X-Cart forums - View Single Post - Limit ADMIN Login to a Geographical Area!

Mish · #2 12-19-2013, 11:18 PM

Hi everyone,
Code updated to
1> Ensure it doesn't do a check on logout.
2> Let you know how many GeoIP requests you have remaining.
3> Works in 4.6.1
4> Includes an IP whitelist

Same instructions... here is the code. You'll want to change the bits in red.

Code:

// IP Whitelist
$_ips = array("217.107.8.106", "194.84.72.162", "83.234.124.243");

if (!in_array($_SERVER['REMOTE_ADDR'], $_ips) && ($_GET['mode'] != 'logout'))
{
    /* Admin IP Address distance modification */
    /* This modification requires subscription to the Anti-Fraud service offered through QTMSoft */
    /* Modification by Hinderwell Holdings Pty Ltd (Australia) */
    /* POC: Mish [on X-Cart Forums] */
    
    $address = array(
            'city' => "Emerald",
            'state' =>  "VIC",
            'country' => "AU",
            'zipcode' => "3782"
        );
    
    $maximum_distance = 300;
    
    $ip = $_SERVER['REMOTE_ADDR'];
    $result = '';
    $proxy_ip = false;
    
    // Contact Geo_IP database lookup server
    $result = func_check_ip_at_af($ip,$proxy_ip, $address);
    
    $myFile = "access37.log";
    $fh = fopen($myFile, 'a');
    fwrite($fh, date("Y-m-d H:i:s") .  " IP: " . $ip . " - " . $result['data']['city'] . ", " . $result['data']['country'] . "\n");
    fclose($fh);

    /* Send an e-mail with the IP addres and City/Country of person trying to login */

    $remainingRequests = $result['status']['available_request'] - $result['status']['used_request'];
    mail("sales@flightplanning.com.au","Admin Login has just occured from "," IP: " . $ip . " - " . $result['data']['city'] . ", " . $result['data']['country'] . "\n" . "GeoIP requests remaining: " . $remainingRequests );
    
    $distance = $result['data']['distance'];
    
    
    if (($distance === null) || ($distance > $maximum_distance))
    {
    
        echo "<B>SITE ACCESS DENIED</b> - ";
        echo "<B>GEOGRAPHIC TRIPWIRE TRIGGER. YOU HAVE BEEN BANNED FROM ACCESSING THE ADMIN AREA</B>";
        echo "Access request traced to <b>{$result['data']['city']}, {$result['data']['country']}</b>!<br />";
        echo "Should you feel you have received this in error, please contact sales@flightplanning.com.au";
    
        /* Block the IP address from accessing the admin directory */
        $myfiletwo = ".htaccess";
        $fhtwo = fopen($myfiletwo, 'a');
        fwrite($fhtwo, "# This IP address was automatically added to the deny list on " . date("Y-m-d H:i:s") . "\n");
        fwrite($fhtwo, "DENY FROM " . $ip . "\n");
        fclose($fhtwo);
        mail("sales@flightplanning.com.au","Banned Admin Login","IP: " . $ip . " - " . $result['data']['city'] . ", " . $result['data']['country_name'] . " has been automatically banned.\n");
        /* End of automatic IP address block */
        sleep(1);
        die();
    }
    
    /* End of IP Address distance modification */
} /* End of IF statement [IP whitelist]) */