From 3b06ee0d381dc1be5f40ca98ad4278046d869d21 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 17 Nov 2019 20:57:39 +0100 Subject: checked in initial customized verison for Archlinux32 --- admin_bans.php | 602 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 602 insertions(+) create mode 100644 admin_bans.php (limited to 'admin_bans.php') diff --git a/admin_bans.php b/admin_bans.php new file mode 100644 index 0000000..6ee8c58 --- /dev/null +++ b/admin_bans.php @@ -0,0 +1,602 @@ +query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + list($group_id, $ban_user, $ban_email) = $db->fetch_row($result); + else + message($lang_admin_bans['No user ID message']); + } + else // Otherwise the username is in POST + { + $ban_user = pun_trim($_POST['new_ban_user']); + + if ($ban_user != '') + { + $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result); + else + message($lang_admin_bans['No user message']); + } + } + + // Make sure we're not banning an admin or moderator + if (isset($group_id)) + { + if ($group_id == PUN_ADMIN) + message(sprintf($lang_admin_bans['User is admin message'], pun_htmlspecialchars($ban_user))); + + $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group info', __FILE__, __LINE__, $db->error()); + $is_moderator_group = $db->result($result); + + if ($is_moderator_group) + message(sprintf($lang_admin_bans['User is mod message'], pun_htmlspecialchars($ban_user))); + } + + // If we have a $user_id, we can try to find the last known IP of that user + if (isset($user_id)) + { + $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); + $ban_ip = ($db->num_rows($result)) ? $db->result($result) : ''; + + if ($ban_ip == '') + { + $result = $db->query('SELECT registration_ip FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + $ban_ip = ($db->num_rows($result)) ? $db->result($result) : ''; + } + } + + $mode = 'add'; + } + else // We are editing a ban + { + $ban_id = intval($_GET['edit_ban']); + if ($ban_id < 1) + message($lang_common['Bad request'], false, '404 Not Found'); + + $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result); + else + message($lang_common['Bad request'], false, '404 Not Found'); + + $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600; + $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire + $diff) : ''; + + $mode = 'edit'; + } + + $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Bans']); + $focus_element = array('bans2', 'ban_user'); + define('PUN_ACTIVE_PAGE', 'admin'); + require PUN_ROOT.'header.php'; + + generate_admin_menu('bans'); + +?> +
+

+
+
+
+ + +
+ +
+ + + + + + + + + + + + + +
+ + +
+ + '.$lang_admin_common['here'].'') ?> +
+ + +
+

+
+
+
+
+
+ +
+ + + + + + + + + +
+ + +
+ + +
+
+
+
+

+
+
+
+
+ +query('SELECT group_id FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + { + $group_id = $db->result($result); + + if ($group_id == PUN_ADMIN) + message(sprintf($lang_admin_bans['User is admin message'], pun_htmlspecialchars($ban_user))); + + $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group info', __FILE__, __LINE__, $db->error()); + $is_moderator_group = $db->result($result); + + if ($is_moderator_group) + message(sprintf($lang_admin_bans['User is mod message'], pun_htmlspecialchars($ban_user))); + } + } + + // Validate IP/IP range (it's overkill, I know) + if ($ban_ip != '') + { + $ban_ip = preg_replace('%\s{2,}%S', ' ', $ban_ip); + $addresses = explode(' ', $ban_ip); + $addresses = array_map('pun_trim', $addresses); + + for ($i = 0; $i < count($addresses); ++$i) + { + if (strpos($addresses[$i], ':') !== false) + { + $octets = explode(':', $addresses[$i]); + + for ($c = 0; $c < count($octets); ++$c) + { + $octets[$c] = ltrim($octets[$c], "0"); + + if ($c > 7 || (!empty($octets[$c]) && !ctype_xdigit($octets[$c])) || intval($octets[$c], 16) > 65535) + message($lang_admin_bans['Invalid IP message']); + } + + $cur_address = implode(':', $octets); + $addresses[$i] = $cur_address; + } + else + { + $octets = explode('.', $addresses[$i]); + + for ($c = 0; $c < count($octets); ++$c) + { + $octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c]; + + if ($c > 3 || preg_match('%[^0-9]%', $octets[$c]) || intval($octets[$c]) > 255) + message($lang_admin_bans['Invalid IP message']); + } + + $cur_address = implode('.', $octets); + $addresses[$i] = $cur_address; + } + } + + $ban_ip = implode(' ', $addresses); + } + + require PUN_ROOT.'include/email.php'; + if ($ban_email != '') + { + // Validate email or domain format + if (!is_valid_email($ban_email) && !preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,63})$%', $ban_email)) + message($lang_admin_bans['Invalid e-mail message']); + + // Let's ensure we are not adding a duplicate ban + $dup_conditions = array('(expire IS NULL OR expire > '.time().')'); + + // If we're adding an email address, we can also check for the domain + $domain_index = strpos($ban_email, '@'); + + if ($domain_index !== false && $_POST['mode'] == 'add') + { + // We are not checking for domains when editing bans, as that might + // prevent editing other fields of already existing email bans for + // which a domain ban was added later. + $ban_domain = substr($ban_email, $domain_index + 1); + $dup_conditions[] = 'email IN (\''.$db->escape($ban_email).'\', \''.$db->escape($ban_domain).'\')'; + } + else + $dup_conditions[] = 'email = \''.$db->escape($ban_email).'\''; + + // When editing, we also need to exclude the current ban + if ($_POST['mode'] == 'edit') + $dup_conditions[] = 'id != '.intval($_POST['ban_id']); + + $result = $db->query('SELECT email FROM '.$db->prefix.'bans WHERE '.implode(' AND ', $dup_conditions)) or error('Unable to check for duplicate bans', __FILE__, __LINE__, $db->error()); + if ($match = $db->result($result)) + { + $is_domain = strpos($match, '@') === false; + + if ($is_domain) + message(sprintf($lang_admin_bans['Duplicate domain message'], $match)); + else + message(sprintf($lang_admin_bans['Duplicate e-mail message'], $match)); + } + } + + if ($ban_expire != '' && $ban_expire != 'Never') + { + $ban_expire = strtotime($ban_expire.' GMT'); + + if ($ban_expire == -1 || !$ban_expire) + message($lang_admin_bans['Invalid date message'].' '.$lang_admin_bans['Invalid date reasons']); + + $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600; + $ban_expire -= $diff; + + if ($ban_expire <= time()) + message($lang_admin_bans['Invalid date message'].' '.$lang_admin_bans['Invalid date reasons']); + } + else + $ban_expire = 'NULL'; + + $ban_user = ($ban_user != '') ? '\''.$db->escape($ban_user).'\'' : 'NULL'; + $ban_ip = ($ban_ip != '') ? '\''.$db->escape($ban_ip).'\'' : 'NULL'; + $ban_email = ($ban_email != '') ? '\''.$db->escape($ban_email).'\'' : 'NULL'; + $ban_message = ($ban_message != '') ? '\''.$db->escape($ban_message).'\'' : 'NULL'; + + if ($_POST['mode'] == 'add') + $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire, ban_creator) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$pun_user['id'].')') or error('Unable to add ban', __FILE__, __LINE__, $db->error()); + else + $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); + + // Regenerate the bans cache + if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) + require PUN_ROOT.'include/cache.php'; + + generate_bans_cache(); + + if ($_POST['mode'] == 'edit') + redirect('admin_bans.php', $lang_admin_bans['Ban edited redirect']); + else + redirect('admin_bans.php', $lang_admin_bans['Ban added redirect']); +} + +// Remove a ban +else if (isset($_GET['del_ban'])) +{ + confirm_referrer('admin_bans.php'); + + $ban_id = intval($_GET['del_ban']); + if ($ban_id < 1) + message($lang_common['Bad request'], false, '404 Not Found'); + + $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error()); + + // Regenerate the bans cache + if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) + require PUN_ROOT.'include/cache.php'; + + generate_bans_cache(); + + redirect('admin_bans.php', $lang_admin_bans['Ban removed redirect']); +} + +// Find bans +else if (isset($_GET['find_ban'])) +{ + $form = isset($_GET['form']) ? $_GET['form'] : array(); + + // trim() all elements in $form + $form = array_map('pun_trim', $form); + $conditions = $query_str = array(); + + $expire_after = isset($_GET['expire_after']) ? pun_trim($_GET['expire_after']) : ''; + $expire_before = isset($_GET['expire_before']) ? pun_trim($_GET['expire_before']) : ''; + $order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'ip', 'email', 'expire')) ? 'b.'.$_GET['order_by'] : 'b.username'; + $direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC'; + + $query_str[] = 'order_by='.$order_by; + $query_str[] = 'direction='.$direction; + + // Try to convert date/time to timestamps + if ($expire_after != '') + { + $query_str[] = 'expire_after='.$expire_after; + + $expire_after = strtotime($expire_after); + if ($expire_after === false || $expire_after == -1) + message($lang_admin_bans['Invalid date message']); + + $conditions[] = 'b.expire>'.$expire_after; + } + if ($expire_before != '') + { + $query_str[] = 'expire_before='.$expire_before; + + $expire_before = strtotime($expire_before); + if ($expire_before === false || $expire_before == -1) + message($lang_admin_bans['Invalid date message']); + + $conditions[] = 'b.expire<'.$expire_before; + } + + $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; + foreach ($form as $key => $input) + { + if ($input != '' && in_array($key, array('username', 'ip', 'email', 'message'))) + { + $conditions[] = 'b.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace(array('*', '_'), array('%', '\\_'), $input)).'\''; + $query_str[] = 'form%5B'.$key.'%5D='.urlencode($input); + } + } + + // Fetch ban count + $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'bans as b WHERE b.id>0'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '')) or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error()); + $num_bans = $db->result($result); + + // Determine the ban offset (based on $_GET['p']) + $num_pages = ceil($num_bans / 50); + + $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']); + $start_from = 50 * ($p - 1); + + // Generate paging links + $paging_links = ''.$lang_common['Pages'].' '.paginate($num_pages, $p, 'admin_bans.php?find_ban=&'.implode('&', $query_str)); + + $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], $lang_admin_common['Bans'], $lang_admin_bans['Results head']); + define('PUN_ACTIVE_PAGE', 'admin'); + require PUN_ROOT.'header.php'; + +?> +
+
+
    +
    • +
  • » 
    • +
  • » 
    • +
+
+

+
+
+
+
+ + +
+

+
+
+ + + + + + + + + + + + + +query('SELECT b.id, b.username, b.ip, b.email, b.message, b.expire, b.ban_creator, u.username AS ban_creator_username FROM '.$db->prefix.'bans AS b LEFT JOIN '.$db->prefix.'users AS u ON b.ban_creator=u.id WHERE b.id>0'.(!empty($conditions) ? ' AND '.implode(' AND ', $conditions) : '').' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction).' LIMIT '.$start_from.', 50') or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + { + while ($ban_data = $db->fetch_assoc($result)) + { + + $actions = ''.$lang_admin_common['Edit'].' | '.$lang_admin_common['Remove'].''; + $expire = format_time($ban_data['expire'], true); + +?> + + + + + + + + + +'."\n"; + +?> + +
'.pun_htmlspecialchars($ban_data['ban_creator_username']).'' : $lang_admin_bans['Unknown'] ?>
'.$lang_admin_bans['No match'].'
+
+
+
+ +
+
+
+

+
+
    +
    • +
  • » 
    • +
  • » 
    • +
+
+
+
+ +
+

+
+
+
+
+ +
+ + + + + +
+ + +
+
+
+
+
+
+ +

+
+
+

+
+
+ +
+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+     +
+
+
+
+

+
+
+
+
+ +