admin_user_ban.php

Revision 300, 14.8 kB (checked in by Nafania, 2 years ago)
--

Line
1	<?php
2	/***************************************************************************</span>
3	<span class="code-comment"> * admin_user_ban.php
4	* -------------------
5	* begin : Tuesday, Jul 31, 2001
6	* copyright : (C) 2001 The phpBB Group
7	* email : support@phpbb.com
8	*
9	* $Id: admin_user_ban.php,v 1.21.2.6 2005/10/30 15:17:13 acydburn Exp $
10	*
11	*
12	***************************************************************************/
13
14	/***************************************************************************
15	*
16	* This program is free software; you can redistribute it and/or modify
17	* it under the terms of the GNU General Public License as published by
18	* the Free Software Foundation; either version 2 of the License, or
19	* (at your option) any later version.
20	*
21	***************************************************************************/
22
23	if ( !empty($setmodules) )</span>
24	<span class="code-keyword">{
25	$filename = basename(__FILE__);
26	$module['users']['ban_management'] = $filename;
27
28	return;
29	}
30
31	define('IN_PHPBB', 1);
32
33	//</span>
34	<span class="code-comment">// Load default header
35	//
36	$root_path = './../';</span>
37	<span class="code-lang">require($root_path . 'extension.inc');
38	require('./pagestart.' . $phpEx);
39
40	//</span>
41	<span class="code-comment">// Start program
42	//
43	if ( isset($_POST['submit']) )</span>
44	<span class="code-keyword">{
45	$user_bansql = '';
46	$email_bansql = '';
47	$ip_bansql = '';
48
49	$user_list = array();
50	if ( !empty($_POST['username']) )
51	{
52	$this_userdata = get_userdata($_POST['username'], true);
53	if( !$this_userdata )
54	{
55	trigger_error($lang['no_user_id_specified'] );
56	return;
57	}
58
59	$user_list[] = $this_userdata['id'];
60	}
61
62	$ban_list_ary = array();
63	if ( isset($_POST['ban_ip']) )
64	{
65	$ban_list = explode(',', $_POST['ban_ip']);
66
67	foreach ($ban_list as $ban_item)
68	{
69	if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]\-[ ]([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
70	{
71	// This is an IP range
72	// Don't ask about all this, just don't ask ... !
73	$ip_1_counter = $ip_range_explode[1];
74	$ip_1_end = $ip_range_explode[5];
75
76	while ($ip_1_counter <= $ip_1_end)
77	{
78	$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
79	$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
80
81	if ($ip_2_counter == 0 && $ip_2_end == 254)
82	{
83	$ip_2_counter = 256;
84	$ip_2_fragment = 256;
85
86	$banlist_ary[] = "$ip_1_counter.*";
87	}
88
89	while ($ip_2_counter <= $ip_2_end)
90	{
91	$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
92	$ip_3_end = ($ip_2_counter < $ip_2_end \|\| $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
93
94	if ($ip_3_counter == 0 && $ip_3_end == 254)
95	{
96	$ip_3_counter = 256;
97	$ip_3_fragment = 256;
98
99	$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
100	}
101
102	while ($ip_3_counter <= $ip_3_end)
103	{
104	$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
105	$ip_4_end = ($ip_3_counter < $ip_3_end \|\| $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
106
107	if ($ip_4_counter == 0 && $ip_4_end == 254)
108	{
109	$ip_4_counter = 256;
110	$ip_4_fragment = 256;
111
112	$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
113	}
114
115	while ($ip_4_counter <= $ip_4_end)
116	{
117	$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
118	$ip_4_counter++;
119	}
120	$ip_3_counter++;
121	}
122	$ip_2_counter++;
123	}
124	$ip_1_counter++;
125	}
126	}
127	else if (preg_match('#^([0-9]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})$#', trim($ban_item)) \|\| preg_match('#^[a-f0-9:]+\?$#i', trim($ban_item)))
128	{
129	// Normal IP address
130	$banlist_ary[] = trim($ban_item);
131	}
132	else if (preg_match('#^\*$#', trim($ban_item)))
133	{
134	// Ban all IPs
135	$banlist_ary[] = "*";
136	}
137	else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
138	{
139	// hostname
140	$ip_ary = gethostbynamel(trim($ban_item));
141
142	if (!empty($ip_ary))
143	{
144	foreach ($ip_ary as $ip)
145	{
146	if ($ip)
147	{
148	if (strlen($ip) > 40)
149	{
150	continue;
151	}
152
153	$banlist_ary[] = $ip;
154	}
155	}
156	}
157	}
158
159	}
160	}
161
162	$email_list = array();
163	if ( isset($_POST['ban_email']) )
164	{
165	$email_list_temp = explode(',', $_POST['ban_email']);
166
167	for($i = 0; $i < count($email_list_temp); $i++)
168	{
169	//
170	// This ereg match is based on one by php@unreelpro.com
171	// contained in the annotated php manual at php.com (ereg
172	// section)
173	//
174	if (preg_match('/^(([a-z0-9&\'\.\-_\+])\|(\))+@(([a-z0-9\-])\|(\))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i])))
175	{
176	$email_list[] = trim($email_list_temp[$i]);
177	}
178	}
179	}
180
181	$sql = "SELECT *
182	FROM " . BANLIST_TABLE . "
183	WHERE ban_type = " . BAN_GLOBAL;
184	$result = $db->sql_query($sql);
185
186	$current_banlist = $db->sql_fetchrowset($result);
187	$db->sql_freeresult($result);
188
189	$kill_session_sql = '';
190	for($i = 0; $i < sizeof($user_list); $i++)
191	{
192	$in_banlist = false;
193	for($j = 0; $j < sizeof($current_banlist); $j++)
194	{
195	if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
196	{
197	$in_banlist = true;
198	}
199	}
200
201	if ( !$in_banlist )
202	{
203	$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];
204
205	$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid, ban_added, ban_type)
206	VALUES (" . $user_list[$i] . ", " . time() . ", " . BAN_GLOBAL . ")";
207	$db->sql_query($sql);
208	}
209	}
210
211	for($i = 0; $i < sizeof($banlist_ary); $i++)
212	{
213	$in_banlist = false;
214	for($j = 0; $j < sizeof($current_banlist); $j++)
215	{
216	if ( $banlist_ary[$i] == $current_banlist[$j]['ban_ip'] )
217	{
218	$in_banlist = true;
219	}
220	}
221
222	if ( !$in_banlist )
223	{
224	$kill_ip_sql = $db->sql_in_set('session_ip', $banlist_ary);
225
226	$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;
227
228	$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip, ban_added, ban_type)
229	VALUES ('" . $banlist_ary[$i] . "', " . time() . ", " . BAN_GLOBAL . ")";
230	$db->sql_query($sql);
231	}
232	}
233
234	//
235	// Now we'll delete all entries from the session table with any of the banned
236	// user or IP info just entered into the ban table ... this will force a session
237	// initialisation resulting in an instant ban
238	//
239	if ( $kill_session_sql != '' )
240	{
241	$sql = "DELETE FROM " . SESSIONS_TABLE . "
242	WHERE $kill_session_sql";
243	$db->sql_query($sql);
244	}
245
246	for($i = 0; $i < count($email_list); $i++)
247	{
248	$in_banlist = false;
249	for($j = 0; $j < count($current_banlist); $j++)
250	{
251	if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
252	{
253	$in_banlist = true;
254	}
255	}
256
257	if ( !$in_banlist )
258	{
259	$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email, ban_added, ban_type)
260	VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "', " . time() . ", " . BAN_GLOBAL . ")";
261	$db->sql_query($sql);
262	}
263	}
264
265	$where_sql = '';
266
267	if ( isset($_POST['unban_user']) )
268	{
269	$user_list = $_POST['unban_user'];
270
271	for($i = 0; $i < count($user_list); $i++)
272	{
273	if ( $user_list[$i] != -1 )
274	{
275	$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
276	}
277	}
278	}
279
280	if ( isset($_POST['unban_ip']) )
281	{
282	$ban_list_ary = $_POST['unban_ip'];
283
284	for($i = 0; $i < count($ban_list_ary); $i++)
285	{
286	if ( $ban_list_ary[$i] != -1 )
287	{
288	$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ban_list_ary[$i]);
289	}
290	}
291	}
292
293	if ( isset($_POST['unban_email']) )
294	{
295	$email_list = $_POST['unban_email'];
296
297	for($i = 0; $i < count($email_list); $i++)
298	{
299	if ( $email_list[$i] != -1 )
300	{
301	$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
302	}
303	}
304	}
305
306	if ( $where_sql != '' )
307	{
308	$sql = "DELETE FROM " . BANLIST_TABLE . "
309	WHERE ban_id IN ($where_sql)";
310	$db->sql_query($sql);
311	}
312
313	$message = $lang['ban_update_sucessful'] . '<br /><br />' . sprintf($lang['click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
314
315	trigger_error($message);
316	return;
317
318	}
319	else
320	{
321	$template->set_filenames(array(
322	'body' => '../admin/user_ban_body.tpl')
323	);
324
325	$template->assign_vars(array(
326	'L_BAN_TITLE' => $lang['ban_control'],
327	'L_IP_OR_HOSTNAME' => $lang['ip_hostname'],
328	'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
329	);
330
331	$template->assign_vars(array(
332	'L_BAN_USER' => $lang['ban_username'],
333	'L_BAN_USER_EXPLAIN' => $lang['ban_username_explain'])
334	);
335
336	$userban_count = 0;
337	$ipban_count = 0;
338	$emailban_count = 0;
339
340	$sql = "SELECT b.ban_id, u.uid, u.name AS username
341	FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
342	WHERE u.uid = b.ban_userid
343	AND b.ban_userid <> 0
344	AND u.uid <> " . ANONYMOUS . "
345	AND b.ban_type = " . BAN_GLOBAL . "
346	ORDER BY u.uid ASC";
347	$result = $db->sql_query($sql);
348
349	$user_list = $db->sql_fetchrowset($result);
350	$db->sql_freeresult($result);
351
352	$select_userlist = '';
353	for($i = 0; $i < count($user_list); $i++)
354	{
355	$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
356	$userban_count++;
357	}
358
359	if( $select_userlist == '' )
360	{
361	$select_userlist = '<option value="-1">' . $lang['no_banned_users'] . '</option>';
362	}
363
364	$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';
365
366	$sql = "SELECT ban_id, ban_ip, ban_email
367	FROM " . BANLIST_TABLE . "
368	WHERE ban_type = " . BAN_GLOBAL;
369	$result = $db->sql_query($sql);
370
371	$banlist = $db->sql_fetchrowset($result);
372	$db->sql_freeresult($result);
373
374	$select_iplist = '';
375	$select_emaillist = '';
376
377	for($i = 0; $i < count($banlist); $i++)
378	{
379	$ban_id = $banlist[$i]['ban_id'];
380
381	if ( !empty($banlist[$i]['ban_ip']) )
382	{
383	$ban_ip = str_replace('255', '*', $banlist[$i]['ban_ip']);
384	$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
385	$ipban_count++;
386	}
387	else if ( !empty($banlist[$i]['ban_email']) )
388	{
389	$ban_email = $banlist[$i]['ban_email'];
390	$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
391	$emailban_count++;
392	}
393	}
394
395	if ( $select_iplist == '' )
396	{
397	$select_iplist = '<option value="-1">' . $lang['no_banned_ip'] . '</option>';
398	}
399
400	if ( $select_emaillist == '' )
401	{
402	$select_emaillist = '<option value="-1">' . $lang['no_banned_email'] . '</option>';
403	}
404
405	$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
406	$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';
407
408	$template->assign_vars(array(
409	'L_UNBAN_USER' => $lang['unban_username'],
410	'L_UNBAN_USER_EXPLAIN' => $lang['unban_username_explain'],
411	'L_LOOK_UP' => $lang['look_up_user'],
412
413	//'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"),
414	'U_SEARCH_USER' => append_sid($root_path . "/phpbb2.php?page=search&mode=searchuser"),
415	'S_UNBAN_USERLIST_SELECT' => $select_userlist,
416	'S_UNBAN_IPLIST_SELECT' => $select_iplist,
417	'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
418	'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
419	);
420	}
421
422	$template->display('body');</span>
423	<span class="code-lang">
424	include('./page_footer_admin.'.$phpEx);
425
426	?>

Note: See TracBrowser for help on using the browser.

root/admin/admin_user_ban.php

Download in other formats: