Open OGP API to Any IP Address by Default

includes/api_functions.php

@@ -460,7 +460,11 @@ function is_authorized()
 	require_once 'includes/ip_in_range.php';
 	$api_hosts_file = 'api_authorized.hosts';
 	$api_fwd_hosts_file = 'api_authorized.fwd_hosts';
-	global $db;
+	global $db, $settings;
+	
+	if(!@$settings['use_authorized_hosts']){
+		return true;
+	}
 	
 	$authorized_hosts = array();
 	$ip = getHostByName(getHostName());
@@ -607,4 +611,4 @@ function is_authorized()
 	return false;
 }
 
-?>
+?>

lang/English/modules/settings.php

@@ -132,6 +132,8 @@ define('OGP_LANG_show_server_id_game_monitor', "Show Server IDs on Game Monitor
 define('OGP_LANG_show_server_id_game_monitor_info', "Show the game server ID column on the Game Monitor for matching up files created by the Agent to the actual game server.");
 define('OGP_LANG_default_game_server_home_path_prefix', "Default game server home directory prefix");
 define('OGP_LANG_default_game_server_home_path_prefix_info', "Enter a path prefix for where you want game server homes to be created by default. You can use \"{USERNAME}\" in the path which will be replaced with the OGP username the game server is being assigned to.  You can use \"{GAMEKEY}\" in the path which will be replaced with a friendly lowercase name.  You can use \"{SKIPID}\" anywhere in the path to skip appending the home ID to the path.  Example: /ogp/games/{USERNAME}/{GAMEKEY}{SKIPID} will become /ogp/games/username/arkse/.  Example 2:  /ogp/games will become /ogp/games/1 where 1 is the game servers ID.");
+define('OGP_LANG_use_authorized_hosts', "Limit API to Defined Authorized Hosts");
+define('OGP_LANG_use_authorized_hosts_info', "Enable this setting to only allow API calls from pre-defined and approved IP addresses.  Approved addresses can be set on this page once the setting has been enabled.  If this setting is disabled, a user using a valid key will have access to the API from any IP address.  Users using a valid key will be able to use the API to manage any game server they have permissions to administrate.");
 define('OGP_LANG_setup_api_authorized_hosts', "Setup API authorized hosts");
 define('OGP_LANG_autohorized_hosts', "Authorized hosts");
 define('OGP_LANG_add', "Add");

modules/settings/settings.php

@@ -69,6 +69,7 @@ function exec_ogp_module()
 			"custom_github_update_username" => $_REQUEST['custom_github_update_username'],
 			"show_server_id_game_monitor" => $_REQUEST['show_server_id_game_monitor'],
 			"default_game_server_home_path_prefix" => $_REQUEST['default_game_server_home_path_prefix'],
+			"use_authorized_hosts" => $_REQUEST['use_authorized_hosts'],
 		);
 		
 		$db->setSettings($settings);
@@ -104,9 +105,14 @@ function exec_ogp_module()
 	
 	$rsync_options = array("1" => get_lang('all_available_servers'), "2" => get_lang('only_remote_servers'), "3" => get_lang('only_local_servers'));
 
-	echo "<h2>".get_lang('settings')."</h2>";
-	echo "<h4><a href='?m=settings&p=api_hosts'>".get_lang('setup_api_authorized_hosts')."</a></h4>";
 	$row = $db->getSettings();
+
+	echo "<h2>".get_lang('settings')."</h2>";
+	
+	if(@$row['use_authorized_hosts']){
+		echo "<h4><a href='?m=settings&p=api_hosts'>".get_lang('setup_api_authorized_hosts')."</a></h4>";
+	}
+	
 	$ft = new FormTable();
 	$ft->start_form("?m=settings", "post", "autocomplete=\"off\"");
 	$ft->start_table();
@@ -168,8 +174,11 @@ function exec_ogp_module()
 	
 	$ft->add_field('string','default_game_server_home_path_prefix',@$row['default_game_server_home_path_prefix']);
 	
+	// Use authorized hosts for API - this should be disabled by default since using the KEY alone should be secure enough
+	$ft->add_field('on_off','use_authorized_hosts',@$row['use_authorized_hosts']);	
+	
 	$ft->end_table();
 	$ft->add_button("submit","update_settings",get_lang('update_settings'));
 	$ft->end_form();
 }
-?>
+?>