--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/htdocs/auth/iplogs.php Thu Dec 04 19:40:27 2008 -0500
@@ -0,0 +1,189 @@
+<?php
+
+// auth if possible
+if ( file_exists('./includes/common.php') )
+{
+ require('includes/common.php');
+ if ( !$session->user_logged_in )
+ {
+ // error out
+ $paths->main_page();
+ die('Not authorized');
+ }
+ $db->close();
+ // unload Enano, we don't need it anymore
+ unset($db, $session, $paths, $template, $plugins);
+}
+
+function parse_wildcard($str)
+{
+ $append = isset($_POST['match_whole']) ? '' : '%';
+ return $append . mysql_real_escape_string(strtr(str_replace(array('%', '_'), array('\%', '\_'), $str), '*?', '%_')) . $append;
+}
+
+function basenick($nick)
+{
+ if ( preg_match('/^`/', $nick) )
+ {
+ $nick = substr($nick, 1);
+ }
+ return preg_replace('/(`|\|)(.+?)$/', '', $nick);
+}
+
+function dbdie()
+{
+ die('MySQL query error: ' . mysql_error());
+}
+
+function tableize_mysql_result($result)
+{
+ $col_strings = array(
+ 'nick' => 'Nickname',
+ 'basenick' => 'Basenick',
+ 'ip' => 'IP',
+ 'hostname' => 'Hostname',
+ 'time' => 'Last join',
+ 'channel' => 'Channel'
+ );
+ if ( mysql_num_rows($result) < 1 )
+ {
+ echo '<p>No results.</p>';
+ return true;
+ }
+ $row = @mysql_fetch_assoc($result);
+ echo '<table border="1" cellpadding="3"><tr>';
+ foreach ( $row as $col => $_ )
+ {
+ echo "<th>{$col_strings[$col]}</th>";
+ }
+ echo '</tr>';
+ do
+ {
+ echo "<tr>";
+ foreach ( $row as $col => $val )
+ {
+ if ( $col == 'nick' )
+ echo "<td><a href=\"iplogs.php?query_user=" . urlencode($val) . "\">$val</a></td>";
+ else if ( $col == 'ip' )
+ echo "<td><a href=\"iplogs.php?query_ip=" . urlencode($val) . "\">$val</a></td>";
+ else if ( $col == 'time' )
+ echo "<td>" . date('r', intval($val)) . "</td>";
+ else
+ echo "<td>$val</td>";
+ }
+ echo "</tr>";
+ }
+ while ( $row = mysql_fetch_assoc($result) );
+ echo '</table>';
+ return true;
+}
+
+require('../../stats-fe.php');
+require('../../timezone.php');
+
+echo '<h2>' . $nick . ' IP logs</h2>';
+
+if ( isset($_POST['submit']) )
+{
+ $query = 'SELECT nick, basenick, ip, hostname, channel, time FROM ip_log';
+ $where = 'WHERE';
+ if ( !empty($_POST['nick']) )
+ {
+ $query .= " $where ( nick LIKE '" . parse_wildcard($_POST['nick']) . "'";
+ $query .= " OR basenick LIKE '" . parse_wildcard($_POST['nick']) . "' )";
+ $where = 'OR';
+ }
+ if ( !empty($_POST['ip']) )
+ {
+ $query .= " $where ip LIKE '" . parse_wildcard($_POST['ip']) . "'";
+ $where = 'OR';
+ }
+ if ( !empty($_POST['host']) )
+ {
+ $query .= " $where hostname LIKE '" . parse_wildcard($_POST['host']) . "'";
+ $where = 'OR';
+ }
+ if ( !empty($_POST['channel']) && $_POST['channel'] != '#' )
+ {
+ $query .= " $where channel LIKE '" . parse_wildcard($_POST['channel']) . "'";
+ $where = 'OR';
+ }
+
+ $query .= ';';
+
+ if ( $result = eb_mysql_query($query) )
+ {
+ $num_results = mysql_num_rows($result);
+ $str = ( $num_results == 1 ) ? "1 result" : "$num_results results";
+ tableize_mysql_result($result);
+ }
+}
+
+if ( isset($_GET['query_user']) )
+{
+ $nick =& $_GET['query_user'];
+ echo '<h3>' . htmlspecialchars($nick) . '</h3>';
+ echo '<p>Basenick: ' . htmlspecialchars(basenick($nick)) . '</p>';
+
+ echo '<h4>IP addresses this user has been seen from</h4>';
+ $nick = mysql_real_escape_string($nick);
+ $basenick = mysql_real_escape_string(basenick($nick));
+ $q = eb_mysql_query("SELECT DISTINCT ip, hostname FROM ip_log WHERE nick = '$nick' OR basenick = '$basenick';");
+ if ( !$q )
+ dbdie();
+ tableize_mysql_result($q);
+
+ echo '<h4>Channels this user has been seen in</h4>';
+ $q = eb_mysql_query("SELECT DISTINCT nick, channel, time FROM ip_log WHERE nick = '$nick' OR basenick = '$basenick';");
+ if ( !$q )
+ dbdie();
+ tableize_mysql_result($q);
+}
+
+if ( isset($_GET['query_ip']) )
+{
+ $ip =& $_GET['query_ip'];
+ echo '<h3>' . htmlspecialchars($ip) . '</h3>';
+ $ip = mysql_real_escape_string($ip);
+
+ echo '<h4>Users seen from this IP address</h4>';
+ $q = eb_mysql_query("SELECT DISTINCT nick, channel, time FROM ip_log WHERE ip = '$ip';");
+ if ( !$q )
+ dbdie();
+ tableize_mysql_result($q);
+}
+
+// FORM
+?>
+<form action="iplogs.php" method="post">
+ <h3>Search database</h3>
+ <p><small>Enter data in one or more fields. You can use an asterisk (*) anywhere to match multiple characters or a question mark (?) to match a single character.</small></p>
+ <table border="0">
+ <tr>
+ <td>Nickname</td>
+ <td><input type="text" name="nick" size="30" /></td>
+ </tr>
+ <tr>
+ <td>IP address</td>
+ <td><input type="text" name="ip" size="30" /></td>
+ </tr>
+ <tr>
+ <td>Hostname</td>
+ <td><input type="text" name="host" size="30" /></td>
+ </tr>
+ <tr>
+ <td>Channel</td>
+ <td><input type="host" name="channel" size="30" value="#" /></td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <label><input type="checkbox" name="match_whole" /> Exact matches</label>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" style="text-align: center;">
+ <input type="submit" name="submit" />
+ </td>
+ </tr>
+ </table>
+</form>