diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-07-16 12:28:12 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-07-16 12:28:12 +0000 |
| commit | 3a453527cb3c8357ce146075584cc67cc66d2abe (patch) | |
| tree | 38e8123d2e4fe529b02c02bfc851edd9b5c503a0 /phpBB/admin/admin_ban.php | |
| parent | 14927f5445b50ec7d8709ab060a515865faba27c (diff) | |
| download | forums-3a453527cb3c8357ce146075584cc67cc66d2abe.tar forums-3a453527cb3c8357ce146075584cc67cc66d2abe.tar.gz forums-3a453527cb3c8357ce146075584cc67cc66d2abe.tar.bz2 forums-3a453527cb3c8357ce146075584cc67cc66d2abe.tar.xz forums-3a453527cb3c8357ce146075584cc67cc66d2abe.zip | |
Minor changes
git-svn-id: file:///svn/phpbb/trunk@2686 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/admin/admin_ban.php')
| -rw-r--r-- | phpBB/admin/admin_ban.php | 492 |
1 files changed, 492 insertions, 0 deletions
diff --git a/phpBB/admin/admin_ban.php b/phpBB/admin/admin_ban.php new file mode 100644 index 0000000000..cd95248d54 --- /dev/null +++ b/phpBB/admin/admin_ban.php @@ -0,0 +1,492 @@ +<?php +/*************************************************************************** + * admin_ban.php + * ------------------- + * begin : Tuesday, Jul 31, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + ***************************************************************************/ + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + ***************************************************************************/ + +define('IN_PHPBB', 1); + +if( !empty($setmodules) ) +{ + if ( !$acl->get_acl_admin('ban') ) + { + return; + } + + $filename = basename(__FILE__); + $module['Users']['Ban_users'] = $filename . "$SID&mode=user"; + $module['Users']['Ban_emails'] = $filename . "$SID&mode=email"; + $module['Users']['Ban_ips'] = $filename . "$SID&mode=ip"; + + return; +} + +// +// Load default header +// +$phpbb_root_path = '../'; +require($phpbb_root_path . 'extension.inc'); +require('pagestart.' . $phpEx); + +// +// +// +if ( !$acl->get_acl_admin('ban') ) +{ + return; +} + +// +// Start program +// +if( isset($HTTP_POST_VARS['submit']) ) +{ + $user_bansql = ''; + $email_bansql = ''; + $ip_bansql = ''; + + $user_list = array(); + if( isset($HTTP_POST_VARS['ban_user']) ) + { + $user_list_temp = $HTTP_POST_VARS['ban_user']; + + for($i = 0; $i < count($user_list_temp); $i++) + { + $user_list[] = trim($user_list_temp[$i]); + } + } + + $ip_list = array(); + if( isset($HTTP_POST_VARS['ban_ip']) ) + { + $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']); + + for($i = 0; $i < count($ip_list_temp); $i++) + { + if( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) ) + { + // + // Don't ask about all this, just don't ask ... ! + // + $ip_1_counter = $ip_range_explode[1]; + $ip_1_end = $ip_range_explode[5]; + + while($ip_1_counter <= $ip_1_end) + { + $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; + $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; + + if($ip_2_counter == 0 && $ip_2_end == 254) + { + $ip_2_counter = 256; + $ip_2_fragment = 256; + + $ip_list[] = "$ip_1_counter.256.256.256"; + } + + while($ip_2_counter <= $ip_2_end) + { + $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; + $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; + + if($ip_3_counter == 0 && $ip_3_end == 254 ) + { + $ip_3_counter = 256; + $ip_3_fragment = 256; + + $ip_list[] = "$ip_1_counter.$ip_2_counter.256.256"; + } + + while($ip_3_counter <= $ip_3_end) + { + $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; + $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; + + if($ip_4_counter == 0 && $ip_4_end == 254) + { + $ip_4_counter = 256; + $ip_4_fragment = 256; + + $ip_list[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.256"; + } + + while($ip_4_counter <= $ip_4_end) + { + $ip_list[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"; + $ip_4_counter++; + } + $ip_3_counter++; + } + $ip_2_counter++; + } + $ip_1_counter++; + } + } + else if( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) ) + { + $ip = gethostbynamel(trim($ip_list_temp[$i])); + + for($j = 0; $j < count($ip); $j++) + { + if( !empty($ip[$j]) ) + { + $ip_list[] = $ip[$j]; + } + } + } + else if( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) ) + { + $ip_list[] = str_replace('*', '256', trim($ip_list_temp[$i])); + } + } + } + + $email_list = array(); + if(isset($HTTP_POST_VARS['ban_email'])) + { + $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']); + + for($i = 0; $i < count($email_list_temp); $i++) + { + // + // This ereg match is based on one by php@unreelpro.com + // contained in the annotated php manual at php.com (ereg + // section) + // + if( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) ) + { + $email_list[] = trim($email_list_temp[$i]); + } + } + } + + $sql = "SELECT * + FROM " . BANLIST_TABLE; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); + } + + $current_banlist = $db->sql_fetchrowset($result); + + $kill_session_sql = ''; + for($i = 0; $i < count($user_list); $i++) + { + $in_banlist = false; + for($j = 0; $j < count($current_banlist); $j++) + { + if($user_list[$i] == $current_banlist[$j]['ban_userid']) + { + $in_banlist = true; + } + } + + if(!$in_banlist) + { + $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i]; + + $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) + VALUES (" . $user_list[$i] . ")"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); + } + } + } + + for($i = 0; $i < count($ip_list); $i++) + { + $in_banlist = false; + for($j = 0; $j < count($current_banlist); $j++) + { + if($ip_list[$i] == $current_banlist[$j]['ban_ip']) + { + $in_banlist = true; + } + } + + if ( !$in_banlist ) + { + $kill_ip_sql = ( preg_match('/256/s') ) ? "session_ip LIKE '" . preg_replace('/(256)/s', '%', $ip_list[$i]) . "'" : "session_ip = '" . $ip_list[$i] . "'"; + + $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . $kill_ip_sql; + + $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) + VALUES ('" . $ip_list[$i] . "')"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); + } + } + } + + // + // Now we'll delete all entries from the + // session table with any of the banned + // user or IP info just entered into the + // ban table ... this will force a session + // initialisation resulting in an instant + // ban + // + if( $kill_session_sql != "" ) + { + $sql = "DELETE FROM " . SESSIONS_TABLE . " + WHERE $kill_session_sql"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); + } + } + + for($i = 0; $i < count($email_list); $i++) + { + $in_banlist = false; + for($j = 0; $j < count($current_banlist); $j++) + { + if( $email_list[$i] == $current_banlist[$j]['ban_email'] ) + { + $in_banlist = true; + } + } + + if( !$in_banlist ) + { + $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) + VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); + } + } + } + + $where_sql = ""; + + if(isset($HTTP_POST_VARS['unban_user'])) + { + $user_list = $HTTP_POST_VARS['unban_user']; + + for($i = 0; $i < count($user_list); $i++) + { + if($user_list[$i] != -1) + { + if($where_sql != "") + { + $where_sql .= ", "; + } + $where_sql .= $user_list[$i]; + } + } + } + + if( isset($HTTP_POST_VARS['unban_ip']) ) + { + $ip_list = $HTTP_POST_VARS['unban_ip']; + + for($i = 0; $i < count($ip_list); $i++) + { + if($ip_list[$i] != -1) + { + if($where_sql != "") + { + $where_sql .= ", "; + } + $where_sql .= $ip_list[$i]; + } + } + } + + if( isset($HTTP_POST_VARS['unban_email']) ) + { + $email_list = $HTTP_POST_VARS['unban_email']; + + for($i = 0; $i < count($email_list); $i++) + { + if($email_list[$i] != -1) + { + if($where_sql != "") + { + $where_sql .= ", "; + } + $where_sql .= $email_list[$i]; + } + } + } + + if( $where_sql != "" ) + { + $sql = "DELETE FROM " . BANLIST_TABLE . " + WHERE ban_id IN ($where_sql)"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); + } + } + + $message = $lang['Ban_update_sucessful'] . "<br /><br />" . sprintf($lang['Click_return_banadmin'], "<a href=\"" . append_sid("admin_user_ban.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>"); + + message_die(GENERAL_MESSAGE, $message); + +} +else +{ + $template->set_filenames(array( + 'body' => 'admin/user_ban_body.tpl') + ); + + $template->assign_vars(array( + 'L_BAN_TITLE' => $lang['Ban_control'], + 'L_BAN_EXPLAIN' => $lang['Ban_explain'], + 'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'], + 'L_IP_OR_HOSTNAME' => $lang['IP_hostname'], + 'L_EMAIL_ADDRESS' => $lang['Email_address'], + 'L_SUBMIT' => $lang['Submit'], + 'L_RESET' => $lang['Reset'], + + 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx")) + ); + + $userban_count = 0; + + $sql = "SELECT user_id, username + FROM " . USERS_TABLE . " + WHERE user_id <> " . ANONYMOUS . " + ORDER BY username ASC"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql); + } + + $user_list = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); + + $select_userlist = ''; + for($i = 0; $i < count($user_list); $i++) + { + $select_userlist .= '<option value="' . $user_list[$i]['user_id'] . '">' . $user_list[$i]['username'] . '</option>'; + $userban_count++; + } + $select_userlist = '<select name="ban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>'; + + $template->assign_vars(array( + 'L_BAN_USER' => $lang['Ban_username'], + 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'], + 'L_BAN_IP' => $lang['Ban_IP'], + 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'], + 'L_BAN_EMAIL' => $lang['Ban_email'], + 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'], + + 'S_BAN_USERLIST_SELECT' => $select_userlist) + ); + + $userban_count = 0; + $ipban_count = 0; + $emailban_count = 0; + + $sql = "SELECT b.ban_id, u.user_id, u.username + FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u + WHERE u.user_id = b.ban_userid + AND b.ban_userid <> 0 + AND u.user_id <> " . ANONYMOUS . " + ORDER BY u.user_id ASC"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql); + } + + $user_list = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); + + $select_userlist = ''; + for($i = 0; $i < count($user_list); $i++) + { + $select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>'; + $userban_count++; + } + + if( $select_userlist == '' ) + { + $select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>'; + } + + $select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>'; + + $sql = "SELECT ban_id, ban_ip, ban_email + FROM " . BANLIST_TABLE; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql); + } + + $banlist = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); + + $select_iplist = ''; + $select_emaillist = ''; + + for($i = 0; $i < count($banlist); $i++) + { + $ban_id = $banlist[$i]['ban_id']; + + if ( !empty($banlist[$i]['ban_ip']) ) + { + $ban_ip = str_replace('256', '*', $banlist[$i]['ban_ip']); + $select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>'; + $ipban_count++; + } + else if ( !empty($banlist[$i]['ban_email']) ) + { + $ban_email = $banlist[$i]['ban_email']; + $select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>'; + $emailban_count++; + } + } + + if ( $select_iplist == '' ) + { + $select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>'; + } + + if ( $select_emaillist == '' ) + { + $select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>'; + } + + $select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>'; + $select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>'; + + $template->assign_vars(array( + 'L_UNBAN_USER' => $lang['Unban_username'], + 'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'], + 'L_UNBAN_IP' => $lang['Unban_IP'], + 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'], + 'L_UNBAN_EMAIL' => $lang['Unban_email'], + 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], + + 'S_UNBAN_USERLIST_SELECT' => $select_userlist, + 'S_UNBAN_IPLIST_SELECT' => $select_iplist, + 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist, + 'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx")) + ); +} + +$template->pparse('body'); + +include('page_footer_admin.'.$phpEx); + +?>
\ No newline at end of file |