From 9a9f1045c667f620d7e11f708cdf5223b22c3c7f Mon Sep 17 00:00:00 2001
From: Joomill <info@joomill.nl>
Date: Sat, 21 Oct 2023 23:57:55 +0200
Subject: [PATCH] Initial commit

---
 .idea/.gitignore                            |  8 ++
 .idea/copyright/profiles_settings.xml       |  8 ++
 .idea/misc.xml                              |  6 ++
 accesskey.php                               | 92 +++++++++++++++++++++
 accesskey.xml                               | 88 ++++++++++++++++++++
 elements/ip.php                             | 44 ++++++++++
 language/en-GB/plg_system_accesskey.ini     | 16 ++++
 language/en-GB/plg_system_accesskey.sys.ini |  2 +
 script.php                                  | 72 ++++++++++++++++
 9 files changed, 336 insertions(+)
 create mode 100644 .idea/.gitignore
 create mode 100644 .idea/copyright/profiles_settings.xml
 create mode 100644 .idea/misc.xml
 create mode 100644 accesskey.php
 create mode 100644 accesskey.xml
 create mode 100644 elements/ip.php
 create mode 100644 language/en-GB/plg_system_accesskey.ini
 create mode 100644 language/en-GB/plg_system_accesskey.sys.ini
 create mode 100644 script.php

diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..13566b8
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/.idea/copyright/profiles_settings.xml b/.idea/copyright/profiles_settings.xml
new file mode 100644
index 0000000..c55af0d
--- /dev/null
+++ b/.idea/copyright/profiles_settings.xml
@@ -0,0 +1,8 @@
+<component name="CopyrightManager">
+  <settings default="Joomill">
+    <LanguageOptions name="XML">
+      <option name="fileTypeOverride" value="1" />
+      <option name="prefixLines" value="false" />
+    </LanguageOptions>
+  </settings>
+</component>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..3ce3588
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/accesskey.php b/accesskey.php
new file mode 100644
index 0000000..1c4fd6d
--- /dev/null
+++ b/accesskey.php
@@ -0,0 +1,92 @@
+<?php
+/*
+ *  package: Access Key
+ *  copyright: Copyright (c) 2023. Jeroen Moolenschot | Joomill
+ *  license: GNU General Public License version 2 or later
+ *  link: https://www.joomill-extensions.com
+ */
+
+defined('_JEXEC') or die('Restricted access');
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Application\CMSApplication;
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\CMS\Router\Route;
+use Joomla\CMS\Uri\Uri;
+
+class plgSystemAccesskey extends CMSPlugin {
+
+	protected $autoloadLanguage = true;
+	protected $app;
+
+	private $correctKey = false;
+
+	public function onAfterInitialise(): void
+	{
+		
+		$session = Factory::getSession();
+		if ($session->get('accesskey'))
+		{
+			return;
+		}
+
+		if (!$this->params->get('key')) 
+		{
+			return;
+		}
+
+		if (!$this->app->isClient('administrator'))
+		{
+			return;
+		}
+
+		$visitorIP = '';
+	    if (getenv('HTTP_CLIENT_IP'))
+	        $visitorIP = getenv('HTTP_CLIENT_IP');
+	    else if(getenv('HTTP_X_FORWARDED_FOR'))
+	        $visitorIP = getenv('HTTP_X_FORWARDED_FOR');
+	    else if(getenv('HTTP_X_FORWARDED'))
+	        $visitorIP = getenv('HTTP_X_FORWARDED');
+	    else if(getenv('HTTP_FORWARDED_FOR'))
+	        $visitorIP = getenv('HTTP_FORWARDED_FOR');
+	    else if(getenv('HTTP_FORWARDED'))
+	       $visitorIP = getenv('HTTP_FORWARDED');
+	    else if(getenv('REMOTE_ADDR'))
+	        $visitorIP = getenv('REMOTE_ADDR');
+		$whitelist = array_map('trim', explode(',', $this->params->get('whitelist')));
+		if (in_array($visitorIP, $whitelist)) {
+			$session->set('accesskey', true);
+			return;
+		}
+
+
+		// Check if security key has been entered
+		$this->correctKey = !is_null($this->app->input->get($this->params->get('key')));
+		if($this->correctKey) {
+			$session->set('accesskey', true);
+			return;
+		}
+
+		else {
+			if($this->params->get('failAction') == "message") {
+				header('HTTP/1.0 401 Unauthorized');
+				die($this->params->get('message'));
+				return; 
+			} 
+
+			if($this->params->get('failAction') == "redirect") {
+			$url = $this->params->get('redirectUrl');
+
+			// Fallback to site
+			if (!$url)
+			{
+				$url = URI::root();
+			}
+
+			$this->app->redirect($url);
+			die;
+			}
+		}
+	
+	}
+}
diff --git a/accesskey.xml b/accesskey.xml
new file mode 100644
index 0000000..29276f9
--- /dev/null
+++ b/accesskey.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension version="3.6" type="plugin" group="system" method="upgrade">
+	<name>PLG_SYSTEM_ACCESSKEY</name>
+	<creationDate>october 2023</creationDate>
+	<author>Joomill</author>
+	<authorEmail>info@joomill-extensions.com</authorEmail>
+	<authorUrl>https://www.joomill-extensions.com</authorUrl>
+	<copyright>Copyright (C) 2023 Joomill Extensions. All rights reserved.</copyright>
+	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
+	<version>1.0.0</version>
+	<description>PLG_SYSTEM_ACCESSKEY_XML_DESCRIPTION</description>
+	
+	<!-- Scripts to run on installation -->
+	<scriptfile>script.php</scriptfile>
+
+	<!-- Files -->
+	<files>
+      	<filename plugin="accesskey">accesskey.php</filename>
+      	<filename>script.php</filename>
+		<folder>elements</folder>
+		<folder>language</folder>
+  	</files>
+
+  	<!-- Configuration / Parameters -->
+	<config>
+    <fields name="params" addfieldpath="plugins/system/accesskey/elements/">
+        <fieldset name="basic">
+	        <field 
+	        	name="key"
+				type="text"
+				default=""
+				label="PLG_SYSTEM_ACCESSKEY_KEY_LABEL"
+				description="PLG_SYSTEM_ACCESSKEY_KEY_DESC"
+				required="true" 
+			/>
+
+			
+			<field 
+				name="whitelist"
+				type="text"
+				size="50"
+				default=""
+				label="PLG_SYSTEM_ACCESSKEY_WHITELIST_LABEL"
+				description="PLG_SYSTEM_ACCESSKEY_WHITELIST_DESC"
+			/>
+
+			<field
+				name="ipAddress"
+				type="ip"
+				label="PLG_SYSTEM_ACCESSKEY_CURRENT_IPADDRESS_LABEL"
+				description="PLG_SYSTEM_ACCESSKEY_CURRENT_IPADDRESS_DESC"
+			/>
+
+			<field 
+				name="failAction"
+				type="radio"
+				class="btn-group"
+				default="message"
+				label="PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_LABEL"
+				description="PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_DESC">
+			  	<option value="message">PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_MESSAGE</option>
+			  	<option value="redirect">PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_REDIRECT</option>
+			</field>
+
+			<field 
+				name="message"
+			    type="textarea"
+			    default="There is nothing to see here!"
+			    label="PLG_SYSTEM_ACCESSKEY_MESSAGE_LABEL"
+			    description="PLG_SYSTEM_ACCESSKEY_MESSAGE_DESC"
+			    showon="failAction:message" 
+			/>
+
+			<field 
+				name="redirectUrl"
+				type="url"
+				label="PLG_SYSTEM_ACCESSKEY_REDIRECT_LABEL"
+				description="PLG_SYSTEM_ACCESSKEY_REDIRECT_DESC"
+				showon="failAction:redirect" 
+			/>
+		</fieldset>
+	    </fields>
+	</config>
+
+	<changelogurl><![CDATA[https://www.joomill-extensions.com/index.php?option=com_ochsubscriptions&amp;view=changelog&amp;format=xml&amp;cat=19]]></changelogurl>
+
+    <updateservers><server type="extension" name="Joomill Access Key"><![CDATA[https://www.joomill-extensions.com/index.php?option=com_ochsubscriptions&amp;view=updater&amp;format=xml&amp;cat=19]]></server></updateservers>
+</extension>
diff --git a/elements/ip.php b/elements/ip.php
new file mode 100644
index 0000000..8d3674c
--- /dev/null
+++ b/elements/ip.php
@@ -0,0 +1,44 @@
+<?php
+/*
+ *  package: Access Key
+ *  copyright: Copyright (c) 2023. Jeroen Moolenschot | Joomill
+ *  license: GNU General Public License version 2 or later
+ *  link: https://www.joomill-extensions.com
+ */
+
+// No direct access.
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Form\FormHelper;
+
+FormHelper::loadFieldClass('list');
+
+class JFormFieldIP extends Joomla\CMS\Form\Field\ListField
+{
+	protected $type = 'ip';
+
+	protected function getInput()
+	{
+		$ipaddress = '';
+	    if (getenv('HTTP_CLIENT_IP'))
+	        $ipaddress = getenv('HTTP_CLIENT_IP');
+	    else if(getenv('HTTP_X_FORWARDED_FOR'))
+	        $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
+	    else if(getenv('HTTP_X_FORWARDED'))
+	        $ipaddress = getenv('HTTP_X_FORWARDED');
+	    else if(getenv('HTTP_FORWARDED_FOR'))
+	        $ipaddress = getenv('HTTP_FORWARDED_FOR');
+	    else if(getenv('HTTP_FORWARDED'))
+	       $ipaddress = getenv('HTTP_FORWARDED');
+	    else if(getenv('REMOTE_ADDR'))
+	        $ipaddress = getenv('REMOTE_ADDR');
+	    else
+	        $ipaddress = 'UNKNOWN';
+
+		return
+			'<code>' . $ipaddress . '</code>';
+	}
+
+
+}
diff --git a/language/en-GB/plg_system_accesskey.ini b/language/en-GB/plg_system_accesskey.ini
new file mode 100644
index 0000000..1746c08
--- /dev/null
+++ b/language/en-GB/plg_system_accesskey.ini
@@ -0,0 +1,16 @@
+PLG_SYSTEM_ACCESSKEY = "System - Joomill Access Key"
+PLG_SYSTEM_ACCESSKEY_XML_DESCRIPTION = "Protect the backend of your site by using URL access keys. <br/>Just append the key as parameter to the URL (e.g. <code>https://www.website.com/administrator<strong>?Your_Access_Key</strong></code>)"
+PLG_SYSTEM_ACCESSKEY_KEY_LABEL = "Access Key"
+PLG_SYSTEM_ACCESSKEY_KEY_DESC = "Enter the Access Key you want to use. Just append the key as parameter to the URL every time you want to access the backend of your website. (e. g. <code>https://www.website.com/administrator<strong>?Your_Access_Key</strong></code>)"
+PLG_SYSTEM_ACCESSKEY_WHITELIST_LABEL = "Whitelist IP Addresses"
+PLG_SYSTEM_ACCESSKEY_WHITELIST_DESC = "These IP Addresses (separated by comma e.g. 127.0.0.1 , 127.0.0.2) don't need to use the Access Key to enter the backend."
+PLG_SYSTEM_ACCESSKEY_CURRENT_IPADDRESS_LABEL = "Your IP Address" 
+PLG_SYSTEM_ACCESSKEY_CURRENT_IPADDRESS_DESC = "You can use this to Whitelist this IP Address."
+PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_LABEL = "Action on Failure"
+PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_DESC = "Choose an action when No or a Wrong Access Key is used."
+PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_MESSAGE = "Show Message"
+PLG_SYSTEM_ACCESSKEY_FAIL_ACTION_REDIRECT = "Redirect to URL"
+PLG_SYSTEM_ACCESSKEY_MESSAGE_LABEL = "Message"
+PLG_SYSTEM_ACCESSKEY_MESSAGE_DESC = "This message is displayed if the Access Key is not provided."
+PLG_SYSTEM_ACCESSKEY_REDIRECT_LABEL = "Redirect"
+PLG_SYSTEM_ACCESSKEY_REDIRECT_DESC = "URL where a user is redirected to when no Access Key is provided. Leave empty to redirect to the Joomla Root."
diff --git a/language/en-GB/plg_system_accesskey.sys.ini b/language/en-GB/plg_system_accesskey.sys.ini
new file mode 100644
index 0000000..3fae458
--- /dev/null
+++ b/language/en-GB/plg_system_accesskey.sys.ini
@@ -0,0 +1,2 @@
+PLG_SYSTEM_ACCESSKEY = "System - Joomill Access Key"
+PLG_SYSTEM_ACCESSKEY_XML_DESCRIPTION = "Protect the backend of your site by using URL access keys. <br/>Just append the key as parameter to the URL (e.g. <code>https://www.website.com/administrator<strong>?Your_Access_Key</strong></code>)"
\ No newline at end of file
diff --git a/script.php b/script.php
new file mode 100644
index 0000000..5cecd14
--- /dev/null
+++ b/script.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ *  package: Access Key
+ *  copyright: Copyright (c) 2023. Jeroen Moolenschot | Joomill
+ *  license: GNU General Public License version 2 or later
+ *  link: https://www.joomill-extensions.com
+ */
+
+// No direct access.
+defined('_JEXEC') or die;
+
+use Joomla\CMS\Factory;
+use Joomla\CMS\Installer\InstallerAdapter;
+use Joomla\CMS\Language\Text;
+use Joomla\CMS\Log\Log;
+
+class plgSystemAccesskeyInstallerScript
+{
+    /**
+     * Minimum Joomla version to check
+     *
+     * @var    string
+     * @since  1.0.0
+     */
+    private $minimumJoomlaVersion = '4.0';
+
+    /**
+     * Minimum PHP version to check
+     *
+     * @var    string
+     * @since  1.0.0
+     */
+    private $minimumPHPVersion = JOOMLA_MINIMUM_PHP;
+
+
+    /**
+     * Function called before extension installation/update/removal procedure commences
+     *
+     * @param string $type The type of change (install, update or discover_install, not uninstall)
+     * @param InstallerAdapter $parent The class calling this method
+     * @return  boolean  True on success
+     * @throws Exception
+     * @since  1.0.0
+     */
+    public function preflight($type, $parent): bool
+    {
+        if ($type !== 'uninstall')
+        {
+            // Check for the minimum PHP version before continuing
+            if (!empty($this->minimumPHPVersion) && version_compare(PHP_VERSION, $this->minimumPHPVersion, '<'))
+            {
+                Log::add(
+                    Text::sprintf('JLIB_INSTALLER_MINIMUM_PHP', $this->minimumPHPVersion),
+                    Log::WARNING,
+                    'jerror'
+                );
+                return false;
+            }
+            // Check for the minimum Joomla version before continuing
+            if (!empty($this->minimumJoomlaVersion) && version_compare(JVERSION, $this->minimumJoomlaVersion, '<'))
+            {
+                Log::add(
+                    Text::sprintf('JLIB_INSTALLER_MINIMUM_JOOMLA', $this->minimumJoomlaVersion),
+                    Log::WARNING,
+                    'jerror'
+                );
+                return false;
+            }
+        }
+        return true;
+    }
+}
\ No newline at end of file