vamp-website: forum/Sources/ManageBans.php annotate

annotate forum/Sources/ManageBans.php @ 85:6d7b61434be7 website

Add a copy of this here, just in case!

author	Chris Cannam
date	Mon, 20 Jan 2014 11:02:36 +0000
parents	e3e11437ecea
children

rev	line source
Chris@76	1 <?php
Chris@76	2
Chris@76	3 /**
Chris@76	4 * Simple Machines Forum (SMF)
Chris@76	5 *
Chris@76	6 * @package SMF
Chris@76	7 * @author Simple Machines http://www.simplemachines.org
Chris@76	8 * @copyright 2011 Simple Machines
Chris@76	9 * @license http://www.simplemachines.org/about/smf/license.php BSD
Chris@76	10 *
Chris@76	11 * @version 2.0
Chris@76	12 */
Chris@76	13
Chris@76	14 if (!defined('SMF'))
Chris@76	15 die('Hacking attempt...');
Chris@76	16
Chris@76	17 /* This file contains all the functions used for the ban center.
Chris@76	18
Chris@76	19 void Ban()
Chris@76	20 - the main entrance point for all ban center functions.
Chris@76	21 - is accesssed by ?action=admin;area=ban.
Chris@76	22 - choses a function based on the 'sa' parameter.
Chris@76	23 - defaults to BanList().
Chris@76	24 - requires the ban_members permission.
Chris@76	25 - initializes the admin tabs.
Chris@76	26 - load the ManageBans template.
Chris@76	27
Chris@76	28 void BanList()
Chris@76	29 - shows a list of bans currently set.
Chris@76	30 - is accesssed by ?action=admin;area=ban;sa=list.
Chris@76	31 - uses the main ManageBans template.
Chris@76	32 - removes expired bans.
Chris@76	33 - allows sorting on different criteria.
Chris@76	34 - also handles removal of selected ban items.
Chris@76	35
Chris@76	36 void BanEdit()
Chris@76	37 - the screen for adding new bans and modifying existing ones.
Chris@76	38 - adding new bans:
Chris@76	39 - is accesssed by ?action=admin;area=ban;sa=add.
Chris@76	40 - uses the ban_edit sub template of the ManageBans template.
Chris@76	41 - modifying existing bans:
Chris@76	42 - is accesssed by ?action=admin;area=ban;sa=edit;bg=x
Chris@76	43 - uses the ban_edit sub template of the ManageBans template.
Chris@76	44 - shows a list of ban triggers for the specified ban.
Chris@76	45 - handles submitted forms that add, modify or remove ban triggers.
Chris@76	46
Chris@76	47 void BanEditTrigger()
Chris@76	48 - the screen for adding new ban triggers or modifying existing ones.
Chris@76	49 - adding new ban triggers:
Chris@76	50 - is accessed by ?action=admin;area=ban;sa=edittrigger;bg=x
Chris@76	51 - uses the ban_edit_trigger sub template of ManageBans.
Chris@76	52 - editing existing ban triggers:
Chris@76	53 - is accessed by ?action=admin;area=ban;sa=edittrigger;bg=x;bi=y
Chris@76	54 - uses the ban_edit_trigger sub template of ManageBans.
Chris@76	55
Chris@76	56 void BanBrowseTriggers()
Chris@76	57 - screen for showing the banned enities
Chris@76	58 - is accessed by ?action=admin;area=ban;sa=browse
Chris@76	59 - uses the browse_triggers sub template of the ManageBans template.
Chris@76	60 - uses sub-tabs for browsing by IP, hostname, email or username.
Chris@76	61
Chris@76	62 array BanLog()
Chris@76	63 - show a list of logged access attempts by banned users.
Chris@76	64 - is accessed by ?action=admin;area=ban;sa=log.
Chris@76	65 - allows sorting of several columns.
Chris@76	66 - also handles deletion of (a selection of) log entries.
Chris@76	67
Chris@76	68 string range2ip(array $low, array $high)
Chris@76	69 - reverse function of ip2range().
Chris@76	70 - converts a given array of IP numbers to a single string
Chris@76	71 - range2ip(array(10, 10, 10, 0), array(10, 10, 20, 255)) returns
Chris@76	72 '10.10.10-20.*
Chris@76	73
Chris@76	74 array checkExistingTriggerIP(array $ip_array, string $fullip)
Chris@76	75 - checks whether a given IP range already exists in the trigger list.
Chris@76	76 - if yes, it returns an error message. Otherwise, it returns
Chris@76	77 an array optimized for the database.
Chris@76	78
Chris@76	79 void updateBanMembers()
Chris@76	80 - updates the members table to match the new bans.
Chris@76	81 - is_activated >= 10: a member is banned.
Chris@76	82 */
Chris@76	83
Chris@76	84 // Ban center.
Chris@76	85 function Ban()
Chris@76	86 {
Chris@76	87 global $context, $txt, $scripturl;
Chris@76	88
Chris@76	89 isAllowedTo('manage_bans');
Chris@76	90
Chris@76	91 loadTemplate('ManageBans');
Chris@76	92
Chris@76	93 $subActions = array(
Chris@76	94 'add' => 'BanEdit',
Chris@76	95 'browse' => 'BanBrowseTriggers',
Chris@76	96 'edittrigger' => 'BanEditTrigger',
Chris@76	97 'edit' => 'BanEdit',
Chris@76	98 'list' => 'BanList',
Chris@76	99 'log' => 'BanLog',
Chris@76	100 );
Chris@76	101
Chris@76	102 // Default the sub-action to 'view ban list'.
Chris@76	103 $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'list';
Chris@76	104
Chris@76	105 $context['page_title'] = $txt['ban_title'];
Chris@76	106 $context['sub_action'] = $_REQUEST['sa'];
Chris@76	107
Chris@76	108 // Tabs for browsing the different ban functions.
Chris@76	109 $context[$context['admin_menu_name']]['tab_data'] = array(
Chris@76	110 'title' => $txt['ban_title'],
Chris@76	111 'help' => 'ban_members',
Chris@76	112 'description' => $txt['ban_description'],
Chris@76	113 'tabs' => array(
Chris@76	114 'list' => array(
Chris@76	115 'description' => $txt['ban_description'],
Chris@76	116 'href' => $scripturl . '?action=admin;area=ban;sa=list',
Chris@76	117 'is_selected' => $_REQUEST['sa'] == 'list' \|\| $_REQUEST['sa'] == 'edit' \|\| $_REQUEST['sa'] == 'edittrigger',
Chris@76	118 ),
Chris@76	119 'add' => array(
Chris@76	120 'description' => $txt['ban_description'],
Chris@76	121 'href' => $scripturl . '?action=admin;area=ban;sa=add',
Chris@76	122 'is_selected' => $_REQUEST['sa'] == 'add',
Chris@76	123 ),
Chris@76	124 'browse' => array(
Chris@76	125 'description' => $txt['ban_trigger_browse_description'],
Chris@76	126 'href' => $scripturl . '?action=admin;area=ban;sa=browse',
Chris@76	127 'is_selected' => $_REQUEST['sa'] == 'browse',
Chris@76	128 ),
Chris@76	129 'log' => array(
Chris@76	130 'description' => $txt['ban_log_description'],
Chris@76	131 'href' => $scripturl . '?action=admin;area=ban;sa=log',
Chris@76	132 'is_selected' => $_REQUEST['sa'] == 'log',
Chris@76	133 'is_last' => true,
Chris@76	134 ),
Chris@76	135 ),
Chris@76	136 );
Chris@76	137
Chris@76	138 // Call the right function for this sub-acton.
Chris@76	139 $subActions[$_REQUEST['sa']]();
Chris@76	140 }
Chris@76	141
Chris@76	142 // List all the bans.
Chris@76	143 function BanList()
Chris@76	144 {
Chris@76	145 global $txt, $context, $ban_request, $ban_counts, $scripturl;
Chris@76	146 global $user_info, $smcFunc, $sourcedir;
Chris@76	147
Chris@76	148 // User pressed the 'remove selection button'.
Chris@76	149 if (!empty($_POST['removeBans']) && !empty($_POST['remove']) && is_array($_POST['remove']))
Chris@76	150 {
Chris@76	151 checkSession();
Chris@76	152
Chris@76	153 // Make sure every entry is a proper integer.
Chris@76	154 foreach ($_POST['remove'] as $index => $ban_id)
Chris@76	155 $_POST['remove'][(int) $index] = (int) $ban_id;
Chris@76	156
Chris@76	157 // Unban them all!
Chris@76	158 $smcFunc['db_query']('', '
Chris@76	159 DELETE FROM {db_prefix}ban_groups
Chris@76	160 WHERE id_ban_group IN ({array_int:ban_list})',
Chris@76	161 array(
Chris@76	162 'ban_list' => $_POST['remove'],
Chris@76	163 )
Chris@76	164 );
Chris@76	165 $smcFunc['db_query']('', '
Chris@76	166 DELETE FROM {db_prefix}ban_items
Chris@76	167 WHERE id_ban_group IN ({array_int:ban_list})',
Chris@76	168 array(
Chris@76	169 'ban_list' => $_POST['remove'],
Chris@76	170 )
Chris@76	171 );
Chris@76	172
Chris@76	173 // No more caching this ban!
Chris@76	174 updateSettings(array('banLastUpdated' => time()));
Chris@76	175
Chris@76	176 // Some members might be unbanned now. Update the members table.
Chris@76	177 updateBanMembers();
Chris@76	178 }
Chris@76	179
Chris@76	180 // Create a date string so we don't overload them with date info.
Chris@76	181 if (preg_match('~%[AaBbCcDdeGghjmuYy](?:[^%]%[AaBbCcDdeGghjmuYy])~', $user_info['time_format'], $matches) == 0 \|\| empty($matches[0]))
Chris@76	182 $context['ban_time_format'] = $user_info['time_format'];
Chris@76	183 else
Chris@76	184 $context['ban_time_format'] = $matches[0];
Chris@76	185
Chris@76	186 $listOptions = array(
Chris@76	187 'id' => 'ban_list',
Chris@76	188 'items_per_page' => 20,
Chris@76	189 'base_href' => $scripturl . '?action=admin;area=ban;sa=list',
Chris@76	190 'default_sort_col' => 'added',
Chris@76	191 'default_sort_dir' => 'desc',
Chris@76	192 'get_items' => array(
Chris@76	193 'function' => 'list_getBans',
Chris@76	194 ),
Chris@76	195 'get_count' => array(
Chris@76	196 'function' => 'list_getNumBans',
Chris@76	197 ),
Chris@76	198 'no_items_label' => $txt['ban_no_entries'],
Chris@76	199 'columns' => array(
Chris@76	200 'name' => array(
Chris@76	201 'header' => array(
Chris@76	202 'value' => $txt['ban_name'],
Chris@76	203 ),
Chris@76	204 'data' => array(
Chris@76	205 'db' => 'name',
Chris@76	206 ),
Chris@76	207 'sort' => array(
Chris@76	208 'default' => 'bg.name',
Chris@76	209 'reverse' => 'bg.name DESC',
Chris@76	210 ),
Chris@76	211 ),
Chris@76	212 'notes' => array(
Chris@76	213 'header' => array(
Chris@76	214 'value' => $txt['ban_notes'],
Chris@76	215 ),
Chris@76	216 'data' => array(
Chris@76	217 'db' => 'notes',
Chris@76	218 'class' => 'smalltext',
Chris@76	219 ),
Chris@76	220 'sort' => array(
Chris@76	221 'default' => 'LENGTH(bg.notes) > 0 DESC, bg.notes',
Chris@76	222 'reverse' => 'LENGTH(bg.notes) > 0, bg.notes DESC',
Chris@76	223 ),
Chris@76	224 ),
Chris@76	225 'reason' => array(
Chris@76	226 'header' => array(
Chris@76	227 'value' => $txt['ban_reason'],
Chris@76	228 ),
Chris@76	229 'data' => array(
Chris@76	230 'db' => 'reason',
Chris@76	231 'class' => 'smalltext',
Chris@76	232 ),
Chris@76	233 'sort' => array(
Chris@76	234 'default' => 'LENGTH(bg.reason) > 0 DESC, bg.reason',
Chris@76	235 'reverse' => 'LENGTH(bg.reason) > 0, bg.reason DESC',
Chris@76	236 ),
Chris@76	237 ),
Chris@76	238 'added' => array(
Chris@76	239 'header' => array(
Chris@76	240 'value' => $txt['ban_added'],
Chris@76	241 ),
Chris@76	242 'data' => array(
Chris@76	243 'function' => create_function('$rowData', '
Chris@76	244 global $context;
Chris@76	245
Chris@76	246 return timeformat($rowData[\'ban_time\'], empty($context[\'ban_time_format\']) ? true : $context[\'ban_time_format\']);
Chris@76	247 '),
Chris@76	248 ),
Chris@76	249 'sort' => array(
Chris@76	250 'default' => 'bg.ban_time',
Chris@76	251 'reverse' => 'bg.ban_time DESC',
Chris@76	252 ),
Chris@76	253 ),
Chris@76	254 'expires' => array(
Chris@76	255 'header' => array(
Chris@76	256 'value' => $txt['ban_expires'],
Chris@76	257 ),
Chris@76	258 'data' => array(
Chris@76	259 'function' => create_function('$rowData', '
Chris@76	260 global $txt;
Chris@76	261
Chris@76	262 // This ban never expires...whahaha.
Chris@76	263 if ($rowData[\'expire_time\'] === null)
Chris@76	264 return $txt[\'never\'];
Chris@76	265
Chris@76	266 // This ban has already expired.
Chris@76	267 elseif ($rowData[\'expire_time\'] < time())
Chris@76	268 return sprintf(\'<span style="color: red">%1$s</span>\', $txt[\'ban_expired\']);
Chris@76	269
Chris@76	270 // Still need to wait a few days for this ban to expire.
Chris@76	271 else
Chris@76	272 return sprintf(\'%1$d %2$s\', ceil(($rowData[\'expire_time\'] - time()) / (60 * 60 * 24)), $txt[\'ban_days\']);
Chris@76	273 '),
Chris@76	274 ),
Chris@76	275 'sort' => array(
Chris@76	276 'default' => 'IFNULL(bg.expire_time, 1=1) DESC, bg.expire_time DESC',
Chris@76	277 'reverse' => 'IFNULL(bg.expire_time, 1=1), bg.expire_time',
Chris@76	278 ),
Chris@76	279 ),
Chris@76	280 'num_triggers' => array(
Chris@76	281 'header' => array(
Chris@76	282 'value' => $txt['ban_triggers'],
Chris@76	283 ),
Chris@76	284 'data' => array(
Chris@76	285 'db' => 'num_triggers',
Chris@76	286 'style' => 'text-align: center;',
Chris@76	287 ),
Chris@76	288 'sort' => array(
Chris@76	289 'default' => 'num_triggers DESC',
Chris@76	290 'reverse' => 'num_triggers',
Chris@76	291 ),
Chris@76	292 ),
Chris@76	293 'actions' => array(
Chris@76	294 'header' => array(
Chris@76	295 'value' => $txt['ban_actions'],
Chris@76	296 ),
Chris@76	297 'data' => array(
Chris@76	298 'sprintf' => array(
Chris@76	299 'format' => '<a href="' . $scripturl . '?action=admin;area=ban;sa=edit;bg=%1$d">' . $txt['modify'] . '</a>',
Chris@76	300 'params' => array(
Chris@76	301 'id_ban_group' => false,
Chris@76	302 ),
Chris@76	303 ),
Chris@76	304 'style' => 'text-align: center;',
Chris@76	305 ),
Chris@76	306 ),
Chris@76	307 'check' => array(
Chris@76	308 'header' => array(
Chris@76	309 'value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />',
Chris@76	310 ),
Chris@76	311 'data' => array(
Chris@76	312 'sprintf' => array(
Chris@76	313 'format' => '<input type="checkbox" name="remove[]" value="%1$d" class="input_check" />',
Chris@76	314 'params' => array(
Chris@76	315 'id_ban_group' => false,
Chris@76	316 ),
Chris@76	317 ),
Chris@76	318 'style' => 'text-align: center',
Chris@76	319 ),
Chris@76	320 ),
Chris@76	321 ),
Chris@76	322 'form' => array(
Chris@76	323 'href' => $scripturl . '?action=admin;area=ban;sa=list',
Chris@76	324 ),
Chris@76	325 'additional_rows' => array(
Chris@76	326 array(
Chris@76	327 'position' => 'below_table_data',
Chris@76	328 'value' => '<input type="submit" name="removeBans" value="' . $txt['ban_remove_selected'] . '" onclick="return confirm(\'' . $txt['ban_remove_selected_confirm'] . '\');" class="button_submit" />',
Chris@76	329 'style' => 'text-align: right;',
Chris@76	330 ),
Chris@76	331 ),
Chris@76	332 );
Chris@76	333
Chris@76	334 require_once($sourcedir . '/Subs-List.php');
Chris@76	335 createList($listOptions);
Chris@76	336
Chris@76	337 $context['sub_template'] = 'show_list';
Chris@76	338 $context['default_list'] = 'ban_list';
Chris@76	339 }
Chris@76	340
Chris@76	341 function list_getBans($start, $items_per_page, $sort)
Chris@76	342 {
Chris@76	343 global $smcFunc;
Chris@76	344
Chris@76	345 $request = $smcFunc['db_query']('', '
Chris@76	346 SELECT bg.id_ban_group, bg.name, bg.ban_time, bg.expire_time, bg.reason, bg.notes, COUNT(bi.id_ban) AS num_triggers
Chris@76	347 FROM {db_prefix}ban_groups AS bg
Chris@76	348 LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_ban_group = bg.id_ban_group)
Chris@76	349 GROUP BY bg.id_ban_group, bg.name, bg.ban_time, bg.expire_time, bg.reason, bg.notes
Chris@76	350 ORDER BY {raw:sort}
Chris@76	351 LIMIT {int:offset}, {int:limit}',
Chris@76	352 array(
Chris@76	353 'sort' => $sort,
Chris@76	354 'offset' => $start,
Chris@76	355 'limit' => $items_per_page,
Chris@76	356 )
Chris@76	357 );
Chris@76	358 $bans = array();
Chris@76	359 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	360 $bans[] = $row;
Chris@76	361
Chris@76	362 $smcFunc['db_free_result']($request);
Chris@76	363
Chris@76	364 return $bans;
Chris@76	365 }
Chris@76	366
Chris@76	367 function list_getNumBans()
Chris@76	368 {
Chris@76	369 global $smcFunc;
Chris@76	370
Chris@76	371 $request = $smcFunc['db_query']('', '
Chris@76	372 SELECT COUNT(*) AS num_bans
Chris@76	373 FROM {db_prefix}ban_groups',
Chris@76	374 array(
Chris@76	375 )
Chris@76	376 );
Chris@76	377 list ($numBans) = $smcFunc['db_fetch_row']($request);
Chris@76	378 $smcFunc['db_free_result']($request);
Chris@76	379
Chris@76	380 return $numBans;
Chris@76	381 }
Chris@76	382
Chris@76	383 function BanEdit()
Chris@76	384 {
Chris@76	385 global $txt, $modSettings, $context, $ban_request, $scripturl, $smcFunc;
Chris@76	386
Chris@76	387 $_REQUEST['bg'] = empty($_REQUEST['bg']) ? 0 : (int) $_REQUEST['bg'];
Chris@76	388
Chris@76	389 // Adding or editing a ban trigger?
Chris@76	390 if (!empty($_POST['add_new_trigger']) \|\| !empty($_POST['edit_trigger']))
Chris@76	391 {
Chris@76	392 checkSession();
Chris@76	393
Chris@76	394 $newBan = !empty($_POST['add_new_trigger']);
Chris@76	395 $values = array(
Chris@76	396 'id_ban_group' => $_REQUEST['bg'],
Chris@76	397 'hostname' => '',
Chris@76	398 'email_address' => '',
Chris@76	399 'id_member' => 0,
Chris@76	400 'ip_low1' => 0,
Chris@76	401 'ip_high1' => 0,
Chris@76	402 'ip_low2' => 0,
Chris@76	403 'ip_high2' => 0,
Chris@76	404 'ip_low3' => 0,
Chris@76	405 'ip_high3' => 0,
Chris@76	406 'ip_low4' => 0,
Chris@76	407 'ip_high4' => 0,
Chris@76	408 );
Chris@76	409
Chris@76	410 // Preset all values that are required.
Chris@76	411 if ($newBan)
Chris@76	412 {
Chris@76	413 $insertKeys = array(
Chris@76	414 'id_ban_group' => 'int',
Chris@76	415 'hostname' => 'string',
Chris@76	416 'email_address' => 'string',
Chris@76	417 'id_member' => 'int',
Chris@76	418 'ip_low1' => 'int',
Chris@76	419 'ip_high1' => 'int',
Chris@76	420 'ip_low2' => 'int',
Chris@76	421 'ip_high2' => 'int',
Chris@76	422 'ip_low3' => 'int',
Chris@76	423 'ip_high3' => 'int',
Chris@76	424 'ip_low4' => 'int',
Chris@76	425 'ip_high4' => 'int',
Chris@76	426 );
Chris@76	427 }
Chris@76	428 else
Chris@76	429 $updateString = '
Chris@76	430 hostname = {string:hostname}, email_address = {string:email_address}, id_member = {int:id_member},
Chris@76	431 ip_low1 = {int:ip_low1}, ip_high1 = {int:ip_high1},
Chris@76	432 ip_low2 = {int:ip_low2}, ip_high2 = {int:ip_high2},
Chris@76	433 ip_low3 = {int:ip_low3}, ip_high3 = {int:ip_high3},
Chris@76	434 ip_low4 = {int:ip_low4}, ip_high4 = {int:ip_high4}';
Chris@76	435
Chris@76	436 if ($_POST['bantype'] == 'ip_ban')
Chris@76	437 {
Chris@76	438 $ip = trim($_POST['ip']);
Chris@76	439 $ip_parts = ip2range($ip);
Chris@76	440 $ip_check = checkExistingTriggerIP($ip_parts, $ip);
Chris@76	441 if (!$ip_check)
Chris@76	442 fatal_lang_error('invalid_ip', false);
Chris@76	443 $values = array_merge($values, $ip_check);
Chris@76	444
Chris@76	445 $modlogInfo['ip_range'] = $_POST['ip'];
Chris@76	446 }
Chris@76	447 elseif ($_POST['bantype'] == 'hostname_ban')
Chris@76	448 {
Chris@76	449 if (preg_match('/[^\w.\-*]/', $_POST['hostname']) == 1)
Chris@76	450 fatal_lang_error('invalid_hostname', false);
Chris@76	451
Chris@76	452 // Replace the * wildcard by a MySQL compatible wildcard %.
Chris@76	453 $_POST['hostname'] = str_replace('*', '%', $_POST['hostname']);
Chris@76	454
Chris@76	455 $values['hostname'] = $_POST['hostname'];
Chris@76	456
Chris@76	457 $modlogInfo['hostname'] = $_POST['hostname'];
Chris@76	458 }
Chris@76	459 elseif ($_POST['bantype'] == 'email_ban')
Chris@76	460 {
Chris@76	461 if (preg_match('/[^\w.\-\+*@]/', $_POST['email']) == 1)
Chris@76	462 fatal_lang_error('invalid_email', false);
Chris@76	463 $_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));
Chris@76	464
Chris@76	465 // Check the user is not banning an admin.
Chris@76	466 $request = $smcFunc['db_query']('', '
Chris@76	467 SELECT id_member
Chris@76	468 FROM {db_prefix}members
Chris@76	469 WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
Chris@76	470 AND email_address LIKE {string:email}
Chris@76	471 LIMIT 1',
Chris@76	472 array(
Chris@76	473 'admin_group' => 1,
Chris@76	474 'email' => $_POST['email'],
Chris@76	475 )
Chris@76	476 );
Chris@76	477 if ($smcFunc['db_num_rows']($request) != 0)
Chris@76	478 fatal_lang_error('no_ban_admin', 'critical');
Chris@76	479 $smcFunc['db_free_result']($request);
Chris@76	480
Chris@76	481 $values['email_address'] = $_POST['email'];
Chris@76	482
Chris@76	483 $modlogInfo['email'] = $_POST['email'];
Chris@76	484 }
Chris@76	485 elseif ($_POST['bantype'] == 'user_ban')
Chris@76	486 {
Chris@76	487 $_POST['user'] = preg_replace('~&#(\d{4,5}\|[2-9]\d{2,4}\|1[2-9]\d);~', '&#$1;', $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES));
Chris@76	488
Chris@76	489 $request = $smcFunc['db_query']('', '
Chris@76	490 SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
Chris@76	491 FROM {db_prefix}members
Chris@76	492 WHERE member_name = {string:user_name} OR real_name = {string:user_name}
Chris@76	493 LIMIT 1',
Chris@76	494 array(
Chris@76	495 'admin_group' => 1,
Chris@76	496 'user_name' => $_POST['user'],
Chris@76	497 )
Chris@76	498 );
Chris@76	499 if ($smcFunc['db_num_rows']($request) == 0)
Chris@76	500 fatal_lang_error('invalid_username', false);
Chris@76	501 list ($memberid, $isAdmin) = $smcFunc['db_fetch_row']($request);
Chris@76	502 $smcFunc['db_free_result']($request);
Chris@76	503
Chris@76	504 if ($isAdmin && $isAdmin != 'f')
Chris@76	505 fatal_lang_error('no_ban_admin', 'critical');
Chris@76	506
Chris@76	507 $values['id_member'] = $memberid;
Chris@76	508
Chris@76	509 $modlogInfo['member'] = $memberid;
Chris@76	510 }
Chris@76	511 else
Chris@76	512 fatal_lang_error('no_bantype_selected', false);
Chris@76	513
Chris@76	514 if ($newBan)
Chris@76	515 $smcFunc['db_insert']('',
Chris@76	516 '{db_prefix}ban_items',
Chris@76	517 $insertKeys,
Chris@76	518 $values,
Chris@76	519 array('id_ban')
Chris@76	520 );
Chris@76	521 else
Chris@76	522 $smcFunc['db_query']('', '
Chris@76	523 UPDATE {db_prefix}ban_items
Chris@76	524 SET ' . $updateString . '
Chris@76	525 WHERE id_ban = {int:ban_item}
Chris@76	526 AND id_ban_group = {int:id_ban_group}',
Chris@76	527 array_merge($values, array(
Chris@76	528 'ban_item' => (int) $_REQUEST['bi'],
Chris@76	529 ))
Chris@76	530 );
Chris@76	531
Chris@76	532 // Log the addion of the ban entry into the moderation log.
Chris@76	533 logAction('ban', $modlogInfo + array(
Chris@76	534 'new' => $newBan,
Chris@76	535 'type' => $_POST['bantype'],
Chris@76	536 ));
Chris@76	537
Chris@76	538 // Register the last modified date.
Chris@76	539 updateSettings(array('banLastUpdated' => time()));
Chris@76	540
Chris@76	541 // Update the member table to represent the new ban situation.
Chris@76	542 updateBanMembers();
Chris@76	543 }
Chris@76	544
Chris@76	545 // The user pressed 'Remove selected ban entries'.
Chris@76	546 elseif (!empty($_POST['remove_selection']) && !empty($_POST['ban_items']) && is_array($_POST['ban_items']))
Chris@76	547 {
Chris@76	548 checkSession();
Chris@76	549
Chris@76	550 // Making sure every deleted ban item is an integer.
Chris@76	551 foreach ($_POST['ban_items'] as $key => $value)
Chris@76	552 $_POST['ban_items'][$key] = (int) $value;
Chris@76	553
Chris@76	554 $smcFunc['db_query']('', '
Chris@76	555 DELETE FROM {db_prefix}ban_items
Chris@76	556 WHERE id_ban IN ({array_int:ban_list})
Chris@76	557 AND id_ban_group = {int:ban_group}',
Chris@76	558 array(
Chris@76	559 'ban_list' => $_POST['ban_items'],
Chris@76	560 'ban_group' => $_REQUEST['bg'],
Chris@76	561 )
Chris@76	562 );
Chris@76	563
Chris@76	564 // It changed, let the settings and the member table know.
Chris@76	565 updateSettings(array('banLastUpdated' => time()));
Chris@76	566 updateBanMembers();
Chris@76	567 }
Chris@76	568
Chris@76	569 // Modify OR add a ban.
Chris@76	570 elseif (!empty($_POST['modify_ban']) \|\| !empty($_POST['add_ban']))
Chris@76	571 {
Chris@76	572 checkSession();
Chris@76	573
Chris@76	574 $addBan = !empty($_POST['add_ban']);
Chris@76	575 if (empty($_POST['ban_name']))
Chris@76	576 fatal_lang_error('ban_name_empty', false);
Chris@76	577
Chris@76	578 // Let's not allow HTML in ban names, it's more evil than beneficial.
Chris@76	579 $_POST['ban_name'] = $smcFunc['htmlspecialchars']($_POST['ban_name'], ENT_QUOTES);
Chris@76	580
Chris@76	581 // Check whether a ban with this name already exists.
Chris@76	582 $request = $smcFunc['db_query']('', '
Chris@76	583 SELECT id_ban_group
Chris@76	584 FROM {db_prefix}ban_groups
Chris@76	585 WHERE name = {string:new_ban_name}' . ($addBan ? '' : '
Chris@76	586 AND id_ban_group != {int:ban_group}') . '
Chris@76	587 LIMIT 1',
Chris@76	588 array(
Chris@76	589 'ban_group' => $_REQUEST['bg'],
Chris@76	590 'new_ban_name' => $_POST['ban_name'],
Chris@76	591 )
Chris@76	592 );
Chris@76	593 if ($smcFunc['db_num_rows']($request) == 1)
Chris@76	594 fatal_lang_error('ban_name_exists', false, array($_POST['ban_name']));
Chris@76	595 $smcFunc['db_free_result']($request);
Chris@76	596
Chris@76	597 $_POST['reason'] = $smcFunc['htmlspecialchars']($_POST['reason'], ENT_QUOTES);
Chris@76	598 $_POST['notes'] = $smcFunc['htmlspecialchars']($_POST['notes'], ENT_QUOTES);
Chris@76	599 $_POST['notes'] = str_replace(array("\r", "\n", ' '), array('', '<br />', '  '), $_POST['notes']);
Chris@76	600 $_POST['expiration'] = $_POST['expiration'] == 'never' ? 'NULL' : ($_POST['expiration'] == 'expired' ? '0' : ($_POST['expire_date'] != $_POST['old_expire'] ? time() + 24 * 60 * 60 * (int) $_POST['expire_date'] : 'expire_time'));
Chris@76	601 $_POST['full_ban'] = empty($_POST['full_ban']) ? '0' : '1';
Chris@76	602 $_POST['cannot_post'] = !empty($_POST['full_ban']) \|\| empty($_POST['cannot_post']) ? '0' : '1';
Chris@76	603 $_POST['cannot_register'] = !empty($_POST['full_ban']) \|\| empty($_POST['cannot_register']) ? '0' : '1';
Chris@76	604 $_POST['cannot_login'] = !empty($_POST['full_ban']) \|\| empty($_POST['cannot_login']) ? '0' : '1';
Chris@76	605
Chris@76	606 if ($addBan)
Chris@76	607 {
Chris@76	608 // Adding some ban triggers?
Chris@76	609 if ($addBan && !empty($_POST['ban_suggestion']) && is_array($_POST['ban_suggestion']))
Chris@76	610 {
Chris@76	611 $ban_triggers = array();
Chris@76	612 $ban_logs = array();
Chris@76	613 if (in_array('main_ip', $_POST['ban_suggestion']) && !empty($_POST['main_ip']))
Chris@76	614 {
Chris@76	615 $ip = trim($_POST['main_ip']);
Chris@76	616 $ip_parts = ip2range($ip);
Chris@76	617 if (!checkExistingTriggerIP($ip_parts, $ip))
Chris@76	618 fatal_lang_error('invalid_ip', false);
Chris@76	619
Chris@76	620 $ban_triggers[] = array(
Chris@76	621 $ip_parts[0]['low'],
Chris@76	622 $ip_parts[0]['high'],
Chris@76	623 $ip_parts[1]['low'],
Chris@76	624 $ip_parts[1]['high'],
Chris@76	625 $ip_parts[2]['low'],
Chris@76	626 $ip_parts[2]['high'],
Chris@76	627 $ip_parts[3]['low'],
Chris@76	628 $ip_parts[3]['high'],
Chris@76	629 '',
Chris@76	630 '',
Chris@76	631 0,
Chris@76	632 );
Chris@76	633
Chris@76	634 $ban_logs[] = array(
Chris@76	635 'ip_range' => $_POST['main_ip'],
Chris@76	636 );
Chris@76	637 }
Chris@76	638 if (in_array('hostname', $_POST['ban_suggestion']) && !empty($_POST['hostname']))
Chris@76	639 {
Chris@76	640 if (preg_match('/[^\w.\-*]/', $_POST['hostname']) == 1)
Chris@76	641 fatal_lang_error('invalid_hostname', false);
Chris@76	642
Chris@76	643 // Replace the * wildcard by a MySQL wildcard %.
Chris@76	644 $_POST['hostname'] = str_replace('*', '%', $_POST['hostname']);
Chris@76	645
Chris@76	646 $ban_triggers[] = array(
Chris@76	647 0, 0, 0, 0, 0, 0, 0, 0,
Chris@76	648 substr($_POST['hostname'], 0, 255),
Chris@76	649 '',
Chris@76	650 0,
Chris@76	651 );
Chris@76	652 $ban_logs[] = array(
Chris@76	653 'hostname' => $_POST['hostname'],
Chris@76	654 );
Chris@76	655 }
Chris@76	656 if (in_array('email', $_POST['ban_suggestion']) && !empty($_POST['email']))
Chris@76	657 {
Chris@76	658 if (preg_match('/[^\w.\-\+*@]/', $_POST['email']) == 1)
Chris@76	659 fatal_lang_error('invalid_email', false);
Chris@76	660 $_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));
Chris@76	661
Chris@76	662 $ban_triggers[] = array(
Chris@76	663 0, 0, 0, 0, 0, 0, 0, 0,
Chris@76	664 '',
Chris@76	665 substr($_POST['email'], 0, 255),
Chris@76	666 0,
Chris@76	667 );
Chris@76	668 $ban_logs[] = array(
Chris@76	669 'email' => $_POST['email'],
Chris@76	670 );
Chris@76	671 }
Chris@76	672 if (in_array('user', $_POST['ban_suggestion']) && (!empty($_POST['bannedUser']) \|\| !empty($_POST['user'])))
Chris@76	673 {
Chris@76	674 // We got a username, let's find its ID.
Chris@76	675 if (empty($_POST['bannedUser']))
Chris@76	676 {
Chris@76	677 $_POST['user'] = preg_replace('~&#(\d{4,5}\|[2-9]\d{2,4}\|1[2-9]\d);~', '&#$1;', $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES));
Chris@76	678
Chris@76	679 $request = $smcFunc['db_query']('', '
Chris@76	680 SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
Chris@76	681 FROM {db_prefix}members
Chris@76	682 WHERE member_name = {string:username} OR real_name = {string:username}
Chris@76	683 LIMIT 1',
Chris@76	684 array(
Chris@76	685 'admin_group' => 1,
Chris@76	686 'username' => $_POST['user'],
Chris@76	687 )
Chris@76	688 );
Chris@76	689 if ($smcFunc['db_num_rows']($request) == 0)
Chris@76	690 fatal_lang_error('invalid_username', false);
Chris@76	691 list ($_POST['bannedUser'], $isAdmin) = $smcFunc['db_fetch_row']($request);
Chris@76	692 $smcFunc['db_free_result']($request);
Chris@76	693
Chris@76	694 if ($isAdmin && $isAdmin != 'f')
Chris@76	695 fatal_lang_error('no_ban_admin', 'critical');
Chris@76	696 }
Chris@76	697
Chris@76	698 $ban_triggers[] = array(
Chris@76	699 0, 0, 0, 0, 0, 0, 0, 0,
Chris@76	700 '',
Chris@76	701 '',
Chris@76	702 (int) $_POST['bannedUser'],
Chris@76	703 );
Chris@76	704 $ban_logs[] = array(
Chris@76	705 'member' => $_POST['bannedUser'],
Chris@76	706 );
Chris@76	707 }
Chris@76	708
Chris@76	709 if (!empty($_POST['ban_suggestion']['ips']) && is_array($_POST['ban_suggestion']['ips']))
Chris@76	710 {
Chris@76	711 $_POST['ban_suggestion']['ips'] = array_unique($_POST['ban_suggestion']['ips']);
Chris@76	712
Chris@76	713 // Don't add the main IP again.
Chris@76	714 if (in_array('main_ip', $_POST['ban_suggestion']))
Chris@76	715 $_POST['ban_suggestion']['ips'] = array_diff($_POST['ban_suggestion']['ips'], array($_POST['main_ip']));
Chris@76	716
Chris@76	717 foreach ($_POST['ban_suggestion']['ips'] as $ip)
Chris@76	718 {
Chris@76	719 $ip_parts = ip2range($ip);
Chris@76	720
Chris@76	721 // They should be alright, but just to be sure...
Chris@76	722 if (count($ip_parts) != 4)
Chris@76	723 fatal_lang_error('invalid_ip', false);
Chris@76	724
Chris@76	725 $ban_triggers[] = array(
Chris@76	726 $ip_parts[0]['low'],
Chris@76	727 $ip_parts[0]['high'],
Chris@76	728 $ip_parts[1]['low'],
Chris@76	729 $ip_parts[1]['high'],
Chris@76	730 $ip_parts[2]['low'],
Chris@76	731 $ip_parts[2]['high'],
Chris@76	732 $ip_parts[3]['low'],
Chris@76	733 $ip_parts[3]['high'],
Chris@76	734 '',
Chris@76	735 '',
Chris@76	736 0,
Chris@76	737 );
Chris@76	738 $ban_logs[] = array(
Chris@76	739 'ip_range' => $ip,
Chris@76	740 );
Chris@76	741 }
Chris@76	742 }
Chris@76	743 }
Chris@76	744
Chris@76	745 // Yes yes, we're ready to add now.
Chris@76	746 $smcFunc['db_insert']('',
Chris@76	747 '{db_prefix}ban_groups',
Chris@76	748 array(
Chris@76	749 'name' => 'string-20', 'ban_time' => 'int', 'expire_time' => 'raw', 'cannot_access' => 'int', 'cannot_register' => 'int',
Chris@76	750 'cannot_post' => 'int', 'cannot_login' => 'int', 'reason' => 'string-255', 'notes' => 'string-65534',
Chris@76	751 ),
Chris@76	752 array(
Chris@76	753 $_POST['ban_name'], time(), $_POST['expiration'], $_POST['full_ban'], $_POST['cannot_register'],
Chris@76	754 $_POST['cannot_post'], $_POST['cannot_login'], $_POST['reason'], $_POST['notes'],
Chris@76	755 ),
Chris@76	756 array('id_ban_group')
Chris@76	757 );
Chris@76	758 $_REQUEST['bg'] = $smcFunc['db_insert_id']('{db_prefix}ban_groups', 'id_ban_group');
Chris@76	759
Chris@76	760 // Now that the ban group is added, add some triggers as well.
Chris@76	761 if (!empty($ban_triggers) && !empty($_REQUEST['bg']))
Chris@76	762 {
Chris@76	763 // Put in the ban group ID.
Chris@76	764 foreach ($ban_triggers as $k => $trigger)
Chris@76	765 array_unshift($ban_triggers[$k], $_REQUEST['bg']);
Chris@76	766
Chris@76	767 // Log what we are doing!
Chris@76	768 foreach ($ban_logs as $log_details)
Chris@76	769 logAction('ban', $log_details + array('new' => 1));
Chris@76	770
Chris@76	771 $smcFunc['db_insert']('',
Chris@76	772 '{db_prefix}ban_items',
Chris@76	773 array(
Chris@76	774 'id_ban_group' => 'int', 'ip_low1' => 'int', 'ip_high1' => 'int', 'ip_low2' => 'int', 'ip_high2' => 'int',
Chris@76	775 'ip_low3' => 'int', 'ip_high3' => 'int', 'ip_low4' => 'int', 'ip_high4' => 'int', 'hostname' => 'string-255',
Chris@76	776 'email_address' => 'string-255', 'id_member' => 'int',
Chris@76	777 ),
Chris@76	778 $ban_triggers,
Chris@76	779 array('id_ban')
Chris@76	780 );
Chris@76	781 }
Chris@76	782 }
Chris@76	783 else
Chris@76	784 $smcFunc['db_query']('', '
Chris@76	785 UPDATE {db_prefix}ban_groups
Chris@76	786 SET
Chris@76	787 name = {string:ban_name},
Chris@76	788 reason = {string:reason},
Chris@76	789 notes = {string:notes},
Chris@76	790 expire_time = {raw:expiration},
Chris@76	791 cannot_access = {int:cannot_access},
Chris@76	792 cannot_post = {int:cannot_post},
Chris@76	793 cannot_register = {int:cannot_register},
Chris@76	794 cannot_login = {int:cannot_login}
Chris@76	795 WHERE id_ban_group = {int:id_ban_group}',
Chris@76	796 array(
Chris@76	797 'expiration' => $_POST['expiration'],
Chris@76	798 'cannot_access' => $_POST['full_ban'],
Chris@76	799 'cannot_post' => $_POST['cannot_post'],
Chris@76	800 'cannot_register' => $_POST['cannot_register'],
Chris@76	801 'cannot_login' => $_POST['cannot_login'],
Chris@76	802 'id_ban_group' => $_REQUEST['bg'],
Chris@76	803 'ban_name' => $_POST['ban_name'],
Chris@76	804 'reason' => $_POST['reason'],
Chris@76	805 'notes' => $_POST['notes'],
Chris@76	806 )
Chris@76	807 );
Chris@76	808
Chris@76	809 // No more caching, we have something new here.
Chris@76	810 updateSettings(array('banLastUpdated' => time()));
Chris@76	811 updateBanMembers();
Chris@76	812 }
Chris@76	813
Chris@76	814 // If we're editing an existing ban, get it from the database.
Chris@76	815 if (!empty($_REQUEST['bg']))
Chris@76	816 {
Chris@76	817 $context['ban_items'] = array();
Chris@76	818 $request = $smcFunc['db_query']('', '
Chris@76	819 SELECT
Chris@76	820 bi.id_ban, bi.hostname, bi.email_address, bi.id_member, bi.hits,
Chris@76	821 bi.ip_low1, bi.ip_high1, bi.ip_low2, bi.ip_high2, bi.ip_low3, bi.ip_high3, bi.ip_low4, bi.ip_high4,
Chris@76	822 bg.id_ban_group, bg.name, bg.ban_time, bg.expire_time, bg.reason, bg.notes, bg.cannot_access, bg.cannot_register, bg.cannot_login, bg.cannot_post,
Chris@76	823 IFNULL(mem.id_member, 0) AS id_member, mem.member_name, mem.real_name
Chris@76	824 FROM {db_prefix}ban_groups AS bg
Chris@76	825 LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_ban_group = bg.id_ban_group)
Chris@76	826 LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = bi.id_member)
Chris@76	827 WHERE bg.id_ban_group = {int:current_ban}',
Chris@76	828 array(
Chris@76	829 'current_ban' => $_REQUEST['bg'],
Chris@76	830 )
Chris@76	831 );
Chris@76	832 if ($smcFunc['db_num_rows']($request) == 0)
Chris@76	833 fatal_lang_error('ban_not_found', false);
Chris@76	834
Chris@76	835 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	836 {
Chris@76	837 if (!isset($context['ban']))
Chris@76	838 {
Chris@76	839 $context['ban'] = array(
Chris@76	840 'id' => $row['id_ban_group'],
Chris@76	841 'name' => $row['name'],
Chris@76	842 'expiration' => array(
Chris@76	843 'status' => $row['expire_time'] === null ? 'never' : ($row['expire_time'] < time() ? 'expired' : 'still_active_but_we_re_counting_the_days'),
Chris@76	844 'days' => $row['expire_time'] > time() ? floor(($row['expire_time'] - time()) / 86400) : 0
Chris@76	845 ),
Chris@76	846 'reason' => $row['reason'],
Chris@76	847 'notes' => $row['notes'],
Chris@76	848 'cannot' => array(
Chris@76	849 'access' => !empty($row['cannot_access']),
Chris@76	850 'post' => !empty($row['cannot_post']),
Chris@76	851 'register' => !empty($row['cannot_register']),
Chris@76	852 'login' => !empty($row['cannot_login']),
Chris@76	853 ),
Chris@76	854 'is_new' => false,
Chris@76	855 );
Chris@76	856 }
Chris@76	857 if (!empty($row['id_ban']))
Chris@76	858 {
Chris@76	859 $context['ban_items'][$row['id_ban']] = array(
Chris@76	860 'id' => $row['id_ban'],
Chris@76	861 'hits' => $row['hits'],
Chris@76	862 );
Chris@76	863 if (!empty($row['ip_high1']))
Chris@76	864 {
Chris@76	865 $context['ban_items'][$row['id_ban']]['type'] = 'ip';
Chris@76	866 $context['ban_items'][$row['id_ban']]['ip'] = range2ip(array($row['ip_low1'], $row['ip_low2'], $row['ip_low3'], $row['ip_low4']), array($row['ip_high1'], $row['ip_high2'], $row['ip_high3'], $row['ip_high4']));
Chris@76	867 }
Chris@76	868 elseif (!empty($row['hostname']))
Chris@76	869 {
Chris@76	870 $context['ban_items'][$row['id_ban']]['type'] = 'hostname';
Chris@76	871 $context['ban_items'][$row['id_ban']]['hostname'] = str_replace('%', '*', $row['hostname']);
Chris@76	872 }
Chris@76	873 elseif (!empty($row['email_address']))
Chris@76	874 {
Chris@76	875 $context['ban_items'][$row['id_ban']]['type'] = 'email';
Chris@76	876 $context['ban_items'][$row['id_ban']]['email'] = str_replace('%', '*', $row['email_address']);
Chris@76	877 }
Chris@76	878 elseif (!empty($row['id_member']))
Chris@76	879 {
Chris@76	880 $context['ban_items'][$row['id_ban']]['type'] = 'user';
Chris@76	881 $context['ban_items'][$row['id_ban']]['user'] = array(
Chris@76	882 'id' => $row['id_member'],
Chris@76	883 'name' => $row['real_name'],
Chris@76	884 'href' => $scripturl . '?action=profile;u=' . $row['id_member'],
Chris@76	885 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>',
Chris@76	886 );
Chris@76	887 }
Chris@76	888 // Invalid ban (member probably doesn't exist anymore).
Chris@76	889 else
Chris@76	890 {
Chris@76	891 unset($context['ban_items'][$row['id_ban']]);
Chris@76	892 $smcFunc['db_query']('', '
Chris@76	893 DELETE FROM {db_prefix}ban_items
Chris@76	894 WHERE id_ban = {int:current_ban}',
Chris@76	895 array(
Chris@76	896 'current_ban' => $row['id_ban'],
Chris@76	897 )
Chris@76	898 );
Chris@76	899 }
Chris@76	900 }
Chris@76	901 }
Chris@76	902 $smcFunc['db_free_result']($request);
Chris@76	903 }
Chris@76	904 // Not an existing one, then it's probably a new one.
Chris@76	905 else
Chris@76	906 {
Chris@76	907 $context['ban'] = array(
Chris@76	908 'id' => 0,
Chris@76	909 'name' => '',
Chris@76	910 'expiration' => array(
Chris@76	911 'status' => 'never',
Chris@76	912 'days' => 0
Chris@76	913 ),
Chris@76	914 'reason' => '',
Chris@76	915 'notes' => '',
Chris@76	916 'ban_days' => 0,
Chris@76	917 'cannot' => array(
Chris@76	918 'access' => true,
Chris@76	919 'post' => false,
Chris@76	920 'register' => false,
Chris@76	921 'login' => false,
Chris@76	922 ),
Chris@76	923 'is_new' => true,
Chris@76	924 );
Chris@76	925 $context['ban_suggestions'] = array(
Chris@76	926 'main_ip' => '',
Chris@76	927 'hostname' => '',
Chris@76	928 'email' => '',
Chris@76	929 'member' => array(
Chris@76	930 'id' => 0,
Chris@76	931 ),
Chris@76	932 );
Chris@76	933
Chris@76	934 // Overwrite some of the default form values if a user ID was given.
Chris@76	935 if (!empty($_REQUEST['u']))
Chris@76	936 {
Chris@76	937 $request = $smcFunc['db_query']('', '
Chris@76	938 SELECT id_member, real_name, member_ip, email_address
Chris@76	939 FROM {db_prefix}members
Chris@76	940 WHERE id_member = {int:current_user}
Chris@76	941 LIMIT 1',
Chris@76	942 array(
Chris@76	943 'current_user' => (int) $_REQUEST['u'],
Chris@76	944 )
Chris@76	945 );
Chris@76	946 if ($smcFunc['db_num_rows']($request) > 0)
Chris@76	947 list ($context['ban_suggestions']['member']['id'], $context['ban_suggestions']['member']['name'], $context['ban_suggestions']['main_ip'], $context['ban_suggestions']['email']) = $smcFunc['db_fetch_row']($request);
Chris@76	948 $smcFunc['db_free_result']($request);
Chris@76	949
Chris@76	950 if (!empty($context['ban_suggestions']['member']['id']))
Chris@76	951 {
Chris@76	952 $context['ban_suggestions']['href'] = $scripturl . '?action=profile;u=' . $context['ban_suggestions']['member']['id'];
Chris@76	953 $context['ban_suggestions']['member']['link'] = '<a href="' . $context['ban_suggestions']['href'] . '">' . $context['ban_suggestions']['member']['name'] . '</a>';
Chris@76	954
Chris@76	955 // Default the ban name to the name of the banned member.
Chris@76	956 $context['ban']['name'] = $context['ban_suggestions']['member']['name'];
Chris@76	957
Chris@76	958 // Would be nice if we could also ban the hostname.
Chris@76	959 if (preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $context['ban_suggestions']['main_ip']) == 1 && empty($modSettings['disableHostnameLookup']))
Chris@76	960 $context['ban_suggestions']['hostname'] = host_from_ip($context['ban_suggestions']['main_ip']);
Chris@76	961
Chris@76	962 // Find some additional IP's used by this member.
Chris@76	963 $context['ban_suggestions']['message_ips'] = array();
Chris@76	964 $request = $smcFunc['db_query']('ban_suggest_message_ips', '
Chris@76	965 SELECT DISTINCT poster_ip
Chris@76	966 FROM {db_prefix}messages
Chris@76	967 WHERE id_member = {int:current_user}
Chris@76	968 AND poster_ip RLIKE {string:poster_ip_regex}
Chris@76	969 ORDER BY poster_ip',
Chris@76	970 array(
Chris@76	971 'current_user' => (int) $_REQUEST['u'],
Chris@76	972 'poster_ip_regex' => '^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$',
Chris@76	973 )
Chris@76	974 );
Chris@76	975 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	976 $context['ban_suggestions']['message_ips'][] = $row['poster_ip'];
Chris@76	977 $smcFunc['db_free_result']($request);
Chris@76	978
Chris@76	979 $context['ban_suggestions']['error_ips'] = array();
Chris@76	980 $request = $smcFunc['db_query']('ban_suggest_error_ips', '
Chris@76	981 SELECT DISTINCT ip
Chris@76	982 FROM {db_prefix}log_errors
Chris@76	983 WHERE id_member = {int:current_user}
Chris@76	984 AND ip RLIKE {string:poster_ip_regex}
Chris@76	985 ORDER BY ip',
Chris@76	986 array(
Chris@76	987 'current_user' => (int) $_REQUEST['u'],
Chris@76	988 'poster_ip_regex' => '^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$',
Chris@76	989 )
Chris@76	990 );
Chris@76	991 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	992 $context['ban_suggestions']['error_ips'][] = $row['ip'];
Chris@76	993 $smcFunc['db_free_result']($request);
Chris@76	994
Chris@76	995 // Borrowing a few language strings from profile.
Chris@76	996 loadLanguage('Profile');
Chris@76	997 }
Chris@76	998 }
Chris@76	999 }
Chris@76	1000
Chris@76	1001 // Template needs this to show errors using javascript
Chris@76	1002 loadLanguage('Errors');
Chris@76	1003
Chris@76	1004 // If we're in wireless mode remove the admin template layer and use a special template.
Chris@76	1005 if (WIRELESS && WIRELESS_PROTOCOL != 'wap')
Chris@76	1006 {
Chris@76	1007 $context['sub_template'] = WIRELESS_PROTOCOL . '_ban_edit';
Chris@76	1008 foreach ($context['template_layers'] as $k => $v)
Chris@76	1009 if (strpos($v, 'generic_menu') === 0)
Chris@76	1010 unset($context['template_layers'][$k]);
Chris@76	1011 }
Chris@76	1012 else
Chris@76	1013 $context['sub_template'] = 'ban_edit';
Chris@76	1014 }
Chris@76	1015
Chris@76	1016 function BanEditTrigger()
Chris@76	1017 {
Chris@76	1018 global $context, $smcFunc;
Chris@76	1019
Chris@76	1020 $context['sub_template'] = 'ban_edit_trigger';
Chris@76	1021
Chris@76	1022 if (empty($_REQUEST['bg']))
Chris@76	1023 fatal_lang_error('ban_not_found', false);
Chris@76	1024
Chris@76	1025 if (empty($_REQUEST['bi']))
Chris@76	1026 {
Chris@76	1027 $context['ban_trigger'] = array(
Chris@76	1028 'id' => 0,
Chris@76	1029 'group' => (int) $_REQUEST['bg'],
Chris@76	1030 'ip' => array(
Chris@76	1031 'value' => '',
Chris@76	1032 'selected' => true,
Chris@76	1033 ),
Chris@76	1034 'hostname' => array(
Chris@76	1035 'selected' => false,
Chris@76	1036 'value' => '',
Chris@76	1037 ),
Chris@76	1038 'email' => array(
Chris@76	1039 'value' => '',
Chris@76	1040 'selected' => false,
Chris@76	1041 ),
Chris@76	1042 'banneduser' => array(
Chris@76	1043 'value' => '',
Chris@76	1044 'selected' => false,
Chris@76	1045 ),
Chris@76	1046 'is_new' => true,
Chris@76	1047 );
Chris@76	1048 }
Chris@76	1049 else
Chris@76	1050 {
Chris@76	1051 $request = $smcFunc['db_query']('', '
Chris@76	1052 SELECT
Chris@76	1053 bi.id_ban, bi.id_ban_group, bi.hostname, bi.email_address, bi.id_member,
Chris@76	1054 bi.ip_low1, bi.ip_high1, bi.ip_low2, bi.ip_high2, bi.ip_low3, bi.ip_high3, bi.ip_low4, bi.ip_high4,
Chris@76	1055 mem.member_name, mem.real_name
Chris@76	1056 FROM {db_prefix}ban_items AS bi
Chris@76	1057 LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = bi.id_member)
Chris@76	1058 WHERE bi.id_ban = {int:ban_item}
Chris@76	1059 AND bi.id_ban_group = {int:ban_group}
Chris@76	1060 LIMIT 1',
Chris@76	1061 array(
Chris@76	1062 'ban_item' => (int) $_REQUEST['bi'],
Chris@76	1063 'ban_group' => (int) $_REQUEST['bg'],
Chris@76	1064 )
Chris@76	1065 );
Chris@76	1066 if ($smcFunc['db_num_rows']($request) == 0)
Chris@76	1067 fatal_lang_error('ban_not_found', false);
Chris@76	1068 $row = $smcFunc['db_fetch_assoc']($request);
Chris@76	1069 $smcFunc['db_free_result']($request);
Chris@76	1070
Chris@76	1071 $context['ban_trigger'] = array(
Chris@76	1072 'id' => $row['id_ban'],
Chris@76	1073 'group' => $row['id_ban_group'],
Chris@76	1074 'ip' => array(
Chris@76	1075 'value' => empty($row['ip_low1']) ? '' : range2ip(array($row['ip_low1'], $row['ip_low2'], $row['ip_low3'], $row['ip_low4']), array($row['ip_high1'], $row['ip_high2'], $row['ip_high3'], $row['ip_high4'])),
Chris@76	1076 'selected' => !empty($row['ip_low1']),
Chris@76	1077 ),
Chris@76	1078 'hostname' => array(
Chris@76	1079 'value' => str_replace('%', '*', $row['hostname']),
Chris@76	1080 'selected' => !empty($row['hostname']),
Chris@76	1081 ),
Chris@76	1082 'email' => array(
Chris@76	1083 'value' => str_replace('%', '*', $row['email_address']),
Chris@76	1084 'selected' => !empty($row['email_address'])
Chris@76	1085 ),
Chris@76	1086 'banneduser' => array(
Chris@76	1087 'value' => $row['member_name'],
Chris@76	1088 'selected' => !empty($row['member_name'])
Chris@76	1089 ),
Chris@76	1090 'is_new' => false,
Chris@76	1091 );
Chris@76	1092 }
Chris@76	1093 }
Chris@76	1094
Chris@76	1095 function BanBrowseTriggers()
Chris@76	1096 {
Chris@76	1097 global $modSettings, $context, $scripturl, $smcFunc, $txt;
Chris@76	1098 global $sourcedir, $settings;
Chris@76	1099
Chris@76	1100 if (!empty($_POST['remove_triggers']) && !empty($_POST['remove']) && is_array($_POST['remove']))
Chris@76	1101 {
Chris@76	1102 checkSession();
Chris@76	1103
Chris@76	1104 // Clean the integers.
Chris@76	1105 foreach ($_POST['remove'] as $key => $value)
Chris@76	1106 $_POST['remove'][$key] = $value;
Chris@76	1107
Chris@76	1108 $smcFunc['db_query']('', '
Chris@76	1109 DELETE FROM {db_prefix}ban_items
Chris@76	1110 WHERE id_ban IN ({array_int:ban_list})',
Chris@76	1111 array(
Chris@76	1112 'ban_list' => $_POST['remove'],
Chris@76	1113 )
Chris@76	1114 );
Chris@76	1115
Chris@76	1116 // Rehabilitate some members.
Chris@76	1117 if ($_REQUEST['entity'] == 'member')
Chris@76	1118 updateBanMembers();
Chris@76	1119
Chris@76	1120 // Make sure the ban cache is refreshed.
Chris@76	1121 updateSettings(array('banLastUpdated' => time()));
Chris@76	1122 }
Chris@76	1123
Chris@76	1124 $context['selected_entity'] = isset($_REQUEST['entity']) && in_array($_REQUEST['entity'], array('ip', 'hostname', 'email', 'member')) ? $_REQUEST['entity'] : 'ip';
Chris@76	1125
Chris@76	1126 $listOptions = array(
Chris@76	1127 'id' => 'ban_trigger_list',
Chris@76	1128 'title' => $txt['ban_trigger_browse'],
Chris@76	1129 'items_per_page' => $modSettings['defaultMaxMessages'],
Chris@76	1130 'base_href' => $scripturl . '?action=admin;area=ban;sa=browse;entity=' . $context['selected_entity'],
Chris@76	1131 'default_sort_col' => 'banned_entity',
Chris@76	1132 'no_items_label' => $txt['ban_no_triggers'],
Chris@76	1133 'get_items' => array(
Chris@76	1134 'function' => 'list_getBanTriggers',
Chris@76	1135 'params' => array(
Chris@76	1136 $context['selected_entity'],
Chris@76	1137 ),
Chris@76	1138 ),
Chris@76	1139 'get_count' => array(
Chris@76	1140 'function' => 'list_getNumBanTriggers',
Chris@76	1141 'params' => array(
Chris@76	1142 $context['selected_entity'],
Chris@76	1143 ),
Chris@76	1144 ),
Chris@76	1145 'columns' => array(
Chris@76	1146 'banned_entity' => array(
Chris@76	1147 'header' => array(
Chris@76	1148 'value' => $txt['ban_banned_entity'],
Chris@76	1149 ),
Chris@76	1150 ),
Chris@76	1151 'ban_name' => array(
Chris@76	1152 'header' => array(
Chris@76	1153 'value' => $txt['ban_name'],
Chris@76	1154 ),
Chris@76	1155 'data' => array(
Chris@76	1156 'sprintf' => array(
Chris@76	1157 'format' => '<a href="' . $scripturl . '?action=admin;area=ban;sa=edit;bg=%1$d">%2$s</a>',
Chris@76	1158 'params' => array(
Chris@76	1159 'id_ban_group' => false,
Chris@76	1160 'name' => false,
Chris@76	1161 ),
Chris@76	1162 ),
Chris@76	1163 ),
Chris@76	1164 'sort' => array(
Chris@76	1165 'default' => 'bg.name',
Chris@76	1166 'reverse' => 'bg.name DESC',
Chris@76	1167 ),
Chris@76	1168 ),
Chris@76	1169 'hits' => array(
Chris@76	1170 'header' => array(
Chris@76	1171 'value' => $txt['ban_hits'],
Chris@76	1172 ),
Chris@76	1173 'data' => array(
Chris@76	1174 'db' => 'hits',
Chris@76	1175 'style' => 'text-align: center;',
Chris@76	1176 ),
Chris@76	1177 'sort' => array(
Chris@76	1178 'default' => 'bi.hits DESC',
Chris@76	1179 'reverse' => 'bi.hits',
Chris@76	1180 ),
Chris@76	1181 ),
Chris@76	1182 'check' => array(
Chris@76	1183 'header' => array(
Chris@76	1184 'value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />',
Chris@76	1185 ),
Chris@76	1186 'data' => array(
Chris@76	1187 'sprintf' => array(
Chris@76	1188 'format' => '<input type="checkbox" name="remove[]" value="%1$d" class="input_check" />',
Chris@76	1189 'params' => array(
Chris@76	1190 'id_ban' => false,
Chris@76	1191 ),
Chris@76	1192 ),
Chris@76	1193 'style' => 'text-align: center',
Chris@76	1194 ),
Chris@76	1195 ),
Chris@76	1196 ),
Chris@76	1197 'form' => array(
Chris@76	1198 'href' => $scripturl . '?action=admin;area=ban;sa=browse;entity=' . $context['selected_entity'],
Chris@76	1199 'include_start' => true,
Chris@76	1200 'include_sort' => true,
Chris@76	1201 ),
Chris@76	1202 'additional_rows' => array(
Chris@76	1203 array(
Chris@76	1204 'position' => 'above_column_headers',
Chris@76	1205 'value' => '<a href="' . $scripturl . '?action=admin;area=ban;sa=browse;entity=ip">' . ($context['selected_entity'] == 'ip' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt=">" /> ' : '') . $txt['ip'] . '</a> \| <a href="' . $scripturl . '?action=admin;area=ban;sa=browse;entity=hostname">' . ($context['selected_entity'] == 'hostname' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt=">" /> ' : '') . $txt['hostname'] . '</a> \| <a href="' . $scripturl . '?action=admin;area=ban;sa=browse;entity=email">' . ($context['selected_entity'] == 'email' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt=">" /> ' : '') . $txt['email'] . '</a> \| <a href="' . $scripturl . '?action=admin;area=ban;sa=browse;entity=member">' . ($context['selected_entity'] == 'member' ? '<img src="' . $settings['images_url'] . '/selected.gif" alt=">" /> ' : '') . $txt['username'] . '</a>',
Chris@76	1206 ),
Chris@76	1207 array(
Chris@76	1208 'position' => 'below_table_data',
Chris@76	1209 'value' => '<input type="submit" name="remove_triggers" value="' . $txt['ban_remove_selected_triggers'] . '" onclick="return confirm(\'' . $txt['ban_remove_selected_triggers_confirm'] . '\');" class="button_submit" />',
Chris@76	1210 'style' => 'text-align: right;',
Chris@76	1211 ),
Chris@76	1212 ),
Chris@76	1213 );
Chris@76	1214
Chris@76	1215 // Specific data for the first column depending on the selected entity.
Chris@76	1216 if ($context['selected_entity'] === 'ip')
Chris@76	1217 {
Chris@76	1218 $listOptions['columns']['banned_entity']['data'] = array(
Chris@76	1219 'function' => create_function('$rowData', '
Chris@76	1220 return range2ip(array(
Chris@76	1221 $rowData[\'ip_low1\'],
Chris@76	1222 $rowData[\'ip_low2\'],
Chris@76	1223 $rowData[\'ip_low3\'],
Chris@76	1224 $rowData[\'ip_low4\']
Chris@76	1225 ), array(
Chris@76	1226 $rowData[\'ip_high1\'],
Chris@76	1227 $rowData[\'ip_high2\'],
Chris@76	1228 $rowData[\'ip_high3\'],
Chris@76	1229 $rowData[\'ip_high4\']
Chris@76	1230 ));
Chris@76	1231 '),
Chris@76	1232 );
Chris@76	1233 $listOptions['columns']['banned_entity']['sort'] = array(
Chris@76	1234 'default' => 'bi.ip_low1, bi.ip_high1, bi.ip_low2, bi.ip_high2, bi.ip_low3, bi.ip_high3, bi.ip_low4, bi.ip_high4',
Chris@76	1235 'reverse' => 'bi.ip_low1 DESC, bi.ip_high1 DESC, bi.ip_low2 DESC, bi.ip_high2 DESC, bi.ip_low3 DESC, bi.ip_high3 DESC, bi.ip_low4 DESC, bi.ip_high4 DESC',
Chris@76	1236 );
Chris@76	1237 }
Chris@76	1238 elseif ($context['selected_entity'] === 'hostname')
Chris@76	1239 {
Chris@76	1240 $listOptions['columns']['banned_entity']['data'] = array(
Chris@76	1241 'function' => create_function('$rowData', '
Chris@76	1242 global $smcFunc;
Chris@76	1243 return strtr($smcFunc[\'htmlspecialchars\']($rowData[\'hostname\']), array(\'%\' => \'*\'));
Chris@76	1244 '),
Chris@76	1245 );
Chris@76	1246 $listOptions['columns']['banned_entity']['sort'] = array(
Chris@76	1247 'default' => 'bi.hostname',
Chris@76	1248 'reverse' => 'bi.hostname DESC',
Chris@76	1249 );
Chris@76	1250 }
Chris@76	1251 elseif ($context['selected_entity'] === 'email')
Chris@76	1252 {
Chris@76	1253 $listOptions['columns']['banned_entity']['data'] = array(
Chris@76	1254 'function' => create_function('$rowData', '
Chris@76	1255 global $smcFunc;
Chris@76	1256 return strtr($smcFunc[\'htmlspecialchars\']($rowData[\'email_address\']), array(\'%\' => \'*\'));
Chris@76	1257 '),
Chris@76	1258 );
Chris@76	1259 $listOptions['columns']['banned_entity']['sort'] = array(
Chris@76	1260 'default' => 'bi.email_address',
Chris@76	1261 'reverse' => 'bi.email_address DESC',
Chris@76	1262 );
Chris@76	1263 }
Chris@76	1264 elseif ($context['selected_entity'] === 'member')
Chris@76	1265 {
Chris@76	1266 $listOptions['columns']['banned_entity']['data'] = array(
Chris@76	1267 'sprintf' => array(
Chris@76	1268 'format' => '<a href="' . $scripturl . '?action=profile;u=%1$d">%2$s</a>',
Chris@76	1269 'params' => array(
Chris@76	1270 'id_member' => false,
Chris@76	1271 'real_name' => false,
Chris@76	1272 ),
Chris@76	1273 ),
Chris@76	1274 );
Chris@76	1275 $listOptions['columns']['banned_entity']['sort'] = array(
Chris@76	1276 'default' => 'mem.real_name',
Chris@76	1277 'reverse' => 'mem.real_name DESC',
Chris@76	1278 );
Chris@76	1279 }
Chris@76	1280
Chris@76	1281 // Create the list.
Chris@76	1282 require_once($sourcedir . '/Subs-List.php');
Chris@76	1283 createList($listOptions);
Chris@76	1284
Chris@76	1285 // The list is the only thing to show, so make it the default sub template.
Chris@76	1286 $context['sub_template'] = 'show_list';
Chris@76	1287 $context['default_list'] = 'ban_trigger_list';
Chris@76	1288 }
Chris@76	1289
Chris@76	1290 function list_getBanTriggers($start, $items_per_page, $sort, $trigger_type)
Chris@76	1291 {
Chris@76	1292 global $smcFunc;
Chris@76	1293
Chris@76	1294 $where = array(
Chris@76	1295 'ip' => 'bi.ip_low1 > 0',
Chris@76	1296 'hostname' => 'bi.hostname != {string:blank_string}',
Chris@76	1297 'email' => 'bi.email_address != {string:blank_string}',
Chris@76	1298 );
Chris@76	1299
Chris@76	1300 $request = $smcFunc['db_query']('', '
Chris@76	1301 SELECT
Chris@76	1302 bi.id_ban, bi.ip_low1, bi.ip_high1, bi.ip_low2, bi.ip_high2, bi.ip_low3, bi.ip_high3, bi.ip_low4, bi.ip_high4, bi.hostname, bi.email_address, bi.hits,
Chris@76	1303 bg.id_ban_group, bg.name' . ($trigger_type === 'member' ? ',
Chris@76	1304 mem.id_member, mem.real_name' : '') . '
Chris@76	1305 FROM {db_prefix}ban_items AS bi
Chris@76	1306 INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)' . ($trigger_type === 'member' ? '
Chris@76	1307 INNER JOIN {db_prefix}members AS mem ON (mem.id_member = bi.id_member)' : '
Chris@76	1308 WHERE ' . $where[$trigger_type]) . '
Chris@76	1309 ORDER BY ' . $sort . '
Chris@76	1310 LIMIT ' . $start . ', ' . $items_per_page,
Chris@76	1311 array(
Chris@76	1312 'blank_string' => '',
Chris@76	1313 )
Chris@76	1314 );
Chris@76	1315 $ban_triggers = array();
Chris@76	1316 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	1317 $ban_triggers[] = $row;
Chris@76	1318 $smcFunc['db_free_result']($request);
Chris@76	1319
Chris@76	1320 return $ban_triggers;
Chris@76	1321 }
Chris@76	1322
Chris@76	1323 function list_getNumBanTriggers($trigger_type)
Chris@76	1324 {
Chris@76	1325 global $smcFunc;
Chris@76	1326
Chris@76	1327 $where = array(
Chris@76	1328 'ip' => 'bi.ip_low1 > 0',
Chris@76	1329 'hostname' => 'bi.hostname != {string:blank_string}',
Chris@76	1330 'email' => 'bi.email_address != {string:blank_string}',
Chris@76	1331 );
Chris@76	1332
Chris@76	1333 $request = $smcFunc['db_query']('', '
Chris@76	1334 SELECT COUNT(*)
Chris@76	1335 FROM {db_prefix}ban_items AS bi' . ($trigger_type === 'member' ? '
Chris@76	1336 INNER JOIN {db_prefix}members AS mem ON (mem.id_member = bi.id_member)' : '
Chris@76	1337 WHERE ' . $where[$trigger_type]),
Chris@76	1338 array(
Chris@76	1339 'blank_string' => '',
Chris@76	1340 )
Chris@76	1341 );
Chris@76	1342 list ($num_triggers) = $smcFunc['db_fetch_row']($request);
Chris@76	1343 $smcFunc['db_free_result']($request);
Chris@76	1344
Chris@76	1345 return $num_triggers;
Chris@76	1346 }
Chris@76	1347
Chris@76	1348 function BanLog()
Chris@76	1349 {
Chris@76	1350 global $scripturl, $context, $smcFunc, $sourcedir, $txt;
Chris@76	1351 global $context;
Chris@76	1352
Chris@76	1353 // Delete one or more entries.
Chris@76	1354 if (!empty($_POST['removeAll']) \|\| (!empty($_POST['removeSelected']) && !empty($_POST['remove'])))
Chris@76	1355 {
Chris@76	1356 checkSession();
Chris@76	1357
Chris@76	1358 // 'Delete all entries' button was pressed.
Chris@76	1359 if (!empty($_POST['removeAll']))
Chris@76	1360 $smcFunc['db_query']('truncate_table', '
Chris@76	1361 TRUNCATE {db_prefix}log_banned',
Chris@76	1362 array(
Chris@76	1363 )
Chris@76	1364 );
Chris@76	1365
Chris@76	1366 // 'Delte selection' button was pressed.
Chris@76	1367 else
Chris@76	1368 {
Chris@76	1369 // Make sure every entry is integer.
Chris@76	1370 foreach ($_POST['remove'] as $index => $log_id)
Chris@76	1371 $_POST['remove'][$index] = (int) $log_id;
Chris@76	1372
Chris@76	1373 $smcFunc['db_query']('', '
Chris@76	1374 DELETE FROM {db_prefix}log_banned
Chris@76	1375 WHERE id_ban_log IN ({array_int:ban_list})',
Chris@76	1376 array(
Chris@76	1377 'ban_list' => $_POST['remove'],
Chris@76	1378 )
Chris@76	1379 );
Chris@76	1380 }
Chris@76	1381 }
Chris@76	1382
Chris@76	1383 $listOptions = array(
Chris@76	1384 'id' => 'ban_log',
Chris@76	1385 'items_per_page' => 30,
Chris@76	1386 'base_href' => $context['admin_area'] == 'ban' ? $scripturl . '?action=admin;area=ban;sa=log' : $scripturl . '?action=admin;area=logs;sa=banlog',
Chris@76	1387 'default_sort_col' => 'date',
Chris@76	1388 'get_items' => array(
Chris@76	1389 'function' => 'list_getBanLogEntries',
Chris@76	1390 ),
Chris@76	1391 'get_count' => array(
Chris@76	1392 'function' => 'list_getNumBanLogEntries',
Chris@76	1393 ),
Chris@76	1394 'no_items_label' => $txt['ban_log_no_entries'],
Chris@76	1395 'columns' => array(
Chris@76	1396 'ip' => array(
Chris@76	1397 'header' => array(
Chris@76	1398 'value' => $txt['ban_log_ip'],
Chris@76	1399 ),
Chris@76	1400 'data' => array(
Chris@76	1401 'sprintf' => array(
Chris@76	1402 'format' => '<a href="' . $scripturl . '?action=trackip;searchip=%1$s">%1$s</a>',
Chris@76	1403 'params' => array(
Chris@76	1404 'ip' => false,
Chris@76	1405 ),
Chris@76	1406 ),
Chris@76	1407 ),
Chris@76	1408 'sort' => array(
Chris@76	1409 'default' => 'lb.ip',
Chris@76	1410 'reverse' => 'lb.ip DESC',
Chris@76	1411 ),
Chris@76	1412 ),
Chris@76	1413 'email' => array(
Chris@76	1414 'header' => array(
Chris@76	1415 'value' => $txt['ban_log_email'],
Chris@76	1416 ),
Chris@76	1417 'data' => array(
Chris@76	1418 'db_htmlsafe' => 'email',
Chris@76	1419 ),
Chris@76	1420 'sort' => array(
Chris@76	1421 'default' => 'lb.email = \'\', lb.email',
Chris@76	1422 'reverse' => 'lb.email != \'\', lb.email DESC',
Chris@76	1423 ),
Chris@76	1424 ),
Chris@76	1425 'member' => array(
Chris@76	1426 'header' => array(
Chris@76	1427 'value' => $txt['ban_log_member'],
Chris@76	1428 ),
Chris@76	1429 'data' => array(
Chris@76	1430 'sprintf' => array(
Chris@76	1431 'format' => '<a href="' . $scripturl . '?action=profile;u=%1$d">%2$s</a>',
Chris@76	1432 'params' => array(
Chris@76	1433 'id_member' => false,
Chris@76	1434 'real_name' => false,
Chris@76	1435 ),
Chris@76	1436 ),
Chris@76	1437 ),
Chris@76	1438 'sort' => array(
Chris@76	1439 'default' => 'IFNULL(mem.real_name, 1=1), mem.real_name',
Chris@76	1440 'reverse' => 'IFNULL(mem.real_name, 1=1) DESC, mem.real_name DESC',
Chris@76	1441 ),
Chris@76	1442 ),
Chris@76	1443 'date' => array(
Chris@76	1444 'header' => array(
Chris@76	1445 'value' => $txt['ban_log_date'],
Chris@76	1446 ),
Chris@76	1447 'data' => array(
Chris@76	1448 'function' => create_function('$rowData', '
Chris@76	1449 return timeformat($rowData[\'log_time\']);
Chris@76	1450 '),
Chris@76	1451 ),
Chris@76	1452 'sort' => array(
Chris@76	1453 'default' => 'lb.log_time DESC',
Chris@76	1454 'reverse' => 'lb.log_time',
Chris@76	1455 ),
Chris@76	1456 ),
Chris@76	1457 'check' => array(
Chris@76	1458 'header' => array(
Chris@76	1459 'value' => '<input type="checkbox" onclick="invertAll(this, this.form);" class="input_check" />',
Chris@76	1460 ),
Chris@76	1461 'data' => array(
Chris@76	1462 'sprintf' => array(
Chris@76	1463 'format' => '<input type="checkbox" name="remove[]" value="%1$d" class="input_check" />',
Chris@76	1464 'params' => array(
Chris@76	1465 'id_ban_log' => false,
Chris@76	1466 ),
Chris@76	1467 ),
Chris@76	1468 'style' => 'text-align: center',
Chris@76	1469 ),
Chris@76	1470 ),
Chris@76	1471 ),
Chris@76	1472 'form' => array(
Chris@76	1473 'href' => $context['admin_area'] == 'ban' ? $scripturl . '?action=admin;area=ban;sa=log' : $scripturl . '?action=admin;area=logs;sa=banlog',
Chris@76	1474 'include_start' => true,
Chris@76	1475 'include_sort' => true,
Chris@76	1476 ),
Chris@76	1477 'additional_rows' => array(
Chris@76	1478 array(
Chris@76	1479 'position' => 'below_table_data',
Chris@76	1480 'value' => '
Chris@76	1481 <input type="submit" name="removeSelected" value="' . $txt['ban_log_remove_selected'] . '" onclick="return confirm(\'' . $txt['ban_log_remove_selected_confirm'] . '\');" class="button_submit" />
Chris@76	1482 <input type="submit" name="removeAll" value="' . $txt['ban_log_remove_all'] . '" onclick="return confirm(\'' . $txt['ban_log_remove_all_confirm'] . '\');" class="button_submit" />',
Chris@76	1483 'style' => 'text-align: right;',
Chris@76	1484 ),
Chris@76	1485 ),
Chris@76	1486 );
Chris@76	1487
Chris@76	1488 require_once($sourcedir . '/Subs-List.php');
Chris@76	1489 createList($listOptions);
Chris@76	1490
Chris@76	1491 $context['page_title'] = $txt['ban_log'];
Chris@76	1492 $context['sub_template'] = 'show_list';
Chris@76	1493 $context['default_list'] = 'ban_log';
Chris@76	1494 }
Chris@76	1495
Chris@76	1496 function list_getBanLogEntries($start, $items_per_page, $sort)
Chris@76	1497 {
Chris@76	1498 global $smcFunc;
Chris@76	1499
Chris@76	1500 $request = $smcFunc['db_query']('', '
Chris@76	1501 SELECT lb.id_ban_log, lb.id_member, IFNULL(lb.ip, {string:dash}) AS ip, IFNULL(lb.email, {string:dash}) AS email, lb.log_time, IFNULL(mem.real_name, {string:blank_string}) AS real_name
Chris@76	1502 FROM {db_prefix}log_banned AS lb
Chris@76	1503 LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = lb.id_member)
Chris@76	1504 ORDER BY ' . $sort . '
Chris@76	1505 LIMIT ' . $start . ', ' . $items_per_page,
Chris@76	1506 array(
Chris@76	1507 'blank_string' => '',
Chris@76	1508 'dash' => '-',
Chris@76	1509 )
Chris@76	1510 );
Chris@76	1511 $log_entries = array();
Chris@76	1512 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	1513 $log_entries[] = $row;
Chris@76	1514 $smcFunc['db_free_result']($request);
Chris@76	1515
Chris@76	1516 return $log_entries;
Chris@76	1517 }
Chris@76	1518
Chris@76	1519 function list_getNumBanLogEntries()
Chris@76	1520 {
Chris@76	1521 global $smcFunc;
Chris@76	1522
Chris@76	1523 $request = $smcFunc['db_query']('', '
Chris@76	1524 SELECT COUNT(*)
Chris@76	1525 FROM {db_prefix}log_banned AS lb',
Chris@76	1526 array(
Chris@76	1527 )
Chris@76	1528 );
Chris@76	1529 list ($num_entries) = $smcFunc['db_fetch_row']($request);
Chris@76	1530 $smcFunc['db_free_result']($request);
Chris@76	1531
Chris@76	1532 return $num_entries;
Chris@76	1533 }
Chris@76	1534
Chris@76	1535 function range2ip($low, $high)
Chris@76	1536 {
Chris@76	1537 if (count($low) != 4 \|\| count($high) != 4)
Chris@76	1538 return '';
Chris@76	1539
Chris@76	1540 $ip = array();
Chris@76	1541 for ($i = 0; $i < 4; $i++)
Chris@76	1542 {
Chris@76	1543 if ($low[$i] == $high[$i])
Chris@76	1544 $ip[$i] = $low[$i];
Chris@76	1545 elseif ($low[$i] == '0' && $high[$i] == '255')
Chris@76	1546 $ip[$i] = '*';
Chris@76	1547 else
Chris@76	1548 $ip[$i] = $low[$i] . '-' . $high[$i];
Chris@76	1549 }
Chris@76	1550
Chris@76	1551 // Pretending is fun... the IP can't be this, so use it for 'unknown'.
Chris@76	1552 if ($ip == array(255, 255, 255, 255))
Chris@76	1553 return 'unknown';
Chris@76	1554
Chris@76	1555 return implode('.', $ip);
Chris@76	1556 }
Chris@76	1557
Chris@76	1558 function checkExistingTriggerIP($ip_array, $fullip = '')
Chris@76	1559 {
Chris@76	1560 global $smcFunc, $scripturl;
Chris@76	1561
Chris@76	1562 if (count($ip_array) == 4)
Chris@76	1563 $values = array(
Chris@76	1564 'ip_low1' => $ip_array[0]['low'],
Chris@76	1565 'ip_high1' => $ip_array[0]['high'],
Chris@76	1566 'ip_low2' => $ip_array[1]['low'],
Chris@76	1567 'ip_high2' => $ip_array[1]['high'],
Chris@76	1568 'ip_low3' => $ip_array[2]['low'],
Chris@76	1569 'ip_high3' => $ip_array[2]['high'],
Chris@76	1570 'ip_low4' => $ip_array[3]['low'],
Chris@76	1571 'ip_high4' => $ip_array[3]['high'],
Chris@76	1572 );
Chris@76	1573 else
Chris@76	1574 return false;
Chris@76	1575
Chris@76	1576 $request = $smcFunc['db_query']('', '
Chris@76	1577 SELECT bg.id_ban_group, bg.name
Chris@76	1578 FROM {db_prefix}ban_groups AS bg
Chris@76	1579 INNER JOIN {db_prefix}ban_items AS bi ON
Chris@76	1580 (bi.id_ban_group = bg.id_ban_group)
Chris@76	1581 AND ip_low1 = {int:ip_low1} AND ip_high1 = {int:ip_high1}
Chris@76	1582 AND ip_low2 = {int:ip_low2} AND ip_high2 = {int:ip_high2}
Chris@76	1583 AND ip_low3 = {int:ip_low3} AND ip_high3 = {int:ip_high3}
Chris@76	1584 AND ip_low4 = {int:ip_low4} AND ip_high4 = {int:ip_high4}
Chris@76	1585 LIMIT 1',
Chris@76	1586 $values
Chris@76	1587 );
Chris@76	1588 if ($smcFunc['db_num_rows']($request) != 0)
Chris@76	1589 {
Chris@76	1590 list ($error_id_ban, $error_ban_name) = $smcFunc['db_fetch_row']($request);
Chris@76	1591 fatal_lang_error('ban_trigger_already_exists', false, array(
Chris@76	1592 $fullip,
Chris@76	1593 '<a href="' . $scripturl . '?action=admin;area=ban;sa=edit;bg=' . $error_id_ban . '">' . $error_ban_name . '</a>',
Chris@76	1594 ));
Chris@76	1595 }
Chris@76	1596 $smcFunc['db_free_result']($request);
Chris@76	1597
Chris@76	1598 return $values;
Chris@76	1599 }
Chris@76	1600
Chris@76	1601 function updateBanMembers()
Chris@76	1602 {
Chris@76	1603 global $smcFunc;
Chris@76	1604
Chris@76	1605 $updates = array();
Chris@76	1606 $allMembers = array();
Chris@76	1607 $newMembers = array();
Chris@76	1608
Chris@76	1609 // Start by getting all active bans - it's quicker doing this in parts...
Chris@76	1610 $request = $smcFunc['db_query']('', '
Chris@76	1611 SELECT bi.id_member, bi.email_address
Chris@76	1612 FROM {db_prefix}ban_items AS bi
Chris@76	1613 INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)
Chris@76	1614 WHERE (bi.id_member > {int:no_member} OR bi.email_address != {string:blank_string})
Chris@76	1615 AND bg.cannot_access = {int:cannot_access_on}
Chris@76	1616 AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})',
Chris@76	1617 array(
Chris@76	1618 'no_member' => 0,
Chris@76	1619 'cannot_access_on' => 1,
Chris@76	1620 'current_time' => time(),
Chris@76	1621 'blank_string' => '',
Chris@76	1622 )
Chris@76	1623 );
Chris@76	1624 $memberIDs = array();
Chris@76	1625 $memberEmails = array();
Chris@76	1626 $memberEmailWild = array();
Chris@76	1627 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	1628 {
Chris@76	1629 if ($row['id_member'])
Chris@76	1630 $memberIDs[$row['id_member']] = $row['id_member'];
Chris@76	1631 if ($row['email_address'])
Chris@76	1632 {
Chris@76	1633 // Does it have a wildcard - if so we can't do a IN on it.
Chris@76	1634 if (strpos($row['email_address'], '%') !== false)
Chris@76	1635 $memberEmailWild[$row['email_address']] = $row['email_address'];
Chris@76	1636 else
Chris@76	1637 $memberEmails[$row['email_address']] = $row['email_address'];
Chris@76	1638 }
Chris@76	1639 }
Chris@76	1640 $smcFunc['db_free_result']($request);
Chris@76	1641
Chris@76	1642 // Build up the query.
Chris@76	1643 $queryPart = array();
Chris@76	1644 $queryValues = array();
Chris@76	1645 if (!empty($memberIDs))
Chris@76	1646 {
Chris@76	1647 $queryPart[] = 'mem.id_member IN ({array_string:member_ids})';
Chris@76	1648 $queryValues['member_ids'] = $memberIDs;
Chris@76	1649 }
Chris@76	1650 if (!empty($memberEmails))
Chris@76	1651 {
Chris@76	1652 $queryPart[] = 'mem.email_address IN ({array_string:member_emails})';
Chris@76	1653 $queryValues['member_emails'] = $memberEmails;
Chris@76	1654 }
Chris@76	1655 $count = 0;
Chris@76	1656 foreach ($memberEmailWild as $email)
Chris@76	1657 {
Chris@76	1658 $queryPart[] = 'mem.email_address LIKE {string:wild_' . $count . '}';
Chris@76	1659 $queryValues['wild_' . $count++] = $email;
Chris@76	1660 }
Chris@76	1661
Chris@76	1662 // Find all banned members.
Chris@76	1663 if (!empty($queryPart))
Chris@76	1664 {
Chris@76	1665 $request = $smcFunc['db_query']('', '
Chris@76	1666 SELECT mem.id_member, mem.is_activated
Chris@76	1667 FROM {db_prefix}members AS mem
Chris@76	1668 WHERE ' . implode( ' OR ', $queryPart),
Chris@76	1669 $queryValues
Chris@76	1670 );
Chris@76	1671 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	1672 {
Chris@76	1673 if (!in_array($row['id_member'], $allMembers))
Chris@76	1674 {
Chris@76	1675 $allMembers[] = $row['id_member'];
Chris@76	1676 // Do they need an update?
Chris@76	1677 if ($row['is_activated'] < 10)
Chris@76	1678 {
Chris@76	1679 $updates[($row['is_activated'] + 10)][] = $row['id_member'];
Chris@76	1680 $newMembers[] = $row['id_member'];
Chris@76	1681 }
Chris@76	1682 }
Chris@76	1683 }
Chris@76	1684 $smcFunc['db_free_result']($request);
Chris@76	1685 }
Chris@76	1686
Chris@76	1687 // We welcome our new members in the realm of the banned.
Chris@76	1688 if (!empty($newMembers))
Chris@76	1689 $smcFunc['db_query']('', '
Chris@76	1690 DELETE FROM {db_prefix}log_online
Chris@76	1691 WHERE id_member IN ({array_int:new_banned_members})',
Chris@76	1692 array(
Chris@76	1693 'new_banned_members' => $newMembers,
Chris@76	1694 )
Chris@76	1695 );
Chris@76	1696
Chris@76	1697 // Find members that are wrongfully marked as banned.
Chris@76	1698 $request = $smcFunc['db_query']('', '
Chris@76	1699 SELECT mem.id_member, mem.is_activated - 10 AS new_value
Chris@76	1700 FROM {db_prefix}members AS mem
Chris@76	1701 LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_member = mem.id_member OR mem.email_address LIKE bi.email_address)
Chris@76	1702 LEFT JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group AND bg.cannot_access = {int:cannot_access_activated} AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time}))
Chris@76	1703 WHERE (bi.id_ban IS NULL OR bg.id_ban_group IS NULL)
Chris@76	1704 AND mem.is_activated >= {int:ban_flag}',
Chris@76	1705 array(
Chris@76	1706 'cannot_access_activated' => 1,
Chris@76	1707 'current_time' => time(),
Chris@76	1708 'ban_flag' => 10,
Chris@76	1709 )
Chris@76	1710 );
Chris@76	1711 while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76	1712 {
Chris@76	1713 // Don't do this twice!
Chris@76	1714 if (!in_array($row['id_member'], $allMembers))
Chris@76	1715 {
Chris@76	1716 $updates[$row['new_value']][] = $row['id_member'];
Chris@76	1717 $allMembers[] = $row['id_member'];
Chris@76	1718 }
Chris@76	1719 }
Chris@76	1720 $smcFunc['db_free_result']($request);
Chris@76	1721
Chris@76	1722 if (!empty($updates))
Chris@76	1723 foreach ($updates as $newStatus => $members)
Chris@76	1724 updateMemberData($members, array('is_activated' => $newStatus));
Chris@76	1725
Chris@76	1726 // Update the latest member and our total members as banning may change them.
Chris@76	1727 updateStats('member');
Chris@76	1728 }
Chris@76	1729
Chris@76	1730 ?>

Mercurial > hg > vamp-website

annotate forum/Sources/ManageBans.php @ 85:6d7b61434be7 website