileges for the zone
1038	*/
1039	public function requireAccessClearance($security_zone, $message='')
1040	{
1041	$app =& App::getInstance();
1042
1043	$zone_members = preg_split('/,\s*/', $security_zone);
1044
1045	/* If the current user's privilege level is NOT in that array or if the
1046	* user has no privilege, DIE with a message. */
1047	if (!in_array($this->get('user_type'), $zone_members) \|\| !$this->get('user_type')) {
1048	$message = empty($message) ? _("You have insufficient privileges to view that page.") : $message;
1049	$app->raiseMsg($message, MSG_NOTICE, __FILE__, __LINE__);
1050	$app->dieBoomerangURL();
1051	}
1052	}
1053
1054	} // end class
1055
1056	// CIDR cheat-sheet
1057	//
1058	// Netmask Netmask (binary) CIDR Notes
1059	// _____________________________________________________________________________
1060	// 255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single addr)
1061	// 255.255.255.254 11111111.11111111.11111111.11111110 /31 Unusable
1062	// 255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
1063	// 255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
1064	// 255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
1065	// 255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
1066	// 255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
1067	// 255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
1068	// 255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable
1069	//
1070	// 255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C's
1071	// 255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C's
1072	// 255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C's
1073	// 255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C's
1074	// 255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C's
1075	// 255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C's
1076	// 255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C's
1077	// 255.255.0.0 11111111.11111111.00000000.00000000 /16 "Class B"
1078	//
1079	// 255.254.0.0 11111111.11111110.00000000.00000000 /15 2 Class B's
1080	// 255.252.0.0 11111111.11111100.00000000.00000000 /14 4 Class B's
1081	// 255.248.0.0 11111111.11111000.00000000.00000000 /13 8 Class B's
1082	// 255.240.0.0 11111111.11110000.00000000.00000000 /12 16 Class B's
1083	// 255.224.0.0 11111111.11100000.00000000.00000000 /11 32 Class B's
1084	// 255.192.0.0 11111111.11000000.00000000.00000000 /10 64 Class B's
1085	// 255.128.0.0 11111111.10000000.00000000.00000000 /9 128 Class B's
1086	// 255.0.0.0 11111111.00000000.00000000.00000000 /8 "Class A"
1087	//
1088	// 254.0.0.0 11111110.00000000.00000000.00000000 /7
1089	// 252.0.0.0 11111100.00000000.00000000.00000000 /6
1090	// 248.0.0.0 11111000.00000000.00000000.00000000 /5
1091	// 240.0.0.0 11110000.00000000.00000000.00000000 /4
1092	// 224.0.0.0 11100000.00000000.00000000.00000000 /3
1093	// 192.0.0.0 11000000.00000000.00000000.00000000 /2
1094	// 128.0.0.0 10000000.00000000.00000000.00000000 /1
1095	// 0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space

Note: See TracBrowser for help on using the repository browser.

Download in other formats: