<?php

/***********************************************************************

  Copyright (C) 2002-2008  PunBB.org

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it

  under the terms of the GNU General Public License as published

  by the Free Software Foundation; either version 2 of the License,

  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but

  WITHOUT ANY WARRANTY; without even the implied warranty of

  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License

  along with this program; if not, write to the Free Software

  Foundation, Inc., 59 Temple Place, Suite 330, Boston,

  MA  02111-1307  USA

************************************************************************/

// if (!defined('PUN_ROOT'))

// 	define('PUN_ROOT', '../');

// require PUN_ROOT.'include/common.php';

require PUN_ROOT.'include/common_admin.php';

// import globals (I really hope this isn't dangerous)

foreach ( $GLOBALS as $key => $_ )

{

  $$key =& $GLOBALS[$key];

}

($hook = get_hook('aba_start')) ? eval($hook) : null;

if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))

	message($lang_common['No permission']);

// Load the admin.php language file

require PUN_ROOT.'lang/'.$pun_user['language'].'/admin.php';

$GLOBALS['lang_admin'] = $lang_admin;

// Add/edit a ban (stage 1)

if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))

{

	if (isset($_GET['add_ban']) || isset($_POST['add_ban']))

	{

		// If the id of the user to ban was provided through GET (a link from profile.php)

		if (isset($_GET['add_ban']))

		{

			$add_ban = intval($_GET['add_ban']);

			if ($add_ban < 2)

				message($lang_common['Bad request']);

			$user_id = $add_ban;

			($hook = get_hook('aba_add_ban_selected')) ? eval($hook) : null;

			$query = array(

				'SELECT'	=> 'u.group_id, u.username, u.email, u.registration_ip',

				'FROM'		=> 'users AS u',

				'WHERE'		=> 'u.id='.$user_id

			);

			($hook = get_hook('aba_qr_get_user_by_id')) ? eval($hook) : null;

			$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);

			if (!$pun_db->num_rows($result))

				message($lang_admin['No user id message']);

			list($group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result);

		}

		else	// Otherwise the username is in POST

		{

			$ban_user = trim($_POST['new_ban_user']);

			($hook = get_hook('aba_add_ban_form_submitted')) ? eval($hook) : null;

			if ($ban_user != '')

			{

				$query = array(

					'SELECT'	=> 'u.id, u.group_id, u.username, u.email, u.registration_ip',

					'FROM'		=> 'users AS u',

					'WHERE'		=> 'u.username=\''.$pun_db->escape($ban_user).'\' AND u.id>1'

				);

				($hook = get_hook('aba_qr_get_user_by_username')) ? eval($hook) : null;

				$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);

				if (!$pun_db->num_rows($result))

					message($lang_admin['No user username message']);

				list($user_id, $group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result);

			}

		}

		// Make sure we're not banning an admin

		if (isset($group_id) && $group_id == PUN_ADMIN)

			message($lang_admin['User is admin message']);

		// If we have a $user_id, we can try to find the last known IP of that user

		if (isset($user_id))

		{

			$query = array(

				'SELECT'	=> 'p.poster_ip',

				'FROM'		=> 'posts AS p',

				'WHERE'		=> 'p.poster_id='.$user_id,

				'ORDER BY'	=> 'p.posted DESC',

				'LIMIT'		=> '1'

			);

			($hook = get_hook('aba_qr_get_last_known_ip')) ? eval($hook) : null;

			$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);

			$ban_ip = ($pun_db->num_rows($result)) ? $pun_db->result($result) : $ban_ip;

		}

		$mode = 'add';

	}

	else	// We are editing a ban

	{

		$ban_id = intval($_GET['edit_ban']);

		if ($ban_id < 1)

			message($lang_common['Bad request']);

		($hook = get_hook('aba_edit_ban_selected')) ? eval($hook) : null;

		$query = array(

			'SELECT'	=> 'b.username, b.ip, b.email, b.message, b.expire',

			'FROM'		=> 'bans AS b',

			'WHERE'		=> 'b.id='.$ban_id

		);

		($hook = get_hook('aba_qr_get_ban_data')) ? eval($hook) : null;

		$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);

		if ($pun_db->num_rows($result))

			list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $pun_db->fetch_row($result);

		else

			message($lang_common['Bad request']);

		// We just use GMT for expire dates, as its a date rather than a day I don't think its worth worrying about

		$ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire) : '';

		$mode = 'edit';

	}

	// Setup the form

	$pun_page['fld_count'] = $pun_page['set_count'] = 0;

	// Setup breadcrumbs

	$pun_page['crumbs'] = array(

		array($pun_config['o_board_title'], pun_link($pun_url['index'])),

		array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])),

		array($lang_admin['Bans'], pun_link($pun_url['admin_bans'])),

		$lang_admin['Ban advanced']

	);

	($hook = get_hook('aba_add_edit_ban_pre_header_load')) ? eval($hook) : null;

	define('PUN_PAGE_SECTION', 'users');

	define('PUN_PAGE', 'admin-bans');

	require PUN_ROOT.'header.php';

?>

<div id="pun-main" class="main admin sectioned">

<?php echo generate_admin_menu(); ?>

	<div class="main-head">

		<h1><span>{ <?php echo end($pun_page['crumbs']) ?> }</span></h1>

	</div>

	<div class="main-content frm">

		<div class="frm-head">

			<h2><span><?php echo $lang_admin['Ban advanced heading'] ?></span></h2>

		</div>

		<div class="frm-info">

			<p class="warn"><?php echo $lang_admin['Ban IP warning'] ?></p>

		</div>

		<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_bans']) ?>">

			<div class="hidden">

				<input type="hidden" name="csrf_token" value="<?php echo generate_form_token(pun_link($pun_url['admin_bans'])) ?>" />

				<input type="hidden" name="mode" value="<?php echo $mode ?>" />

<?php if ($mode == 'edit'): ?>				<input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />

<?php endif; ?>			</div>

<?php ($hook = get_hook('aba_add_edit_ban_pre_criteria_fieldset')) ? eval($hook) : null; ?>

			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">

				<legend class="frm-legend"><span><?php echo $lang_admin['Ban criteria legend'] ?></span></legend>

<?php ($hook = get_hook('aba_add_edit_ban_pre_username')) ? eval($hook) : null; ?>

				<div class="frm-fld text">

					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">

						<span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />

						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_user" size="25" maxlength="25" value="<?php if (isset($ban_user)) echo htmlspecialchars($ban_user); ?>" /></span>

					</label>

				</div>

				<div class="frm-fld text">

					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">

						<span class="fld-label"><?php echo $lang_admin['E-mail/domain to ban'] ?></span><br />

						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo strtolower($ban_email); ?>" /></span>

						<span class="fld-help"><?php echo $lang_admin['E-mail/domain info'] ?></span>

					</label>

				</div>

				<div class="frm-fld text">

					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">

						<span class="fld-label"><?php echo $lang_admin['IP-addresses to ban'] ?></span><br />

						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_ip" size="45" maxlength="255" value="<?php if (isset($ban_ip)) echo $ban_ip; ?>" /></span>

						<span class="fld-help"><?php echo $lang_admin['IP-addresses info']; if ($ban_user != '' && isset($user_id)) echo ' '.$lang_admin['IP-addresses info 2'].'<a href="'.pun_link($pun_url['admin_users']).'&ip_stats='.$user_id.'">'.$lang_admin['IP-addresses info link'].'</a>' ?></span>

					</label>

				</div>

<?php ($hook = get_hook('aba_add_edit_ban_criteria_end')) ? eval($hook) : null; ?>

			</fieldset>

<?php ($hook = get_hook('aba_add_edit_ban_pre_settings_fieldset')) ? eval($hook) : null; ?>

			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">

				<legend class="frm-legend"><span><?php echo $lang_admin['Ban settings legend'] ?></span></legend>

<?php ($hook = get_hook('aba_add_edit_ban_pre_message')) ? eval($hook) : null; ?>

				<div class="frm-fld text">

					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">

						<span class="fld-label"><?php echo $lang_admin['Ban message'] ?></span><br />

						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_message" size="50" maxlength="255" value="<?php if (isset($ban_message)) echo htmlspecialchars($ban_message); ?>" /></span>

						<span class="fld-help"><?php echo $lang_admin['Ban message info'] ?></span>

					</label>

				</div>

				<div class="frm-fld text">

					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">

						<span class="fld-label"><?php echo $lang_admin['Expire date'] ?></span><br />

						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_expire" size="17" maxlength="10" value="<?php if (isset($ban_expire)) echo $ban_expire; ?>" /></span>

						<span class="fld-help"><?php echo $lang_admin['Expire date info'] ?></span>

					</label>

				</div>

<?php ($hook = get_hook('aba_add_edit_ban_settings_end')) ? eval($hook) : null; ?>

			</fieldset>

<?php ($hook = get_hook('aba_add_edit_ban_pre_buttons')) ? eval($hook) : null; ?>

			<div class="frm-buttons">

				<span class="submit"><input type="submit" class="button" name="add_edit_ban" value=" <?php echo $lang_admin['Save'] ?>" /></span>

			</div>

		</form>

	</div>

</div>

<?php

	require PUN_ROOT.'footer.php';

}

// Add/edit a ban (stage 2)

else if (isset($_POST['add_edit_ban']))

{

	$ban_user = trim($_POST['ban_user']);

	$ban_ip = trim($_POST['ban_ip']);

	$ban_email = strtolower(trim($_POST['ban_email']));

	$ban_message = trim($_POST['ban_message']);

	$ban_expire = trim($_POST['ban_expire']);

	if ($ban_user == '' && $ban_ip == '' && $ban_email == '')

		message($lang_admin['Must enter message']);

	else if (strtolower($ban_user) == 'guest')

		message($lang_admin['Can\'t ban guest user']);

	($hook = get_hook('aba_add_edit_ban_form_submitted2')) ? eval($hook) : null;

	// Validate IP/IP range (it's overkill, I know)

	if ($ban_ip != '')

	{

		$ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip);

		$addresses = explode(' ', $ban_ip);

		$addresses = array_map('trim', $addresses);

		for ($i = 0; $i < count($addresses); ++$i)

		{

			$octets = explode('.', $addresses[$i]);

			for ($c = 0; $c < count($octets); ++$c)

			{

				$octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c];

				if ($c > 3 || !ctype_digit($octets[$c]) || intval($octets[$c]) > 255)

					message($lang_admin['Invalid IP message']);

			}

			$cur_address = implode('.', $octets);

			$addresses[$i] = $cur_address;

		}

		$ban_ip = implode(' ', $addresses);

	}

	require PUN_ROOT.'include/email.php';

	if ($ban_email != '' && !is_valid_email($ban_email))

	{

		if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))

			message($lang_admin['Invalid e-mail message']);

	}

	if ($ban_expire != '' && $ban_expire != 'Never')

	{

		$ban_expire = strtotime($ban_expire);

		if ($ban_expire == -1 || $ban_expire <= time())

			message($lang_admin['Invalid expire message']);

	}

	else

		$ban_expire = 'NULL';

	$ban_user = ($ban_user != '') ? '\''.$pun_db->escape($ban_user).'\'' : 'NULL';

	$ban_ip = ($ban_ip != '') ? '\''.$pun_db->escape($ban_ip).'\'' : 'NULL';

	$ban_email = ($ban_email != '') ? '\''.$pun_db->escape($ban_email).'\'' : 'NULL';

	$ban_message = ($ban_message != '') ? '\''.$pun_db->escape($ban_message).'\'' : 'NULL';

	if ($_POST['mode'] == 'add')

	{

		$query = array(

			'INSERT'	=> 'username, ip, email, message, expire, ban_creator',

			'INTO'		=> 'bans',

			'VALUES'	=> $ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$pun_user['id']

		);

		($hook = get_hook('aba_qr_add_ban')) ? eval($hook) : null;

		$pun_db->query_build($query) or error(__FILE__, __LINE__);

	}

	else

	{

		$query = array(

			'UPDATE'	=> 'bans',

			'SET'		=> 'username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire,

			'WHERE'		=> 'id='.intval($_POST['ban_id'])

		);

		($hook = get_hook('aba_qr_update_ban')) ? eval($hook) : null;

		$pun_db->query_build($query) or error(__FILE__, __LINE__);

	}

	// Regenerate the bans cache

	require_once PUN_ROOT.'include/cache.php';

	generate_bans_cache();

	pun_redirect(pun_link($pun_url['admin_bans']), (($_POST['mode'] == 'edit') ? $lang_admin['Ban edited'] : $lang_admin['Ban added']).' '.$lang_admin['Redirect']);

}

// Remove a ban

else if (isset($_GET['del_ban']))

{

	$ban_id = intval($_GET['del_ban']);

	if ($ban_id < 1)

		message($lang_common['Bad request']);

	// Validate the CSRF token

	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('del_ban'.$ban_id)))

		csrf_confirm_form();

	($hook = get_hook('aba_del_ban_form_submitted2')) ? eval($hook) : null;

	$query = array(

		'DELETE'	=> 'bans',

		'WHERE'		=> 'id='.$ban_id

	);

	($hook = get_hook('aba_qr_delete_ban')) ? eval($hook) : null;

	$pun_db->query_build($query) or error(__FILE__, __LINE__);

	// Regenerate the bans cache

	require_once PUN_ROOT.'include/cache.php';

	generate_bans_cache();

	pun_redirect(pun_link($pun_url['admin_bans']), $lang_admin['Ban removed'].' '. $lang_admin['Redirect']);

}

// Setup the form

$pun_page['part_count'] = $pun_page['fld_count'] = $pun_page['set_count'] = 0;

// Setup breadcrumbs

$pun_page['crumbs'] = array(

	array($pun_config['o_board_title'], pun_link($pun_url['index'])),

	array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])),

	$lang_admin['Bans']

);

($hook = get_hook('aba_pre_header_loaded')) ? eval($hook) : null;

define('PUN_PAGE_SECTION', 'users');

define('PUN_PAGE', 'admin-bans');

require PUN_ROOT.'header.php';

?>

<div id="pun-main" class="main sectioned admin">

<?php echo generate_admin_menu(); ?>

	<div class="main-head">

		<h1><span>{ <?php echo end($pun_page['crumbs']) ?> }</span></h1>

	</div>

	<div class="main-content frm">

		<div class="frm-head">

			<h2><span><?php echo $lang_admin['New ban heading'] ?></span></h2>

		</div>

		<div class="frm-info">

			<p><?php echo $lang_admin['Advanced ban info'] ?></p>

		</div>

		<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_bans']) ?>&amp;action=more">

			<div class="hidden">

				<input type="hidden" name="csrf_token" value="<?php echo generate_form_token(pun_link($pun_url['admin_bans']).'&action=more') ?>" />

			</div>

			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">

				<legend class="frm-legend"><strong><?php echo $lang_admin['New ban legend'] ?></strong></legend>

				<div class="frm-fld text">

					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">

						<span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />

						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="new_ban_user" size="25" maxlength="25" /></span>

					</label>

				</div>

			</fieldset>

			<div class="frm-buttons">

				<span class="submit"><input type="submit" class="button" name="add_ban" value=" Add " /></span>

			</div>

		</form>

	</div>

<?php

// Reset fieldset counter

$pun_page['set_count'] = 0;

?>

	<div class="main-content frm">

		<div class="frm-head">

			<h2><span><?php echo $lang_admin['Existing bans heading'] ?></span></h2>

		</div>

<?php

if (!empty($pun_bans))

{

	$pun_page['item_num'] = 0;

	foreach ($pun_bans as $ban_key => $cur_ban)

	{

		$pun_page['ban_info'] = array();

		$pun_page['ban_creator'] = ($cur_ban['ban_creator_username'] != '') ? '<a href="'.pun_link($pun_url['user'], $cur_ban['ban_creator']).'">'.htmlspecialchars($cur_ban['ban_creator_username']).'</a>' : $lang_admin['Unknown'];

		if ($cur_ban['username'] != '')

			$pun_page['ban_info'][] = '<span>'.$lang_admin['Username'].': '.htmlspecialchars($cur_ban['username']).'</span>';

		if ($cur_ban['email'] != '')

			$pun_page['ban_info'][] = '<span>'.$lang_admin['E-mail'].': '.$cur_ban['email'].'</span>';

		if ($cur_ban['ip'] != '')

			$pun_page['ban_info'][] = '<span>'.$lang_admin['IP-ranges'].': '.$cur_ban['ip'].'</span>';

		if ($cur_ban['expire'] != '')

			$pun_page['ban_info'][] = '<span>'.$lang_admin['Expire date'].': '.format_time($cur_ban['expire'], true).'</span>';

		($hook = get_hook('aba_view_ban_pre_display')) ? eval($hook) : null;

?>

		<div class="ban-item databox db<?php echo ++$pun_page['item_num'] ?>">

			<h3 class="legend"><span><?php printf($lang_admin['Current ban head'], $pun_page['ban_creator']) ?></span></h3>

<?php if (!empty($pun_page['ban_info'])): ?>			<p class="data">

				<?php echo implode('<br />', $pun_page['ban_info'])."\n" ?>

			</p>

<?php endif; if ($cur_ban['message'] != ''): ?>			<p><?php echo $lang_admin['Reason'].': '.htmlspecialchars($cur_ban['message']) ?></p>

<?php endif; ?>		<p class="actions"><a href="<?php echo pun_link($pun_url['admin_bans']).'&edit_ban='.$cur_ban['id'] ?>"><?php echo $lang_admin['Edit'] ?></a> <a href="<?php echo pun_link($pun_url['admin_bans']).'&del_ban='.$cur_ban['id'].'&amp;csrf_token='.generate_form_token('del_ban'.$cur_ban['id']) ?>"><?php echo $lang_admin['Remove'] ?></a></p>

</div>

<?php

	}

}

else

{

?>

		<div class="frm-info">

			<p><?php echo $lang_admin['No bans'] ?></p>

		</div>

<?php

}

?>

	</div>

</div>

<?php

require PUN_ROOT.'footer.php';