[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * admin_user_ban.php 4 * ------------------- 5 * begin : Tuesday, Jul 31, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: admin_user_ban.php 5283 2005-10-30 15:17:14Z acydburn $ 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 define('IN_PHPBB', 1); 24 25 if ( !empty($setmodules) ) 26 { 27 $filename = basename(__FILE__); 28 $module['Users']['Ban_Management'] = $filename; 29 30 return; 31 } 32 33 // 34 // Load default header 35 // 36 $phpbb_root_path = './../'; 37 require ($phpbb_root_path . 'extension.inc'); 38 require('./pagestart.' . $phpEx); 39 40 // 41 // Start program 42 // 43 if ( isset($HTTP_POST_VARS['submit']) ) 44 { 45 $user_bansql = ''; 46 $email_bansql = ''; 47 $ip_bansql = ''; 48 49 $user_list = array(); 50 if ( !empty($HTTP_POST_VARS['username']) ) 51 { 52 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); 53 if( !$this_userdata ) 54 { 55 message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] ); 56 } 57 58 $user_list[] = $this_userdata['user_id']; 59 } 60 61 $ip_list = array(); 62 if ( isset($HTTP_POST_VARS['ban_ip']) ) 63 { 64 $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']); 65 66 for($i = 0; $i < count($ip_list_temp); $i++) 67 { 68 if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) ) 69 { 70 // 71 // Don't ask about all this, just don't ask ... ! 72 // 73 $ip_1_counter = $ip_range_explode[1]; 74 $ip_1_end = $ip_range_explode[5]; 75 76 while ( $ip_1_counter <= $ip_1_end ) 77 { 78 $ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0; 79 $ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6]; 80 81 if ( $ip_2_counter == 0 && $ip_2_end == 254 ) 82 { 83 $ip_2_counter = 255; 84 $ip_2_fragment = 255; 85 86 $ip_list[] = encode_ip("$ip_1_counter.255.255.255"); 87 } 88 89 while ( $ip_2_counter <= $ip_2_end ) 90 { 91 $ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0; 92 $ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7]; 93 94 if ( $ip_3_counter == 0 && $ip_3_end == 254 ) 95 { 96 $ip_3_counter = 255; 97 $ip_3_fragment = 255; 98 99 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255"); 100 } 101 102 while ( $ip_3_counter <= $ip_3_end ) 103 { 104 $ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0; 105 $ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8]; 106 107 if ( $ip_4_counter == 0 && $ip_4_end == 254 ) 108 { 109 $ip_4_counter = 255; 110 $ip_4_fragment = 255; 111 112 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255"); 113 } 114 115 while ( $ip_4_counter <= $ip_4_end ) 116 { 117 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"); 118 $ip_4_counter++; 119 } 120 $ip_3_counter++; 121 } 122 $ip_2_counter++; 123 } 124 $ip_1_counter++; 125 } 126 } 127 else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) ) 128 { 129 $ip = gethostbynamel(trim($ip_list_temp[$i])); 130 131 for($j = 0; $j < count($ip); $j++) 132 { 133 if ( !empty($ip[$j]) ) 134 { 135 $ip_list[] = encode_ip($ip[$j]); 136 } 137 } 138 } 139 else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) ) 140 { 141 $ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i]))); 142 } 143 } 144 } 145 146 $email_list = array(); 147 if ( isset($HTTP_POST_VARS['ban_email']) ) 148 { 149 $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']); 150 151 for($i = 0; $i < count($email_list_temp); $i++) 152 { 153 // 154 // This ereg match is based on one by php@unreelpro.com 155 // contained in the annotated php manual at php.com (ereg 156 // section) 157 // 158 if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i]))) 159 { 160 $email_list[] = trim($email_list_temp[$i]); 161 } 162 } 163 } 164 165 $sql = "SELECT * 166 FROM " . BANLIST_TABLE; 167 if ( !($result = $db->sql_query($sql)) ) 168 { 169 message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); 170 } 171 172 $current_banlist = $db->sql_fetchrowset($result); 173 $db->sql_freeresult($result); 174 175 $kill_session_sql = ''; 176 for($i = 0; $i < count($user_list); $i++) 177 { 178 $in_banlist = false; 179 for($j = 0; $j < count($current_banlist); $j++) 180 { 181 if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] ) 182 { 183 $in_banlist = true; 184 } 185 } 186 187 if ( !$in_banlist ) 188 { 189 $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i]; 190 191 $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) 192 VALUES (" . $user_list[$i] . ")"; 193 if ( !$db->sql_query($sql) ) 194 { 195 message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); 196 } 197 } 198 } 199 200 for($i = 0; $i < count($ip_list); $i++) 201 { 202 $in_banlist = false; 203 for($j = 0; $j < count($current_banlist); $j++) 204 { 205 if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] ) 206 { 207 $in_banlist = true; 208 } 209 } 210 211 if ( !$in_banlist ) 212 { 213 if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) ) 214 { 215 $kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'"; 216 } 217 else 218 { 219 $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'"; 220 } 221 222 $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql; 223 224 $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) 225 VALUES ('" . $ip_list[$i] . "')"; 226 if ( !$db->sql_query($sql) ) 227 { 228 message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); 229 } 230 } 231 } 232 233 // 234 // Now we'll delete all entries from the session table with any of the banned 235 // user or IP info just entered into the ban table ... this will force a session 236 // initialisation resulting in an instant ban 237 // 238 if ( $kill_session_sql != '' ) 239 { 240 $sql = "DELETE FROM " . SESSIONS_TABLE . " 241 WHERE $kill_session_sql"; 242 if ( !$db->sql_query($sql) ) 243 { 244 message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); 245 } 246 } 247 248 for($i = 0; $i < count($email_list); $i++) 249 { 250 $in_banlist = false; 251 for($j = 0; $j < count($current_banlist); $j++) 252 { 253 if ( $email_list[$i] == $current_banlist[$j]['ban_email'] ) 254 { 255 $in_banlist = true; 256 } 257 } 258 259 if ( !$in_banlist ) 260 { 261 $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) 262 VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; 263 if ( !$db->sql_query($sql) ) 264 { 265 message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); 266 } 267 } 268 } 269 270 $where_sql = ''; 271 272 if ( isset($HTTP_POST_VARS['unban_user']) ) 273 { 274 $user_list = $HTTP_POST_VARS['unban_user']; 275 276 for($i = 0; $i < count($user_list); $i++) 277 { 278 if ( $user_list[$i] != -1 ) 279 { 280 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]); 281 } 282 } 283 } 284 285 if ( isset($HTTP_POST_VARS['unban_ip']) ) 286 { 287 $ip_list = $HTTP_POST_VARS['unban_ip']; 288 289 for($i = 0; $i < count($ip_list); $i++) 290 { 291 if ( $ip_list[$i] != -1 ) 292 { 293 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]); 294 } 295 } 296 } 297 298 if ( isset($HTTP_POST_VARS['unban_email']) ) 299 { 300 $email_list = $HTTP_POST_VARS['unban_email']; 301 302 for($i = 0; $i < count($email_list); $i++) 303 { 304 if ( $email_list[$i] != -1 ) 305 { 306 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]); 307 } 308 } 309 } 310 311 if ( $where_sql != '' ) 312 { 313 $sql = "DELETE FROM " . BANLIST_TABLE . " 314 WHERE ban_id IN ($where_sql)"; 315 if ( !$db->sql_query($sql) ) 316 { 317 message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); 318 } 319 } 320 321 $message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 322 323 message_die(GENERAL_MESSAGE, $message); 324 325 } 326 else 327 { 328 $template->set_filenames(array( 329 'body' => 'admin/user_ban_body.tpl') 330 ); 331 332 $template->assign_vars(array( 333 'L_BAN_TITLE' => $lang['Ban_control'], 334 'L_BAN_EXPLAIN' => $lang['Ban_explain'], 335 'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'], 336 'L_IP_OR_HOSTNAME' => $lang['IP_hostname'], 337 'L_EMAIL_ADDRESS' => $lang['Email_address'], 338 'L_SUBMIT' => $lang['Submit'], 339 'L_RESET' => $lang['Reset'], 340 341 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx")) 342 ); 343 344 $template->assign_vars(array( 345 'L_BAN_USER' => $lang['Ban_username'], 346 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'], 347 'L_BAN_IP' => $lang['Ban_IP'], 348 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'], 349 'L_BAN_EMAIL' => $lang['Ban_email'], 350 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain']) 351 ); 352 353 $userban_count = 0; 354 $ipban_count = 0; 355 $emailban_count = 0; 356 357 $sql = "SELECT b.ban_id, u.user_id, u.username 358 FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u 359 WHERE u.user_id = b.ban_userid 360 AND b.ban_userid <> 0 361 AND u.user_id <> " . ANONYMOUS . " 362 ORDER BY u.user_id ASC"; 363 if ( !($result = $db->sql_query($sql)) ) 364 { 365 message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql); 366 } 367 368 $user_list = $db->sql_fetchrowset($result); 369 $db->sql_freeresult($result); 370 371 $select_userlist = ''; 372 for($i = 0; $i < count($user_list); $i++) 373 { 374 $select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>'; 375 $userban_count++; 376 } 377 378 if( $select_userlist == '' ) 379 { 380 $select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>'; 381 } 382 383 $select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>'; 384 385 $sql = "SELECT ban_id, ban_ip, ban_email 386 FROM " . BANLIST_TABLE; 387 if ( !($result = $db->sql_query($sql)) ) 388 { 389 message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql); 390 } 391 392 $banlist = $db->sql_fetchrowset($result); 393 $db->sql_freeresult($result); 394 395 $select_iplist = ''; 396 $select_emaillist = ''; 397 398 for($i = 0; $i < count($banlist); $i++) 399 { 400 $ban_id = $banlist[$i]['ban_id']; 401 402 if ( !empty($banlist[$i]['ban_ip']) ) 403 { 404 $ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip'])); 405 $select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>'; 406 $ipban_count++; 407 } 408 else if ( !empty($banlist[$i]['ban_email']) ) 409 { 410 $ban_email = $banlist[$i]['ban_email']; 411 $select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>'; 412 $emailban_count++; 413 } 414 } 415 416 if ( $select_iplist == '' ) 417 { 418 $select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>'; 419 } 420 421 if ( $select_emaillist == '' ) 422 { 423 $select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>'; 424 } 425 426 $select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>'; 427 $select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>'; 428 429 $template->assign_vars(array( 430 'L_UNBAN_USER' => $lang['Unban_username'], 431 'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'], 432 'L_UNBAN_IP' => $lang['Unban_IP'], 433 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'], 434 'L_UNBAN_EMAIL' => $lang['Unban_email'], 435 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], 436 'L_USERNAME' => $lang['Username'], 437 'L_LOOK_UP' => $lang['Look_up_User'], 438 'L_FIND_USERNAME' => $lang['Find_username'], 439 440 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), 441 'S_UNBAN_USERLIST_SELECT' => $select_userlist, 442 'S_UNBAN_IPLIST_SELECT' => $select_iplist, 443 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist, 444 'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx")) 445 ); 446 } 447 448 $template->pparse('body'); 449 450 include('./page_footer_admin.'.$phpEx); 451 452 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Mon Jan 14 19:21:40 2013 | Cross-referenced by PHPXref 0.7.1 |