+<?php

+/***************************************************************************

+ * admin_ban.php

+ * -------------------

+ * begin : Tuesday, Jul 31, 2001

+ * copyright : (C) 2001 The phpBB Group

+ * email : support@phpbb.com

+ *

+ * $Id$

+ *

+ ***************************************************************************/

+

+/***************************************************************************

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ ***************************************************************************/

+

+define('IN_PHPBB', 1);

+

+if( !empty($setmodules) )

+{

+ if ( !$acl->get_acl_admin('ban') )

+ {

+ return;

+ }

+

+ $filename = basename(__FILE__);

+ $module['Users']['Ban_users'] = $filename . "$SID&amp;mode=user";

+ $module['Users']['Ban_emails'] = $filename . "$SID&amp;mode=email";

+ $module['Users']['Ban_ips'] = $filename . "$SID&amp;mode=ip";

+

+ return;

+}

+

+//

+// Load default header

+//

+$phpbb_root_path = '../';

+require($phpbb_root_path . 'extension.inc');

+require('pagestart.' . $phpEx);

+

+//

+//

+//

+if ( !$acl->get_acl_admin('ban') )

+{

+ return;

+}

+

+//

+// Start program

+//

+if( isset($HTTP_POST_VARS['submit']) )

+{

+ $user_bansql = '';

+ $email_bansql = '';

+ $ip_bansql = '';

+

+ $user_list = array();

+ if( isset($HTTP_POST_VARS['ban_user']) )

+ {

+ $user_list_temp = $HTTP_POST_VARS['ban_user'];

+

+ for($i = 0; $i < count($user_list_temp); $i++)

+ {

+ $user_list[] = trim($user_list_temp[$i]);

+ }

+ }

+

+ $ip_list = array();

+ if( isset($HTTP_POST_VARS['ban_ip']) )

+ {

+ $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);

+

+ for($i = 0; $i < count($ip_list_temp); $i++)

+ {

+ if( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )

+ {

+ //

+ // Don't ask about all this, just don't ask ... !

+ //

+ $ip_1_counter = $ip_range_explode[1];

+ $ip_1_end = $ip_range_explode[5];

+

+ while($ip_1_counter <= $ip_1_end)

+ {

+ $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;

+ $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];

+

+ if($ip_2_counter == 0 && $ip_2_end == 254)

+ {

+ $ip_2_counter = 256;

+ $ip_2_fragment = 256;

+

+ $ip_list[] = "$ip_1_counter.256.256.256";

+ }

+

+ while($ip_2_counter <= $ip_2_end)

+ {

+ $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;

+ $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];

+

+ if($ip_3_counter == 0 && $ip_3_end == 254 )

+ {

+ $ip_3_counter = 256;

+ $ip_3_fragment = 256;

+

+ $ip_list[] = "$ip_1_counter.$ip_2_counter.256.256";

+ }

+

+ while($ip_3_counter <= $ip_3_end)

+ {

+ $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;

+ $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];

+

+ if($ip_4_counter == 0 && $ip_4_end == 254)

+ {

+ $ip_4_counter = 256;

+ $ip_4_fragment = 256;

+

+ $ip_list[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.256";

+ }

+

+ while($ip_4_counter <= $ip_4_end)

+ {

+ $ip_list[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";

+ $ip_4_counter++;

+ }

+ $ip_3_counter++;

+ }

+ $ip_2_counter++;

+ }

+ $ip_1_counter++;

+ }

+ }

+ else if( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )

+ {

+ $ip = gethostbynamel(trim($ip_list_temp[$i]));

+

+ for($j = 0; $j < count($ip); $j++)

+ {

+ if( !empty($ip[$j]) )

+ {

+ $ip_list[] = $ip[$j];

+ }

+ }

+ }

+ else if( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )

+ {

+ $ip_list[] = str_replace('*', '256', trim($ip_list_temp[$i]));

+ }

+ }

+ }

+

+ $email_list = array();

+ if(isset($HTTP_POST_VARS['ban_email']))

+ {

+ $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);

+

+ for($i = 0; $i < count($email_list_temp); $i++)

+ {

+ //

+ // This ereg match is based on one by php@unreelpro.com

+ // contained in the annotated php manual at php.com (ereg

+ // section)

+ //

+ if( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )

+ {

+ $email_list[] = trim($email_list_temp[$i]);

+ }

+ }

+ }

+

+ $sql = "SELECT *

+ FROM " . BANLIST_TABLE;

+ if( !$result = $db->sql_query($sql) )

+ {

+ message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);

+ }

+

+ $current_banlist = $db->sql_fetchrowset($result);

+

+ $kill_session_sql = '';

+ for($i = 0; $i < count($user_list); $i++)

+ {

+ $in_banlist = false;

+ for($j = 0; $j < count($current_banlist); $j++)

+ {

+ if($user_list[$i] == $current_banlist[$j]['ban_userid'])

+ {

+ $in_banlist = true;

+ }

+ }

+

+ if(!$in_banlist)

+ {

+ $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];

+

+ $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)

+ VALUES (" . $user_list[$i] . ")";

+ if( !$result = $db->sql_query($sql) )

+ {

+ message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);

+ }

+ }

+ }

+

+ for($i = 0; $i < count($ip_list); $i++)

+ {

+ $in_banlist = false;

+ for($j = 0; $j < count($current_banlist); $j++)

+ {

+ if($ip_list[$i] == $current_banlist[$j]['ban_ip'])

+ {

+ $in_banlist = true;

+ }

+ }

+

+ if ( !$in_banlist )

+ {

+ $kill_ip_sql = ( preg_match('/256/s') ) ? "session_ip LIKE '" . preg_replace('/(256)/s', '%', $ip_list[$i]) . "'" : "session_ip = '" . $ip_list[$i] . "'";

+

+ $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . $kill_ip_sql;

+

+ $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)

+ VALUES ('" . $ip_list[$i] . "')";

+ if( !$result = $db->sql_query($sql) )

+ {

+ message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);

+ }

+ }

+ }

+

+ //

+ // Now we'll delete all entries from the

+ // session table with any of the banned

+ // user or IP info just entered into the

+ // ban table ... this will force a session

+ // initialisation resulting in an instant

+ // ban

+ //

+ if( $kill_session_sql != "" )

+ {

+ $sql = "DELETE FROM " . SESSIONS_TABLE . "

+ WHERE $kill_session_sql";

+ if( !$result = $db->sql_query($sql) )

+ {

+ message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);

+ }

+ }

+

+ for($i = 0; $i < count($email_list); $i++)

+ {

+ $in_banlist = false;

+ for($j = 0; $j < count($current_banlist); $j++)

+ {

+ if( $email_list[$i] == $current_banlist[$j]['ban_email'] )

+ {

+ $in_banlist = true;

+ }

+ }

+

+ if( !$in_banlist )

+ {

+ $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)

+ VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";

+ if( !$result = $db->sql_query($sql) )

+ {

+ message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);

+ }

+ }

+ }

+

+ $where_sql = "";

+

+ if(isset($HTTP_POST_VARS['unban_user']))

+ {

+ $user_list = $HTTP_POST_VARS['unban_user'];

+

+ for($i = 0; $i < count($user_list); $i++)

+ {

+ if($user_list[$i] != -1)

+ {

+ if($where_sql != "")

+ {

+ $where_sql .= ", ";

+ }

+ $where_sql .= $user_list[$i];

+ }

+ }

+ }

+

+ if( isset($HTTP_POST_VARS['unban_ip']) )

+ {

+ $ip_list = $HTTP_POST_VARS['unban_ip'];

+

+ for($i = 0; $i < count($ip_list); $i++)

+ {

+ if($ip_list[$i] != -1)

+ {

+ if($where_sql != "")

+ {

+ $where_sql .= ", ";

+ }

+ $where_sql .= $ip_list[$i];

+ }

+ }

+ }

+

+ if( isset($HTTP_POST_VARS['unban_email']) )

+ {

+ $email_list = $HTTP_POST_VARS['unban_email'];

+

+ for($i = 0; $i < count($email_list); $i++)

+ {

+ if($email_list[$i] != -1)

+ {

+ if($where_sql != "")

+ {

+ $where_sql .= ", ";

+ }

+ $where_sql .= $email_list[$i];

+ }

+ }

+ }

+

+ if( $where_sql != "" )

+ {

+ $sql = "DELETE FROM " . BANLIST_TABLE . "

+ WHERE ban_id IN ($where_sql)";

+ if( !$result = $db->sql_query($sql) )

+ {

+ message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);

+ }

+ }

+

+ $message = $lang['Ban_update_sucessful'] . "<br /><br />" . sprintf($lang['Click_return_banadmin'], "<a href=\"" . append_sid("admin_user_ban.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");

+

+ message_die(GENERAL_MESSAGE, $message);

+

+}

+else

+{

+ $template->set_filenames(array(

+ 'body' => 'admin/user_ban_body.tpl')

+ );

+

+ $template->assign_vars(array(

+ 'L_BAN_TITLE' => $lang['Ban_control'],

+ 'L_BAN_EXPLAIN' => $lang['Ban_explain'],

+ 'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],

+ 'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],

+ 'L_EMAIL_ADDRESS' => $lang['Email_address'],

+ 'L_SUBMIT' => $lang['Submit'],

+ 'L_RESET' => $lang['Reset'],

+

+ 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))

+ );

+

+ $userban_count = 0;

+

+ $sql = "SELECT user_id, username

+ FROM " . USERS_TABLE . "

+ WHERE user_id <> " . ANONYMOUS . "

+ ORDER BY username ASC";

+ if ( !($result = $db->sql_query($sql)) )

+ {

+ message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);

+ }

+

+ $user_list = $db->sql_fetchrowset($result);

+ $db->sql_freeresult($result);

+

+ $select_userlist = '';

+ for($i = 0; $i < count($user_list); $i++)

+ {

+ $select_userlist .= '<option value="' . $user_list[$i]['user_id'] . '">' . $user_list[$i]['username'] . '</option>';

+ $userban_count++;

+ }

+ $select_userlist = '<select name="ban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

+

+ $template->assign_vars(array(

+ 'L_BAN_USER' => $lang['Ban_username'],

+ 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],

+ 'L_BAN_IP' => $lang['Ban_IP'],

+ 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],

+ 'L_BAN_EMAIL' => $lang['Ban_email'],

+ 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'],

+

+ 'S_BAN_USERLIST_SELECT' => $select_userlist)

+ );

+

+ $userban_count = 0;

+ $ipban_count = 0;

+ $emailban_count = 0;

+

+ $sql = "SELECT b.ban_id, u.user_id, u.username

+ FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u

+ WHERE u.user_id = b.ban_userid

+ AND b.ban_userid <> 0

+ AND u.user_id <> " . ANONYMOUS . "

+ ORDER BY u.user_id ASC";

+ if ( !($result = $db->sql_query($sql)) )

+ {

+ message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);

+ }

+

+ $user_list = $db->sql_fetchrowset($result);

+ $db->sql_freeresult($result);

+

+ $select_userlist = '';

+ for($i = 0; $i < count($user_list); $i++)

+ {

+ $select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';

+ $userban_count++;

+ }

+

+ if( $select_userlist == '' )

+ {

+ $select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';

+ }

+

+ $select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

+

+ $sql = "SELECT ban_id, ban_ip, ban_email

+ FROM " . BANLIST_TABLE;

+ if ( !($result = $db->sql_query($sql)) )

+ {

+ message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);

+ }

+

+ $banlist = $db->sql_fetchrowset($result);

+ $db->sql_freeresult($result);

+

+ $select_iplist = '';

+ $select_emaillist = '';

+

+ for($i = 0; $i < count($banlist); $i++)

+ {

+ $ban_id = $banlist[$i]['ban_id'];

+

+ if ( !empty($banlist[$i]['ban_ip']) )

+ {

+ $ban_ip = str_replace('256', '*', $banlist[$i]['ban_ip']);

+ $select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';

+ $ipban_count++;

+ }

+ else if ( !empty($banlist[$i]['ban_email']) )

+ {

+ $ban_email = $banlist[$i]['ban_email'];

+ $select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';

+ $emailban_count++;

+ }

+ }

+

+ if ( $select_iplist == '' )

+ {

+ $select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';

+ }

+

+ if ( $select_emaillist == '' )

+ {

+ $select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';

+ }

+

+ $select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';

+ $select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';

+

+ $template->assign_vars(array(

+ 'L_UNBAN_USER' => $lang['Unban_username'],

+ 'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],

+ 'L_UNBAN_IP' => $lang['Unban_IP'],

+ 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],

+ 'L_UNBAN_EMAIL' => $lang['Unban_email'],

+ 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],

+

+ 'S_UNBAN_USERLIST_SELECT' => $select_userlist,

+ 'S_UNBAN_IPLIST_SELECT' => $select_iplist,

+ 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,

+ 'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))

+ );

+}

+

+$template->pparse('body');

+

+include('page_footer_admin.'.$phpEx);

+

+?> \ No newline at end of file

+ $module['Users']['Disallow'] = $filename . $SID;

+ $module['Groups']['Create'] = $filename . "SID&amp;mode=create";

+ $module['Groups']['Delete'] = $filename . "SID&amp;mode=delete";

+ $module['Groups']['Manage'] = $filename . "SID&amp;mode=manage";

+ if ( !$acl->get_acl_admin('user') )

+ {

+ return;

+ }

+

+$phpbb_root_path = '../';

+//

+//

+//

+if ( !$acl->get_acl_admin('user') )

+{

+ return;

+}

+

+//

+//

+//

+if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )

+ if ( isset($HTTP_POST_VARS['add']) )

+ $mode = 'add';

+ else if ( isset($HTTP_POST_VARS['save']) )

+ $mode = 'save';

+ $mode = '';

+if ( $mode != '' )

+ if ( $mode == 'edit' || $mode == 'add' )

+ $s_hidden_fields = '';

+ if ( $mode == 'edit' )

+ if ( empty($rank_id) )

+ message_die(MESSAGE, $lang['Must_select_rank']);

+ $result = $db->sql_query($sql);

+ $rank_is_special = ( $rank_info['rank_special'] ) ? ' checked="checked"' : '';

+ $rank_is_not_special = ( !$rank_info['rank_special'] ) ? ' checked="checked"' : '';

+ 'body' => 'admin/ranks_edit_body.tpl')

+ "MINIMUM" => ( $rank_is_special ) ? '' : $rank_info['rank_min'],

+ "IMAGE" => ( $rank_info['rank_image'] != '' ) ? $rank_info['rank_image'] : '',

+ "IMAGE_DISPLAY" => ( $rank_info['rank_image'] != '' ) ? '<img src="../' . $rank_info['rank_image'] . '" />' : '',

+ "S_RANK_ACTION" => "admin_ranks.$phpEx$SID",

+ else if ( $mode == 'save' )

+ $rank_title = ( isset($HTTP_POST_VARS['title']) ) ? trim($HTTP_POST_VARS['title']) : '';

+ $rank_image = ( (isset($HTTP_POST_VARS['rank_image'])) ) ? trim($HTTP_POST_VARS['rank_image']) : '';

+ if ( $rank_title == "" )

+ message_die(MESSAGE, $lang['Must_select_rank']);

+ if ( $special_rank == 1 )

+ if ( $rank_image != '' )

+ if ( !preg_match('/(\.gif|\.png|\.jpg)$/is', $rank_image))

+ $rank_image = '';

+ $db->sql_query($sql);

+ $message .= '<br /><br />' . sprintf($lang['Click_return_rankadmin'], '<a href="' . "admin_ranks.$phpEx$SID" . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . "index.$phpEx$SID&amp;pane=right" . '">', '</a>');

+ message_die(MESSAGE, $message);

+ else if ( $mode == 'delete' )

+ if ( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )

+ if ( $rank_id )

+ $db->sql_query($sql);

+ $db->sql_query($sql);

+ $message = $lang['Rank_removed'] . '<br /><br />' . sprintf($lang['Click_return_rankadmin'], '<a href="' . "admin_ranks.$phpEx$SID" . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . "index.$phpEx$SID&amp;pane=right" . '">', '</a>');

+ message_die(MESSAGE, $message);

+ message_die(MESSAGE, $lang['Must_select_rank']);

+ $result = $db->sql_query($sql);

+ "S_RANKS_ACTION" => "admin_ranks.$phpEx$SID")

+ "U_RANK_EDIT" => "admin_ranks.$phpEx$SID&amp;mode=edit&amp;id=$rank_id",

+ "U_RANK_DELETE" => "admin_ranks.$phpEx$SID&amp;mode=delete&amp;id=$rank_id")

+ $result = $db->sql_query($sql);

+ "S_RANKS_ACTION" => "admin_ranks.$phpEx$SID")

+ if ( $special_rank == 1 )

+ "U_RANK_EDIT" => "admin_ranks.$phpEx$SID&amp;mode=edit&amp;id=$rank_id",

+ "U_RANK_DELETE" => "admin_ranks.$phpEx$SID&amp;mode=delete&amp;id=$rank_id")

+?> \ No newline at end of file

+ $module['General']['Emoticons'] = $filename;