0,0 → 1,452 |
<?php |
/*************************************************************************** |
* admin_user_ban.php |
* ------------------- |
* begin : Tuesday, Jul 31, 2001 |
* copyright : (C) 2001 The phpBB Group |
* email : support@phpbb.com |
* |
* $Id: admin_user_ban.php,v 1.21.2.6 2005/10/30 15:17:13 acydburn Exp $ |
* |
* |
***************************************************************************/ |
|
/*************************************************************************** |
* |
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License as published by |
* the Free Software Foundation; either version 2 of the License, or |
* (at your option) any later version. |
* |
***************************************************************************/ |
|
define('IN_PHPBB', 1); |
|
if ( !empty($setmodules) ) |
{ |
$filename = basename(__FILE__); |
$module['Users']['Ban_Management'] = $filename; |
|
return; |
} |
|
// |
// Load default header |
// |
$phpbb_root_path = './../'; |
require($phpbb_root_path . 'extension.inc'); |
require('./pagestart.' . $phpEx); |
|
// |
// Start program |
// |
if ( isset($HTTP_POST_VARS['submit']) ) |
{ |
$user_bansql = ''; |
$email_bansql = ''; |
$ip_bansql = ''; |
|
$user_list = array(); |
if ( !empty($HTTP_POST_VARS['username']) ) |
{ |
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true); |
if( !$this_userdata ) |
{ |
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); |
} |
|
$user_list[] = $this_userdata['user_id']; |
} |
|
$ip_list = array(); |
if ( isset($HTTP_POST_VARS['ban_ip']) ) |
{ |
$ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']); |
|
for($i = 0; $i < count($ip_list_temp); $i++) |
{ |
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) ) |
{ |
// |
// Don't ask about all this, just don't ask ... ! |
// |
$ip_1_counter = $ip_range_explode[1]; |
$ip_1_end = $ip_range_explode[5]; |
|
while ( $ip_1_counter <= $ip_1_end ) |
{ |
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0; |
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6]; |
|
if ( $ip_2_counter == 0 && $ip_2_end == 254 ) |
{ |
$ip_2_counter = 255; |
$ip_2_fragment = 255; |
|
$ip_list[] = encode_ip("$ip_1_counter.255.255.255"); |
} |
|
while ( $ip_2_counter <= $ip_2_end ) |
{ |
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0; |
$ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7]; |
|
if ( $ip_3_counter == 0 && $ip_3_end == 254 ) |
{ |
$ip_3_counter = 255; |
$ip_3_fragment = 255; |
|
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255"); |
} |
|
while ( $ip_3_counter <= $ip_3_end ) |
{ |
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0; |
$ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8]; |
|
if ( $ip_4_counter == 0 && $ip_4_end == 254 ) |
{ |
$ip_4_counter = 255; |
$ip_4_fragment = 255; |
|
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255"); |
} |
|
while ( $ip_4_counter <= $ip_4_end ) |
{ |
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"); |
$ip_4_counter++; |
} |
$ip_3_counter++; |
} |
$ip_2_counter++; |
} |
$ip_1_counter++; |
} |
} |
else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) ) |
{ |
$ip = gethostbynamel(trim($ip_list_temp[$i])); |
|
for($j = 0; $j < count($ip); $j++) |
{ |
if ( !empty($ip[$j]) ) |
{ |
$ip_list[] = encode_ip($ip[$j]); |
} |
} |
} |
else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) ) |
{ |
$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i]))); |
} |
} |
} |
|
$email_list = array(); |
if ( isset($HTTP_POST_VARS['ban_email']) ) |
{ |
$email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']); |
|
for($i = 0; $i < count($email_list_temp); $i++) |
{ |
// |
// This ereg match is based on one by php@unreelpro.com |
// contained in the annotated php manual at php.com (ereg |
// section) |
// |
if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i]))) |
{ |
$email_list[] = trim($email_list_temp[$i]); |
} |
} |
} |
|
$sql = "SELECT * |
FROM " . BANLIST_TABLE; |
if ( !($result = $db->sql_query($sql)) ) |
{ |
message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); |
} |
|
$current_banlist = $db->sql_fetchrowset($result); |
$db->sql_freeresult($result); |
|
$kill_session_sql = ''; |
for($i = 0; $i < count($user_list); $i++) |
{ |
$in_banlist = false; |
for($j = 0; $j < count($current_banlist); $j++) |
{ |
if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] ) |
{ |
$in_banlist = true; |
} |
} |
|
if ( !$in_banlist ) |
{ |
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i]; |
|
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) |
VALUES (" . $user_list[$i] . ")"; |
if ( !$db->sql_query($sql) ) |
{ |
message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); |
} |
} |
} |
|
for($i = 0; $i < count($ip_list); $i++) |
{ |
$in_banlist = false; |
for($j = 0; $j < count($current_banlist); $j++) |
{ |
if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] ) |
{ |
$in_banlist = true; |
} |
} |
|
if ( !$in_banlist ) |
{ |
if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) ) |
{ |
$kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'"; |
} |
else |
{ |
$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'"; |
} |
|
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql; |
|
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) |
VALUES ('" . $ip_list[$i] . "')"; |
if ( !$db->sql_query($sql) ) |
{ |
message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); |
} |
} |
} |
|
// |
// Now we'll delete all entries from the session table with any of the banned |
// user or IP info just entered into the ban table ... this will force a session |
// initialisation resulting in an instant ban |
// |
if ( $kill_session_sql != '' ) |
{ |
$sql = "DELETE FROM " . SESSIONS_TABLE . " |
WHERE $kill_session_sql"; |
if ( !$db->sql_query($sql) ) |
{ |
message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); |
} |
} |
|
for($i = 0; $i < count($email_list); $i++) |
{ |
$in_banlist = false; |
for($j = 0; $j < count($current_banlist); $j++) |
{ |
if ( $email_list[$i] == $current_banlist[$j]['ban_email'] ) |
{ |
$in_banlist = true; |
} |
} |
|
if ( !$in_banlist ) |
{ |
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) |
VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; |
if ( !$db->sql_query($sql) ) |
{ |
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); |
} |
} |
} |
|
$where_sql = ''; |
|
if ( isset($HTTP_POST_VARS['unban_user']) ) |
{ |
$user_list = $HTTP_POST_VARS['unban_user']; |
|
for($i = 0; $i < count($user_list); $i++) |
{ |
if ( $user_list[$i] != -1 ) |
{ |
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]); |
} |
} |
} |
|
if ( isset($HTTP_POST_VARS['unban_ip']) ) |
{ |
$ip_list = $HTTP_POST_VARS['unban_ip']; |
|
for($i = 0; $i < count($ip_list); $i++) |
{ |
if ( $ip_list[$i] != -1 ) |
{ |
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]); |
} |
} |
} |
|
if ( isset($HTTP_POST_VARS['unban_email']) ) |
{ |
$email_list = $HTTP_POST_VARS['unban_email']; |
|
for($i = 0; $i < count($email_list); $i++) |
{ |
if ( $email_list[$i] != -1 ) |
{ |
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]); |
} |
} |
} |
|
if ( $where_sql != '' ) |
{ |
$sql = "DELETE FROM " . BANLIST_TABLE . " |
WHERE ban_id IN ($where_sql)"; |
if ( !$db->sql_query($sql) ) |
{ |
message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); |
} |
} |
|
$message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); |
|
message_die(GENERAL_MESSAGE, $message); |
|
} |
else |
{ |
$template->set_filenames(array( |
'body' => 'admin/user_ban_body.tpl') |
); |
|
$template->assign_vars(array( |
'L_BAN_TITLE' => $lang['Ban_control'], |
'L_BAN_EXPLAIN' => $lang['Ban_explain'], |
'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'], |
'L_IP_OR_HOSTNAME' => $lang['IP_hostname'], |
'L_EMAIL_ADDRESS' => $lang['Email_address'], |
'L_SUBMIT' => $lang['Submit'], |
'L_RESET' => $lang['Reset'], |
|
'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx")) |
); |
|
$template->assign_vars(array( |
'L_BAN_USER' => $lang['Ban_username'], |
'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'], |
'L_BAN_IP' => $lang['Ban_IP'], |
'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'], |
'L_BAN_EMAIL' => $lang['Ban_email'], |
'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain']) |
); |
|
$userban_count = 0; |
$ipban_count = 0; |
$emailban_count = 0; |
|
$sql = "SELECT b.ban_id, u.user_id, u.username |
FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u |
WHERE u.user_id = b.ban_userid |
AND b.ban_userid <> 0 |
AND u.user_id <> " . ANONYMOUS . " |
ORDER BY u.user_id ASC"; |
if ( !($result = $db->sql_query($sql)) ) |
{ |
message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql); |
} |
|
$user_list = $db->sql_fetchrowset($result); |
$db->sql_freeresult($result); |
|
$select_userlist = ''; |
for($i = 0; $i < count($user_list); $i++) |
{ |
$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>'; |
$userban_count++; |
} |
|
if( $select_userlist == '' ) |
{ |
$select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>'; |
} |
|
$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>'; |
|
$sql = "SELECT ban_id, ban_ip, ban_email |
FROM " . BANLIST_TABLE; |
if ( !($result = $db->sql_query($sql)) ) |
{ |
message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql); |
} |
|
$banlist = $db->sql_fetchrowset($result); |
$db->sql_freeresult($result); |
|
$select_iplist = ''; |
$select_emaillist = ''; |
|
for($i = 0; $i < count($banlist); $i++) |
{ |
$ban_id = $banlist[$i]['ban_id']; |
|
if ( !empty($banlist[$i]['ban_ip']) ) |
{ |
$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip'])); |
$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>'; |
$ipban_count++; |
} |
else if ( !empty($banlist[$i]['ban_email']) ) |
{ |
$ban_email = $banlist[$i]['ban_email']; |
$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>'; |
$emailban_count++; |
} |
} |
|
if ( $select_iplist == '' ) |
{ |
$select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>'; |
} |
|
if ( $select_emaillist == '' ) |
{ |
$select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>'; |
} |
|
$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>'; |
$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>'; |
|
$template->assign_vars(array( |
'L_UNBAN_USER' => $lang['Unban_username'], |
'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'], |
'L_UNBAN_IP' => $lang['Unban_IP'], |
'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'], |
'L_UNBAN_EMAIL' => $lang['Unban_email'], |
'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], |
'L_USERNAME' => $lang['Username'], |
'L_LOOK_UP' => $lang['Look_up_User'], |
'L_FIND_USERNAME' => $lang['Find_username'], |
|
'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), |
'S_UNBAN_USERLIST_SELECT' => $select_userlist, |
'S_UNBAN_IPLIST_SELECT' => $select_iplist, |
'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist, |
'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx")) |
); |
} |
|
$template->pparse('body'); |
|
include('./page_footer_admin.'.$phpEx); |
|
?> |