--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/punbb/admin/bans.php Sat Apr 05 23:56:45 2008 -0400
@@ -0,0 +1,487 @@
+<?php
+/***********************************************************************
+
+ Copyright (C) 2002-2008 PunBB.org
+
+ This file is part of PunBB.
+
+ PunBB is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 2 of the License,
+ or (at your option) any later version.
+
+ PunBB is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ MA 02111-1307 USA
+
+************************************************************************/
+
+
+// if (!defined('PUN_ROOT'))
+// define('PUN_ROOT', '../');
+// require PUN_ROOT.'include/common.php';
+require PUN_ROOT.'include/common_admin.php';
+
+// import globals (I really hope this isn't dangerous)
+foreach ( $GLOBALS as $key => $_ )
+{
+ $$key =& $GLOBALS[$key];
+}
+
+($hook = get_hook('aba_start')) ? eval($hook) : null;
+
+if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
+ message($lang_common['No permission']);
+
+// Load the admin.php language file
+require PUN_ROOT.'lang/'.$pun_user['language'].'/admin.php';
+$GLOBALS['lang_admin'] = $lang_admin;
+
+
+// Add/edit a ban (stage 1)
+if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
+{
+ if (isset($_GET['add_ban']) || isset($_POST['add_ban']))
+ {
+ // If the id of the user to ban was provided through GET (a link from profile.php)
+ if (isset($_GET['add_ban']))
+ {
+ $add_ban = intval($_GET['add_ban']);
+ if ($add_ban < 2)
+ message($lang_common['Bad request']);
+
+ $user_id = $add_ban;
+
+ ($hook = get_hook('aba_add_ban_selected')) ? eval($hook) : null;
+
+ $query = array(
+ 'SELECT' => 'u.group_id, u.username, u.email, u.registration_ip',
+ 'FROM' => 'users AS u',
+ 'WHERE' => 'u.id='.$user_id
+ );
+
+ ($hook = get_hook('aba_qr_get_user_by_id')) ? eval($hook) : null;
+ $result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
+ if (!$pun_db->num_rows($result))
+ message($lang_admin['No user id message']);
+
+ list($group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result);
+ }
+ else // Otherwise the username is in POST
+ {
+ $ban_user = trim($_POST['new_ban_user']);
+
+ ($hook = get_hook('aba_add_ban_form_submitted')) ? eval($hook) : null;
+
+ if ($ban_user != '')
+ {
+ $query = array(
+ 'SELECT' => 'u.id, u.group_id, u.username, u.email, u.registration_ip',
+ 'FROM' => 'users AS u',
+ 'WHERE' => 'u.username=\''.$pun_db->escape($ban_user).'\' AND u.id>1'
+ );
+
+ ($hook = get_hook('aba_qr_get_user_by_username')) ? eval($hook) : null;
+ $result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
+ if (!$pun_db->num_rows($result))
+ message($lang_admin['No user username message']);
+
+ list($user_id, $group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result);
+ }
+ }
+
+ // Make sure we're not banning an admin
+ if (isset($group_id) && $group_id == PUN_ADMIN)
+ message($lang_admin['User is admin message']);
+
+ // If we have a $user_id, we can try to find the last known IP of that user
+ if (isset($user_id))
+ {
+ $query = array(
+ 'SELECT' => 'p.poster_ip',
+ 'FROM' => 'posts AS p',
+ 'WHERE' => 'p.poster_id='.$user_id,
+ 'ORDER BY' => 'p.posted DESC',
+ 'LIMIT' => '1'
+ );
+
+ ($hook = get_hook('aba_qr_get_last_known_ip')) ? eval($hook) : null;
+ $result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
+
+ $ban_ip = ($pun_db->num_rows($result)) ? $pun_db->result($result) : $ban_ip;
+ }
+
+ $mode = 'add';
+ }
+ else // We are editing a ban
+ {
+ $ban_id = intval($_GET['edit_ban']);
+ if ($ban_id < 1)
+ message($lang_common['Bad request']);
+
+ ($hook = get_hook('aba_edit_ban_selected')) ? eval($hook) : null;
+
+ $query = array(
+ 'SELECT' => 'b.username, b.ip, b.email, b.message, b.expire',
+ 'FROM' => 'bans AS b',
+ 'WHERE' => 'b.id='.$ban_id
+ );
+
+ ($hook = get_hook('aba_qr_get_ban_data')) ? eval($hook) : null;
+ $result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
+ if ($pun_db->num_rows($result))
+ list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $pun_db->fetch_row($result);
+ else
+ message($lang_common['Bad request']);
+
+ // We just use GMT for expire dates, as its a date rather than a day I don't think its worth worrying about
+ $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire) : '';
+
+ $mode = 'edit';
+ }
+
+
+ // Setup the form
+ $pun_page['fld_count'] = $pun_page['set_count'] = 0;
+
+ // Setup breadcrumbs
+ $pun_page['crumbs'] = array(
+ array($pun_config['o_board_title'], pun_link($pun_url['index'])),
+ array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])),
+ array($lang_admin['Bans'], pun_link($pun_url['admin_bans'])),
+ $lang_admin['Ban advanced']
+ );
+
+ ($hook = get_hook('aba_add_edit_ban_pre_header_load')) ? eval($hook) : null;
+
+ define('PUN_PAGE_SECTION', 'users');
+ define('PUN_PAGE', 'admin-bans');
+ require PUN_ROOT.'header.php';
+
+?>
+<div id="pun-main" class="main admin sectioned">
+
+<?php echo generate_admin_menu(); ?>
+
+ <div class="main-head">
+ <h1><span>{ <?php echo end($pun_page['crumbs']) ?> }</span></h1>
+ </div>
+
+ <div class="main-content frm">
+ <div class="frm-head">
+ <h2><span><?php echo $lang_admin['Ban advanced heading'] ?></span></h2>
+ </div>
+ <div class="frm-info">
+ <p class="warn"><?php echo $lang_admin['Ban IP warning'] ?></p>
+ </div>
+ <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_bans']) ?>">
+ <div class="hidden">
+ <input type="hidden" name="csrf_token" value="<?php echo generate_form_token(pun_link($pun_url['admin_bans'])) ?>" />
+ <input type="hidden" name="mode" value="<?php echo $mode ?>" />
+<?php if ($mode == 'edit'): ?> <input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />
+<?php endif; ?> </div>
+<?php ($hook = get_hook('aba_add_edit_ban_pre_criteria_fieldset')) ? eval($hook) : null; ?>
+ <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
+ <legend class="frm-legend"><span><?php echo $lang_admin['Ban criteria legend'] ?></span></legend>
+<?php ($hook = get_hook('aba_add_edit_ban_pre_username')) ? eval($hook) : null; ?>
+ <div class="frm-fld text">
+ <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+ <span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />
+ <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_user" size="25" maxlength="25" value="<?php if (isset($ban_user)) echo htmlspecialchars($ban_user); ?>" /></span>
+ </label>
+ </div>
+ <div class="frm-fld text">
+ <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+ <span class="fld-label"><?php echo $lang_admin['E-mail/domain to ban'] ?></span><br />
+ <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo strtolower($ban_email); ?>" /></span>
+ <span class="fld-help"><?php echo $lang_admin['E-mail/domain info'] ?></span>
+ </label>
+ </div>
+ <div class="frm-fld text">
+ <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+ <span class="fld-label"><?php echo $lang_admin['IP-addresses to ban'] ?></span><br />
+ <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_ip" size="45" maxlength="255" value="<?php if (isset($ban_ip)) echo $ban_ip; ?>" /></span>
+ <span class="fld-help"><?php echo $lang_admin['IP-addresses info']; if ($ban_user != '' && isset($user_id)) echo ' '.$lang_admin['IP-addresses info 2'].'<a href="'.pun_link($pun_url['admin_users']).'&ip_stats='.$user_id.'">'.$lang_admin['IP-addresses info link'].'</a>' ?></span>
+ </label>
+ </div>
+<?php ($hook = get_hook('aba_add_edit_ban_criteria_end')) ? eval($hook) : null; ?>
+ </fieldset>
+<?php ($hook = get_hook('aba_add_edit_ban_pre_settings_fieldset')) ? eval($hook) : null; ?>
+ <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
+ <legend class="frm-legend"><span><?php echo $lang_admin['Ban settings legend'] ?></span></legend>
+<?php ($hook = get_hook('aba_add_edit_ban_pre_message')) ? eval($hook) : null; ?>
+ <div class="frm-fld text">
+ <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+ <span class="fld-label"><?php echo $lang_admin['Ban message'] ?></span><br />
+ <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_message" size="50" maxlength="255" value="<?php if (isset($ban_message)) echo htmlspecialchars($ban_message); ?>" /></span>
+ <span class="fld-help"><?php echo $lang_admin['Ban message info'] ?></span>
+ </label>
+ </div>
+ <div class="frm-fld text">
+ <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+ <span class="fld-label"><?php echo $lang_admin['Expire date'] ?></span><br />
+ <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_expire" size="17" maxlength="10" value="<?php if (isset($ban_expire)) echo $ban_expire; ?>" /></span>
+ <span class="fld-help"><?php echo $lang_admin['Expire date info'] ?></span>
+ </label>
+ </div>
+<?php ($hook = get_hook('aba_add_edit_ban_settings_end')) ? eval($hook) : null; ?>
+ </fieldset>
+<?php ($hook = get_hook('aba_add_edit_ban_pre_buttons')) ? eval($hook) : null; ?>
+ <div class="frm-buttons">
+ <span class="submit"><input type="submit" class="button" name="add_edit_ban" value=" <?php echo $lang_admin['Save'] ?>" /></span>
+ </div>
+ </form>
+ </div>
+
+</div>
+<?php
+
+ require PUN_ROOT.'footer.php';
+}
+
+
+// Add/edit a ban (stage 2)
+else if (isset($_POST['add_edit_ban']))
+{
+ $ban_user = trim($_POST['ban_user']);
+ $ban_ip = trim($_POST['ban_ip']);
+ $ban_email = strtolower(trim($_POST['ban_email']));
+ $ban_message = trim($_POST['ban_message']);
+ $ban_expire = trim($_POST['ban_expire']);
+
+ if ($ban_user == '' && $ban_ip == '' && $ban_email == '')
+ message($lang_admin['Must enter message']);
+ else if (strtolower($ban_user) == 'guest')
+ message($lang_admin['Can\'t ban guest user']);
+
+ ($hook = get_hook('aba_add_edit_ban_form_submitted2')) ? eval($hook) : null;
+
+ // Validate IP/IP range (it's overkill, I know)
+ if ($ban_ip != '')
+ {
+ $ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip);
+ $addresses = explode(' ', $ban_ip);
+ $addresses = array_map('trim', $addresses);
+
+ for ($i = 0; $i < count($addresses); ++$i)
+ {
+ $octets = explode('.', $addresses[$i]);
+
+ for ($c = 0; $c < count($octets); ++$c)
+ {
+ $octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c];
+
+ if ($c > 3 || !ctype_digit($octets[$c]) || intval($octets[$c]) > 255)
+ message($lang_admin['Invalid IP message']);
+ }
+
+ $cur_address = implode('.', $octets);
+ $addresses[$i] = $cur_address;
+ }
+
+ $ban_ip = implode(' ', $addresses);
+ }
+
+ require PUN_ROOT.'include/email.php';
+ if ($ban_email != '' && !is_valid_email($ban_email))
+ {
+ if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))
+ message($lang_admin['Invalid e-mail message']);
+ }
+
+ if ($ban_expire != '' && $ban_expire != 'Never')
+ {
+ $ban_expire = strtotime($ban_expire);
+
+ if ($ban_expire == -1 || $ban_expire <= time())
+ message($lang_admin['Invalid expire message']);
+ }
+ else
+ $ban_expire = 'NULL';
+
+ $ban_user = ($ban_user != '') ? '\''.$pun_db->escape($ban_user).'\'' : 'NULL';
+ $ban_ip = ($ban_ip != '') ? '\''.$pun_db->escape($ban_ip).'\'' : 'NULL';
+ $ban_email = ($ban_email != '') ? '\''.$pun_db->escape($ban_email).'\'' : 'NULL';
+ $ban_message = ($ban_message != '') ? '\''.$pun_db->escape($ban_message).'\'' : 'NULL';
+
+ if ($_POST['mode'] == 'add')
+ {
+ $query = array(
+ 'INSERT' => 'username, ip, email, message, expire, ban_creator',
+ 'INTO' => 'bans',
+ 'VALUES' => $ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$pun_user['id']
+ );
+
+ ($hook = get_hook('aba_qr_add_ban')) ? eval($hook) : null;
+ $pun_db->query_build($query) or error(__FILE__, __LINE__);
+ }
+ else
+ {
+ $query = array(
+ 'UPDATE' => 'bans',
+ 'SET' => 'username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire,
+ 'WHERE' => 'id='.intval($_POST['ban_id'])
+ );
+
+ ($hook = get_hook('aba_qr_update_ban')) ? eval($hook) : null;
+ $pun_db->query_build($query) or error(__FILE__, __LINE__);
+ }
+
+ // Regenerate the bans cache
+ require_once PUN_ROOT.'include/cache.php';
+ generate_bans_cache();
+
+ pun_redirect(pun_link($pun_url['admin_bans']), (($_POST['mode'] == 'edit') ? $lang_admin['Ban edited'] : $lang_admin['Ban added']).' '.$lang_admin['Redirect']);
+}
+
+
+// Remove a ban
+else if (isset($_GET['del_ban']))
+{
+ $ban_id = intval($_GET['del_ban']);
+ if ($ban_id < 1)
+ message($lang_common['Bad request']);
+
+ // Validate the CSRF token
+ if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('del_ban'.$ban_id)))
+ csrf_confirm_form();
+
+ ($hook = get_hook('aba_del_ban_form_submitted2')) ? eval($hook) : null;
+
+ $query = array(
+ 'DELETE' => 'bans',
+ 'WHERE' => 'id='.$ban_id
+ );
+
+ ($hook = get_hook('aba_qr_delete_ban')) ? eval($hook) : null;
+ $pun_db->query_build($query) or error(__FILE__, __LINE__);
+
+ // Regenerate the bans cache
+ require_once PUN_ROOT.'include/cache.php';
+ generate_bans_cache();
+
+ pun_redirect(pun_link($pun_url['admin_bans']), $lang_admin['Ban removed'].' '. $lang_admin['Redirect']);
+}
+
+
+// Setup the form
+$pun_page['part_count'] = $pun_page['fld_count'] = $pun_page['set_count'] = 0;
+
+// Setup breadcrumbs
+$pun_page['crumbs'] = array(
+ array($pun_config['o_board_title'], pun_link($pun_url['index'])),
+ array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])),
+ $lang_admin['Bans']
+);
+
+($hook = get_hook('aba_pre_header_loaded')) ? eval($hook) : null;
+
+define('PUN_PAGE_SECTION', 'users');
+define('PUN_PAGE', 'admin-bans');
+require PUN_ROOT.'header.php';
+
+?>
+<div id="pun-main" class="main sectioned admin">
+
+<?php echo generate_admin_menu(); ?>
+
+ <div class="main-head">
+ <h1><span>{ <?php echo end($pun_page['crumbs']) ?> }</span></h1>
+ </div>
+
+ <div class="main-content frm">
+ <div class="frm-head">
+ <h2><span><?php echo $lang_admin['New ban heading'] ?></span></h2>
+ </div>
+ <div class="frm-info">
+ <p><?php echo $lang_admin['Advanced ban info'] ?></p>
+ </div>
+ <form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_bans']) ?>&action=more">
+ <div class="hidden">
+ <input type="hidden" name="csrf_token" value="<?php echo generate_form_token(pun_link($pun_url['admin_bans']).'&action=more') ?>" />
+ </div>
+ <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
+ <legend class="frm-legend"><strong><?php echo $lang_admin['New ban legend'] ?></strong></legend>
+ <div class="frm-fld text">
+ <label for="fld<?php echo ++$pun_page['fld_count'] ?>">
+ <span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />
+ <span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="new_ban_user" size="25" maxlength="25" /></span>
+ </label>
+ </div>
+ </fieldset>
+ <div class="frm-buttons">
+ <span class="submit"><input type="submit" class="button" name="add_ban" value=" Add " /></span>
+ </div>
+ </form>
+ </div>
+<?php
+
+// Reset fieldset counter
+$pun_page['set_count'] = 0;
+
+?>
+ <div class="main-content frm">
+ <div class="frm-head">
+ <h2><span><?php echo $lang_admin['Existing bans heading'] ?></span></h2>
+ </div>
+<?php
+
+if (!empty($pun_bans))
+{
+ $pun_page['item_num'] = 0;
+ foreach ($pun_bans as $ban_key => $cur_ban)
+ {
+ $pun_page['ban_info'] = array();
+ $pun_page['ban_creator'] = ($cur_ban['ban_creator_username'] != '') ? '<a href="'.pun_link($pun_url['user'], $cur_ban['ban_creator']).'">'.htmlspecialchars($cur_ban['ban_creator_username']).'</a>' : $lang_admin['Unknown'];
+
+ if ($cur_ban['username'] != '')
+ $pun_page['ban_info'][] = '<span>'.$lang_admin['Username'].': '.htmlspecialchars($cur_ban['username']).'</span>';
+
+ if ($cur_ban['email'] != '')
+ $pun_page['ban_info'][] = '<span>'.$lang_admin['E-mail'].': '.$cur_ban['email'].'</span>';
+
+ if ($cur_ban['ip'] != '')
+ $pun_page['ban_info'][] = '<span>'.$lang_admin['IP-ranges'].': '.$cur_ban['ip'].'</span>';
+
+ if ($cur_ban['expire'] != '')
+ $pun_page['ban_info'][] = '<span>'.$lang_admin['Expire date'].': '.format_time($cur_ban['expire'], true).'</span>';
+
+ ($hook = get_hook('aba_view_ban_pre_display')) ? eval($hook) : null;
+
+?>
+ <div class="ban-item databox db<?php echo ++$pun_page['item_num'] ?>">
+ <h3 class="legend"><span><?php printf($lang_admin['Current ban head'], $pun_page['ban_creator']) ?></span></h3>
+<?php if (!empty($pun_page['ban_info'])): ?> <p class="data">
+ <?php echo implode('<br />', $pun_page['ban_info'])."\n" ?>
+ </p>
+<?php endif; if ($cur_ban['message'] != ''): ?> <p><?php echo $lang_admin['Reason'].': '.htmlspecialchars($cur_ban['message']) ?></p>
+<?php endif; ?> <p class="actions"><a href="<?php echo pun_link($pun_url['admin_bans']).'&edit_ban='.$cur_ban['id'] ?>"><?php echo $lang_admin['Edit'] ?></a> <a href="<?php echo pun_link($pun_url['admin_bans']).'&del_ban='.$cur_ban['id'].'&csrf_token='.generate_form_token('del_ban'.$cur_ban['id']) ?>"><?php echo $lang_admin['Remove'] ?></a></p>
+</div>
+<?php
+
+ }
+}
+else
+{
+
+?>
+ <div class="frm-info">
+ <p><?php echo $lang_admin['No bans'] ?></p>
+ </div>
+<?php
+
+}
+
+?>
+ </div>
+
+</div>
+<?php
+
+require PUN_ROOT.'footer.php';