|
The system is not honoring an inactive prefix/ip combination.
The select statement is not checking for status =0. So if the IP Mapping Record is inactive it still allows the IPauthentication to pass.
Select statement (at line 129) should be changed to:
local query = "SELECT "..TBL_IP_MAP.."., (SELECT number FROM "..TBL_USERS.." where id=accountid AND status=0 AND deleted=0) AS account_code FROM "..TBL_IP_MAP.." WHERE ((INET_ATON(\"" .. from_ip.. "\") & (0xFFFFFFFF & (-1 << 32 - SUBSTRING_INDEX(ip, '/',-1)))) = ((0xFFFFFFFF & (-1 << 32 - SUBSTRING_INDEX(ip, '/',-1))) & INET_ATON(SUBSTRING_INDEX(ip,'/',1)))) __AND (status =0)* AND ((SUBSTRING( ip, 1, CHAR_LENGTH( ip ) -3 ) = \"" .. from_ip.. "\" AND prefix IN (NULL,'')) OR (SUBSTRING( ip, 1, CHAR_LENGTH( ip ) -3 ) = \"" .. from_ip.. "\" AND \"" .. destination_number .. "\" RLIKE prefix)) ORDER BY LENGTH(prefix) DESC LIMIT 1"
|