From 5e062d55f2dc36e7cbe1bc655d3df43bdde74987 Mon Sep 17 00:00:00 2001 From: Prashant Dabholkar <45789526+prashantbd@users.noreply.github.com> Date: Thu, 18 Mar 2021 13:20:46 +0530 Subject: [PATCH 1/3] Update postback_paymentwall.php --- .../controllers/postback_paymentwall.php | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/application/modules/donate/controllers/postback_paymentwall.php b/application/modules/donate/controllers/postback_paymentwall.php index a8d78a1..0d55ac3 100644 --- a/application/modules/donate/controllers/postback_paymentwall.php +++ b/application/modules/donate/controllers/postback_paymentwall.php @@ -29,7 +29,7 @@ public function __construct() */ public function index() { - if ( ! in_array($this->input->ip_address(), $this->ipsWhitelist)) + if ( ! $this->isIpAddressValid($this->input->ip_address()) { die("WRONG IP"); } @@ -115,4 +115,30 @@ private function updateMonthlyIncome() $this->db->query("INSERT INTO monthly_income(month, amount) VALUES(?, ?)", array(date("Y-m"), floor($this->currency))); } } + public function isIpAddressValid($ipAddress) + { + $ipsWhitelist = array( + '174.36.92.186', + '174.36.96.66', + '174.36.92.187', + '174.36.92.192', + '174.37.14.28' + ); + + $rangesWhitelist = array( + '216.127.71.0/24' + ); + + if (in_array($ipAddress, $ipsWhitelist)) { + return true; + } + + foreach ($rangesWhitelist as $range) { + if ($this->isCidrMatched($this->ipAddress, $range)) { + return true; + } + } + + return false; + } } From 4af9f3e1be60ed6a40c999edae7b187814278402 Mon Sep 17 00:00:00 2001 From: Prashant Dabholkar <45789526+prashantbd@users.noreply.github.com> Date: Thu, 18 Mar 2021 13:22:39 +0530 Subject: [PATCH 2/3] Update postback_paymentwall.php --- .../modules/donate/controllers/postback_paymentwall.php | 8 -------- 1 file changed, 8 deletions(-) diff --git a/application/modules/donate/controllers/postback_paymentwall.php b/application/modules/donate/controllers/postback_paymentwall.php index 0d55ac3..2124896 100644 --- a/application/modules/donate/controllers/postback_paymentwall.php +++ b/application/modules/donate/controllers/postback_paymentwall.php @@ -2,14 +2,6 @@ class Postback_paymentwall extends MX_Controller { - private $ipsWhitelist = array( - '174.36.92.186', - '174.36.96.66', - '174.36.92.187', - '174.36.92.192', - '174.37.14.28' - ); - private $currency; private $uid; From 769a00cb86bf36f7864bc82fcdeee70c7e32f3d9 Mon Sep 17 00:00:00 2001 From: Prashant Dabholkar <45789526+prashantbd@users.noreply.github.com> Date: Thu, 18 Mar 2021 13:24:52 +0530 Subject: [PATCH 3/3] Update postback_paymentwall.php --- .../donate/controllers/postback_paymentwall.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/application/modules/donate/controllers/postback_paymentwall.php b/application/modules/donate/controllers/postback_paymentwall.php index 2124896..1f71b1a 100644 --- a/application/modules/donate/controllers/postback_paymentwall.php +++ b/application/modules/donate/controllers/postback_paymentwall.php @@ -133,4 +133,15 @@ public function isIpAddressValid($ipAddress) return false; } + + public function isCidrMatched($ip, $range) + { + list($subnet, $bits) = explode('/', $range); + $ip = ip2long($ip); + $subnet = ip2long($subnet); + $mask = -1 << (32 - $bits); + $subnet &= $mask; + return ($ip & $mask) == $subnet; + } + }