mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-06-05 18:35:01 +02:00
Code Issues Releases Wiki Activity

Update banlist handling

Browse Source
This commit is contained in:
e107steved 2007-12-09 16:42:23 +00:00
parent acc7538c0a
commit 298202106c
12 changed files with 891 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
class2.php
View File

@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/class2.php,v $
| $Revision: 1.31 $
| $Date: 2007-11-13 07:25:54 $
| $Author: e107coders $
| $Revision: 1.32 $
| $Date: 2007-12-09 16:42:21 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
//
@ -1059,13 +1059,13 @@ function save_prefs($table = 'core', $uid = USERID, $row_val = '')
{
if ($row_val == '')
{ // Save old version as a backup first
$sql->db_Select_gen("REPLACE INTO #core (e107_name,e107_value) values ('SitePrefs_Backup', '".addslashes($PrefCache)."') ");
$sql->db_Select_gen("REPLACE INTO `#core` (e107_name,e107_value) values ('SitePrefs_Backup', '".addslashes($PrefCache)."') ");
// Now save the updated values
// traverse the pref array, with toDB on everything
$_pref = $tp -> toDB($pref, true, true);
// Create the data to be stored
$sql->db_Select_gen("REPLACE INTO #core (e107_name,e107_value) values ('SitePrefs', '".$eArrayStorage->WriteArray($_pref)."') ");
$sql->db_Select_gen("REPLACE INTO `#core` (e107_name,e107_value) values ('SitePrefs', '".$eArrayStorage->WriteArray($_pref)."') ");
ecache::clear('SitePrefs');
}
}
@ -1168,12 +1168,15 @@ class e_online {
$row['online_pagecount'] = 1;
}
if ($row['online_pagecount'] > $online_bancount && ($row['online_ip'] != "127.0.0.1")) {
$sql->db_Insert("banlist", "'{$ip}', '0', 'Hit count exceeded ({$row['online_pagecount']} requests within allotted time)' ");
if ($row['online_pagecount'] > $online_bancount && ($row['online_ip'] != "127.0.0.1"))
{
// $sql->db_Insert("banlist", "'{$ip}', '0', 'Hit count exceeded ({$row['online_pagecount']} requests within allotted time)' ");
$e107->add_ban(2,"Hit count exceeded ({$row['online_pagecount']} requests within allotted time)",$ip,0);
$e_event->trigger("flood", $ip);
exit;
}
if ($row['online_pagecount'] >= $online_warncount && $row['online_ip'] != "127.0.0.1") {
if ($row['online_pagecount'] >= $online_warncount && $row['online_ip'] != "127.0.0.1")
{
echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>".LAN_WARNING."</b><br /><br />".CORE_LAN6."<br /></div>";
exit;
}
@ -1310,7 +1313,14 @@ function init_session() {
$currentUser['user_realname'] = $result['user_login']; // Used by force_userupdate
define("USERLV", $result['user_lastvisit']);
if ($result['user_ban'] == 1) { exit; }
if ($result['user_ban'] == 1)
{
if (isset($pref['ban_messages']))
{
echo $tp->toHTML(varsettrue($pref['ban_messages'][6])); // Show message if one set
}
exit;
}
$user_pref = ($result['user_prefs']) ? unserialize($result['user_prefs']) : '';

392
e107_admin/banlist.php
View File

@ -11,84 +11,278 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/banlist.php,v $
| $Revision: 1.2 $
| $Date: 2007-02-11 10:33:28 $
| $Revision: 1.3 $
| $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
define('BAN_TIME_FORMAT',"%d-%m-%Y %H:%M");
define('BAN_REASON_COUNT',7); // Update as more ban reasons added (max 10 supported)
require_once("../class2.php");
if (!getperms("4")) {
header("location:".e_BASE."index.php");
exit;
if (!getperms("4"))
{
header("location:".e_BASE."index.php");
exit;
}
$e_sub_cat = 'banlist';
require_once("auth.php");
require_once(e_HANDLER."form_handler.php");
$rs = new form;
if (e_QUERY) {
$tmp = explode("-", e_QUERY);
$action = $tmp[0];
$sub_action = $tmp[1];
$id = $tmp[2];
unset($tmp);
$action = 'list';
if (e_QUERY)
{
$tmp = explode("-", e_QUERY); // Use '-' instead of '.' to avoid confusion with IP addresses
$action = $tmp[0];
$sub_action = varset($tmp[1],'');
if ($sub_action) $sub_action = preg_replace("/[^\w@\.]*/",'',urldecode($sub_action));
$id = intval(varset($tmp[2],0));
unset($tmp);
}
$_POST['ban_ip'] = trim($_POST['ban_ip']);
if (isset($_POST['add_ban']) && $_POST['ban_ip'] != "" && strpos($_POST['ban_ip'], ' ') === false) {
$_POST['ban_reason'] = $tp->toDB($_POST['ban_reason']);
admin_update($sql -> db_Insert("banlist", "'".$_POST['ban_ip']."', '".ADMINID."', '".$_POST['ban_reason']."'"), 'insert');
unset($ban_ip);
if (varsettrue($imode))
{
$images_path = e_IMAGE.'packs/'.$imode.'/admin_images/';
}
else
{
$images_path = e_IMAGE.'admin_images/';
}
if (isset($_POST['update_ban']) && $_POST['ban_ip'] != "" && strpos($_POST['ban_ip'], ' ') === false) {
$_POST['ban_reason'] = $tp->toDB($_POST['ban_reason']);
admin_update($sql -> db_Update("banlist", "banlist_ip='".$_POST['ban_ip']."', banlist_admin=".ADMINID.", banlist_reason='".$_POST['ban_reason']."' WHERE banlist_ip='".$_POST['old_ip']."'"));
unset($ban_ip);
if (isset($_POST['update_ban_prefs']))
{
for ($i = 0; $i < BAN_REASON_COUNT; $i++)
{
$pref['ban_messages'][$i] = $tp->toDB(varset($_POST['ban_text'][$i],''));
$pref['ban_durations'][$i] = intval(varset($_POST['ban_time'][$i],0));
}
save_prefs();
$ns->tablerender(BANLAN_9, "<div style='text-align:center'>".BANLAN_33.'</div>');
}
if ($action == "remove" && isset($_POST['ban_secure'])) {
$sql -> db_Delete("generic", "gen_type='failed_login' AND gen_ip='$sub_action'");
admin_update($sql -> db_Delete("banlist", "banlist_ip='$sub_action'"), 'delete');
}
if ($action == "edit") {
$sql->db_Select("banlist", "*", "banlist_ip='$sub_action'");
$row = $sql->db_Fetch();
extract($row);
} else {
unset($banlist_ip, $banlist_reason);
if (e_QUERY && strpos($_SERVER["HTTP_REFERER"], "userinfo")) {
$banlist_ip = $action;
if (isset($_POST['ban_ip']))
{
$_POST['ban_ip'] = trim($_POST['ban_ip']);
$new_ban_ip = preg_replace("/[^\w@\.]*/",'',urldecode($_POST['ban_ip']));
if ($new_ban_ip != $_POST['ban_ip'])
{
$message = BANLAN_27.$new_ban_ip;
$ns->tablerender(BANLAN_9, $message);
$_POST['ban_ip'] = $new_ban_ip;
}
if ((isset($_POST['add_ban']) || isset($_POST['update_ban'])) && $_POST['ban_ip'] != "" && strpos($_POST['ban_ip'], ' ') === false)
{
$new_vals = array('banlist_ip' => $_POST['ban_ip']);
if (isset($_POST['add_ban']))
{
$new_vals['banlist_datestamp'] = time();
$new_vals['banlist_bantype'] = 1; // Manual ban
}
$new_vals['banlist_admin'] = ADMINID;
if (varsettrue($_POST['ban_reason'])) $new_vals['banlist_reason'] =$tp->toDB($_POST['ban_reason']);
$new_vals['banlist_notes'] = $tp->toDB($_POST['ban_notes']);
if (isset($_POST['ban_time']) && is_numeric($_POST['ban_time']))
{
$bt = intval($_POST['ban_time']);
$new_vals['banlist_banexpires'] = $bt ? time() + ($bt*60*60) : 0;
}
if (isset($_POST['add_ban']))
{ // Insert new value - can just pass an array
admin_update($sql -> db_Insert("banlist",$new_vals), 'insert');
}
else
{ // Update existing value
$qry = '';
$spacer = '';
foreach ($new_vals as $k => $v)
{
$qry .= $spacer."`{$k}`='$v'";
$spacer = ', ';
}
admin_update($sql -> db_Update("banlist", $qry." WHERE banlist_ip='".$_POST['old_ip']."'"));
}
unset($ban_ip);
}
}
// Remove a ban
if ($action == "remove" && isset($_POST['ban_secure']))
//if ($action == "remove")
{
$sql -> db_Delete("generic", "gen_type='failed_login' AND gen_ip='{$sub_action}'");
admin_update($sql -> db_Delete("banlist", "banlist_ip='{$sub_action}'"), 'delete');
}
// Update the ban expiry time/date - timed from now
if ($action == 'newtime')
{
$end_time = $id ? time() + ($id*60*60) : 0;
admin_update($sql -> db_Update("banlist", "banlist_banexpires='".intval($end_time)."' WHERE banlist_ip='".$sub_action."'"));
$action = 'list';
}
if ($action == "edit")
{
$sql->db_Select("banlist", "*", "banlist_ip='{$sub_action}'");
$row = $sql->db_Fetch();
extract($row);
}
else
{
unset($banlist_ip, $banlist_reason);
if (e_QUERY && ($action == 'add') && strpos($_SERVER["HTTP_REFERER"], "userinfo"))
{
$banlist_ip = $sub_action;
}
}
function ban_time_dropdown($click_js = '', $zero_text=BANLAN_21, $curval=-1,$drop_name='ban_time')
{
$intervals = array(0,1,2,3,6,8,12,24,36,48,72,96,120,168,336,672);
$ret = "<select name='{$drop_name}' class='tbox' {$click_js}>\n";
$ret .= "<option value=''>&nbsp;</option>\n";
foreach ($intervals as $i)
{
$selected = ($curval == $i) ? " selected='selected'" : '';
if ($i == 0)
{
$words = $zero_text ? $zero_text : BANLAN_21;
}
elseif (($i % 24) == 0)
{
$words = floor($i / 24).' '.BANLAN_23;
}
else
{
$words = $i.' '.BANLAN_24;
}
$ret .= "<option value='{$i}'{$selected}>{$words}</option>\n";
}
$ret .= '</select>';
return $ret;
}
$text = "";
switch ($action)
{
$text .= "<div style='text-align:center'>
<form method='post' action='".e_SELF."'>
<table style='".ADMIN_WIDTH."' class='fborder'>
case 'options' :
if ((!isset($pref['ban_messages'])) || !is_array($pref['ban_messages']))
{
$pref['ban_messages'] = array_fill(0,BAN_REASON_COUNT-1,'');
}
if ((!isset($pref['ban_durations'])) || !is_array($pref['ban_durations']))
{
$pref['ban_durations'] = array_fill(0,BAN_REASON_COUNT-1,0);
}
$text = $rs->form_open("post", e_SELF.'?'.e_QUERY, "ban_options")."<div style='text-align:center'>";
if (!$ban_total = $sql->db_Select("banlist","*","ORDER BY banlist_ip","nowhere"))
{
$text .= "<div style='text-align:center'>".BANLAN_2."</div>";
}
else
{
$text .= "<table class='fborder' style='".ADMIN_WIDTH."'>
<colgroup>
<col style='width:20%' />
<col style='width:70%' />
<col style='width:10%' />
</colgroup>
<tr>
<td class='fcaption'>".BANLAN_28."</td>
<td class='fcaption' style='text-align:center'>".BANLAN_29."<br /><span class='smallblacktext'>".BANLAN_31."</span></td>
<td class='fcaption'>".BANLAN_30."</td>
</tr>";
for ($i = 0; $i < BAN_REASON_COUNT; $i++)
{
$text .= "<tr>
<td class='forumheader3'><a title='".constant('BANLAN_11'.$i)."'>".constant('BANLAN_10'.$i)."</a></td>
<td class='forumheader3'>
<textarea class='tbox' name='ban_text[]' cols='50' rows='4'>{$pref['ban_messages'][$i]}</textarea>
</td>
<td class='forumheader3'>".ban_time_dropdown('',BANLAN_32,$pref['ban_durations'][$i],'ban_time[]')."</td>
";
}
$text .= "<tr><td class='forumheader3' colspan='3' style='text-align:center'><input class='button' type='submit' name='update_ban_prefs' value='".LAN_UPDATE."' /></td></tr>
</table>\n";
}
$text .= "</div>".$rs->form_close();
$ns->tablerender(BANLAN_3, $text);
break;
<tr>
<td style='width:30%' class='forumheader3'>".BANLAN_5.": {$rdns_warn}</td>
<td style='width:70%' class='forumheader3'>
<input class='tbox' type='text' name='ban_ip' size='40' value='".$banlist_ip."' maxlength='200' />
</td>
</tr>
case 'edit' :
case 'add' :
$rdns_warn = varsettrue($pref['enable_rdns']) ? '' : '<br />'.BANLAN_12;
// Edit/add form first
$text .= "<div style='text-align:center'>
<form method='post' action='".e_SELF."'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<tr>
<td style='width:30%' class='forumheader3'>".BANLAN_5.": </td>
<td style='width:70%' class='forumheader3'>
<input class='tbox' type='text' name='ban_ip' size='40' value='".$banlist_ip."' maxlength='200' />{$rdns_warn}
</td>
</tr>";
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_7.": </td>
<td style='width:80%' class='forumheader3'>
<textarea class='tbox' name='ban_reason' cols='50' rows='4'>$banlist_reason</textarea>
</td>
</tr>
if (($action == 'add') || ($banlist_bantype <= 1))
{ // Its a manual or unknown entry - only allow edit of reason on those
$text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_7.": </td>
<td style='width:80%' class='forumheader3'>
<textarea class='tbox' name='ban_reason' cols='50' rows='4'>{$banlist_reason}</textarea>
</td>
</tr>";
}
else
{
$text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_7.": </td>
<td style='width:80%' class='forumheader3'>{$banlist_reason}</td>
</tr>";
}
<tr style='vertical-align:top'>
<td colspan='2' style='text-align:center' class='forumheader'>".
($action == "edit" ? "<input type='hidden' name='old_ip' value='$banlist_ip' /><input class='button' type='submit' name='update_ban' value='".LAN_UPDATE."' />" : "<input class='button' type='submit' name='add_ban' value='".BANLAN_8."' />")."
if ($action == 'edit')
{
$text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_28.": </td>
<td style='width:80%' class='forumheader3'>".constant('BANLAN_10'.$banlist_bantype)." - ".constant('BANLAN_11'.$banlist_bantype)."</td>
</tr>";
}
$text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_19.": </td>
<td style='width:80%' class='forumheader3'>
<textarea class='tbox' name='ban_notes' cols='50' rows='4'>{$banlist_notes}</textarea>
</td>
</tr>
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_18.": </td>
<td style='width:80%' class='forumheader3'>".ban_time_dropdown().
(($action == 'edit') ? '&nbsp;&nbsp;&nbsp;('.BANLAN_26.($banlist_banexpires ? strftime(BAN_TIME_FORMAT,$banlist_banexpires) : BANLAN_21).')' : '').
"</td>
</tr>
<tr style='vertical-align:top'>
<td colspan='2' style='text-align:center' class='forumheader'>".
($action == "edit" ? "<input type='hidden' name='old_ip' value='{$banlist_ip}' /><input class='button' type='submit' name='update_ban' value='".LAN_UPDATE."' />" : "<input class='button' type='submit' name='add_ban' value='".BANLAN_8."' />")."
</td>
</tr>
@ -96,37 +290,91 @@ $text .= "<div style='text-align:center'>
</form>
</div>";
$text .= "<div style='text-align:center'><br />".BANLAN_13."<a href='".e_ADMIN."users.php'><img src='".e_IMAGE."admin_images/users_16.png' alt='' /></a></div>";
if(!varsettrue($pref['enable_rdns']))
{
$text .= "<div style='text-align:center'><br />".BANLAN_12."</div>";
}
$text .= "<div style='text-align:center'><br />".BANLAN_13."<a href='".e_ADMIN."users.php'><img src='".$images_path."users_16.png' alt='' /></a></div>";
if(!varsettrue($pref['enable_rdns']))
{
$text .= "<div style='text-align:center'><br />".BANLAN_12."</div>";
}
$ns->tablerender(BANLAN_9, $text);
break; // End of 'Add' and 'Edit'
$ns->tablerender(BANLAN_9, $text);
if ($action != "edit") {
$text = $rs->form_open("post", e_SELF, "ban_form")."<div style='text-align:center'>".$rs->form_hidden("ban_secure", "1");
if (!$ban_total = $sql->db_Select("banlist","*","ORDER BY banlist_ip","nowhere")) {
case 'list' :
default :
$text = $rs->form_open("post", e_SELF, "ban_form")."<div style='text-align:center'>".$rs->form_hidden("ban_secure", "1");
if (!$ban_total = $sql->db_Select("banlist","*","ORDER BY banlist_ip","nowhere"))
{
$text .= "<div style='text-align:center'>".BANLAN_2."</div>";
} else {
}
else
{
$text .= "<table class='fborder' style='".ADMIN_WIDTH."'>
<colgroup>
<col style='width:10%' />
<col style='width:5%' />
<col style='width:35%' />
<col style='width:30%' />
<col style='width:10%' />
<col style='width:10%' />
</colgroup>
<tr>
<td style='width:70%' class='fcaption'>".BANLAN_10."</td>
<td style='width:30%' class='fcaption'>".LAN_OPTIONS."</td>
<td class='fcaption'>".BANLAN_17."</td>
<td class='fcaption'>".BANLAN_20."</td>
<td class='fcaption'>".BANLAN_10."</td>
<td class='fcaption'>".BANLAN_19."</td>
<td class='fcaption'>".BANLAN_18."</td>
<td class='fcaption'>".LAN_OPTIONS."</td>
</tr>";
$count = 0;
while ($row = $sql->db_Fetch()) {
extract($row);
$banlist_reason = str_replace("LAN_LOGIN_18", BANLAN_11, $banlist_reason);
$text .= "<tr><td style='width:70%' class='forumheader3'>$banlist_ip<br />".BANLAN_7.": $banlist_reason</td>
<td style='width:30%; text-align:center' class='forumheader3'>".$rs->form_button("submit", "main_edit_$count", LAN_EDIT, "onclick=\"document.getElementById('ban_form').action='".e_SELF."?edit-$banlist_ip'\"").$rs->form_button("submit", "main_delete_$count", BANLAN_4, "onclick=\"document.getElementById('ban_form').action='".e_SELF."?remove-$banlist_ip'\"")."</td>\n</tr>";
while ($row = $sql->db_Fetch())
{
extract($row);
$banlist_reason = str_replace("LAN_LOGIN_18", BANLAN_11, $banlist_reason);
$text .= "<tr>
<td class='forumheader3'>".($banlist_datestamp ? strftime(BAN_TIME_FORMAT,$banlist_datestamp) : BANLAN_22 )."</td>
<td class='forumheader3'><a title='".constant('BANLAN_11'.$banlist_bantype)."'>".constant('BANLAN_10'.$banlist_bantype)."</a></td>
<td class='forumheader3'>{$banlist_ip}<br />".BANLAN_7.": {$banlist_reason}</td>
<td class='forumheader3'>{$banlist_notes}</td>
<td class='forumheader3'>".($banlist_banexpires ? strftime(BAN_TIME_FORMAT,$banlist_banexpires).(($banlist_banexpires < time()) ? ' ('.BANLAN_34.')' : '')
: BANLAN_21)."<br />
".ban_time_dropdown("onchange=\"urljump('".e_SELF."?newtime-{$banlist_ip}-'+this.value)\"")."</td>
<td style='width:30%; text-align:center' class='forumheader3'>
<a href='".e_SELF."?edit-{$banlist_ip}'><img src='".$images_path."edit_16.png' alt='".LAN_EDIT."' title='".LAN_EDIT."' style='border:0px' /></a>
<input name='delete_ban_entry' type='image' src='".$images_path."delete_16.png' alt='".LAN_DELETE."' title='".LAN_DELETE."' style='border:0px'
onclick=\" var r = jsconfirm('".$tp->toJS(LAN_CONFIRMDEL." [".$banlist_ip."]")."');
if (r) { document.getElementById('ban_form').action='".e_SELF."?remove-{$banlist_ip}'; } return r; \" /></td>";
$count++;
}
$text .= "</table>\n";
}
$text .= "</div>".$rs->form_close();
$ns->tablerender(BANLAN_3, $text);
}
}
$text .= "</div>".$rs->form_close();
$ns->tablerender(BANLAN_3, $text);
// End of case 'list' and the default case
} // End switch ($action)
require_once("footer.php");
function banlist_adminmenu()
{
$action = (e_QUERY) ? e_QUERY : "list";
$var['list']['text'] = BANLAN_14; // List existing bans
$var['list']['link'] = e_SELF."?list";
$var['list']['perm'] = "W";
$var['add']['text'] = BANLAN_25; // Add a new ban
$var['add']['link'] = e_SELF."?add";
$var['add']['perm'] = "W";
if(getperms("0"))
{
$var['options']['text'] = BANLAN_15;
$var['options']['link'] = e_SELF."?options";
$var['options']['perm'] = "0";
}
show_admin_menu(BANLAN_16, $action, $var);
}
?>

29
e107_admin/fla.php
View File

@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/fla.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:33:22 $
| $Author: mcfly_e107 $
| $Revision: 1.2 $
| $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("../class2.php");
@ -44,14 +44,15 @@ if(isset($_POST['delbanSubmit']))
$bancount = 0;
foreach($_POST['flaban'] as $ban)
{
if($sql -> db_Select("generic", "*", "gen_id=$ban"))
{
$at = $sql -> db_Fetch();
$banlist_ip = $at['gen_ip'];
$sql->db_Insert("banlist", "'$banlist_ip', '".ADMINID."', '".FLALAN_4."' ");
$sql -> db_Delete("generic", "gen_id='$ban' ");
$bancount ++;
}
if($sql -> db_Select("generic", "*", "gen_id={$ban}"))
{
$at = $sql -> db_Fetch();
$e107->add_ban(4,FLALAN_4,$at['gen_ip'],ADMINID);
// $banlist_ip = $at['gen_ip'];
// $sql->db_Insert("banlist", "'$banlist_ip', '".ADMINID."', '".FLALAN_4."' ");
$sql -> db_Delete("generic", "gen_id='$ban' ");
$bancount ++;
}
}
$message .= ", ".FLALAN_5.": ".$bancount;
}
@ -83,7 +84,7 @@ if (isset($message)) {
$gen = new convert;
$fla_total = $sql->db_Count("generic", "(*)", "WHERE gen_type='failed_login'");
if(!$sql -> db_Select("generic", "*", "gen_type='failed_login' ORDER BY gen_datestamp DESC LIMIT $from,$amount"))
if(!$sql -> db_Select("generic", "*", "gen_type='failed_login' ORDER BY gen_datestamp DESC LIMIT {$from},{$amount}"))
{
$text = "<div style='text-align: center;'>".FLALAN_2."</div>";
}
@ -113,8 +114,8 @@ else
<td style='width: 50%;' class='forumheader3'>".str_replace(":::", "<br />", htmlentities($gen_chardata, ENT_QUOTES, CHARSET))."</td>
<td style='width: 20%;' class='forumheader'>".$fa['gen_ip']."<br />{$host}</td>
<td style='width: 10%; text-align: left;' class='forumheader3'>
<input type='checkbox' name='fladelete[]' value='$gen_id' /> ".LAN_DELETE."<br />
<input type='checkbox' name='flaban[]' value='$gen_id' /> ".LAN_BAN."
<input type='checkbox' name='fladelete[]' value='{$gen_id}' /> ".LAN_DELETE."<br />
<input type='checkbox' name='flaban[]' value='{$gen_id}' /> ".LAN_BAN."
</td>
</tr>
";

8
e107_admin/userinfo.php
View File

@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/userinfo.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:33:30 $
| $Author: mcfly_e107 $
| $Revision: 1.2 $
| $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("../class2.php");
@ -40,7 +40,7 @@ if (isset($ipd)) {
$sql->db_Select("chatbox", "*", "cb_ip='$ipd' LIMIT 0,20");
$host = $e107->get_host_name($ipd);
$text = USFLAN_3." <b>".$ipd."</b> [ ".USFLAN_4.": $host ]<br />
<i><a href=\"banlist.php?".$ipd."\">".USFLAN_5."</a></i>
<i><a href=\"banlist.php?add-".$ipd."\">".USFLAN_5."</a></i>
<br /><br />";
while (list($cb_id, $cb_nick, $cb_message, $cb_datestamp, $cb_blocked, $cb_ip ) = $sql->db_Fetch()) {

185
e107_admin/users.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $
| $Revision: 1.7 $
| $Date: 2007-11-01 22:01:38 $
| $Revision: 1.8 $
| $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -153,7 +153,8 @@ if (isset($_POST['update_options']))
// ------- Prune Users. --------------
if (isset($_POST['prune'])) {
if (isset($_POST['prune']))
{
$e107cache->clear("online_menu_member_total");
$e107cache->clear("online_menu_member_newest");
$text = USRLAN_56." ";
@ -211,11 +212,11 @@ if (isset($_POST['adduser'])) {
if ($sql->db_Count("user", "(*)", "WHERE user_email='".$_POST['email']."' AND user_ban='1' ")) {
message_handler("P_ALERT", USRLAN_147);
$error = TRUE;
}
}
if ($sql->db_Count("banlist", "(*)", "WHERE banlist_ip='".$_POST['email']."'")) {
message_handler("P_ALERT", USRLAN_148);
$error = TRUE;
}
}
if (!$error) {
@ -270,8 +271,9 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "ban")
}
else
{
$sql -> db_Insert("banlist", "'".$row['user_ip']."', '".USERID."', '".$row['user_name']."' ");
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137));
$e107->add_ban(6,USRLAN_149.$row['user_name'].'/'.$row['user_loginname'],$row['user_ip'],USERID);
// $sql -> db_Insert("banlist", "'".$row['user_ip']."', '".USERID."', '".$row['user_name']."' ");
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137));
}
}
}
@ -389,8 +391,25 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "unadmin" && getperms
if (isset($_POST['useraction']) && $_POST['useraction'] == "verify")
{
$uid = intval($_POST['userid']);
if ($sql->db_Update("user", "user_ban='0' WHERE user_id='{$uid}' "))
if ($sql->db_Select("user", "*", "user_id='".$uid."' "))
{
if ($row = $sql->db_Fetch())
{
// Add in the initial classes, if this is the time
$init_classes = '';
if ($pref['init_class_stage'] == '2')
{
$init_classes = explode(',',varset($pref['initial_user_classes'],''));
if ($init_classes)
{ // Update the user classes
$row['user_class'] = $tp->toDB(implode(',',array_unique(array_merge($init_classes, explode(',',$row['user_class'])))));
$init_classes = ", user_class='".$row['user_class']."' ";
}
}
$sql->db_Update("user", "user_ban='0'{$init_classes} WHERE user_id='".$uid."' ");
// $e_event->trigger("userveri", $row); // We do this from signup.php - should we do it here?
$user->show_message(USRLAN_86);
if(!$action){ $action = "main"; }
if(!$sub_action){ $sub_action = "user_id"; }
@ -416,6 +435,7 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "verify")
}
}
}
}
}
}
@ -463,21 +483,29 @@ if (isset($action) && $action == "create") {
require_once("footer.php");
class users{
function show_existing_users($action, $sub_action, $id, $from, $amount) {
// ##### Display scrolling list of existing news items ---------------------------------------------------------------------------------------------------------
class users
{
function show_existing_users($action, $sub_action, $id, $from, $amount)
{
global $sql, $rs, $ns, $tp, $mySQLdefaultdb,$pref,$unverified;
// save the display choices.
if(isset($_POST['searchdisp'])){
if(isset($_POST['searchdisp']))
{
$pref['admin_user_disp'] = implode("|",$_POST['searchdisp']);
save_prefs();
}
if(!$pref['admin_user_disp']){
if(!$pref['admin_user_disp'])
{
$search_display = array("user_name","user_class");
}else{
}
else
{
$search_display = explode("|",$pref['admin_user_disp']);
}
@ -969,7 +997,7 @@ class users{
<td style='width:70%' class='forumheader3'>
".$rs->form_text("email", 60, "", 100)."
</td>
</tr>";
</tr>\n";
if (!is_object($sql)) $sql = new db;
@ -978,7 +1006,7 @@ class users{
<td colspan='2' style='text-align:center' class='forumheader'>
".USRLAN_120."
</td>
</tr>";
</tr>\n";
$c = 0;
while ($row = $sql->db_Fetch()) {
$class[$c][0] = $row['userclass_id'];
@ -986,10 +1014,13 @@ class users{
$class[$c][2] = $row['userclass_description'];
$c++;
}
for($a = 0; $a <= (count($class)-1); $a++) {
$init_classes = explode(',',varset($pref['initial_user_classes'],''));
for($a = 0; $a <= (count($class)-1); $a++)
{
$selected = in_array($class[$a][0],$init_classes) ? " checked='checked'" : "";
$text .= "<tr><td style='width:30%' class='forumheader'>
<input type='checkbox' name='userclass[]' value='".$class[$a][0]."' />".$class[$a][1]."
</td><td style='width:70%' class='forumheader3'> ".$class[$a][2]."</td></tr>";
<input type='checkbox' name='userclass[]' value='".$class[$a][0]."'{$selected} />".$class[$a][1]."
</td><td style='width:70%' class='forumheader3'> ".$class[$a][2]."</td></tr>\n";
}
}
$text .= "
@ -1042,7 +1073,7 @@ class users{
}
else
{
$this->show_message(USRLAN_141.": ".$name);
$this->show_message(USRLAN_141.": ".$name);
}
}
@ -1091,21 +1122,21 @@ class users{
function check_bounces($bounce_act='first_check', $bounce_arr = '')
{
global $sql,$pref;
include(e_HANDLER."pop3_class.php");
global $sql,$pref;
include(e_HANDLER."pop3_class.php");
if (!trim($bounce_act)) $bounce_act='first_check';
// echo "Check bounces. Action: {$bounce_act}; Entries: {$bounce_arr}<br />";
$obj= new receiveMail($pref['mail_bounce_user'],$pref['mail_bounce_pass'],$pref['mail_bounce_email'],$pref['mail_bounce_pop3'],'pop3','110');
$obj= new receiveMail($pref['mail_bounce_user'],$pref['mail_bounce_pass'],$pref['mail_bounce_email'],$pref['mail_bounce_pop3'],'pop3','110');
$del_count = 0;
if ($bounce_act !='first_check')
{ // Must do some deleting
$obj->connect();
$tot=$obj->getTotalMails();
$del_array = explode(',',$bounce_arr);
for($i=1;$i<=$tot;$i++)
if ($bounce_act !='first_check')
{ // Must do some deleting
$obj->connect();
$tot=$obj->getTotalMails();
$del_array = explode(',',$bounce_arr);
for($i=1;$i<=$tot;$i++)
{ // Scan all emails; delete current one if meets the criteria
$dodel = FALSE;
switch ($bounce_act)
@ -1145,75 +1176,75 @@ class users{
$del_count++; // Keep track of number of emails deleted
}
} // End - Delete one email
$obj->close_mailbox(); // This actually deletes the emails
$obj->close_mailbox(); // This actually deletes the emails
} // End of email deletion
// Now list the emails that are left
$obj->connect();
$tot=$obj->getTotalMails();
$found = FALSE;
$DEL = ($pref['mail_bounce_delete']) ? TRUE : FALSE;
$obj->connect();
$tot=$obj->getTotalMails();
$found = FALSE;
$DEL = ($pref['mail_bounce_delete']) ? TRUE : FALSE;
$text = "<br /><div><form method='post' action='".e_SELF.$qry."'><table class='fborder' style='".ADMIN_WIDTH."'>
$text = "<br /><div><form method='post' action='".e_SELF.$qry."'><table class='fborder' style='".ADMIN_WIDTH."'>
<tr><td class='fcaption' style='width:5%'>#</td><td class='fcaption'>e107-id</td><td class='fcaption'>email</td><td class='fcaption'>Subject</td><td class='fcaption'>Bounce</td></tr>\n";
for($i=1;$i<=$tot;$i++)
{
$head=$obj->getHeaders($i);
if($head['bounce'])
for($i=1;$i<=$tot;$i++)
{
$head=$obj->getHeaders($i);
if($head['bounce'])
{ // Its a 'bounce' email
if (ereg('.*X-e107-id:(.*)MIME', $obj->getBody($i), $result))
{
if($result[1])
{
if (ereg('.*X-e107-id:(.*)MIME', $obj->getBody($i), $result))
{
if($result[1])
{
$id[$i] = intval($result[1]); // This should be a user ID - but not on special mailers!
// Try and pull out an email address from body - should be the one that failed
if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{
$emails[$i] = "'".$result[0]."'";
}
$found = TRUE;
}
}
elseif (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{
if($result[0] && $result[0] != $pref['mail_bounce_email'])
{
$emails[$i] = "'".$result[0]."'";
$found = TRUE;
}
elseif($result[1] && $result[1] != $pref['mail_bounce_email'])
{
$emails[$i] = "'".$result[1]."'";
$found = TRUE;
}
}
if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{
$emails[$i] = "'".$result[0]."'";
}
$found = TRUE;
}
}
elseif (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{
if($result[0] && $result[0] != $pref['mail_bounce_email'])
{
$emails[$i] = "'".$result[0]."'";
$found = TRUE;
}
elseif($result[1] && $result[1] != $pref['mail_bounce_email'])
{
$emails[$i] = "'".$result[1]."'";
$found = TRUE;
}
}
if ($DEL && $found)
{ // Auto-delete bounced emails once noticed (if option set)
$obj->deleteMails($i);
$del_count++;
}
}
else
{ // Its a warning message or similar
}
else
{ // Its a warning message or similar
// $id[$i] = ''; // Don't worry about an ID for now
// Try and pull out an email address from body - should be the one that failed
if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{
$wmails[$i] = "'".$result[0]."'";
}
}
if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{
$wmails[$i] = "'".$result[0]."'";
}
}
$text .= "<tr><td class='forumheader3'>".$i."</td><td class='forumheader3'>".$id[$i]."</td><td class='forumheader3'>".(isset($emails[$i]) ? $emails[$i] : $wmails[$i])."</td><td class='forumheader3'>".$head['subject']."</td><td class='forumheader3'>".($head['bounce'] ? ADMIN_TRUE_ICON : ADMIN_FALSE_ICON);
$text .= "<input type='checkbox' name='delete_email[]' value='{$i}' /></td></tr>\n";
}
$text .= "<tr><td class='forumheader3'>".$i."</td><td class='forumheader3'>".$id[$i]."</td><td class='forumheader3'>".(isset($emails[$i]) ? $emails[$i] : $wmails[$i])."</td><td class='forumheader3'>".$head['subject']."</td><td class='forumheader3'>".($head['bounce'] ? ADMIN_TRUE_ICON : ADMIN_FALSE_ICON);
$text .= "<input type='checkbox' name='delete_email[]' value='{$i}' /></td></tr>\n";
}
if ($tot)
if ($tot)
{ // Option to delete emails - only if there are some in the list
$text .= "</table><table style='".ADMIN_WIDTH."'><tr>
<td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delnonbouncesubmit' value='".USRLAN_153."' /></td>\n
@ -1221,8 +1252,8 @@ class users{
<td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delcheckedsubmit' value='".USRLAN_149."' /></td>\n
<td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delallsubmit' value='".USRLAN_150."' /></td>\n
</td></tr>";
}
$text .= "</table></form></div>";
}
$text .= "</table></form></div>";
array_unique($id);
array_unique($emails);

242
e107_handlers/admin_log_class.php
View File

@ -4,7 +4,7 @@
+ ----------------------------------------------------------------------------+
| e107 website system
|
| <EFBFBD>Steve Dunstan 2001-2002
| ?Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
@ -12,9 +12,15 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
| $Revision: 1.3 $
| $Date: 2007-11-04 09:10:54 $
| $Revision: 1.4 $
| $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $
To do:
1. Do we need to check for presence of elements of debug_backtrace() to avoid notices?
2. Reflect possible DB structure changes once finalised
3. Ad user audit trail
+----------------------------------------------------------------------------+
*/
@ -35,6 +41,7 @@ class e_admin_log {
'log_level' => 2,
'backtrace' => false,
);
var $rldb = NULL; // Database used by logging routine
/**
* Constructor. Sets up constants and overwrites default options where set.
@ -42,41 +49,23 @@ class e_admin_log {
* @param array $options
* @return e_admin_log
*/
function e_admin_log ($options = array()){
foreach ($options as $key => $val) {
$this->_options[$key] = $val;
}
function e_admin_log ($options = array())
{
foreach ($options as $key => $val)
{
$this->_options[$key] = $val;
}
/**
* Minmal Log Level, including really minor stuff
*
*/
define("E_LOG_INFORMATIVE", 0);
/**
* More important than informative, but less important than notice
*
*/
define("E_LOG_NOTICE", 1);
/**
* Not anything serious, but important information
*
*/
define("E_LOG_WARNING", 2);
/**
* An event so bad your site ceased execution.
*
*/
define("E_LOG_FATAL", 3);
/*
* Plugin Information.
*/
define("E_LOG_PLUGIN", 4);
define("E_LOG_INFORMATIVE", 0); // Minimal Log Level, including really minor stuff
define("E_LOG_NOTICE", 1); // More important than informative, but less important than notice
define("E_LOG_WARNING", 2); // Not anything serious, but important information
define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
define("E_LOG_PLUGIN", 4); // Plugin information
// Logging actions
define("LOG_TO_ADMIN", 1);
define("LOG_TO_AUDIT", 2);
define("LOG_TO_ROLLING", 4);
}
/**
@ -86,43 +75,170 @@ class e_admin_log {
* @param string $event_detail
* @param int $event_type Log level
*/
function log_event ($event_title, $event_detail, $event_type = E_LOG_INFORMATIVE) {
global $e107, $sql, $tp;
if($event_type >= $this->_options['log_level']) {
$event_title = $tp -> toDB($event_title, true,false,'no_html');
$event_detail = $tp -> toDB($event_detail, true,false,'no_html');
$event_type = $tp -> toDB($event_type, true,false,'no_html');
$time_stamp = time();
$uid = (USERID !== FALSE) ? USERID : '0';
$ip = $e107->getip();
if($this->_options['backtrace'] == true) {
$event_detail .= "\n\n".debug_backtrace();
}
$sql->db_Insert('dblog', "'', '{$event_type}', {$time_stamp}, {$uid}, '{$ip}', '{$event_title}', '{$event_detail}' ");
// Legacy entry point (not used by much) - retained for completeness.
// (Should really only be used for admin events anyway - not debugging)
function log_event($event_title, $event_detail, $event_type = E_LOG_INFORMATIVE)
{
global $e107, $tp;
if($event_type >= $this->_options['log_level'])
{
if($this->_options['backtrace'] == true)
{
$event_detail .= "\n\n".debug_backtrace();
}
$this->e_log_event($event_type,-1,"ADMIN",$event_title,$event_detail,FALSE,LOG_TO_ADMIN);
}
}
function get_log_events($count = 15, $offset) {
global $sql;
$count = intval($count);
// ***************************** START OF ADDITIONS **************************
/*
Example call: (Deliberately pick separators that shouldn't be in file names)
e_log_event(E_LOG_NOTICE,__FILE__."|".__FUNCTION__."@".__LINE__,"ECODE","Event Title","explanatory message",FALSE,LOG_TO_ADMIN);
or:
e_log_event(E_LOG_NOTICE,debug_backtrace(),"ECODE","Event Title","explanatory message",TRUE,LOG_TO_ROLLING);
Parameters:
$importance - importance of event - 0..4 or so
$source_call - either: string identifying calling file/routine
or: a number 0..9 identifying info to log from debug_backtrace()
or: empty string, in which case first entry from debug_backtrace() logged
or: an array, assumed to be from passing debug_backtrace() as a parameter, in which case relevant
information is extracted and the argument list from the first entry logged
or: -1, in which case no information logged
$eventcode - abbreviation listing event type
$event_title - title of event - pass standard 'LAN_ERROR_nn' defines to allow language translation
$explain - detail of event
$finished - if TRUE, aborts execution
$target_logs - flags indicating which logs to update - if entry to be posted in several logs, add (or 'OR') their defines:
LOG_TO_ADMIN - admin log
LOG_TO_AUDIT - audit log
LOG_TO_ROLLING - rolling log
*/
function e_log_event($importance, $source_call, $eventcode = "GEN", $event_title="Untitled", $explain = "", $finished = FALSE, $target_logs = LOG_TO_AUDIT)
{
global $pref, $e107, $tp;
list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
if ($this->rldb == NULL) $this->rldb = new db; // Better use our own db - don't know what else is going on
if (is_bool($target_logs))
{ // Handle the legacy stuff for now - some old code used a boolean to select admin or rolling logs
$target_logs = $target_logs ? LOG_TO_ADMIN : LOG_TO_ROLLING;
}
//---------------------------------------
// Calculations common to all logs
//---------------------------------------
$userid = (USER === TRUE) ? USERID : 0;
$userstring = ( USER === true ? USERNAME : "LAN_ANONYMOUS");
$userIP = $e107->getip();
$importance = $tp->toDB($importance,true,false,'no_html');
$eventcode = $tp->toDB($eventcode,true,false,'no_html');
$explain = $tp->toDB($explain,true,false,'no_html');
$event_title = $tp->toDB($event_title,true,false,'no_html');
$source_call = $tp->toDB($source_call,true,false,'no_html');
//---------------------------------------
// Admin Log
//---------------------------------------
if ($target_logs & LOG_TO_ADMIN)
{ // Admin log - assume all fields valid
$this->rldb->db_Insert("dblog", " 0, ".intval($time_usec).','.intval($time_sec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ");
}
//---------------------------------------
// Audit Log
//---------------------------------------
// Add in audit log here
//---------------------------------------
// Rolling Log
//---------------------------------------
if (($target_logs & LOG_TO_ROLLING) && varsettrue($pref['roll_log_active']))
{ // Rolling log
// Process source_call info
//---------------------------------------
if (is_numeric($source_call) && ($source_call >= 0))
{
$back_count = 1;
$i = 0;
if (is_numeric($source_call) || ($source_call == ''))
{
$back_count = $source_call + 1;
$source_call = debug_backtrace();
$i = 1; // Don't want to print the entry parameters to this function - we know all that!
}
}
if (is_array($source_call))
{ // Print the debug_backtrace() array
while ($i < $back_count)
{
$source_call[$i]['file'] = $e107->fix_windows_paths($source_call[$i]['file']); // Needed for Windoze hosts.
$source_call[$i]['file'] = str_replace($e107->file_path,"",$source_call[$i]['file']); // We really just want a e107 root-relative path. Strip out the root bit
$tmp = $source_call[$i]['file']."|".$source_call[$i]['class'].$source_call[$i]['type'].$source_call[$i]['function']."@".$source_call[$i]['line'];
foreach ($source_call[$i]['args'] as $k => $v)
{ // Add in the arguments
$explain .= "<br />".$k."=".$v;
}
$i++;
if ($i < $back_count) $explain .= "<br />-------------------";
if (!isset($tmp1)) $tmp1 = $tmp; // Pick off the immediate caller as the source
}
if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
}
else
{
$source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
$source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
}
// else $source_call is a string
// Save new rolling log record
$this->rldb->db_Insert("rl_history","0, ".intval($time_sec).', '.intval($time_usec).", '{$importance}', '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$source_call}', '{$event_title}', '{$explain}' ");
// Now delete any old stuff
$this->rldb->db_Delete("rl_history", "dblog_datestamp < '".intval(time() - (varset($pref['roll_log_days'],7)*86400))."' ");
}
if ($finished) exit; // Optional abort for all logs
}
function get_log_events($count = 15, $offset)
{
global $sql;
$count = intval($count);
return "Not implemented yet";
}
/**
* Removes all events older than $days, or truncates the table if $days == false
*
* @param int $days
*/
function purge_log_events($days) {
function purge_log_events($days)
{
global $sql;
if($days == false) {
// $days is false, so truncate the log table
$sql->db_Select_gen("TRUNCATE TABLE #dblog ");
} else {
// $days is set, so remove all entries older than that.
$days = intval($days);
$mintime = $days * 24 * 60 * 60;
$time = time() - $mintime;
$sql->db_Delete("dblog", "WHERE `dblog_datestamp` < {$time}", true);
if($days == false)
{ // $days is false, so truncate the log table
$sql->db_Select_gen("TRUNCATE TABLE #dblog ");
}
else
{ // $days is set, so remove all entries older than that.
$days = intval($days);
$mintime = $days * 24 * 60 * 60;
$time = time() - $mintime;
$sql->db_Delete("dblog", "WHERE `dblog_datestamp` < {$time}", true);
}
}
}

58
e107_handlers/e107_class.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/e107_class.php,v $
| $Revision: 1.9 $
| $Date: 2007-08-13 19:56:35 $
| $Revision: 1.10 $
| $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -192,16 +192,58 @@ class e107{
if ($ip != '127.0.0.1')
{
if ($sql->db_Select("banlist", "*", "banlist_ip='".$tp -> toDB($_SERVER['REMOTE_ADDR'], true)."' OR banlist_ip='".USEREMAIL."' OR banlist_ip='{$ip}' OR banlist_ip='{$wildcard}' OR banlist_ip='{$wildcard2}' {$bhost}"))
{
header("HTTP/1.1 403 Forbidden", true);
// enter a message here if you want some text displayed to banned users ...
exit();
}
check_ban("banlist_ip='".$tp -> toDB($_SERVER['REMOTE_ADDR'], true)."' OR banlist_ip='".USEREMAIL."' OR banlist_ip='{$ip}' OR banlist_ip='{$wildcard}' OR banlist_ip='{$wildcard2}' {$bhost}");
}
}
}
// Check the banlist table. $query is used to determine the match.
// If $show_error, displays "HTTP/1.1 403 Forbidden"
// If $do_return, will always return with ban status - TRUE for OK, FALSE for banned.
// If return permitted, will never display a message for a banned user; otherwise will display any message then exit
function check_ban($query,$show_error=TRUE, $do_return = FALSE)
{
global $sql, $tp, $pref, $admin_log;
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Check for Ban",$query,FALSE,LOG_TO_ROLLING);
if ($sql->db_Select('banlist','*',$query))
{
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Active Ban",$query,FALSE,LOG_TO_ROLLING);
if ($show_error) header("HTTP/1.1 403 Forbidden", true);
if (isset($pref['ban_messages']))
{ // May want to display a message
$row = $sql->db_Fetch(); // Get the type of the ban
if (($row['banlist_banexpires'] > 0) && ($row['banlist_banexpires'] < time()))
{ // Ban has expired - delete from DB
$sql->db_Delete('banlist', $query);
return TRUE;
}
// Ban still current here
if ($do_return) return FALSE;
echo $tp->toHTML(varsettrue($pref['ban_messages'][$row['banlist_bantype']])); // Show message if one set
}
exit();
}
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","No ban found",$query,FALSE,LOG_TO_ROLLING);
return TRUE; // Email address OK
}
// Add an entry to the banlist. $bantype = 1 for manual, 2 for flooding, 4 for multiple logins
function add_ban($bantype,$ban_message='',$ban_ip='',$ban_user = 0,$ban_notes='')
{
global $sql, $pref;
if (!$ban_message) $ban_message = 'No explanation given';
if (!$ban_ip) $ban_ip = $this->getip();
$ban_ip = preg_replace("/[^\w@\.]*/",'',urldecode($ban_ip)); // Make sure no special characters
if (!$ban_ip) return;
// Add using an array - handles DB changes better
$sql->db_Insert('banlist',array('banlist_ip' => $ban_ip, 'banlist_bantype' => $bantype, 'banlist_datestamp' => time(),
'banlist_banexpires' => (varsettrue($pref['ban_durations'][$bantype]) ? time() + ($pref['ban_durations'][$bantype]*60*60) : 0),
'banlist_admin' => $ban_user, 'banlist_reason' => $ban_message, 'banlist_notes' => $ban_notes));
}
/**
* Get the current user's IP address
*

41
e107_handlers/login.php
View File

@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
| $Revision: 1.7 $
| $Date: 2007-10-28 19:20:48 $
| $Revision: 1.8 $
| $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -48,9 +48,9 @@ class userlogin {
}
$fip = $e107->getip();
if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) {
exit;
}
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
$e107->check_ban("banlist_ip='{$fip}' ",FALSE);
// if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) { exit;}
$autologin = intval($autologin);
@ -81,6 +81,7 @@ class userlogin {
$userpass = md5(utf8_decode($ouserpass));
}
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'Doing final checks',FALSE,LOG_TO_ROLLING);
if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'"))
{ // Invalid user
define("LOGINMESSAGE", LAN_300."<br /><br />");
@ -95,13 +96,15 @@ class userlogin {
}
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 "))
{ // Banned user
define("LOGINMESSAGE", LAN_302."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
$this -> checkibr($fip);
return FALSE;
define("LOGINMESSAGE", LAN_302."<br /><br />");
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User is banned: '.$tp -> toDB($username),FALSE,LOG_TO_ROLLING);
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
$this -> checkibr($fip);
return FALSE;
}
else
{ // User is OK as far as core is concerned
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
$ret = $e_event->trigger("preuserlogin", $username);
if ($ret!='')
{
@ -189,15 +192,19 @@ class userlogin {
}
}
function checkibr($fip) {
global $sql, $pref, $tp;
if($pref['autoban'] == 1 || $pref['autoban'] == 3){ // Flood + Login or Login Only.
$fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='$fip' AND gen_type='failed_login' ");
if($fails > 10) {
$sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' ");
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
}
function checkibr($fip)
{
global $sql, $pref, $tp, $e107;
if($pref['autoban'] == 1 || $pref['autoban'] == 3)
{ // Flood + Login or Login Only.
$fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$fip}' AND gen_type='failed_login' ");
if($fails > 10)
{
$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
// $sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' ");
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
}
}
}
function update_xup($user_id, $user_xup = "") {

30
e107_languages/English/admin/help/banlist.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/help/banlist.php,v $
| $Revision: 1.2 $
| $Date: 2007-02-11 10:33:36 $
| $Revision: 1.3 $
| $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -20,6 +20,17 @@
if (!defined('e107_INIT')) { exit; }
$caption = "Banning users from your site";
if (e_QUERY) list($action,$junk) = explode('.',e_QUERY); else $action = 'list';
switch ($action)
{
case 'options' :
$text = "This page sets the default behaviour for various types of ban.<br />
If a message is specified, this will be shown to the user (where appropriate); otherwise they will most likely get a blank screen<br />
The ban will persist for the time specified; after which it will be cleared next time they access the site.";
break;
case 'edit' :
case 'add' :
$text = "You can ban users from your site at this screen.<br />
Either enter their full IP address or use a wildcard to ban a range of IP addresses. You can also enter an email address to stop a user registering as a member on your site.<br /><br />
<b>Banning by IP address:</b><br />
@ -29,6 +40,19 @@ Entering the IP address 123.123.123.* will stop anyone in that IP range from vis
Entering the email address foo@bar.com will stop anyone using that email address from registering as a member on your site.<br />
Entering the email address *@bar.com will stop anyone using that email domain from registering as a member on your site.<br /><br />
<b>Banning by user name</b><br />
This is done from the user administration page.";
This is done from the user administration page.<br /><br />";
break;
case 'list' :
default :
$text = "This page shows a list of all IP addresses, hostnames and email addresses which are banned.
(Banned users are shown on the user administration page)<br /><br />
<b>Automatic Bans</b><br />
E107 automatically bans individual IP addresses if they attempt to flood the site, as well as addresses with failed logins.<br />
These bans also appear in this list. You can select (on the options page) what to do for each type of ban.<br /><br />
<b>Removing a ban</b><br />
You can set an expiry period for each type of ban, in which case the entry is removed once the ban period expires. Otherwise the
ban remains until you remove it.<br />
You can modify the ban period from this page - times are calculated from now.";
}
$ns -> tablerender($caption, $text);
?>

59
e107_languages/English/admin/lan_banlist.php
View File

@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_banlist.php,v $
| $Revision: 1.2 $
| $Date: 2007-02-11 10:33:36 $
| $Revision: 1.3 $
| $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -19,7 +19,60 @@ define("BANLAN_8", "Ban Address");
define("BANLAN_9", "Ban users from site by email, IP or host address");
define("BANLAN_10", "IP / Email / Reason");
define("BANLAN_11", "Auto-ban: More than 10 failed login attempts");
define("BANLAN_12", "Note: Reverse DNS is currently disabled, it must be enabled to allow banning by host. Banning by IP and email will still function normally.");
define("BANLAN_12", "Note: Reverse DNS is currently disabled; it must be enabled to allow banning by host. Banning by IP and email address will still function normally.");
define("BANLAN_13", "Note: To ban a user by user name, go to the users admin page: ");
define('BANLAN_14','Ban List');
define('BANLAN_15','Options');
define('BANLAN_16','Banning');
define('BANLAN_17','Ban Date');
define('BANLAN_18','Ban expires');
define('BANLAN_19','Notes');
define('BANLAN_20','Type');
define('BANLAN_21','Never');
define('BANLAN_22','Unknown');
define('BANLAN_23','day(s)');
define('BANLAN_24','hours');
define('BANLAN_25','Add an entry');
define('BANLAN_26','Currently ');
define('BANLAN_27','Invalid characters in IP address stripped - now:');
define('BANLAN_28','Ban type');
define('BANLAN_29','Message to show');
define('BANLAN_30','Ban duration');
define('BANLAN_31','(Use an empty message if you wish the user to get a blank screen)');
define('BANLAN_32','Indefinite');
define('BANLAN_33','Settings Updated');
define('BANLAN_34','Expired');
define('BANLAN_35','');
define('BANLAN_36','');
define('BANLAN_37','');
define('BANLAN_38','');
define('BANLAN_39','');
define('BANLAN_40','');
// Ban types - block reserved 100-109
define('BANLAN_100', 'Unknown');
define('BANLAN_101','Manual');
define('BANLAN_102','Flood');
define('BANLAN_103','Hit count');
define('BANLAN_104', 'Login failure');
define('BANLAN_105', 'Imported');
define('BANLAN_106', 'User');
define('BANLAN_107', 'Unknown');
define('BANLAN_108', 'Unknown');
define('BANLAN_109', 'Unknown');
// Detailed explanations for ban types - block reserved 110-119
define('BANLAN_110', 'Most likely a ban that was imposed before E107 was upgraded to 0.8');
define('BANLAN_111', 'Entered by an admin');
define('BANLAN_112', 'Attempts to update the site too fast');
define('BANLAN_113', 'Attempts to access the site too frequently from the same address');
define('BANLAN_114', 'Multiple failed login attempts from the same user');
define('BANLAN_115', 'Added from an external list');
define('BANLAN_116', 'IP address banned on account of user ban');
define('BANLAN_117', 'Spare reason');
define('BANLAN_118', 'Spare reason');
define('BANLAN_119', 'Spare reason');
define('BANLAN_120', 'Unknown');
?>

46
e107_languages/English/admin/lan_users.php
View File

@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_users.php,v $
| $Revision: 1.6 $
| $Date: 2007-09-28 20:50:21 $
| $Revision: 1.7 $
| $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -133,35 +133,10 @@ define("USRLAN_135", "No IP address found in user's info; IP not banned");
define("USRLAN_136", "Multiple users found with IP address of {IP}; IP not banned.");
define("USRLAN_137", "Users IP address of {IP} banned.");
define("USRLAN_138", "Unverified users");
define("USRLAN_139", "Your account has been activated.\n\nYou can visit {SITEURL} and log into the site using the login information you provided.");
define("USRLAN_140", "Email Re-sent to");
define("USRLAN_141", "Failed to Re-send email to");
define("USRLAN_142", "with the following activation link");
define("USRLAN_143", "Check For Bounces");
define("USRLAN_144", "Resend Confirmation Email to All");
define("USRLAN_145", "Bounced users");
define("USRLAN_146", "Member information is available to");
define("USRLAN_147", "Email address is already used by a banned user");
define("USRLAN_148", "Email address is banned");
define("USRLAN_149", "Delete checked emails");
define("USRLAN_150", "Delete all emails");
define("USRLAN_151", "Clear bounce, require Activation");
define("USRLAN_152", "Clear bounce and Activate");
define("USRLAN_153", "Delete non-bounce emails");
define("USRLAN_154", "Clear email for checked");
define("USRLAN_155", "Total {TOTAL} emails found. {DELCOUNT} deleted through options.<br />{DELUSER} users marked as 'bounced' (out of {FOUND} emails)");
define("LAN_MAINADMIN","Main Admin");
define("LAN_ADMIN","Admin");
define("LAN_NOTVERIFIED","Not Verified");
define("LAN_BANNED","Banned");
define("LAN_BOUNCED","Bounced");
define("DUSRLAN_1", "ID");
define("DUSRLAN_2", "Display Name");
@ -201,4 +176,21 @@ define("DUSRLAN_35", "Picture");
define("DUSRLAN_36", "Password Change");
define("DUSRLAN_37", "XUP");
define("USRLAN_138", "Unverified users");
define("USRLAN_139", "Your account has been activated.\n\nYou can visit {SITEURL} and log into the site using the login information you provided.");
define("USRLAN_140", "Email Re-sent to");
define("USRLAN_141", "Failed to Re-send email to");
define("USRLAN_142", "with the following activation link");
define("LAN_BOUNCED","Bounced");
define("USRLAN_143", "Check For Bounces");
define("USRLAN_144", "Resend Confirmation Email to All");
define("USRLAN_145", "Bounced users");
define("USRLAN_146", "Member information is available to");
define("USRLAN_147", "Email address is already used by a banned user");
define("USRLAN_148", "Email address is banned");
define('USRLAN_149', "User banned: ");
?>

118
signup.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/signup.php,v $
| $Revision: 1.11 $
| $Date: 2007-10-11 19:46:29 $
| $Revision: 1.12 $
| $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -40,7 +40,9 @@ include_once(e_FILE."shortcode/batch/signup_shortcodes.php");
$signup_imagecode = ($pref['signcode'] && extension_loaded("gd"));
// Resend Activation Email ------------------------------------------->
//-------------------------------
// Resend Activation Email
//-------------------------------
if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
{
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE);
@ -273,7 +275,9 @@ if(USER)
exit;
}
// After clicking the activation link -------------------------
//----------------------------------------
// After clicking the activation link
//----------------------------------------
if (e_QUERY)
{
$qs = explode(".", e_QUERY);
@ -303,19 +307,30 @@ if (e_QUERY)
$e107cache->clear("online_menu_totals");
if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' "))
{
if ($row = $sql->db_Fetch())
if ($row = $sql->db_Fetch())
{
// Set initial classes, and any which the user can opt to join
$init_classes = '';
if ($pref['init_class_stage'] == '2')
{
$sql->db_Update("user", "user_ban='0', user_sess='' WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
$e_event->trigger("userveri", $row);
require_once(HEADERF);
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
$ns->tablerender(LAN_402, $text);
require_once(FOOTERF);
exit;
$init_classes = explode(',',varset($pref['initial_user_classes'],''));
if ($init_classes)
{ // Update the user classes
$row['user_class'] = $tp->toDB(implode(',',array_unique(array_merge($init_classes, explode(',',$row['user_class'])))));
$init_classes = ", user_class='".$row['user_class']."' ";
}
}
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
$e_event->trigger("userveri", $row);
require_once(HEADERF);
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
$ns->tablerender(LAN_402, $text);
require_once(FOOTERF);
exit;
}
}
else
{
{ // Invalid activation code
header("location: ".e_BASE."index.php");
exit;
}
@ -323,6 +338,9 @@ if (e_QUERY)
}
//----------------------------------------
// Initial signup (registration)
//----------------------------------------
if (isset($_POST['register']))
{
$_POST['xupexist'] = trim(varset($_POST['xupexist'],''));
@ -485,7 +503,7 @@ global $db_debug;
$email_confirm = "";
$email_address_OK = FALSE;
}
// Always validate an email address if entered. If its blank, that's OK if checking disabled
$_POST['email'] = $tp->toDB(trim(varset($_POST['email'],'')));
$do_email_validate = !varset($pref['disable_emailcheck'],FALSE) || ($_POST['email'] !='');
@ -535,12 +553,15 @@ global $db_debug;
// Check Email against banlist.
$wc = $tp -> toDB("*".trim(substr($_POST['email'], strpos($_POST['email'], "@"))));
if ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'"))
// if ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'"))
if ($do_email_validate && !$e107->check_ban("banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'",FALSE,TRUE))
{
$email_address_OK = FALSE;
$brow = $sql -> db_Fetch();
$error = TRUE;
if($brow['banlist_reason'])
$error_message = varsettrue($pref['ban_messages'][$row['banlist_bantype']]);
if (!$error_message) exit;
/* if($brow['banlist_reason'])
{
$repl = array("\n","\r","<br />");
$error_message = str_replace($repl,"\\n",$tp->toHTML($brow['banlist_reason'],"","nobreak, defs"))."\\n";
@ -550,7 +571,7 @@ global $db_debug;
{
exit;
}
}
*/ }
// Check email address on remote server (if enabled) - but only if previous checks passed.
if ($do_email_validate && $email_address_OK && varsettrue($pref['signup_remote_emailcheck']) && $error != TRUE)
@ -576,19 +597,19 @@ global $db_debug;
// Check for Duplicate Email address - but only if previous checks passed.
if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' "))
{
$chk = $sql -> db_Fetch();
$chk = $sql -> db_Fetch();
if($chk['user_ban']== 2 && $chk['user_sess'])
{ // duplicate because unactivated
$error = TRUE;
header("Location: ".e_BASE."signup.php?resend");
exit;
$error = TRUE;
header("Location: ".e_BASE."signup.php?resend");
exit;
}
else
{
$email_address_OK = FALSE;
$error_message .= LAN_408."\\n";
$error = TRUE;
}
$error_message .= LAN_408."\\n";
$error = TRUE;
}
}
// Extended Field validation
@ -630,10 +651,11 @@ global $db_debug;
if($error_message)
{
message_handler("P_ALERT", $error_message);
message_handler("P_ALERT", $error_message);
}
// ========== End of verification.. ====================================================
// ========== End of verification.. ==============
// If no errors, we can enter the new member in the DB
if (!$error)
{
@ -646,7 +668,7 @@ global $db_debug;
if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1'"))
{
exit;
exit;
}
$username = $tp -> toDB(strip_tags($_POST['name']));
@ -664,7 +686,8 @@ global $db_debug;
}
$u_key = md5(uniqid(rand(), 1));
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$_POST['email']."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
// ************* Possible class insert
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$tp -> toDB($_POST['email'])."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
if(!$nid)
{
require_once(HEADERF);
@ -674,16 +697,16 @@ global $db_debug;
if ($pref['user_reg_veri'])
{
// ==== Update Userclass =======>
{ // Verification required (may be by email or by admin)
if ($_POST['class'])
{
unset($insert_class);
sort($_POST['class']);
$insert_class = implode(",",$_POST['class']);
$sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' ");
}
// Set initial classes, and any which the user can opt to join
$init_classes = array();
if ($pref['init_class_stage'] == '1') $init_classes = explode(',',varset($pref['initial_user_classes'],''));
if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class']));
if (count($init_classes))
{
$sql->db_Update("user", "user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id='".$nid."' ");
}
// ========= save extended fields into db table. =====
@ -737,7 +760,7 @@ global $db_debug;
exit;
}
else
{
{ // User can be signed up immediately
require_once(HEADERF);
if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".md5($_POST['password1'])."'"))
@ -746,18 +769,17 @@ global $db_debug;
require_once(FOOTERF);
exit;
}
$sql->db_Update("user", "user_ban = '0' WHERE user_id = '{$nid}'");
// ==== Update Userclass =======
if ($_POST['class'])
{
unset($insert_class);
sort($_POST['class']);
$insert_class = implode(",",$_POST['class']);
$sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' ");
}
// Set initial classes, and any which the user can opt to join
$init_classes = explode(',',varset($pref['initial_user_classes'],''));
if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class']));
// Set member as registered, update classes
$sql->db_Update("user", "user_ban = '0', user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id = '{$nid}'");
// ======== save extended fields to DB table.
if($ue_fields)
{
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')");