diff options
Diffstat (limited to 'phpBB/adm/admin_ban.php')
| -rw-r--r-- | phpBB/adm/admin_ban.php | 424 |
1 files changed, 56 insertions, 368 deletions
diff --git a/phpBB/adm/admin_ban.php b/phpBB/adm/admin_ban.php index a5889e7664..27b8cde70f 100644 --- a/phpBB/adm/admin_ban.php +++ b/phpBB/adm/admin_ban.php @@ -1,23 +1,15 @@ <?php -/*************************************************************************** - * admin_ban.php - * ------------------- - * begin : Tuesday, Jul 31, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - ***************************************************************************/ - -/*************************************************************************** - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - ***************************************************************************/ +// ------------------------------------------------------------- +// +// $Id$ +// +// FILENAME : admin_ban.php +// STARTED : Tue Jul 31, 2001 +// COPYRIGHT : © 2001,2003 phpBB Group +// WWW : http://www.phpbb.com/ +// LICENCE : GPL vs2.0 [ see /docs/COPYING ] +// +// ------------------------------------------------------------- if (!empty($setmodules)) { @@ -46,327 +38,33 @@ if (!$auth->acl_get('a_ban')) trigger_error($user->lang['NO_ADMIN']); } - // Mode setting -$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : ''; - +$mode = request_var('mode', ''); +$bansubmit = (isset($_POST['bansubmit'])) ? true : false; +$unbansubmit= (isset($_POST['unbansubmit'])) ? true : false; +// Set some vars $current_time = time(); - // Start program -if (isset($_REQUEST['bansubmit'])) +if ($bansubmit) { // Grab the list of entries - $ban = (!empty($_REQUEST['ban'])) ? $_REQUEST['ban'] : ''; - $ban_list = array_unique(explode("\n", $ban)); - $ban_list_log = implode(', ', $ban_list); - - - $ban_exclude = (!empty($_POST['banexclude'])) ? 1 : 0; - $ban_reason = (isset($_POST['banreason'])) ? $_POST['banreason'] : ''; + $ban = request_var('ban', ''); + $ban_len = request_var('banlength', 0); + $ban_len_other = request_var('banlengthother', ''); + $ban_exclude = request_var('banexclude', 0); + $ban_reason = request_var('banreason', ''); - - if (!empty($_POST['banlength'])) - { - if ($_POST['banlength'] != -1 || empty($_POST['banlengthother'])) - { - $ban_end = max($current_time, $current_time + (intval($_POST['banlength']) * 60)); - } - else - { - $ban_other = explode('-', $_POST['banlengthother']); - $ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0])); - } - } - else - { - $ban_end = 0; - } - - - $banlist = array(); - - switch ($mode) - { - case 'user': - $type = 'ban_userid'; - - if (in_array('*', $ban_list)) - { - $banlist[] = '*'; - } - else - { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'\\1'", $ban_list), array("''"))) . ')'; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - do - { - $banlist[] = $row['user_id']; - } - while ($row = $db->sql_fetchrow($result)); - } - } - break; - - case 'ip': - $type = 'ban_ip'; - - foreach ($ban_list as $ban_item) - { - if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode)) - { - // Don't ask about all this, just don't ask ... ! - $ip_1_counter = $ip_range_explode[1]; - $ip_1_end = $ip_range_explode[5]; - - while ($ip_1_counter <= $ip_1_end) - { - $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; - $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; - - if($ip_2_counter == 0 && $ip_2_end == 254) - { - $ip_2_counter = 256; - $ip_2_fragment = 256; - - $banlist[] = "'$ip_1_counter.*'"; - } - - while ($ip_2_counter <= $ip_2_end) - { - $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; - $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; - - if ($ip_3_counter == 0 && $ip_3_end == 254) - { - $ip_3_counter = 256; - $ip_3_fragment = 256; - - $banlist[] = "'$ip_1_counter.$ip_2_counter.*'"; - } - - while ($ip_3_counter <= $ip_3_end) - { - $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; - $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; - - if ($ip_4_counter == 0 && $ip_4_end == 254) - { - $ip_4_counter = 256; - $ip_4_fragment = 256; - - $banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'"; - } - - while ($ip_4_counter <= $ip_4_end) - { - $banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'"; - $ip_4_counter++; - } - $ip_3_counter++; - } - $ip_2_counter++; - } - $ip_1_counter++; - } - } - else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item))) - { - $ip_ary = gethostbynamel(trim($ban_item)); - - foreach ($ip_ary as $ip) - { - if (!empty($ip)) - { - $banlist[] = "'" . $ip . "'"; - } - } - } - else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item))) - { - $banlist[] = "'" . trim($ban_item) . "'"; - } - else if (preg_match('#^\*$#', trim($ban_item))) - { - $banlist[] = "'*'"; - } - } - break; - - case 'email': - $type = 'ban_email'; - - foreach ($ban_list as $ban_item) - { - if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item))) - { - $banlist[] = "'" . trim($ban_item) . "'"; - } - } - break; - } - - $sql = "SELECT $type - FROM " . BANLIST_TABLE . " - WHERE $type <> '' - AND ban_exclude = $ban_exclude"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - $banlist_tmp = array(); - do - { - switch ($mode) - { - case 'user': - $banlist_tmp[] = $row['ban_userid']; - break; - - case 'ip': - $banlist_tmp[] = "'" . $row['ban_ip'] . "'"; - break; - - case 'email': - $banlist_tmp[] = "'" . $row['ban_email'] . "'"; - break; - } - } - while ($row = $db->sql_fetchrow($result)); - - $banlist = array_unique(array_diff($banlist, $banlist_tmp)); - unset($banlist_tmp); - } - - if (sizeof($banlist)) - { - $sql = ''; - foreach ($banlist as $ban_entry) - { - switch (SQL_LAYER) - { - case 'mysql': - case 'mysql4': - $sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')"; - break; - - case 'mssql': - case 'sqlite': - $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason'"; - break; - - default: - $sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason) - VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')"; - $db->sql_query($sql); - $sql = ''; - } - } - - if ($sql != '') - { - $sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason) - VALUES $sql"; - $db->sql_query($sql); - } - - if (!$ban_exclude) - { - $sql = ''; - switch ($mode) - { - case 'user': - $sql = "WHERE session_user_id IN (" . implode(', ', $banlist) . ")"; - break; - - case 'ip': - $sql = "WHERE session_ip IN (" . implode(', ', $banlist) . ")"; - break; - - case 'email': - $sql = "SELECT user_id - FROM " . USERS_TABLE . " - WHERE user_email IN (" . implode(', ', $banlist) . ")"; - $result = $db->sql_query($sql); - - $sql = ''; - if ($row = $db->sql_fetchrow($result)) - { - do - { - $sql .= (($sql != '') ? ', ' : '') . $row['user_id']; - } - while ($row = $db->sql_fetchrow($result)); - - $sql = "WHERE session_user_id IN (" . str_replace('*', '%', $sql) . ")"; - } - break; - } - - if ($sql != '') - { - $sql = "DELETE FROM " . SESSIONS_TABLE . " - $sql"; - $db->sql_query($sql); - } - } - - // Update log - $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_'; - add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); - } + user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason); trigger_error($user->lang['BAN_UPDATE_SUCESSFUL']); - } -else if (isset($_POST['unbansubmit'])) +else if ($unbansubmit) { - $unban_sql = implode(', ', array_map('intval', $_POST['unban'])); + $ban = request_var('unban', ''); - if ($unban_sql != '') - { - $l_unban_list = ''; - // Grab details of bans for logging information later - switch ($mode) - { - case 'user': - $sql = "SELECT u.username AS unban_info - FROM " . USERS_TABLE . " u, " . BANLIST_TABLE . " b - WHERE b.ban_id IN ($unban_sql) - AND u.user_id = b.ban_userid"; - break; - - case 'email': - $sql = "SELECT ban_email AS unban_info - FROM " . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; - break; - - case 'ip': - $sql = "SELECT ban_ip AS unban_info - FROM " . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; - break; - } - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info']; - } - - $sql = "DELETE FROM " . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; - $db->sql_query($sql); - - add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); - } + user_unban($mode, $ban); trigger_error($user->lang['BAN_UPDATE_SUCESSFUL']); } @@ -375,13 +73,6 @@ else if (isset($_POST['unbansubmit'])) // Output relevant entry page // -// -// Remove timed out bans -// -$sql = "DELETE FROM " . BANLIST_TABLE . " - WHERE ban_end < " . time() . " - AND ban_end <> 0"; -$db->sql_query($sql); // // Ban length options @@ -427,18 +118,17 @@ switch ($mode) $l_ban_exclude_explain = $user->lang['BAN_USER_EXCLUDE_EXPLAIN']; $l_unban_title = $user->lang['UNBAN_USERNAME']; $l_unban_explain = $user->lang['UNBAN_USERNAME_EXPLAIN']; - $l_ban_cell = $user->lang['USERNAME']; + $l_ban_cell = $user->lang['USERNAME'] . ': <br /><span class="gensmall">[ <a href="' . "../memberlist.$phpEx$SID&mode=searchuser&form=banning&field=ban\" onclick=\"window.open('../memberlist.$phpEx$SID&mode=searchuser&form=banning&field=ban', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;\">" . $user->lang['FIND_USERNAME'] .'</a> ]</span>'; $l_no_ban_cell = $user->lang['NO_BANNED_USERS']; - $s_submit_extra = '<input type="submit" name="usersubmit" value="' . $user->lang['LOOK_UP_USER'] . '" class="btnlite" onclick="window.open(\'../memberlist.' . $phpEx . $SID . '&mode=searchuser&field=ban\', \'_phpbbsearch\', \'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740\');return false;" />'; - $sql = "SELECT b.*, u.user_id, u.username - FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u - WHERE (b.ban_end >= " . time() . " + $sql = 'SELECT b.*, u.user_id, u.username + FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u + WHERE (b.ban_end >= ' . time() . ' OR b.ban_end = 0) AND u.user_id = b.ban_userid AND b.ban_userid <> 0 - AND u.user_id <> " . ANONYMOUS . " - ORDER BY u.user_id ASC"; + AND u.user_id <> ' . ANONYMOUS . ' + ORDER BY u.user_id ASC'; break; case 'ip': @@ -449,13 +139,12 @@ switch ($mode) $l_ban_exclude_explain = $user->lang['BAN_IP_EXCLUDE_EXPLAIN']; $l_unban_title = $user->lang['UNBAN_IP']; $l_unban_explain = $user->lang['UNBAN_IP_EXPLAIN']; - $l_ban_cell = $user->lang['IP_HOSTNAME']; + $l_ban_cell = $user->lang['IP_HOSTNAME'] . ':'; $l_no_ban_cell = $user->lang['NO_BANNED_IP']; - $s_submit_extra = ''; - $sql = "SELECT * - FROM " . BANLIST_TABLE . " - WHERE (ban_end >= " . time() . " + $sql = 'SELECT * + FROM ' . BANLIST_TABLE . ' + WHERE (ban_end >= ' . time() . " OR ban_end = 0) AND ban_ip <> ''"; break; @@ -468,13 +157,12 @@ switch ($mode) $l_ban_exclude_explain = $user->lang['BAN_EMAIL_EXCLUDE_EXPLAIN']; $l_unban_title = $user->lang['UNBAN_EMAIL']; $l_unban_explain = $user->lang['UNBAN_EMAIL_EXPLAIN']; - $l_ban_cell = $user->lang['EMAIL_ADDRESS']; + $l_ban_cell = $user->lang['EMAIL_ADDRESS'] . ':'; $l_no_ban_cell = $user->lang['NO_BANNED_EMAIL']; - $s_submit_extra = ''; - $sql = "SELECT * - FROM " . BANLIST_TABLE . " - WHERE (ban_end >= " . time() . " + $sql = 'SELECT * + FROM ' . BANLIST_TABLE . ' + WHERE (ban_end >= ' . time() . " OR ban_end = 0) AND ban_email <> ''"; break; @@ -542,28 +230,28 @@ function display_details(option) //--> </script> -<form method="post" action="<?php echo "admin_ban.$phpEx$SID&mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center"> +<form name="banning" method="post" action="<?php echo "admin_ban.$phpEx$SID&mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center"> <tr> <th colspan="2"><?php echo $l_ban_title; ?></th> </tr> <tr> - <td class="row2" width="45%"><?php echo $l_ban_cell; ?>: </td> - <td class="row1"><textarea cols="40" rows="3" name="ban"></textarea></td> + <td class="row1" width="45%"><?php echo $l_ban_cell; ?></td> + <td class="row2"><textarea cols="40" rows="3" name="ban"></textarea></td> </tr> <tr> - <td class="row2" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td> - <td class="row1"><select name="banlength"><?php echo $ban_end_options; ?></select> <input class="post" type="text" name="banlengthother" maxlength="10" size="10" /></td> + <td class="row1" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td> + <td class="row2"><select name="banlength"><?php echo $ban_end_options; ?></select> <input class="post" type="text" name="banlengthother" maxlength="10" size="10" /></td> </tr> <tr> - <td class="row2" width="45%"><?php echo $user->lang['BAN_EXCLUDE']; ?>: <br /><span class="gensmall"><?php echo $l_ban_exclude_explain;;?></span></td> - <td class="row1"><input type="radio" name="banexclude" value="1" /> <?php echo $user->lang['YES']; ?> <input type="radio" name="banexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td> + <td class="row1" width="45%"><?php echo $user->lang['BAN_EXCLUDE']; ?>: <br /><span class="gensmall"><?php echo $l_ban_exclude_explain;;?></span></td> + <td class="row2"><input type="radio" name="banexclude" value="1" /> <?php echo $user->lang['YES']; ?> <input type="radio" name="banexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td> </tr> <tr> - <td class="row2" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td> - <td class="row1"><input class="post" type="text" name="banreason" maxlength="255" size="40" /></td> + <td class="row1" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td> + <td class="row2"><input class="post" type="text" name="banreason" maxlength="255" size="40" /></td> </tr> <tr> - <td class="cat" colspan="2" align="center"> <input type="submit" name="bansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" /> <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /> <?php echo $s_submit_extra; ?></td> + <td class="cat" colspan="2" align="center"> <input type="submit" name="bansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" /> <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /> </td> </tr> </table> @@ -582,16 +270,16 @@ function display_details(option) ?> <tr> - <td class="row2" width="45%"><?php echo $l_ban_cell; ?>: <br /></td> - <td class="row1"> <select name="unban[]" multiple="multiple" size="5" onchange="display_details(this.options[this.selectedIndex].value)"><?php echo $banned_options; ?></select></td> + <td class="row1" width="45%"><?php echo $l_ban_cell; ?>: <br /></td> + <td class="row2"> <select name="unban[]" multiple="multiple" size="5" onchange="display_details(this.options[this.selectedIndex].value)"><?php echo $banned_options; ?></select></td> </tr> <tr> - <td class="row2" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td> - <td class="row1"><input class="row1" style="border:0px" type="text" name="unbanreason" size="40" /></td> + <td class="row1" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td> + <td class="row2"><input class="row1" style="border:0px" type="text" name="unbanreason" size="40" /></td> </tr> <tr> - <td class="row2" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td> - <td class="row1"><input class="row1" style="border:0px" type="text" name="unbanlength" size="40" /></td> + <td class="row1" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td> + <td class="row2"><input class="row1" style="border:0px" type="text" name="unbanlength" size="40" /></td> </tr> <tr> <td class="cat" colspan="2" align="center"><input type="submit" name="unbansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" /> <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /></td> @@ -604,7 +292,7 @@ function display_details(option) ?> <tr> - <td class="row1" colspan="2" align="center"><?php echo $l_no_ban_cell; ?></td> + <td class="row2" colspan="2" align="center"><?php echo $l_no_ban_cell; ?></td> </tr> <?php |