Rev Author Line No. Line
130 kaklik 1 <?php
2 /***************************************************************************
3 * admin_user_ban.php
4 * -------------------
5 * begin : Tuesday, Jul 31, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: admin_user_ban.php,v 1.21.2.6 2005/10/30 15:17:13 acydburn Exp $
10 *
11 *
12 ***************************************************************************/
13  
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22  
23 define('IN_PHPBB', 1);
24  
25 if ( !empty($setmodules) )
26 {
27 $filename = basename(__FILE__);
28 $module['Users']['Ban_Management'] = $filename;
29  
30 return;
31 }
32  
33 //
34 // Load default header
35 //
36 $phpbb_root_path = './../';
37 require($phpbb_root_path . 'extension.inc');
38 require('./pagestart.' . $phpEx);
39  
40 //
41 // Start program
42 //
43 if ( isset($HTTP_POST_VARS['submit']) )
44 {
45 $user_bansql = '';
46 $email_bansql = '';
47 $ip_bansql = '';
48  
49 $user_list = array();
50 if ( !empty($HTTP_POST_VARS['username']) )
51 {
52 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
53 if( !$this_userdata )
54 {
55 message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
56 }
57  
58 $user_list[] = $this_userdata['user_id'];
59 }
60  
61 $ip_list = array();
62 if ( isset($HTTP_POST_VARS['ban_ip']) )
63 {
64 $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);
65  
66 for($i = 0; $i < count($ip_list_temp); $i++)
67 {
68 if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
69 {
70 //
71 // Don't ask about all this, just don't ask ... !
72 //
73 $ip_1_counter = $ip_range_explode[1];
74 $ip_1_end = $ip_range_explode[5];
75  
76 while ( $ip_1_counter <= $ip_1_end )
77 {
78 $ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
79 $ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];
80  
81 if ( $ip_2_counter == 0 && $ip_2_end == 254 )
82 {
83 $ip_2_counter = 255;
84 $ip_2_fragment = 255;
85  
86 $ip_list[] = encode_ip("$ip_1_counter.255.255.255");
87 }
88  
89 while ( $ip_2_counter <= $ip_2_end )
90 {
91 $ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
92 $ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];
93  
94 if ( $ip_3_counter == 0 && $ip_3_end == 254 )
95 {
96 $ip_3_counter = 255;
97 $ip_3_fragment = 255;
98  
99 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
100 }
101  
102 while ( $ip_3_counter <= $ip_3_end )
103 {
104 $ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
105 $ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];
106  
107 if ( $ip_4_counter == 0 && $ip_4_end == 254 )
108 {
109 $ip_4_counter = 255;
110 $ip_4_fragment = 255;
111  
112 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
113 }
114  
115 while ( $ip_4_counter <= $ip_4_end )
116 {
117 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
118 $ip_4_counter++;
119 }
120 $ip_3_counter++;
121 }
122 $ip_2_counter++;
123 }
124 $ip_1_counter++;
125 }
126 }
127 else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
128 {
129 $ip = gethostbynamel(trim($ip_list_temp[$i]));
130  
131 for($j = 0; $j < count($ip); $j++)
132 {
133 if ( !empty($ip[$j]) )
134 {
135 $ip_list[] = encode_ip($ip[$j]);
136 }
137 }
138 }
139 else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
140 {
141 $ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
142 }
143 }
144 }
145  
146 $email_list = array();
147 if ( isset($HTTP_POST_VARS['ban_email']) )
148 {
149 $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);
150  
151 for($i = 0; $i < count($email_list_temp); $i++)
152 {
153 //
154 // This ereg match is based on one by php@unreelpro.com
155 // contained in the annotated php manual at php.com (ereg
156 // section)
157 //
158 if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i])))
159 {
160 $email_list[] = trim($email_list_temp[$i]);
161 }
162 }
163 }
164  
165 $sql = "SELECT *
166 FROM " . BANLIST_TABLE;
167 if ( !($result = $db->sql_query($sql)) )
168 {
169 message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
170 }
171  
172 $current_banlist = $db->sql_fetchrowset($result);
173 $db->sql_freeresult($result);
174  
175 $kill_session_sql = '';
176 for($i = 0; $i < count($user_list); $i++)
177 {
178 $in_banlist = false;
179 for($j = 0; $j < count($current_banlist); $j++)
180 {
181 if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
182 {
183 $in_banlist = true;
184 }
185 }
186  
187 if ( !$in_banlist )
188 {
189 $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];
190  
191 $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
192 VALUES (" . $user_list[$i] . ")";
193 if ( !$db->sql_query($sql) )
194 {
195 message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
196 }
197 }
198 }
199  
200 for($i = 0; $i < count($ip_list); $i++)
201 {
202 $in_banlist = false;
203 for($j = 0; $j < count($current_banlist); $j++)
204 {
205 if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
206 {
207 $in_banlist = true;
208 }
209 }
210  
211 if ( !$in_banlist )
212 {
213 if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
214 {
215 $kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
216 }
217 else
218 {
219 $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
220 }
221  
222 $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;
223  
224 $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
225 VALUES ('" . $ip_list[$i] . "')";
226 if ( !$db->sql_query($sql) )
227 {
228 message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
229 }
230 }
231 }
232  
233 //
234 // Now we'll delete all entries from the session table with any of the banned
235 // user or IP info just entered into the ban table ... this will force a session
236 // initialisation resulting in an instant ban
237 //
238 if ( $kill_session_sql != '' )
239 {
240 $sql = "DELETE FROM " . SESSIONS_TABLE . "
241 WHERE $kill_session_sql";
242 if ( !$db->sql_query($sql) )
243 {
244 message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
245 }
246 }
247  
248 for($i = 0; $i < count($email_list); $i++)
249 {
250 $in_banlist = false;
251 for($j = 0; $j < count($current_banlist); $j++)
252 {
253 if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
254 {
255 $in_banlist = true;
256 }
257 }
258  
259 if ( !$in_banlist )
260 {
261 $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
262 VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
263 if ( !$db->sql_query($sql) )
264 {
265 message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
266 }
267 }
268 }
269  
270 $where_sql = '';
271  
272 if ( isset($HTTP_POST_VARS['unban_user']) )
273 {
274 $user_list = $HTTP_POST_VARS['unban_user'];
275  
276 for($i = 0; $i < count($user_list); $i++)
277 {
278 if ( $user_list[$i] != -1 )
279 {
280 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
281 }
282 }
283 }
284  
285 if ( isset($HTTP_POST_VARS['unban_ip']) )
286 {
287 $ip_list = $HTTP_POST_VARS['unban_ip'];
288  
289 for($i = 0; $i < count($ip_list); $i++)
290 {
291 if ( $ip_list[$i] != -1 )
292 {
293 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
294 }
295 }
296 }
297  
298 if ( isset($HTTP_POST_VARS['unban_email']) )
299 {
300 $email_list = $HTTP_POST_VARS['unban_email'];
301  
302 for($i = 0; $i < count($email_list); $i++)
303 {
304 if ( $email_list[$i] != -1 )
305 {
306 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
307 }
308 }
309 }
310  
311 if ( $where_sql != '' )
312 {
313 $sql = "DELETE FROM " . BANLIST_TABLE . "
314 WHERE ban_id IN ($where_sql)";
315 if ( !$db->sql_query($sql) )
316 {
317 message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
318 }
319 }
320  
321 $message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
322  
323 message_die(GENERAL_MESSAGE, $message);
324  
325 }
326 else
327 {
328 $template->set_filenames(array(
329 'body' => 'admin/user_ban_body.tpl')
330 );
331  
332 $template->assign_vars(array(
333 'L_BAN_TITLE' => $lang['Ban_control'],
334 'L_BAN_EXPLAIN' => $lang['Ban_explain'],
335 'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],
336 'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],
337 'L_EMAIL_ADDRESS' => $lang['Email_address'],
338 'L_SUBMIT' => $lang['Submit'],
339 'L_RESET' => $lang['Reset'],
340  
341 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
342 );
343  
344 $template->assign_vars(array(
345 'L_BAN_USER' => $lang['Ban_username'],
346 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
347 'L_BAN_IP' => $lang['Ban_IP'],
348 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
349 'L_BAN_EMAIL' => $lang['Ban_email'],
350 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
351 );
352  
353 $userban_count = 0;
354 $ipban_count = 0;
355 $emailban_count = 0;
356  
357 $sql = "SELECT b.ban_id, u.user_id, u.username
358 FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
359 WHERE u.user_id = b.ban_userid
360 AND b.ban_userid <> 0
361 AND u.user_id <> " . ANONYMOUS . "
362 ORDER BY u.user_id ASC";
363 if ( !($result = $db->sql_query($sql)) )
364 {
365 message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
366 }
367  
368 $user_list = $db->sql_fetchrowset($result);
369 $db->sql_freeresult($result);
370  
371 $select_userlist = '';
372 for($i = 0; $i < count($user_list); $i++)
373 {
374 $select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
375 $userban_count++;
376 }
377  
378 if( $select_userlist == '' )
379 {
380 $select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';
381 }
382  
383 $select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';
384  
385 $sql = "SELECT ban_id, ban_ip, ban_email
386 FROM " . BANLIST_TABLE;
387 if ( !($result = $db->sql_query($sql)) )
388 {
389 message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);
390 }
391  
392 $banlist = $db->sql_fetchrowset($result);
393 $db->sql_freeresult($result);
394  
395 $select_iplist = '';
396 $select_emaillist = '';
397  
398 for($i = 0; $i < count($banlist); $i++)
399 {
400 $ban_id = $banlist[$i]['ban_id'];
401  
402 if ( !empty($banlist[$i]['ban_ip']) )
403 {
404 $ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
405 $select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
406 $ipban_count++;
407 }
408 else if ( !empty($banlist[$i]['ban_email']) )
409 {
410 $ban_email = $banlist[$i]['ban_email'];
411 $select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
412 $emailban_count++;
413 }
414 }
415  
416 if ( $select_iplist == '' )
417 {
418 $select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';
419 }
420  
421 if ( $select_emaillist == '' )
422 {
423 $select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';
424 }
425  
426 $select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
427 $select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';
428  
429 $template->assign_vars(array(
430 'L_UNBAN_USER' => $lang['Unban_username'],
431 'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],
432 'L_UNBAN_IP' => $lang['Unban_IP'],
433 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
434 'L_UNBAN_EMAIL' => $lang['Unban_email'],
435 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'],
436 'L_USERNAME' => $lang['Username'],
437 'L_LOOK_UP' => $lang['Look_up_User'],
438 'L_FIND_USERNAME' => $lang['Find_username'],
439  
440 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
441 'S_UNBAN_USERLIST_SELECT' => $select_userlist,
442 'S_UNBAN_IPLIST_SELECT' => $select_iplist,
443 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
444 'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
445 );
446 }
447  
448 $template->pparse('body');
449  
450 include('./page_footer_admin.'.$phpEx);
451  
452 ?>