WebSVN – svnkaklik – Blame – /web/test/gallery/cpg133/banning.php

Rev	Author	Line No.	Line
6	kaklik	1	`<?php`
		2	`/*************************`
		3	`Coppermine Photo Gallery`
		4	`************************`
		5	`Copyright (c) 2003-2005 Coppermine Dev Team`
		6	`v1.1 originaly written by Gregory DEMAR`
		7
		8	`This program is free software; you can redistribute it and/or modify`
		9	`it under the terms of the GNU General Public License as published by`
		10	`the Free Software Foundation; either version 2 of the License, or`
		11	`(at your option) any later version.`
		12	`********************************************`
		13	`Coppermine version: 1.3.3`
		14	$Source: /cvsroot/coppermine/stable/banning.php,v $
		15	$Revision: 1.7 $
		16	$Author: gaugau $
		17	$Date: 2005/04/19 03:17:10 $
		18	`**********************************************/`
		19
		20	`define('IN_COPPERMINE', true);`
		21	`define('BANNING_PHP', true);`
		22
		23	`require('include/init.inc.php');`
		24	`require('include/sql_parse.php');`
		25
		26	`if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);`
		27	`// if (defined('UDB_INTEGRATION')) cpg_die(ERROR, $lang_errors['not_with_udb'], __FILE__, __LINE__);`
		28	`function create_banlist()`
		29	`{`
		30	`global $CONFIG, $PHP_SELF, $lang_banning_php, $album_date_fmt;`
		31
		32	`$result = db_query ("SELECT * FROM {$CONFIG['TABLE_BANNED']}");`
		33	`$count = mysql_num_rows($result);`
		34	`if ($count > 0) {`
		35	`echo <<<EOHEAD`
		36	`<tr>`
		37	`<th align="center" class="tableh2">{$lang_banning_php['user_name']}</th>`
		38	`<th align="center" class="tableh2">{$lang_banning_php['ip_address']}</th>`
		39	`<th align="center" class="tableh2">{$lang_banning_php['expiry']}</th>`
		40	`<th align="center" class="tableh2"></th>`
		41	`</tr>`
		42	`EOHEAD;`
		43
		44	`$row_counter = 0;`
		45	`while ($row = mysql_fetch_array($result)) {`
		46	`if ($row['user_id']) {`
		47	`$username = get_username($row['user_id']);`
		48	`} else {`
		49	`$username = '';`
		50	`}`
		51	`if ($row['expiry']) {`
		52	`$expiry = $row['expiry'];`
		53	`} else {`
		54	`$expiry = '';`
		55	`}`
		56	`echo <<<EOROW`
		57	`<tr>`
		58	`<form action="$PHP_SELF" method="post" name="banlist$row_counter">`
		59	`<td width="20%" class="tableb" valign="middle">`
		60	`<input type="hidden" name="ban_id" value="{$row['ban_id']}">`
		61	`<input type="text" class="textinput" style="width: 100%" name="edit_ban_user_name" value="$username">`
		62	`</td>`
		63	`<td class="tableb" valign="middle">`
		64	`<input type="text" class="textinput" size="15" name="edit_ban_ip_addr" value="{$row['ip_addr']}">`
		65	`</td>`
		66	`<td class="tableb" valign="middle">`
		67	`<input type="text" class="listbox_lang" size="20" name="edit_ban_expires" value="$expiry" readonly="readonly" onclick="return getCalendar(document.banlist$row_counter.edit_ban_expires);" style="cursor:pointer" title="select date" />`
		68	`</td>`
		69	`<td class="tableb" valign="middle">`
		70	`<input type="submit" class="button" name="edit_ban" value="{$lang_banning_php['edit_ban']}">`
		71	`  `
		72	`<input type="submit" class="button" name="delete_ban" value="{$lang_banning_php['delete_ban']}">`
		73	`</td>`
		74	`</form>`
		75	`</tr>`
		76	`EOROW;`
		77	`$row_counter++;`
		78	`}`
		79	`}`
		80	`mysql_free_result($result);`
		81	`}`
		82
		83	`if (count($HTTP_POST_VARS) > 0) {`
		84	`if (isset($HTTP_POST_VARS['add_ban'])) {`
		85	`if ($HTTP_POST_VARS['add_ban_user_name']) {`
		86	`if (!($ban_uid = get_userid($HTTP_POST_VARS['add_ban_user_name']))) {`
		87	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_user']. ' '. $HTTP_POST_VARS['add_ban_user_name'], __FILE__, __LINE__);`
		88	`}`
		89	`// check that admin doesn't ban himself`
		90	`if ($HTTP_POST_VARS['add_ban_user_name'] == USER_NAME) {`
		91	`cpg_die(ERROR, $lang_banning_php['error_admin_ban'], __FILE__, __LINE__);`
		92	`}`
		93	`} else {`
		94	`$ban_uid = 'NULL';`
		95	`}`
		96
		97	`if ($HTTP_POST_VARS['add_ban_ip_addr']) {`
		98	`$ban_ip_addr = "'" . addslashes($HTTP_POST_VARS['add_ban_ip_addr']) . "'";`
		99	`//check admin ip address`
		100	`if ($HTTP_POST_VARS['add_ban_ip_addr'] == $REMOTE_ADDR \|\| $HTTP_POST_VARS['add_ban_ip_addr'] == $_SERVER["REMOTE_ADDR"] \|\| ($HTTP_POST_VARS['add_ban_ip_addr'] == $_ENV["REMOTE_ADDR"] && $_ENV["REMOTE_ADDR"])) {`
		101	`cpg_die(ERROR, $lang_banning_php['error_admin_ban'], __FILE__, __LINE__);`
		102	`}`
		103	`//check server ip adress`
		104	`if ($HTTP_POST_VARS['add_ban_ip_addr'] == $SERVER_ADDR \|\| $HTTP_POST_VARS['add_ban_ip_addr'] == $_SERVER["SERVER_ADDR"] \|\| $HTTP_POST_VARS['add_ban_ip_addr'] == $_ENV["SERVER_ADDR"]) {`
		105	`cpg_die(ERROR, $lang_banning_php['error_server_ban'], __FILE__, __LINE__);`
		106	`}`
		107	`//check illegal ip addresses`
		108	`$ip_to_check = 'ip'.$HTTP_POST_VARS['add_ban_ip_addr'];`
		109	`$ip_is_illegal = 0;`
		110	`$illegal_ip = array('192.168.','10.','172.16.','172.17.','172.18.','172.19.','172.20.','172.21.','172.22.','172.23.','172.24.','172.25.','172.26.','172.27.','172.28.','172.29.','172.30.','172.31.','169.254.','127.', '192.0.','1.0.0.0','204.152.64.','204.152.65.');`
		111	`foreach ($illegal_ip as $not_allowed_ip) {`
		112	`if (strpos($ip_to_check,$not_allowed_ip) == 2){$ip_is_illegal++;}`
		113	`}`
		114	`//higher than 224 in first byte`
		115	`for ($i = 224; $i <= 255; $i++) {`
		116	`if (strpos($ip_to_check,$i.'.') == 2){$ip_is_illegal++;}`
		117	`}`
		118	`if ($ip_is_illegal != 0) {`
		119	`cpg_die(ERROR, $lang_banning_php['error_ip_forbidden'], __FILE__, __LINE__);`
		120	`}`
		121	`} else {`
		122	`$ban_ip_addr = 'NULL';`
		123	`}`
		124
		125
		126	`$ban_expires = $HTTP_POST_VARS['add_ban_expires'];`
		127	`if ($ban_expires == '') {`
		128	`$ban_expires = 'NULL';`
		129	`} else {`
		130	`$ban_expires = "'".$ban_expires.' 00:00:00'."'";`
		131	`}`
		132	`if ($ban_expires == '\' 00:00:00\'') {`
		133	`$ban_expires = 'NULL';`
		134	`}`
		135
		136
		137	`if ($ban_expires < 0) { $ban_expires = 'NULL';}`
		138	`// check if anything has been submit at all`
		139	`if (!$HTTP_POST_VARS['add_ban_user_name'] && !$HTTP_POST_VARS['add_ban_ip_addr']) {`
		140	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__);`
		141	`}`
		142	`if ($ban_uid \|\| $ban_ip_addr) {`
		143	`db_query("INSERT INTO {$CONFIG['TABLE_BANNED']} (user_id, ip_addr, expiry) VALUES ($ban_uid, $ban_ip_addr, $ban_expires)");`
		144	`} else {`
		145	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__);`
		146	`}`
		147	`} elseif (isset($HTTP_POST_VARS['delete_ban'])) {`
		148	`if (isset($HTTP_POST_VARS['ban_id'])) {`
		149	`$ban_id = (int)$HTTP_POST_VARS['ban_id'];`
		150	`if ($ban_id) {`
		151	`db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE ban_id=$ban_id");`
		152	`} else {`
		153	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_ban_id'], __FILE__, __LINE__);`
		154	`}`
		155	`}`
		156	`} elseif (isset($HTTP_POST_VARS['edit_ban'])) {`
		157	`if (isset($HTTP_POST_VARS['ban_id'])) {`
		158	`$ban_id = (int)$HTTP_POST_VARS['ban_id'];`
		159	`if ($ban_id) {`
		160	`if ($HTTP_POST_VARS['edit_ban_user_name']) {`
		161	`if (!($ban_uid = get_userid($HTTP_POST_VARS['edit_ban_user_name']))) {`
		162	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_user'] . ' ' . $HTTP_POST_VARS['edit_ban_user_name'], __FILE__, __LINE__);`
		163	`}`
		164	`} else {`
		165	`$ban_uid = 'NULL';`
		166	`}`
		167
		168	`if (isset($HTTP_POST_VARS['edit_ban_ip_addr'])) {`
		169	`$ban_ip_addr = "'" . addslashes($HTTP_POST_VARS['edit_ban_ip_addr']) . "'";`
		170	`} else {`
		171	`$ban_ip_addr = 'NULL';`
		172	`}`
		173
		174	`$ban_expires = $HTTP_POST_VARS['edit_ban_expires'];`
		175	`if ($ban_expires == '') {`
		176	`$ban_expires = 'NULL';`
		177	`} else {`
		178	`$ban_expires = "'".$ban_expires."'";`
		179	`}`
		180
		181	`if ((int)$ban_expires < 0) $ban_expires = 'NULL';`
		182
		183	`if ($ban_uid \|\| $ban_ip_addr) {`
		184	`db_query("UPDATE {$CONFIG['TABLE_BANNED']} SET user_id=$ban_uid, ip_addr=$ban_ip_addr, expiry=$ban_expires where ban_id=$ban_id");`
		185	`} else {`
		186	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__);`
		187	`}`
		188	`} else {`
		189	`cpg_die(CRITICAL_ERROR, $lang_banning_php['error_ban_id'], __FILE__, __LINE__);`
		190	`}`
		191	`}`
		192	`}`
		193	`}`
		194
		195	`pageheader($lang_banning_php['title']);`
		196
		197	`$signature = 'Coppermine Photo Gallery ' . COPPERMINE_VERSION;`
		198
		199	`starttable('100%', "{$lang_banning_php['title']} - $signature", 4);`
		200	`create_banlist();`
		201	`endtable();`
		202	`$calendar_link_new = 'calendar.php?action=banning&month='.ltrim(strftime('%m'),'0').'&year='.strftime('%Y');`
		203	`print <<<EOT`
		204	`<script language="Javascript">`
		205	`var calendarWindow = null;`
		206	`var calendarFormat = 'y-m-d';`
		207
		208	`function getCalendar(in_dateField)`
		209	`{`
		210	`if (calendarWindow && !calendarWindow.closed) {`
		211	`alert('Calendar window already open. Attempting focus...');`
		212	`try {`
		213	`calendarWindow.focus();`
		214	`}`
		215	`catch(e) {}`
		216
		217	`return false;`
		218	`}`
		219
		220	`var cal_width = 300;`
		221	`var cal_height = 200;`
		222
		223	`// IE needs less space to make this thing`
		224	`if ((document.all) && (navigator.userAgent.indexOf("Konqueror") == -1)) {`
		225	`cal_width = 290;`
		226	`}`
		227
		228	`calendarTarget = in_dateField;`
		229	`calendarWindow = window.open('{$calendar_link_new}', 'dateSelectorPopup','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=1,dependent=no,width='+cal_width+',height='+cal_height);`
		230	`return false;`
		231	`}`
		232
		233	`function killCalendar()`
		234	`{`
		235	`if (calendarWindow && !calendarWindow.closed) {`
		236	`calendarWindow.close();`
		237	`}`
		238	`}`
		239	`</script>`
		240	`EOT;`
		241	`print "<br />\n";`
		242	`starttable('100%', $lang_banning_php['add_new'], 4);`
		243	`echo <<<EOT`
		244	`<tr>`
		245	`<th class="tableh2">{$lang_banning_php['user_name']}</th>`
		246	`<th class="tableh2">{$lang_banning_php['ip_address']}</th>`
		247	`<th class="tableh2">{$lang_banning_php['expiry']}</th>`
		248	`<th class="tableh2"></th>`
		249	`</tr>`
		250
		251	`<tr>`
		252	`<form action="$PHP_SELF" method="post" name="list">`
		253	`<td class="tableb" valign="middle">`
		254	`<input type="text" class="textinput" style="width: 100%" name="add_ban_user_name" value="">`
		255	`</td>`
		256	`<td class="tableb" valign="middle">`
		257	`<input type="text" class="textinput" name="add_ban_ip_addr" value="" size="15" maxlength="15" />`
		258	`</td>`
		259	`<td class="tableb" valign="middle">`
		260	`<input type="text" class="listbox_lang" name="add_ban_expires" value="" size="20" readonly="readonly" onclick="return getCalendar(document.list.add_ban_expires);" style="cursor:pointer" title="select date" />`
		261	`</td>`
		262	`<td class="tableb" valign="top">`
		263	`<input type="submit" class="button" name="add_ban" value="{$lang_banning_php['add_ban']}" />`
		264	`</td>`
		265	`</form>`
		266	`</tr>`
		267	`EOT;`
		268	`endtable();`
		269	`print "<form action=\"http://ws.arin.net/cgi-bin/whois.pl\" method=\"post\" name=\"lookup\" target=\"_blank\">\n";`
		270
		271	`//starttable('-2', $lang_banning_php['lookup_ip'], 2);`
		272	`starttable('-2');`
		273	`print "<tr>\n";`
		274	`print "<td class=\"tablef\">\n";`
		275	`print "<b>".$lang_banning_php['lookup_ip']."</b>\n";`
		276	`print "</td>\n";`
		277	`print "<td class=\"tableb\">\n";`
		278	`print "<input type=\"text\" class=\"textinput\" size=\"20\" name=\"queryinput\" value=\"\" maxlength=\"15\" />\n";`
		279	`print "</td>\n";`
		280	`print "<td class=\"tableb\">\n";`
		281	`print "<input type=\"submit\" class=\"button\" name=\"submit\" value=\"{$lang_banning_php['submit']}\" >\n";`
		282	`print "</td>\n";`
		283	`print "</tr>\n";`
		284	`endtable();`
		285	`print "</form>\n";`
		286
		287	`pagefooter();`
		288	`ob_end_flush();`
		289
		290	`?>`

Subversion Repositories svnkaklik

(root)/web/test/gallery/cpg133/banning.php @ 319 – Rev