Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/banning.php,v $
15
  $Revision: 1.7 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 03:17:10 $
18
**********************************************/
19
 
20
define('IN_COPPERMINE', true);
21
define('BANNING_PHP', true);
22
 
23
require('include/init.inc.php');
24
require('include/sql_parse.php');
25
 
26
if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
27
// if (defined('UDB_INTEGRATION')) cpg_die(ERROR, $lang_errors['not_with_udb'], __FILE__, __LINE__);
28
function create_banlist()
29
{
30
    global $CONFIG, $PHP_SELF, $lang_banning_php, $album_date_fmt;
31
 
32
    $result = db_query ("SELECT * FROM {$CONFIG['TABLE_BANNED']}");
33
    $count = mysql_num_rows($result);
34
    if ($count > 0) {
35
        echo <<<EOHEAD
36
                <tr>
37
                <th align="center" class="tableh2">{$lang_banning_php['user_name']}</th>
38
                <th align="center" class="tableh2">{$lang_banning_php['ip_address']}</th>
39
                <th align="center" class="tableh2">{$lang_banning_php['expiry']}</th>
40
                <th align="center" class="tableh2"></th>
41
                </tr>
42
EOHEAD;
43
 
44
        $row_counter = 0;
45
        while ($row = mysql_fetch_array($result)) {
46
            if ($row['user_id']) {
47
                $username = get_username($row['user_id']);
48
            } else {
49
                $username = '';
50
            }
51
            if ($row['expiry']) {
52
                $expiry = $row['expiry'];
53
            } else {
54
                $expiry = '';
55
            }
56
            echo <<<EOROW
57
                                        <tr>
58
                                               <form action="$PHP_SELF" method="post" name="banlist$row_counter">
59
                                                     <td width="20%" class="tableb" valign="middle">
60
                                                             <input type="hidden" name="ban_id" value="{$row['ban_id']}">
61
                                                <input type="text" class="textinput" style="width: 100%" name="edit_ban_user_name" value="$username">
62
                                        </td>
63
                                                <td class="tableb" valign="middle">
64
                                                <input type="text" class="textinput" size="15" name="edit_ban_ip_addr" value="{$row['ip_addr']}">
65
                                        </td>
66
                                                <td class="tableb" valign="middle">
67
                                                <input type="text" class="listbox_lang" size="20" name="edit_ban_expires" value="$expiry" readonly="readonly" onclick="return getCalendar(document.banlist$row_counter.edit_ban_expires);" style="cursor:pointer" title="select date" />
68
                                        </td>
69
                                        <td class="tableb" valign="middle">
70
                                                                <input type="submit" class="button" name="edit_ban" value="{$lang_banning_php['edit_ban']}">
71
                                        &nbsp;&nbsp;
72
                                                                <input type="submit" class="button" name="delete_ban" value="{$lang_banning_php['delete_ban']}">
73
                                        </td>
74
                                </form>
75
                                </tr>
76
EOROW;
77
          $row_counter++;
78
        }
79
    }
80
    mysql_free_result($result);
81
}
82
 
83
if (count($HTTP_POST_VARS) > 0) {
84
    if (isset($HTTP_POST_VARS['add_ban'])) {
85
        if ($HTTP_POST_VARS['add_ban_user_name']) {
86
            if (!($ban_uid = get_userid($HTTP_POST_VARS['add_ban_user_name']))) {
87
                cpg_die(CRITICAL_ERROR, $lang_banning_php['error_user']. ' '. $HTTP_POST_VARS['add_ban_user_name'], __FILE__, __LINE__);
88
            }
89
            // check that admin doesn't ban himself
90
            if ($HTTP_POST_VARS['add_ban_user_name'] == USER_NAME) {
91
               cpg_die(ERROR, $lang_banning_php['error_admin_ban'], __FILE__, __LINE__);
92
               }
93
        } else {
94
            $ban_uid = 'NULL';
95
        }
96
 
97
        if ($HTTP_POST_VARS['add_ban_ip_addr']) {
98
            $ban_ip_addr = "'" . addslashes($HTTP_POST_VARS['add_ban_ip_addr']) . "'";
99
            //check admin ip address
100
            if ($HTTP_POST_VARS['add_ban_ip_addr'] == $REMOTE_ADDR || $HTTP_POST_VARS['add_ban_ip_addr'] == $_SERVER["REMOTE_ADDR"] || ($HTTP_POST_VARS['add_ban_ip_addr'] == $_ENV["REMOTE_ADDR"] && $_ENV["REMOTE_ADDR"])) {
101
               cpg_die(ERROR, $lang_banning_php['error_admin_ban'], __FILE__, __LINE__);
102
               }
103
            //check server ip adress
104
            if ($HTTP_POST_VARS['add_ban_ip_addr'] == $SERVER_ADDR || $HTTP_POST_VARS['add_ban_ip_addr'] == $_SERVER["SERVER_ADDR"] || $HTTP_POST_VARS['add_ban_ip_addr'] == $_ENV["SERVER_ADDR"]) {
105
               cpg_die(ERROR, $lang_banning_php['error_server_ban'], __FILE__, __LINE__);
106
               }
107
            //check illegal ip addresses
108
            $ip_to_check = 'ip'.$HTTP_POST_VARS['add_ban_ip_addr'];
109
            $ip_is_illegal = 0;
110
            $illegal_ip = array('192.168.','10.','172.16.','172.17.','172.18.','172.19.','172.20.','172.21.','172.22.','172.23.','172.24.','172.25.','172.26.','172.27.','172.28.','172.29.','172.30.','172.31.','169.254.','127.', '192.0.','1.0.0.0','204.152.64.','204.152.65.');
111
            foreach ($illegal_ip as $not_allowed_ip) {
112
              if (strpos($ip_to_check,$not_allowed_ip) == 2){$ip_is_illegal++;}
113
            }
114
            //higher than 224 in first byte
115
            for ($i = 224; $i <= 255; $i++) {
116
            if (strpos($ip_to_check,$i.'.') == 2){$ip_is_illegal++;}
117
            }
118
            if ($ip_is_illegal != 0) {
119
            cpg_die(ERROR, $lang_banning_php['error_ip_forbidden'], __FILE__, __LINE__);
120
            }
121
        } else {
122
            $ban_ip_addr = 'NULL';
123
        }
124
 
125
 
126
$ban_expires = $HTTP_POST_VARS['add_ban_expires'];
127
if ($ban_expires == '') {
128
    $ban_expires = 'NULL';
129
} else {
130
    $ban_expires = "'".$ban_expires.' 00:00:00'."'";
131
}
132
if ($ban_expires == '\' 00:00:00\'') {
133
    $ban_expires = 'NULL';
134
}
135
 
136
 
137
        if ($ban_expires < 0) { $ban_expires = 'NULL';}
138
        // check if anything has been submit at all
139
        if (!$HTTP_POST_VARS['add_ban_user_name'] && !$HTTP_POST_VARS['add_ban_ip_addr']) {
140
          cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__);
141
          }
142
        if ($ban_uid || $ban_ip_addr) {
143
            db_query("INSERT INTO {$CONFIG['TABLE_BANNED']} (user_id, ip_addr, expiry) VALUES ($ban_uid, $ban_ip_addr, $ban_expires)");
144
        } else {
145
            cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__);
146
        }
147
    } elseif (isset($HTTP_POST_VARS['delete_ban'])) {
148
        if (isset($HTTP_POST_VARS['ban_id'])) {
149
            $ban_id = (int)$HTTP_POST_VARS['ban_id'];
150
            if ($ban_id) {
151
                db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE ban_id=$ban_id");
152
            } else {
153
                cpg_die(CRITICAL_ERROR, $lang_banning_php['error_ban_id'], __FILE__, __LINE__);
154
            }
155
        }
156
    } elseif (isset($HTTP_POST_VARS['edit_ban'])) {
157
        if (isset($HTTP_POST_VARS['ban_id'])) {
158
            $ban_id = (int)$HTTP_POST_VARS['ban_id'];
159
            if ($ban_id) {
160
                if ($HTTP_POST_VARS['edit_ban_user_name']) {
161
                    if (!($ban_uid = get_userid($HTTP_POST_VARS['edit_ban_user_name']))) {
162
                        cpg_die(CRITICAL_ERROR, $lang_banning_php['error_user'] . ' ' . $HTTP_POST_VARS['edit_ban_user_name'], __FILE__, __LINE__);
163
                    }
164
                } else {
165
                    $ban_uid = 'NULL';
166
                }
167
 
168
                if (isset($HTTP_POST_VARS['edit_ban_ip_addr'])) {
169
                    $ban_ip_addr = "'" . addslashes($HTTP_POST_VARS['edit_ban_ip_addr']) . "'";
170
                } else {
171
                    $ban_ip_addr = 'NULL';
172
                }
173
 
174
                $ban_expires = $HTTP_POST_VARS['edit_ban_expires'];
175
                if ($ban_expires == '') {
176
                      $ban_expires = 'NULL';
177
                } else {
178
                    $ban_expires = "'".$ban_expires."'";
179
                }
180
 
181
                if ((int)$ban_expires < 0) $ban_expires = 'NULL';
182
 
183
                if ($ban_uid || $ban_ip_addr) {
184
                    db_query("UPDATE {$CONFIG['TABLE_BANNED']} SET user_id=$ban_uid, ip_addr=$ban_ip_addr, expiry=$ban_expires where ban_id=$ban_id");
185
                } else {
186
                    cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__);
187
                }
188
            } else {
189
                cpg_die(CRITICAL_ERROR, $lang_banning_php['error_ban_id'], __FILE__, __LINE__);
190
            }
191
        }
192
    }
193
}
194
 
195
pageheader($lang_banning_php['title']);
196
 
197
$signature = 'Coppermine Photo Gallery ' . COPPERMINE_VERSION;
198
 
199
starttable('100%', "{$lang_banning_php['title']} - $signature", 4);
200
create_banlist();
201
endtable();
202
$calendar_link_new = 'calendar.php?action=banning&month='.ltrim(strftime('%m'),'0').'&year='.strftime('%Y');
203
print <<<EOT
204
<script language="Javascript">
205
var calendarWindow = null;
206
var calendarFormat = 'y-m-d';
207
 
208
function getCalendar(in_dateField)
209
{
210
    if (calendarWindow && !calendarWindow.closed) {
211
        alert('Calendar window already open.  Attempting focus...');
212
        try {
213
            calendarWindow.focus();
214
        }
215
        catch(e) {}
216
 
217
        return false;
218
    }
219
 
220
    var cal_width = 300;
221
    var cal_height = 200;
222
 
223
    // IE needs less space to make this thing
224
    if ((document.all) && (navigator.userAgent.indexOf("Konqueror") == -1)) {
225
        cal_width = 290;
226
    }
227
 
228
    calendarTarget = in_dateField;
229
    calendarWindow = window.open('{$calendar_link_new}', 'dateSelectorPopup','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=1,dependent=no,width='+cal_width+',height='+cal_height);
230
    return false;
231
}
232
 
233
function killCalendar()
234
{
235
    if (calendarWindow && !calendarWindow.closed) {
236
        calendarWindow.close();
237
    }
238
}
239
</script>
240
EOT;
241
print "<br />\n";
242
starttable('100%', $lang_banning_php['add_new'], 4);
243
echo <<<EOT
244
                                        <tr>
245
                                                <th class="tableh2">{$lang_banning_php['user_name']}</th>
246
                                                <th class="tableh2">{$lang_banning_php['ip_address']}</th>
247
                                                <th class="tableh2">{$lang_banning_php['expiry']}</th>
248
                                                <th class="tableh2"></th>
249
                                        </tr>
250
 
251
                                        <tr>
252
                                               <form action="$PHP_SELF" method="post" name="list">
253
                                                     <td class="tableb" valign="middle">
254
                                                <input type="text" class="textinput" style="width: 100%" name="add_ban_user_name" value="">
255
                                        </td>
256
                                                <td class="tableb" valign="middle">
257
                                                <input type="text" class="textinput" name="add_ban_ip_addr" value="" size="15" maxlength="15" />
258
                                        </td>
259
                                                <td class="tableb" valign="middle">
260
                                                <input type="text" class="listbox_lang"  name="add_ban_expires" value="" size="20" readonly="readonly" onclick="return getCalendar(document.list.add_ban_expires);" style="cursor:pointer" title="select date" />
261
                                        </td>
262
                                        <td class="tableb" valign="top">
263
                                                                <input type="submit" class="button" name="add_ban" value="{$lang_banning_php['add_ban']}" />
264
                                        </td>
265
                                </form>
266
                                </tr>
267
EOT;
268
endtable();
269
print "<form action=\"http://ws.arin.net/cgi-bin/whois.pl\" method=\"post\" name=\"lookup\" target=\"_blank\">\n";
270
 
271
//starttable('-2', $lang_banning_php['lookup_ip'], 2);
272
starttable('-2');
273
print "<tr>\n";
274
print "<td class=\"tablef\">\n";
275
print "<b>".$lang_banning_php['lookup_ip']."</b>\n";
276
print "</td>\n";
277
print "<td class=\"tableb\">\n";
278
print "<input type=\"text\" class=\"textinput\" size=\"20\" name=\"queryinput\" value=\"\" maxlength=\"15\" />\n";
279
print "</td>\n";
280
print "<td class=\"tableb\">\n";
281
print "<input type=\"submit\" class=\"button\" name=\"submit\" value=\"{$lang_banning_php['submit']}\" >\n";
282
print "</td>\n";
283
print "</tr>\n";
284
endtable();
285
print "</form>\n";
286
 
287
pagefooter();
288
ob_end_flush();
289
 
290
?>