Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 39 and 401]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Contains a simple class providing some useful internet protocol-related functions.
  19   *
  20   * @package   core
  21   * @copyright 2016 Jake Dallimore
  22   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   * @author    Jake Dallimore <jrhdallimore@gmail.com>
  24   */
  25  
  26  namespace core;
  27  
  28  defined('MOODLE_INTERNAL') || exit();
  29  
  30  /**
  31   * Static helper class providing some useful internet-protocol-related functions.
  32   *
  33   * @package   core
  34   * @copyright 2016 Jake Dallimore
  35   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  36   * @author    Jake Dallimore <jrhdallimore@gmail.com>
  37   */
  38  final class ip_utils {
  39      /**
  40       * Syntax checking for domain names, including fully qualified domain names.
  41       *
  42       * This function does not verify the existence of the domain name. It only verifies syntactic correctness.
  43       * This is based on RFC1034/1035 and does not provide support for validation of internationalised domain names (IDNs).
  44       * All IDNs must be prior-converted to their ascii-compatible encoding before being passed to this function.
  45       *
  46       * @param string $domainname the input string to check.
  47       * @return bool true if the string has valid syntax, false otherwise.
  48       */
  49      public static function is_domain_name($domainname) {
  50          if (!is_string($domainname)) {
  51              return false;
  52          }
  53          // Usually the trailing dot (null label) is omitted, but is valid if supplied. We'll just remove it and validate as normal.
  54          $domainname = rtrim($domainname, '.');
  55  
  56          // The entire name cannot exceed 253 ascii characters (255 octets, less the leading label-length byte and null label byte).
  57          if (strlen($domainname) > 253) {
  58              return false;
  59          }
  60          // Tertiary domain labels can have 63 octets max, and must not have begin or end with a hyphen.
  61          // The TLD label cannot begin with a number, but otherwise, is only loosely restricted here (TLD list is not checked).
  62          $domaintertiary = '([a-zA-Z0-9](([a-zA-Z0-9-]{0,61})[a-zA-Z0-9])?\.)*';
  63          $domaintoplevel = '([a-zA-Z](([a-zA-Z0-9-]*)[a-zA-Z0-9])?)';
  64          $address = '(' . $domaintertiary .  $domaintoplevel . ')';
  65          $regexp = '#^' . $address . '$#i'; // Case insensitive matching.
  66          return preg_match($regexp, $domainname, $match) == true; // False for error, 0 for no match - we treat the same.
  67      }
  68  
  69      /**
  70       * Checks whether the input string is a valid wildcard domain matching pattern.
  71       *
  72       * A domain matching pattern is essentially a domain name with a single, leading wildcard (*) label, and at least one other
  73       * label. The wildcard label is considered to match at least one label at or above (to the left of) its position in the string,
  74       * but will not match the trailing domain (everything to its right).
  75       *
  76       * The string must be dot-separated, and the whole pattern must follow the domain name syntax rules defined in RFC1034/1035.
  77       * Namely, the character type (ascii), total-length (253) and label-length (63) restrictions. This function only confirms
  78       * syntactic correctness. It does not check for the existence of the domain/subdomains.
  79       *
  80       * For example, the string '*.example.com' is a pattern deemed to match any direct subdomain of
  81       * example.com (such as test.example.com), any higher level subdomains (e.g. another.test.example.com) but will not match
  82       * the 'example.com' domain itself.
  83       *
  84       * @param string $pattern the string to check.
  85       * @return bool true if the input string is a valid domain wildcard matching pattern, false otherwise.
  86       */
  87      public static function is_domain_matching_pattern($pattern) {
  88          if (!is_string($pattern)) {
  89              return false;
  90          }
  91          // Usually the trailing dot (null label) is omitted, but is valid if supplied. We'll just remove it and validate as normal.
  92          $pattern = rtrim($pattern, '.');
  93  
  94          // The entire name cannot exceed 253 ascii characters (255 octets, less the leading label-length byte and null label byte).
  95          if (strlen($pattern) > 253) {
  96              return false;
  97          }
  98          // A valid pattern must left-positioned wildcard symbol (*).
  99          // Tertiary domain labels can have 63 octets max, and must not have begin or end with a hyphen.
 100          // The TLD label cannot begin with a number, but otherwise, is only loosely restricted here (TLD list is not checked).
 101          $wildcard = '((\*)\.){1}';
 102          $domaintertiary = '([a-zA-Z0-9](([a-zA-Z0-9-]{0,61})[a-zA-Z0-9])?\.)*';
 103          $domaintoplevel = '([a-zA-Z](([a-zA-Z0-9-]*)[a-zA-Z0-9])?)';
 104          $address = '(' . $wildcard . $domaintertiary .  $domaintoplevel . ')';
 105          $regexp = '#^' . $address . '$#i'; // Case insensitive matching.
 106          return preg_match($regexp, $pattern, $match) == true; // False for error, 0 for no match - we treat the same.
 107      }
 108  
 109      /**
 110       * Syntax validation for IP addresses, supporting both IPv4 and Ipv6 formats.
 111       *
 112       * @param string $address the address to check.
 113       * @return bool true if the address is a valid IPv4 of IPv6 address, false otherwise.
 114       */
 115      public static function is_ip_address($address) {
 116          return filter_var($address, FILTER_VALIDATE_IP) !== false;
 117      }
 118  
 119      /**
 120       * Syntax validation for IPv4 addresses.
 121       *
 122       * @param string $address the address to check.
 123       * @return bool true if the address is a valid IPv4 address, false otherwise.
 124       */
 125      public static function is_ipv4_address($address) {
 126          return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
 127      }
 128  
 129      /**
 130       * Syntax checking for IPv4 address ranges.
 131       * Supports CIDR notation and last-group ranges.
 132       * Eg. 127.0.0.0/24 or 127.0.0.80-255
 133       *
 134       * @param string $addressrange the address range to check.
 135       * @return bool true if the string is a valid range representation, false otherwise.
 136       */
 137      public static function is_ipv4_range($addressrange) {
 138          // Check CIDR notation.
 139          if (preg_match('#^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$#', $addressrange, $match)) {
 140              $address = "{$match[1]}.{$match[2]}.{$match[3]}.{$match[4]}";
 141              return self::is_ipv4_address($address) && $match[5] <= 32;
 142          }
 143          // Check last-group notation.
 144          if (preg_match('#^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})-(\d{1,3})$#', $addressrange, $match)) {
 145              $address = "{$match[1]}.{$match[2]}.{$match[3]}.{$match[4]}";
 146              return self::is_ipv4_address($address) && $match[5] <= 255 && $match[5] >= $match[4];
 147          }
 148          return false;
 149      }
 150  
 151      /**
 152       * Syntax validation for IPv6 addresses.
 153       * This function does not check whether the address is assigned, only its syntactical correctness.
 154       *
 155       * @param string $address the address to check.
 156       * @return bool true if the address is a valid IPv6 address, false otherwise.
 157       */
 158      public static function is_ipv6_address($address) {
 159          return filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
 160      }
 161  
 162      /**
 163       * Syntax validation for IPv6 address ranges.
 164       * Supports CIDR notation and last-group ranges.
 165       * Eg. fe80::d98c/64 or fe80::d98c-ffee
 166       *
 167       * @param string $addressrange the IPv6 address range to check.
 168       * @return bool true if the string is a valid range representation, false otherwise.
 169       */
 170      public static function is_ipv6_range($addressrange) {
 171          // Check CIDR notation.
 172          $ipv6parts = explode('/', $addressrange);
 173          if (count($ipv6parts) == 2) {
 174              $range = (int)$ipv6parts[1];
 175              return self::is_ipv6_address($ipv6parts[0]) && (string)$range === $ipv6parts[1] && $range >= 0 && $range <= 128;
 176          }
 177          // Check last-group notation.
 178          $ipv6parts = explode('-', $addressrange);
 179          if (count($ipv6parts) == 2) {
 180              $addressparts = explode(':', $ipv6parts[0]);
 181              $rangestart = $addressparts[count($addressparts) - 1];
 182              $rangeend = $ipv6parts[1];
 183              return self::is_ipv6_address($ipv6parts[0]) && ctype_xdigit($rangestart) && ctype_xdigit($rangeend)
 184              && strlen($rangeend) <= 4 && strlen($rangestart) <= 4 && hexdec($rangeend) >= hexdec($rangestart);
 185          }
 186          return false;
 187      }
 188  
 189      /**
 190       * Checks the domain name against a list of allowed domains. The list of allowed domains may use wildcards
 191       * that match {@see is_domain_matching_pattern()}. Domains are compared in a case-insensitive manner
 192       *
 193       * @param  string $domain Domain address
 194       * @param  array $alloweddomains An array of allowed domains.
 195       * @return boolean True if the domain matches one of the entries in the allowed domains list.
 196       */
 197      public static function is_domain_in_allowed_list($domain, $alloweddomains) {
 198  
 199          if (!self::is_domain_name($domain)) {
 200              return false;
 201          }
 202  
 203          foreach ($alloweddomains as $alloweddomain) {
 204              if (strpos($alloweddomain, '*') !== false) {
 205                  if (!self::is_domain_matching_pattern($alloweddomain)) {
 206                      continue;
 207                  }
 208                  // Use of wildcard for possible subdomains.
 209                  $escapeperiods = str_replace('.', '\.', $alloweddomain);
 210                  $replacewildcard = str_replace('*', '.*', $escapeperiods);
 211                  $ultimatepattern = '/' . $replacewildcard . '$/i';
 212                  if (preg_match($ultimatepattern, $domain)) {
 213                      return true;
 214                  }
 215              } else {
 216                  if (!self::is_domain_name($alloweddomain)) {
 217                      continue;
 218                  }
 219                  // Strict domain setting.
 220                  if (strcasecmp($domain, $alloweddomain) === 0) {
 221                      return true;
 222                  }
 223              }
 224          }
 225          return false;
 226      }
 227  
 228      /**
 229       * Is an ip in a given list of subnets?
 230       *
 231       * @param string $ip - the IP to test against the list
 232       * @param string $list - the list of IP subnets
 233       * @param string $delim a delimiter of the list
 234       * @return bool
 235       */
 236      public static function is_ip_in_subnet_list($ip, $list, $delim = "\n") {
 237          $list = explode($delim, $list);
 238          foreach ($list as $line) {
 239              $tokens = explode('#', $line);
 240              $subnet = trim($tokens[0]);
 241              if (address_in_subnet($ip, $subnet)) {
 242                  return true;
 243              }
 244          }
 245          return false;
 246      }
 247  
 248      /**
 249       * Return IP address for given hostname, or null on failure
 250       *
 251       * @param string $hostname
 252       * @return string|null
 253       */
 254      public static function get_ip_address(string $hostname): ?string {
 255          if (self::is_domain_name($hostname)) {
 256              $address = gethostbyname($hostname);
 257  
 258              // If address is different from hostname, we have success.
 259              if (strcasecmp($address, $hostname) !== 0) {
 260                  return $address;
 261              }
 262          }
 263  
 264          return null;
 265      }
 266  }