Add user_log_allowed function.

2022-09-15 17:00:57 -06:00 · 2022-09-15 17:00:57 -06:00 · 1d55981cbb
parent 4fce9a4565
commit 1d55981cbb
1 changed files with 115 additions and 65 deletions
--- a/app/event_guard/resources/service/event_guard.php
+++ b/app/event_guard/resources/service/event_guard.php
@ -179,9 +179,9 @@
 		}

 		//debug info
-		if ($debug) { 
-			print_r($json_array);
-		}
+		//if ($debug) { 
+		//	print_r($json_array);
+		//}

 		//registration failed - block IP address unless they are registered, 
 		if (is_array($json_array) && $json_array['Event-Subclass'] == 'sofia::register_failure') {
@ -258,10 +258,10 @@
 		}

 		//debug information
-		if ($debug && ($json_array['Event-Subclass'] == 'sofia::register_failure' || $json_array['Event-Subclass'] == 'sofia::pre_register')) {
+		//if ($debug && ($json_array['Event-Subclass'] == 'sofia::register_failure' || $json_array['Event-Subclass'] == 'sofia::pre_register')) {

-			echo "\n";
-			print_r($json_array);
+			//echo "\n";
+			//print_r($json_array);

 			//echo "event_name: ".$json_array['Event-Name']."\n";
 			//echo "event_type: ".$json_array['event_type']."\n";
@ -276,7 +276,7 @@
 			//echo "hangup_cause: ".$json_array['Hangup-Cause']."\n";
 			//echo "to-host: $json_array['to-host']\n";
 			//echo "\n";
-		}
+		//}

 		//unset the array
 		if (is_array($json_array)) {
@ -430,6 +430,76 @@
 		}
 	}

+//determine if the IP address has been allowed by the access control list node cidr
+	function access_allowed($ip_address) {
+		//define global variables
+		global $debug;
+
+		//invalid ip address
+		if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
+			return false;
+		}
+
+		//check the cache to see if the address is allowed
+		$cache = new cache;
+		if ($cache->get("switch:allowed:".$ip_address) === 'true') {
+			//debug info
+			if ($debug) {
+				echo "address: ".$ip_address." allowed by: cache\n";
+			}
+
+			//return boolean true
+			return true;
+		}
+
+		//allow access if the cidr address is allowed
+		if (user_log_allowed($ip_address)) {
+			//save address to the cache as allowed
+			$cache->set("switch:allowed:".$ip_address, 'true');
+
+			//debug info
+			if ($debug) {
+				echo "address: ".$ip_address." allowed by: user logs\n";
+			}
+
+			//return boolean true
+			return true;
+		}
+
+		//allow access if the cidr address is allowed
+		if (access_control_allowed($ip_address)) {
+			//save address to the cache as allowed
+			$cache->set("switch:allowed:".$ip_address, 'true');
+
+			//debug info
+			if ($debug) {
+				echo "address: ".$ip_address." allowed by: access controls\n";
+			}
+
+			//return boolean true
+			return true;
+		}
+
+		//auto allow if there is a registration from the same IP address
+		if (is_registered($ip_address)) {
+			//save address to the cache as allowed
+			$cache->set("switch:allowed:".$ip_address, 'true');
+
+			//debug info
+			if ($debug) {
+				echo "address: ".$ip_address." allowed by: registration\n";
+			}
+
+			//return boolean true
+			return true;
+		}
+
+
+
+		//return
+		return false;
+	}
+
 //is the ip address registered
 	function is_registered($ip_address) {
 		//invalid ip address
@ -453,60 +523,6 @@
 		return $registered;
 	}

-//determine if the IP address has been allowed by the access control list node cidr
-	function access_allowed($ip_address) {
-		//define global variables
-		global $debug;
-
-		//invalid ip address
-		if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
-			return false;
-		}
-
-		//check the cache to see if the address is allowed
-		$cache = new cache;
-		if ($cache->get("switch:allowed:".$ip_address) === 'true') {
-			//debug info
-			if ($debug) {
-				echo "allowed by: cache\n";
-			}
-
-			//return boolean true
-			return true;
-		}
-
-		//auto allow if there is a registration from the same IP address
-		if (is_registered($ip_address)) {
-			//save address to the cache as allowed
-			$cache->set("switch:allowed:".$ip_address, 'true');
-
-			//debug info
-			if ($debug) {
-				echo "allowed by: registration\n";
-			}
-
-			//return boolean true
-			return true;
-		}
-
-		//allow access if the cidr address is allowed
-		if (access_control_allowed($ip_address)) {
-			//save address to the cache as allowed
-			$cache->set("switch:allowed:".$ip_address, 'true');
-
-			//debug info
-			if ($debug) {
-				echo "allowed by: access controls\n";
-			}
-
-			//return boolean true
-			return true;
-		}
-
-		//return
-		return false;
-	}
-
 //determine if the IP address has been allowed by the access control list node cidr
 	function access_control_allowed($ip_address) {

@ -533,10 +549,10 @@
 			foreach($allowed_nodes as $row) {
 				if (check_cidr($row['node_cidr'], $ip_address)) {
 					//debug info
-					if ($debug) {
-						print_r($row);
-						echo $ip_address."\n";
-					}
+					//if ($debug) {
+					//	print_r($row);
+					//	echo $ip_address."\n";
+					//}

 					//set the allowed to true
 					$allowed = true;
@ -551,4 +567,38 @@
 		return $allowed;
 	}

+//determine if the IP address has been allowed by the user log authentication success
+	function user_log_allowed($ip_address) {
+
+		//invalid ip address
+		if (!filter_var($ip_address, FILTER_VALIDATE_IP)) {
+			return false;
+		}
+
+		//get the access control allowed nodes
+		$sql = "select count(user_log_uuid) ";
+		$sql .= "from v_user_logs ";
+		$sql .= "where ip_address = :ip_address ";
+		$sql .= "and result = 'success' ";
+		$parameters['ip_address'] = $ip_address;  
+		$database = new database;
+		$user_log_count = $database->select($sql, $parameters, 'field');
+		unset($database);
+
+		//debug info
+		if ($debug) {
+			echo "address ".$ip_address." count ".$user_log_count."\n";
+		}
+
+		//default authorized to false
+		$allowed = false;
+
+		//use the ip address to get the authorized nodes
+		if ($user_log_count > 0) {
+			$allowed = true;
+		}
+
+		//return
+		return $allowed;
+	}
 ?>