]> git.vanrenterghem.biz Git - www.vanrenterghem.biz.git/blob - phpBB2/admin/admin_user_ban.php
Baseline
[www.vanrenterghem.biz.git] / phpBB2 / admin / admin_user_ban.php
1 <?php
2 /***************************************************************************
3  *                            admin_user_ban.php
4  *                            -------------------
5  *   begin                : Tuesday, Jul 31, 2001
6  *   copyright            : (C) 2001 The phpBB Group
7  *   email                : support@phpbb.com
8  *
9  *   $Id: admin_user_ban.php,v 1.21.2.6 2005/10/30 15:17:13 acydburn Exp $
10  *
11  *
12  ***************************************************************************/
14 /***************************************************************************
15  *
16  *   This program is free software; you can redistribute it and/or modify
17  *   it under the terms of the GNU General Public License as published by
18  *   the Free Software Foundation; either version 2 of the License, or
19  *   (at your option) any later version.
20  *
21  ***************************************************************************/
23 define('IN_PHPBB', 1);
25 if ( !empty($setmodules) )
26 {
27         $filename = basename(__FILE__);
28         $module['Users']['Ban_Management'] = $filename;
30         return;
31 }
33 //
34 // Load default header
35 //
36 $phpbb_root_path = './../';
37 require($phpbb_root_path . 'extension.inc');
38 require('./pagestart.' . $phpEx);
40 //
41 // Start program
42 //
43 if ( isset($HTTP_POST_VARS['submit']) )
44 {
45         $user_bansql = '';
46         $email_bansql = '';
47         $ip_bansql = '';
49         $user_list = array();
50         if ( !empty($HTTP_POST_VARS['username']) )
51         {
52                 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
53                 if( !$this_userdata )
54                 {
55                         message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
56                 }
58                 $user_list[] = $this_userdata['user_id'];
59         }
61         $ip_list = array();
62         if ( isset($HTTP_POST_VARS['ban_ip']) )
63         {
64                 $ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);
66                 for($i = 0; $i < count($ip_list_temp); $i++)
67                 {
68                         if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
69                         {
70                                 //
71                                 // Don't ask about all this, just don't ask ... !
72                                 //
73                                 $ip_1_counter = $ip_range_explode[1];
74                                 $ip_1_end = $ip_range_explode[5];
76                                 while ( $ip_1_counter <= $ip_1_end )
77                                 {
78                                         $ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
79                                         $ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];
81                                         if ( $ip_2_counter == 0 && $ip_2_end == 254 )
82                                         {
83                                                 $ip_2_counter = 255;
84                                                 $ip_2_fragment = 255;
86                                                 $ip_list[] = encode_ip("$ip_1_counter.255.255.255");
87                                         }
89                                         while ( $ip_2_counter <= $ip_2_end )
90                                         {
91                                                 $ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
92                                                 $ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];
94                                                 if ( $ip_3_counter == 0 && $ip_3_end == 254 )
95                                                 {
96                                                         $ip_3_counter = 255;
97                                                         $ip_3_fragment = 255;
99                                                         $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
100                                                 }
102                                                 while ( $ip_3_counter <= $ip_3_end )
103                                                 {
104                                                         $ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
105                                                         $ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];
107                                                         if ( $ip_4_counter == 0 && $ip_4_end == 254 )
108                                                         {
109                                                                 $ip_4_counter = 255;
110                                                                 $ip_4_fragment = 255;
112                                                                 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
113                                                         }
115                                                         while ( $ip_4_counter <= $ip_4_end )
116                                                         {
117                                                                 $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
118                                                                 $ip_4_counter++;
119                                                         }
120                                                         $ip_3_counter++;
121                                                 }
122                                                 $ip_2_counter++;
123                                         }
124                                         $ip_1_counter++;
125                                 }
126                         }
127                         else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
128                         {
129                                 $ip = gethostbynamel(trim($ip_list_temp[$i]));
131                                 for($j = 0; $j < count($ip); $j++)
132                                 {
133                                         if ( !empty($ip[$j]) )
134                                         {
135                                                 $ip_list[] = encode_ip($ip[$j]);
136                                         }
137                                 }
138                         }
139                         else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
140                         {
141                                 $ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
142                         }
143                 }
144         }
146         $email_list = array();
147         if ( isset($HTTP_POST_VARS['ban_email']) )
148         {
149                 $email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);
151                 for($i = 0; $i < count($email_list_temp); $i++)
152                 {
153                         //
154                         // This ereg match is based on one by php@unreelpro.com
155                         // contained in the annotated php manual at php.com (ereg
156                         // section)
157                         //
158                         if (preg_match('/^(([a-z0-9&\'\.\-_\+])|(\*))+@(([a-z0-9\-])|(\*))+\.([a-z0-9\-]+\.)*?[a-z]+$/is', trim($email_list_temp[$i])))
159                         {
160                                 $email_list[] = trim($email_list_temp[$i]);
161                         }
162                 }
163         }
165         $sql = "SELECT *
166                 FROM " . BANLIST_TABLE;
167         if ( !($result = $db->sql_query($sql)) )
168         {
169                 message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
170         }
172         $current_banlist = $db->sql_fetchrowset($result);
173         $db->sql_freeresult($result);
175         $kill_session_sql = '';
176         for($i = 0; $i < count($user_list); $i++)
177         {
178                 $in_banlist = false;
179                 for($j = 0; $j < count($current_banlist); $j++)
180                 {
181                         if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
182                         {
183                                 $in_banlist = true;
184                         }
185                 }
187                 if ( !$in_banlist )
188                 {
189                         $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];
191                         $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
192                                 VALUES (" . $user_list[$i] . ")";
193                         if ( !$db->sql_query($sql) )
194                         {
195                                 message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
196                         }
197                 }
198         }
200         for($i = 0; $i < count($ip_list); $i++)
201         {
202                 $in_banlist = false;
203                 for($j = 0; $j < count($current_banlist); $j++)
204                 {
205                         if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
206                         {
207                                 $in_banlist = true;
208                         }
209                 }
211                 if ( !$in_banlist )
212                 {
213                         if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
214                         {
215                                 $kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
216                         }
217                         else
218                         {
219                                 $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
220                         }
222                         $kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;
224                         $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
225                                 VALUES ('" . $ip_list[$i] . "')";
226                         if ( !$db->sql_query($sql) )
227                         {
228                                 message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
229                         }
230                 }
231         }
233         //
234         // Now we'll delete all entries from the session table with any of the banned
235         // user or IP info just entered into the ban table ... this will force a session
236         // initialisation resulting in an instant ban
237         //
238         if ( $kill_session_sql != '' )
239         {
240                 $sql = "DELETE FROM " . SESSIONS_TABLE . "
241                         WHERE $kill_session_sql";
242                 if ( !$db->sql_query($sql) )
243                 {
244                         message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
245                 }
246         }
248         for($i = 0; $i < count($email_list); $i++)
249         {
250                 $in_banlist = false;
251                 for($j = 0; $j < count($current_banlist); $j++)
252                 {
253                         if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
254                         {
255                                 $in_banlist = true;
256                         }
257                 }
259                 if ( !$in_banlist )
260                 {
261                         $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
262                                 VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
263                         if ( !$db->sql_query($sql) )
264                         {
265                                 message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
266                         }
267                 }
268         }
270         $where_sql = '';
272         if ( isset($HTTP_POST_VARS['unban_user']) )
273         {
274                 $user_list = $HTTP_POST_VARS['unban_user'];
276                 for($i = 0; $i < count($user_list); $i++)
277                 {
278                         if ( $user_list[$i] != -1 )
279                         {
280                                 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
281                         }
282                 }
283         }
285         if ( isset($HTTP_POST_VARS['unban_ip']) )
286         {
287                 $ip_list = $HTTP_POST_VARS['unban_ip'];
289                 for($i = 0; $i < count($ip_list); $i++)
290                 {
291                         if ( $ip_list[$i] != -1 )
292                         {
293                                 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
294                         }
295                 }
296         }
298         if ( isset($HTTP_POST_VARS['unban_email']) )
299         {
300                 $email_list = $HTTP_POST_VARS['unban_email'];
302                 for($i = 0; $i < count($email_list); $i++)
303                 {
304                         if ( $email_list[$i] != -1 )
305                         {
306                                 $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
307                         }
308                 }
309         }
311         if ( $where_sql != '' )
312         {
313                 $sql = "DELETE FROM " . BANLIST_TABLE . "
314                         WHERE ban_id IN ($where_sql)";
315                 if ( !$db->sql_query($sql) )
316                 {
317                         message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
318                 }
319         }
321         $message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
323         message_die(GENERAL_MESSAGE, $message);
326 else
328         $template->set_filenames(array(
329                 'body' => 'admin/user_ban_body.tpl')
330         );
332         $template->assign_vars(array(
333                 'L_BAN_TITLE' => $lang['Ban_control'],
334                 'L_BAN_EXPLAIN' => $lang['Ban_explain'],
335                 'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],
336                 'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],
337                 'L_EMAIL_ADDRESS' => $lang['Email_address'],
338                 'L_SUBMIT' => $lang['Submit'],
339                 'L_RESET' => $lang['Reset'],
341                 'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
342         );
344         $template->assign_vars(array(
345                 'L_BAN_USER' => $lang['Ban_username'],
346                 'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
347                 'L_BAN_IP' => $lang['Ban_IP'],
348                 'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
349                 'L_BAN_EMAIL' => $lang['Ban_email'],
350                 'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
351         );
353         $userban_count = 0;
354         $ipban_count = 0;
355         $emailban_count = 0;
357         $sql = "SELECT b.ban_id, u.user_id, u.username
358                 FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
359                 WHERE u.user_id = b.ban_userid
360                         AND b.ban_userid <> 0
361                         AND u.user_id <> " . ANONYMOUS . "
362                 ORDER BY u.user_id ASC";
363         if ( !($result = $db->sql_query($sql)) )
364         {
365                 message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
366         }
368         $user_list = $db->sql_fetchrowset($result);
369         $db->sql_freeresult($result);
371         $select_userlist = '';
372         for($i = 0; $i < count($user_list); $i++)
373         {
374                 $select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
375                 $userban_count++;
376         }
378         if( $select_userlist == '' )
379         {
380                 $select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';
381         }
383         $select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';
385         $sql = "SELECT ban_id, ban_ip, ban_email
386                 FROM " . BANLIST_TABLE;
387         if ( !($result = $db->sql_query($sql)) )
388         {
389                 message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);
390         }
392         $banlist = $db->sql_fetchrowset($result);
393         $db->sql_freeresult($result);
395         $select_iplist = '';
396         $select_emaillist = '';
398         for($i = 0; $i < count($banlist); $i++)
399         {
400                 $ban_id = $banlist[$i]['ban_id'];
402                 if ( !empty($banlist[$i]['ban_ip']) )
403                 {
404                         $ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
405                         $select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
406                         $ipban_count++;
407                 }
408                 else if ( !empty($banlist[$i]['ban_email']) )
409                 {
410                         $ban_email = $banlist[$i]['ban_email'];
411                         $select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
412                         $emailban_count++;
413                 }
414         }
416         if ( $select_iplist == '' )
417         {
418                 $select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';
419         }
421         if ( $select_emaillist == '' )  
422         {
423                 $select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';
424         }
426         $select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
427         $select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';
429         $template->assign_vars(array(
430                 'L_UNBAN_USER' => $lang['Unban_username'],
431                 'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],
432                 'L_UNBAN_IP' => $lang['Unban_IP'],
433                 'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
434                 'L_UNBAN_EMAIL' => $lang['Unban_email'],
435                 'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], 
436                 'L_USERNAME' => $lang['Username'], 
437                 'L_LOOK_UP' => $lang['Look_up_User'],
438                 'L_FIND_USERNAME' => $lang['Find_username'],
440                 'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), 
441                 'S_UNBAN_USERLIST_SELECT' => $select_userlist,
442                 'S_UNBAN_IPLIST_SELECT' => $select_iplist,
443                 'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
444                 'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
445         );
448 $template->pparse('body');
450 include('./page_footer_admin.'.$phpEx);
452 ?>