-//

-// Start program

-if( isset($HTTP_POST_VARS['submit']) )

- $user_bansql = '';

- $email_bansql = '';

- $ip_bansql = '';

- $user_list = array();

- if( isset($HTTP_POST_VARS['ban_user']) )

- {

- $user_list_temp = $HTTP_POST_VARS['ban_user'];

- for($i = 0; $i < count($user_list_temp); $i++)

- {

- $user_list[] = trim($user_list_temp[$i]);

- }

- }

- $ip_list = array();

- if( isset($HTTP_POST_VARS['ban_ip']) )

- $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);

- for($i = 0; $i < count($ip_list_temp); $i++)

- {

- if( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )

- //

- // Don't ask about all this, just don't ask ... !

- //

- $ip_1_counter = $ip_range_explode[1];

- $ip_1_end = $ip_range_explode[5];

- while($ip_1_counter <= $ip_1_end)

- $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;

- $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];

- if($ip_2_counter == 0 && $ip_2_end == 254)

- {

- $ip_2_counter = 256;

- $ip_2_fragment = 256;

- $ip_list[] = "$ip_1_counter.256.256.256";

- }

- while($ip_2_counter <= $ip_2_end)

- $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;

- $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];

- if($ip_3_counter == 0 && $ip_3_end == 254 )

- $ip_3_counter = 256;

- $ip_3_fragment = 256;

- $ip_list[] = "$ip_1_counter.$ip_2_counter.256.256";

- while($ip_3_counter <= $ip_3_end)

- $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;

- $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];

- if($ip_4_counter == 0 && $ip_4_end == 254)

- $ip_4_counter = 256;

- $ip_4_fragment = 256;

- $ip_list[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.256";

- while($ip_4_counter <= $ip_4_end)

- $ip_list[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";

- $ip_4_counter++;

- $ip_3_counter++;

- $ip_2_counter++;

- $ip_1_counter++;

- }

- else if( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )

- {

- $ip = gethostbynamel(trim($ip_list_temp[$i]));

-

- for($j = 0; $j < count($ip); $j++)

- if( !empty($ip[$j]) )

- $ip_list[] = $ip[$j];

- else if( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )

- {

- $ip_list[] = str_replace('*', '256', trim($ip_list_temp[$i]));

- }

- }

- }

- $email_list = array();

- if(isset($HTTP_POST_VARS['ban_email']))

- {

- $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);

- for($i = 0; $i < count($email_list_temp); $i++)

- {

- //

- // This ereg match is based on one by php@unreelpro.com

- // contained in the annotated php manual at php.com (ereg

- // section)

- //

- if( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )

- $email_list[] = trim($email_list_temp[$i]);

- }

- $sql = "SELECT *

- if( !$result = $db->sql_query($sql) )

- {

- message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);

- }

- $current_banlist = $db->sql_fetchrowset($result);

-

- $kill_session_sql = '';

- for($i = 0; $i < count($user_list); $i++)

- $in_banlist = false;

- for($j = 0; $j < count($current_banlist); $j++)

- if($user_list[$i] == $current_banlist[$j]['ban_userid'])

- $in_banlist = true;

- }

- }

-

- if(!$in_banlist)

- {

- $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];

- $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)

- VALUES (" . $user_list[$i] . ")";

- if( !$result = $db->sql_query($sql) )

- {

- message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);

- }

- }

- }

- for($i = 0; $i < count($ip_list); $i++)

- {

- $in_banlist = false;

- for($j = 0; $j < count($current_banlist); $j++)

- {

- if($ip_list[$i] == $current_banlist[$j]['ban_ip'])

- {

- $in_banlist = true;

- if ( !$in_banlist )

- {

- $kill_ip_sql = ( preg_match('/256/s') ) ? "session_ip LIKE '" . preg_replace('/(256)/s', '%', $ip_list[$i]) . "'" : "session_ip = '" . $ip_list[$i] . "'";

-

- $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . $kill_ip_sql;

-

- $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)

- VALUES ('" . $ip_list[$i] . "')";

- if( !$result = $db->sql_query($sql) )

- {

- message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);

- }

- }

- //

- // Now we'll delete all entries from the

- // session table with any of the banned

- // user or IP info just entered into the

- // ban table ... this will force a session

- // initialisation resulting in an instant

- // ban

- //

- if( $kill_session_sql != "" )

- {

- $sql = "DELETE FROM " . SESSIONS_TABLE . "

- WHERE $kill_session_sql";

- if( !$result = $db->sql_query($sql) )

- {

- message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);

- }

- }

- for($i = 0; $i < count($email_list); $i++)

- $in_banlist = false;

- for($j = 0; $j < count($current_banlist); $j++)

- {

- if( $email_list[$i] == $current_banlist[$j]['ban_email'] )

- {

- $in_banlist = true;

- }

- }

-

- if( !$in_banlist )

- $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)

- VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";

- if( !$result = $db->sql_query($sql) )

- {

- message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);

- }

- }

- $where_sql = "";

-

- if(isset($HTTP_POST_VARS['unban_user']))

- {

- $user_list = $HTTP_POST_VARS['unban_user'];

-

- for($i = 0; $i < count($user_list); $i++)

- if($user_list[$i] != -1)

- {

- if($where_sql != "")

- $where_sql .= ", ";

- }

- $where_sql .= $user_list[$i];

- }

- }

- }

-

- if( isset($HTTP_POST_VARS['unban_ip']) )

- {

- $ip_list = $HTTP_POST_VARS['unban_ip'];

- for($i = 0; $i < count($ip_list); $i++)

- {

- if($ip_list[$i] != -1)

- {

- if($where_sql != "")

- {

- $where_sql .= ", ";

- $where_sql .= $ip_list[$i];

- }

- }

- if( isset($HTTP_POST_VARS['unban_email']) )

- {

- $email_list = $HTTP_POST_VARS['unban_email'];

-

- for($i = 0; $i < count($email_list); $i++)

- if($email_list[$i] != -1)

- {

- if($where_sql != "")

- {

- $where_sql .= ", ";

- }

- $where_sql .= $email_list[$i];

- }

- }

- if( $where_sql != "" )

- {

- $sql = "DELETE FROM " . BANLIST_TABLE . "

- WHERE ban_id IN ($where_sql)";

- if( !$result = $db->sql_query($sql) )

- {

- message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);

- }

- $message = $lang['Ban_update_sucessful'] . "<br /><br />" . sprintf($lang['Click_return_banadmin'], "<a href=\"" . append_sid("admin_user_ban.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");

-

- message_die(GENERAL_MESSAGE, $message);

-else

- $template->set_filenames(array(

- 'body' => 'admin/user_ban_body.tpl')

- );

-

- $template->assign_vars(array(

- 'L_BAN_TITLE' => $lang['Ban_control'],

- 'L_BAN_EXPLAIN' => $lang['Ban_explain'],

- 'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],

- 'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],

- 'L_EMAIL_ADDRESS' => $lang['Email_address'],

- 'L_SUBMIT' => $lang['Submit'],

- 'L_RESET' => $lang['Reset'],

-

- 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))

- );

-

- $userban_count = 0;

-

- $sql = "SELECT user_id, username

- FROM " . USERS_TABLE . "

- WHERE user_id <> " . ANONYMOUS . "

- ORDER BY username ASC";

- if ( !($result = $db->sql_query($sql)) )

- message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);

- $user_list = $db->sql_fetchrowset($result);

- $db->sql_freeresult($result);

-

- $select_userlist = '';

- for($i = 0; $i < count($user_list); $i++)

- $select_userlist .= '<option value="' . $user_list[$i]['user_id'] . '">' . $user_list[$i]['username'] . '</option>';

- $userban_count++;

- }

- $select_userlist = '<select name="ban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

-

- $template->assign_vars(array(

- 'L_BAN_USER' => $lang['Ban_username'],

- 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],

- 'L_BAN_IP' => $lang['Ban_IP'],

- 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],

- 'L_BAN_EMAIL' => $lang['Ban_email'],

- 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'],

-

- 'S_BAN_USERLIST_SELECT' => $select_userlist)

- );

-

- $userban_count = 0;

- $ipban_count = 0;

- $emailban_count = 0;

-

- $sql = "SELECT b.ban_id, u.user_id, u.username

- FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u

- WHERE u.user_id = b.ban_userid

- AND b.ban_userid <> 0

- AND u.user_id <> " . ANONYMOUS . "

- ORDER BY u.user_id ASC";

- if ( !($result = $db->sql_query($sql)) )

- {

- message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);

- $user_list = $db->sql_fetchrowset($result);

- $db->sql_freeresult($result);

- $select_userlist = '';

- for($i = 0; $i < count($user_list); $i++)

- {

- $select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';

- $userban_count++;

- }

- if( $select_userlist == '' )

- {

- $select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';

- }

- $select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';

- $sql = "SELECT ban_id, ban_ip, ban_email

- FROM " . BANLIST_TABLE;

- if ( !($result = $db->sql_query($sql)) )

- {

- message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);

- }

- $banlist = $db->sql_fetchrowset($result);

- $db->sql_freeresult($result);

- $select_iplist = '';

- $select_emaillist = '';

- for($i = 0; $i < count($banlist); $i++)

- {

- $ban_id = $banlist[$i]['ban_id'];

- if ( !empty($banlist[$i]['ban_ip']) )

- $ban_ip = str_replace('256', '*', $banlist[$i]['ban_ip']);

- $select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';

- $ipban_count++;

- else if ( !empty($banlist[$i]['ban_email']) )

- $ban_email = $banlist[$i]['ban_email'];

- $select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';

- $emailban_count++;

- }

- if ( $select_iplist == '' )

- {

- $select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';

- }

- if ( $select_emaillist == '' )

- {

- $select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';

- }

- $select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';

- $select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';

-

- $template->assign_vars(array(

- 'L_UNBAN_USER' => $lang['Unban_username'],

- 'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],

- 'L_UNBAN_IP' => $lang['Unban_IP'],

- 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],

- 'L_UNBAN_EMAIL' => $lang['Unban_email'],

- 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],

-

- 'S_UNBAN_USERLIST_SELECT' => $select_userlist,

- 'S_UNBAN_IPLIST_SELECT' => $select_iplist,

- 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,

- 'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))

- );

-$template->pparse('body');

-include('page_footer_admin.'.$phpEx);

- $module['General']['Avatar_Setup'] = "$file$SID&mode=avatars";

- $module['General']['Basic_Config'] = "$file$SID&mode=basic";

- $module['General']['Cookie_Parameters'] = "$file$SID&mode=cookies";

- $module['General']['Default_Settings'] = "$file$SID&mode=gendefs";

- $module['Users']['Default_Settings'] = "$file$SID&mode=userdefs";

- $module['Users']['Mass_Email'] = $filename . $SID;

-<form method="post" action="<?php echo "admin_permissions.$phpEx$SID&amp;mode=$mode"; ?>">

-

-<h3><?php echo $lang['Allowed_users']; ?></h3>

-

-<select name="user_allowed"><?php echo $user_allowed_options; ?></select>

-

-<p>[ <a href=""><?php echo $lang['Advanced']; ?></a> ]</p>

-

-<h3><?php echo $lang['Allowed_groups']; ?></h3>

-

-<select name="group_allowed"><?php echo $group_allowed_options; ?></select>

-

-<p>[ <a href=""><?php echo $lang['Advanced']; ?></a> ]</p>

-<h3><?php echo $lang['Disallowed_users']; ?></h3>

-<select name="user_disallowed"><?php echo $user_disallowed_options; ?></select>

-<p>[ <a href=""><?php echo $lang['Advanced']; ?></a> ]</p>

-<h3><?php echo $lang['Disallowed_groups']; ?></h3>

-<select name="group_disallowed"><?php echo $group_disallowed_options; ?></select>

-<p>[ <a href=""><?php echo $lang['Advanced']; ?></a> ]</p>

- <td class="<?php echo $cell_bg; ?>" align="center"><?php if ( !empty($auth_users[$auth_options[$i]['auth_option']]) ) { ?><select name="user_option[<?php echo $auth_options[$i]['auth_option']; ?>]"><?php echo $auth_users[$auth_options[$i]['auth_option']]; ?></select><?php } else { ?>&nbsp;<?php } ?></td>

-

- $module['General']['View_admin_log'] = $filename . "$SID&amp;mode=admin";

- WHERE ( ban_start + ban_length <= $current_time

- ban_length int(11),

-$lang['Manage'] = 'Management';

-$lang['Ban_Management'] = 'Ban Control';

-$lang['Ban_control'] = 'Ban Control';

-$lang['Ban_explain'] = 'Here you can control the banning of users. You can achieve this by banning either or both of a specific user or an individual or range of IP addresses or hostnames. These methods prevent a user from even reaching the index page of your board. To prevent a user from registering under a different username you can also specify a banned email address. Please note that banning an email address alone will not prevent that user from being able to logon or post to your board, you should use one of the first two methods to achieve this.';

-$lang['Ban_explain_warn'] = 'Please note that entering a range of IP addresses results in all the addresses between the start and end being added to the banlist. Attempts will be made to minimise the number of addresses added to the database by introducing wildcards automatically where appropriate. If you really must enter a range try to keep it small or better yet state specific addresses.';

-$lang['Select_username'] = 'Select a Username';

-$lang['Select_ip'] = 'Select an IP';

-$lang['Select_email'] = 'Select an Email address';

-$lang['Ban_username'] = 'Ban one or more specific users';

-$lang['Ban_username_explain'] = 'You can ban multiple users in one go using the appropriate combination of mouse and keyboard for your computer and browser';

-$lang['Ban_IP'] = 'Ban one or more IP addresses or hostnames';

-$lang['Ban_IP_explain'] = 'To specify several different IP\'s or hostnames separate them with commas. To specify a range of IP addresses separate the start and end with a hyphen (-), to specify a wildcard use *';

-

-$lang['Unban_username'] = 'Un-ban one more specific users';

-$lang['Unban_username_explain'] = 'You can unban multiple users in one go using the appropriate combination of mouse and keyboard for your computer and browser';

-

-$lang['Unban_IP'] = 'Un-ban one or more IP addresses';

-$lang['Unban_IP_explain'] = 'You can unban multiple IP addresses in one go using the appropriate combination of mouse and keyboard for your computer and browser';

-

-$lang['Unban_email'] = 'Un-ban one or more email addresses';