Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialAdmin.php
changeset 128 01955bf53f96
parent 118 0c5efda996bf
child 130 c4ce1640e1f4
equal deleted inserted replaced
127:a2b20a832447 128:01955bf53f96 
   858         {
 
   858         {
 
   859           $user_id = intval($r['user_id']);
 
   859           $user_id = intval($r['user_id']);
 
   860           // We need to update group memberships
 
   860           // We need to update group memberships
 
   861           if ( $old_level == USER_LEVEL_ADMIN ) 
   861           if ( $old_level == USER_LEVEL_ADMIN ) 
   862           {
 
   862           {
 
       
   863             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
 
       
   864             if ( !$q )
 
       
   865               $db->_die();
 
   863             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
 
   866             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
 
   864           }
 
   867           }
 
   865           else if ( $old_level == USER_LEVEL_MOD ) 
   868           else if ( $old_level == USER_LEVEL_MOD ) 
   866           {
 
   869           {
 
       
   870             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
 
       
   871             if ( !$q )
 
       
   872               $db->_die();
 
   867             $session->remove_user_from_group($user_id, GROUP_ID_MOD);
 
   873             $session->remove_user_from_group($user_id, GROUP_ID_MOD);
 
   868           }
 
   874           }
 
   869           
   875           
   870           if ( $new_level == USER_LEVEL_ADMIN )
 
   876           if ( $new_level == USER_LEVEL_ADMIN )
 
   871           {
 
   877           {
 
       
   878             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
 
       
   879             if ( !$q )
 
       
   880               $db->_die();
 
   872             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
 
   881             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
 
   873           }
 
   882           }
 
   874           else if ( $new_level == USER_LEVEL_MOD )
 
   883           else if ( $new_level == USER_LEVEL_MOD )
 
   875           {
 
   884           {
 
       
   885             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
 
       
   886             if ( !$q )
 
       
   887               $db->_die();
 
   876             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);
 
   888             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);
 
   877           }
 
   889           }
 
   878         }
 
   890         }
 
   879         
   891         
   880         // update account activation
 
   892         // update account activation
 
  2062     $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
 
  2074     $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
 
  2063     if(!$e) $db->_die('The ban list entry was not deleted.');
 
  2075     if(!$e) $db->_die('The ban list entry was not deleted.');
 
  2064   }
 
  2076   }
 
  2065   if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
 
  2077   if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
 
  2066   {
 
  2078   {
 
  2067     $q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\'';
 
  2079     $type = intval($_POST['type']);
 
  2068       if(isset($_POST['regex'])) $q .= ', 1';
 
  2080     $value = trim($_POST['value']);
 
  2069       else $q .= ', 0';
 
  2081     if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) )
 
  2070     $q .= ');';
 
  2082     {
 
  2071     $e = $db->sql_query($q);
 
  2083       echo '<div class="error-box">Hacking attempt.</div>';
 
  2072     if(!$e) $db->_die('The banlist could not be updated.');
 
  2084     }
 
       
  2085     else if ( empty($value) )
 
       
  2086     {
 
       
  2087       echo '<div class="error-box">Please enter something to ban.</div>';
 
       
  2088     }
 
       
  2089     else
 
       
  2090     {
 
       
  2091       $entries = array();
 
       
  2092       $input = explode(',', $_POST['value']);
 
       
  2093       $error = false;
 
       
  2094       foreach ( $input as $entry )
 
       
  2095       {
 
       
  2096         $entry = trim($entry);
 
       
  2097         if ( empty($entry) )
 
       
  2098         {
 
       
  2099           echo '<div class="error-box">Malformed entry.</div>';
 
       
  2100           $error = true;
 
       
  2101           break;
 
       
  2102         }
 
       
  2103         if ( $type == BAN_IP )
 
       
  2104         {
 
       
  2105           // parse a range of addresses
 
       
  2106           $range = parse_ip_range($entry);
 
       
  2107           if ( !$range )
 
       
  2108           {
 
       
  2109             $error = true;
 
       
  2110             echo '<div class="error-box">Malformed IP address expression.</div>';
 
       
  2111             break;
 
       
  2112           }
 
       
  2113           foreach ($range as $ip)
 
       
  2114           {
 
       
  2115             $entries[] = $ip;
 
       
  2116           }
 
       
  2117         }
 
       
  2118         else
 
       
  2119         {
 
       
  2120           $entries[] = $entry;
 
       
  2121         }
 
       
  2122       }
 
       
  2123       if ( !$error )
 
       
  2124       {
 
       
  2125         $regex = ( isset($_POST['regex']) ) ? '1' : '0';
 
       
  2126         $to_insert = array();                                                         
       
  2127         $reason = $db->escape($_POST['reason']);
 
       
  2128         foreach ( $entries as $entry )
 
       
  2129         {
 
       
  2130           $entry = $db->escape($entry);
 
       
  2131           $to_insert[] = "($type, '$entry', '$reason', $regex)";
 
       
  2132         }
 
       
  2133         $q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n  VALUES" . implode(",\n  ", $to_insert) . ';';
 
       
  2134         @set_time_limit(0);
 
       
  2135         $e = $db->sql_query($q);
 
       
  2136         if(!$e) $db->_die('The banlist could not be updated.');
 
       
  2137       }
 
       
  2138     }
 
  2073   }
 
  2139   }
 
  2074   else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
 
  2140   else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
 
  2075   {
 
  2141   {
 
  2076     echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
 
  2142     echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
 
  2077   }
 
  2143   }
 
  2078   $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
 
  2144   $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
 
  2079   if(!$q) $db->_die('The banlist data could not be selected.');
 
  2145   if(!$q) $db->_die('The banlist data could not be selected.');
 
  2080   echo '<table border="0" cellspacing="1" cellpadding="4">';
 
  2146   echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;">
 
       
  2147           <table border="0" cellspacing="1" cellpadding="4">';
 
  2081   echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
 
  2148   echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
 
  2082   if($db->numrows() < 1) echo '<td colspan="4">No ban rules yet.</td>';
 
  2149   if($db->numrows() < 1) echo '<td class="row1" colspan="4">No ban rules yet.</td>';
 
       
  2150   $cls = 'row2';
 
  2083   while($r = $db->fetchrow())
 
  2151   while($r = $db->fetchrow())
 
  2084   {
 
  2152   {
 
       
  2153     $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
 
  2085     if($r['ban_type']==BAN_IP) $t = 'IP address';
 
  2154     if($r['ban_type']==BAN_IP) $t = 'IP address';
 
  2086     elseif($r['ban_type']==BAN_USER) $t = 'Username';
 
  2155     elseif($r['ban_type']==BAN_USER) $t = 'Username';
 
  2087     elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
 
  2156     elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
 
  2088     if($r['is_regex']) $g = 'Yes'; else $g = 'No';
 
  2157     if($r['is_regex']) $g = 'Yes'; else $g = 'No';
 
  2089     echo '<tr><td>'.$t.'</td><td>'.$r['ban_value'].'</td><td>'.$g.'</td><td><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&amp;action=delete&amp;id='.$r['ban_id']).'">Delete</a></td></tr>';
 
  2158     echo '<tr><td class="'.$cls.'">'.$t.'</td><td class="'.$cls.'">'.$r['ban_value'].'</td><td class="'.$cls.'">'.$g.'</td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&amp;action=delete&amp;id='.$r['ban_id']).'">Delete</a></td></tr>';
 
  2090   }
 
  2159   }
 
  2091   $db->free_result();
 
  2160   $db->free_result();
 
  2092   echo '</table>';
 
  2161   echo '</table></div>';
 
  2093   echo '<h3>Create new ban rule</h3>';
 
  2162   echo '<h3>Create new ban rule</h3>';
 
  2094   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
 
  2163   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
 
  2095   ?>
 
  2164   ?>
 
  2096   Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
 
  2165   Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
 
  2097   Rule: <input type="text" name="value" size="30" /><br />
 
  2166   Rule: <input type="text" name="value" size="30" /><br />
 
  2098   Reason to show to the banned user: <textarea name="reason" rows="7" cols="20"></textarea><br />
 
  2167   <small>You can ban multiple IP addresses, users, or e-mail addresses by separating entries with a single comma (User1,User2). Do not put a space after the comma. For IP addresses, you may specify ranges like 172|192.168.4-30|90-167.1-90, which will turn into 172 and 192 . 168 . 4-30 and 90-167 . 1 - 90, which matches 18,899 IP addresses. Don't specify large ranges (like the example one here) at once or you risk temporarily (~60sec) overloading the server.</small><br />
 
       
  2168   Reason to show to the banned user: <textarea name="reason" rows="7" cols="40"></textarea><br />
 
  2099   <input type="checkbox" name="regex" id="regex" />  <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
 
  2169   <input type="checkbox" name="regex" id="regex" />  <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
 
  2100   <input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
 
  2170   <input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
 
  2101   <?php
 
  2171   <?php
 
  2102   echo '</form>';
 
  2172   echo '</form>';
 
  2103 }
 
  2173 }
Enano CMS (1.1.x)