1
0
mirror of https://github.com/e107inc/e107.git synced 2025-10-24 19:26:21 +02:00

Update banlist handling

This commit is contained in:
e107steved
2007-12-09 16:42:23 +00:00
parent acc7538c0a
commit 298202106c
12 changed files with 891 additions and 345 deletions

View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/class2.php,v $ | $Source: /cvs_backup/e107_0.8/class2.php,v $
| $Revision: 1.31 $ | $Revision: 1.32 $
| $Date: 2007-11-13 07:25:54 $ | $Date: 2007-12-09 16:42:21 $
| $Author: e107coders $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
// //
@@ -1059,13 +1059,13 @@ function save_prefs($table = 'core', $uid = USERID, $row_val = '')
{ {
if ($row_val == '') if ($row_val == '')
{ // Save old version as a backup first { // Save old version as a backup first
$sql->db_Select_gen("REPLACE INTO #core (e107_name,e107_value) values ('SitePrefs_Backup', '".addslashes($PrefCache)."') "); $sql->db_Select_gen("REPLACE INTO `#core` (e107_name,e107_value) values ('SitePrefs_Backup', '".addslashes($PrefCache)."') ");
// Now save the updated values // Now save the updated values
// traverse the pref array, with toDB on everything // traverse the pref array, with toDB on everything
$_pref = $tp -> toDB($pref, true, true); $_pref = $tp -> toDB($pref, true, true);
// Create the data to be stored // Create the data to be stored
$sql->db_Select_gen("REPLACE INTO #core (e107_name,e107_value) values ('SitePrefs', '".$eArrayStorage->WriteArray($_pref)."') "); $sql->db_Select_gen("REPLACE INTO `#core` (e107_name,e107_value) values ('SitePrefs', '".$eArrayStorage->WriteArray($_pref)."') ");
ecache::clear('SitePrefs'); ecache::clear('SitePrefs');
} }
} }
@@ -1168,12 +1168,15 @@ class e_online {
$row['online_pagecount'] = 1; $row['online_pagecount'] = 1;
} }
if ($row['online_pagecount'] > $online_bancount && ($row['online_ip'] != "127.0.0.1")) { if ($row['online_pagecount'] > $online_bancount && ($row['online_ip'] != "127.0.0.1"))
$sql->db_Insert("banlist", "'{$ip}', '0', 'Hit count exceeded ({$row['online_pagecount']} requests within allotted time)' "); {
// $sql->db_Insert("banlist", "'{$ip}', '0', 'Hit count exceeded ({$row['online_pagecount']} requests within allotted time)' ");
$e107->add_ban(2,"Hit count exceeded ({$row['online_pagecount']} requests within allotted time)",$ip,0);
$e_event->trigger("flood", $ip); $e_event->trigger("flood", $ip);
exit; exit;
} }
if ($row['online_pagecount'] >= $online_warncount && $row['online_ip'] != "127.0.0.1") { if ($row['online_pagecount'] >= $online_warncount && $row['online_ip'] != "127.0.0.1")
{
echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>".LAN_WARNING."</b><br /><br />".CORE_LAN6."<br /></div>"; echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>".LAN_WARNING."</b><br /><br />".CORE_LAN6."<br /></div>";
exit; exit;
} }
@@ -1310,7 +1313,14 @@ function init_session() {
$currentUser['user_realname'] = $result['user_login']; // Used by force_userupdate $currentUser['user_realname'] = $result['user_login']; // Used by force_userupdate
define("USERLV", $result['user_lastvisit']); define("USERLV", $result['user_lastvisit']);
if ($result['user_ban'] == 1) { exit; } if ($result['user_ban'] == 1)
{
if (isset($pref['ban_messages']))
{
echo $tp->toHTML(varsettrue($pref['ban_messages'][6])); // Show message if one set
}
exit;
}
$user_pref = ($result['user_prefs']) ? unserialize($result['user_prefs']) : ''; $user_pref = ($result['user_prefs']) ? unserialize($result['user_prefs']) : '';

View File

@@ -11,84 +11,278 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_admin/banlist.php,v $ | $Source: /cvs_backup/e107_0.8/e107_admin/banlist.php,v $
| $Revision: 1.2 $ | $Revision: 1.3 $
| $Date: 2007-02-11 10:33:28 $ | $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
define('BAN_TIME_FORMAT',"%d-%m-%Y %H:%M");
define('BAN_REASON_COUNT',7); // Update as more ban reasons added (max 10 supported)
require_once("../class2.php"); require_once("../class2.php");
if (!getperms("4")) { if (!getperms("4"))
header("location:".e_BASE."index.php"); {
exit; header("location:".e_BASE."index.php");
exit;
} }
$e_sub_cat = 'banlist'; $e_sub_cat = 'banlist';
require_once("auth.php"); require_once("auth.php");
require_once(e_HANDLER."form_handler.php"); require_once(e_HANDLER."form_handler.php");
$rs = new form; $rs = new form;
if (e_QUERY) { $action = 'list';
$tmp = explode("-", e_QUERY); if (e_QUERY)
$action = $tmp[0]; {
$sub_action = $tmp[1]; $tmp = explode("-", e_QUERY); // Use '-' instead of '.' to avoid confusion with IP addresses
$id = $tmp[2]; $action = $tmp[0];
unset($tmp); $sub_action = varset($tmp[1],'');
if ($sub_action) $sub_action = preg_replace("/[^\w@\.]*/",'',urldecode($sub_action));
$id = intval(varset($tmp[2],0));
unset($tmp);
} }
$_POST['ban_ip'] = trim($_POST['ban_ip']);
if (isset($_POST['add_ban']) && $_POST['ban_ip'] != "" && strpos($_POST['ban_ip'], ' ') === false) { if (varsettrue($imode))
$_POST['ban_reason'] = $tp->toDB($_POST['ban_reason']); {
admin_update($sql -> db_Insert("banlist", "'".$_POST['ban_ip']."', '".ADMINID."', '".$_POST['ban_reason']."'"), 'insert'); $images_path = e_IMAGE.'packs/'.$imode.'/admin_images/';
unset($ban_ip); }
else
{
$images_path = e_IMAGE.'admin_images/';
} }
if (isset($_POST['update_ban']) && $_POST['ban_ip'] != "" && strpos($_POST['ban_ip'], ' ') === false) {
$_POST['ban_reason'] = $tp->toDB($_POST['ban_reason']); if (isset($_POST['update_ban_prefs']))
admin_update($sql -> db_Update("banlist", "banlist_ip='".$_POST['ban_ip']."', banlist_admin=".ADMINID.", banlist_reason='".$_POST['ban_reason']."' WHERE banlist_ip='".$_POST['old_ip']."'")); {
unset($ban_ip); for ($i = 0; $i < BAN_REASON_COUNT; $i++)
{
$pref['ban_messages'][$i] = $tp->toDB(varset($_POST['ban_text'][$i],''));
$pref['ban_durations'][$i] = intval(varset($_POST['ban_time'][$i],0));
}
save_prefs();
$ns->tablerender(BANLAN_9, "<div style='text-align:center'>".BANLAN_33.'</div>');
} }
if ($action == "remove" && isset($_POST['ban_secure'])) {
$sql -> db_Delete("generic", "gen_type='failed_login' AND gen_ip='$sub_action'");
admin_update($sql -> db_Delete("banlist", "banlist_ip='$sub_action'"), 'delete');
}
if ($action == "edit") {
$sql->db_Select("banlist", "*", "banlist_ip='$sub_action'"); if (isset($_POST['ban_ip']))
$row = $sql->db_Fetch(); {
extract($row); $_POST['ban_ip'] = trim($_POST['ban_ip']);
} else { $new_ban_ip = preg_replace("/[^\w@\.]*/",'',urldecode($_POST['ban_ip']));
unset($banlist_ip, $banlist_reason); if ($new_ban_ip != $_POST['ban_ip'])
if (e_QUERY && strpos($_SERVER["HTTP_REFERER"], "userinfo")) { {
$banlist_ip = $action; $message = BANLAN_27.$new_ban_ip;
$ns->tablerender(BANLAN_9, $message);
$_POST['ban_ip'] = $new_ban_ip;
}
if ((isset($_POST['add_ban']) || isset($_POST['update_ban'])) && $_POST['ban_ip'] != "" && strpos($_POST['ban_ip'], ' ') === false)
{
$new_vals = array('banlist_ip' => $_POST['ban_ip']);
if (isset($_POST['add_ban']))
{
$new_vals['banlist_datestamp'] = time();
$new_vals['banlist_bantype'] = 1; // Manual ban
} }
$new_vals['banlist_admin'] = ADMINID;
if (varsettrue($_POST['ban_reason'])) $new_vals['banlist_reason'] =$tp->toDB($_POST['ban_reason']);
$new_vals['banlist_notes'] = $tp->toDB($_POST['ban_notes']);
if (isset($_POST['ban_time']) && is_numeric($_POST['ban_time']))
{
$bt = intval($_POST['ban_time']);
$new_vals['banlist_banexpires'] = $bt ? time() + ($bt*60*60) : 0;
}
if (isset($_POST['add_ban']))
{ // Insert new value - can just pass an array
admin_update($sql -> db_Insert("banlist",$new_vals), 'insert');
}
else
{ // Update existing value
$qry = '';
$spacer = '';
foreach ($new_vals as $k => $v)
{
$qry .= $spacer."`{$k}`='$v'";
$spacer = ', ';
}
admin_update($sql -> db_Update("banlist", $qry." WHERE banlist_ip='".$_POST['old_ip']."'"));
}
unset($ban_ip);
}
} }
// Remove a ban
if ($action == "remove" && isset($_POST['ban_secure']))
//if ($action == "remove")
{
$sql -> db_Delete("generic", "gen_type='failed_login' AND gen_ip='{$sub_action}'");
admin_update($sql -> db_Delete("banlist", "banlist_ip='{$sub_action}'"), 'delete');
}
// Update the ban expiry time/date - timed from now
if ($action == 'newtime')
{
$end_time = $id ? time() + ($id*60*60) : 0;
admin_update($sql -> db_Update("banlist", "banlist_banexpires='".intval($end_time)."' WHERE banlist_ip='".$sub_action."'"));
$action = 'list';
}
if ($action == "edit")
{
$sql->db_Select("banlist", "*", "banlist_ip='{$sub_action}'");
$row = $sql->db_Fetch();
extract($row);
}
else
{
unset($banlist_ip, $banlist_reason);
if (e_QUERY && ($action == 'add') && strpos($_SERVER["HTTP_REFERER"], "userinfo"))
{
$banlist_ip = $sub_action;
}
}
function ban_time_dropdown($click_js = '', $zero_text=BANLAN_21, $curval=-1,$drop_name='ban_time')
{
$intervals = array(0,1,2,3,6,8,12,24,36,48,72,96,120,168,336,672);
$ret = "<select name='{$drop_name}' class='tbox' {$click_js}>\n";
$ret .= "<option value=''>&nbsp;</option>\n";
foreach ($intervals as $i)
{
$selected = ($curval == $i) ? " selected='selected'" : '';
if ($i == 0)
{
$words = $zero_text ? $zero_text : BANLAN_21;
}
elseif (($i % 24) == 0)
{
$words = floor($i / 24).' '.BANLAN_23;
}
else
{
$words = $i.' '.BANLAN_24;
}
$ret .= "<option value='{$i}'{$selected}>{$words}</option>\n";
}
$ret .= '</select>';
return $ret;
}
$text = ""; $text = "";
switch ($action)
{
$text .= "<div style='text-align:center'> case 'options' :
<form method='post' action='".e_SELF."'> if ((!isset($pref['ban_messages'])) || !is_array($pref['ban_messages']))
<table style='".ADMIN_WIDTH."' class='fborder'> {
$pref['ban_messages'] = array_fill(0,BAN_REASON_COUNT-1,'');
}
if ((!isset($pref['ban_durations'])) || !is_array($pref['ban_durations']))
{
$pref['ban_durations'] = array_fill(0,BAN_REASON_COUNT-1,0);
}
$text = $rs->form_open("post", e_SELF.'?'.e_QUERY, "ban_options")."<div style='text-align:center'>";
if (!$ban_total = $sql->db_Select("banlist","*","ORDER BY banlist_ip","nowhere"))
{
$text .= "<div style='text-align:center'>".BANLAN_2."</div>";
}
else
{
$text .= "<table class='fborder' style='".ADMIN_WIDTH."'>
<colgroup>
<col style='width:20%' />
<col style='width:70%' />
<col style='width:10%' />
</colgroup>
<tr>
<td class='fcaption'>".BANLAN_28."</td>
<td class='fcaption' style='text-align:center'>".BANLAN_29."<br /><span class='smallblacktext'>".BANLAN_31."</span></td>
<td class='fcaption'>".BANLAN_30."</td>
</tr>";
for ($i = 0; $i < BAN_REASON_COUNT; $i++)
{
$text .= "<tr>
<td class='forumheader3'><a title='".constant('BANLAN_11'.$i)."'>".constant('BANLAN_10'.$i)."</a></td>
<td class='forumheader3'>
<textarea class='tbox' name='ban_text[]' cols='50' rows='4'>{$pref['ban_messages'][$i]}</textarea>
</td>
<td class='forumheader3'>".ban_time_dropdown('',BANLAN_32,$pref['ban_durations'][$i],'ban_time[]')."</td>
";
}
$text .= "<tr><td class='forumheader3' colspan='3' style='text-align:center'><input class='button' type='submit' name='update_ban_prefs' value='".LAN_UPDATE."' /></td></tr>
</table>\n";
}
$text .= "</div>".$rs->form_close();
$ns->tablerender(BANLAN_3, $text);
break;
<tr> case 'edit' :
<td style='width:30%' class='forumheader3'>".BANLAN_5.": {$rdns_warn}</td> case 'add' :
<td style='width:70%' class='forumheader3'> $rdns_warn = varsettrue($pref['enable_rdns']) ? '' : '<br />'.BANLAN_12;
<input class='tbox' type='text' name='ban_ip' size='40' value='".$banlist_ip."' maxlength='200' /> // Edit/add form first
</td> $text .= "<div style='text-align:center'>
</tr> <form method='post' action='".e_SELF."'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<tr>
<td style='width:30%' class='forumheader3'>".BANLAN_5.": </td>
<td style='width:70%' class='forumheader3'>
<input class='tbox' type='text' name='ban_ip' size='40' value='".$banlist_ip."' maxlength='200' />{$rdns_warn}
</td>
</tr>";
<tr> if (($action == 'add') || ($banlist_bantype <= 1))
<td style='width:20%' class='forumheader3'>".BANLAN_7.": </td> { // Its a manual or unknown entry - only allow edit of reason on those
<td style='width:80%' class='forumheader3'> $text .= "
<textarea class='tbox' name='ban_reason' cols='50' rows='4'>$banlist_reason</textarea> <tr>
</td> <td style='width:20%' class='forumheader3'>".BANLAN_7.": </td>
</tr> <td style='width:80%' class='forumheader3'>
<textarea class='tbox' name='ban_reason' cols='50' rows='4'>{$banlist_reason}</textarea>
</td>
</tr>";
}
else
{
$text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_7.": </td>
<td style='width:80%' class='forumheader3'>{$banlist_reason}</td>
</tr>";
}
<tr style='vertical-align:top'> if ($action == 'edit')
<td colspan='2' style='text-align:center' class='forumheader'>". {
($action == "edit" ? "<input type='hidden' name='old_ip' value='$banlist_ip' /><input class='button' type='submit' name='update_ban' value='".LAN_UPDATE."' />" : "<input class='button' type='submit' name='add_ban' value='".BANLAN_8."' />")." $text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_28.": </td>
<td style='width:80%' class='forumheader3'>".constant('BANLAN_10'.$banlist_bantype)." - ".constant('BANLAN_11'.$banlist_bantype)."</td>
</tr>";
}
$text .= "
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_19.": </td>
<td style='width:80%' class='forumheader3'>
<textarea class='tbox' name='ban_notes' cols='50' rows='4'>{$banlist_notes}</textarea>
</td>
</tr>
<tr>
<td style='width:20%' class='forumheader3'>".BANLAN_18.": </td>
<td style='width:80%' class='forumheader3'>".ban_time_dropdown().
(($action == 'edit') ? '&nbsp;&nbsp;&nbsp;('.BANLAN_26.($banlist_banexpires ? strftime(BAN_TIME_FORMAT,$banlist_banexpires) : BANLAN_21).')' : '').
"</td>
</tr>
<tr style='vertical-align:top'>
<td colspan='2' style='text-align:center' class='forumheader'>".
($action == "edit" ? "<input type='hidden' name='old_ip' value='{$banlist_ip}' /><input class='button' type='submit' name='update_ban' value='".LAN_UPDATE."' />" : "<input class='button' type='submit' name='add_ban' value='".BANLAN_8."' />")."
</td> </td>
</tr> </tr>
@@ -96,37 +290,91 @@ $text .= "<div style='text-align:center'>
</form> </form>
</div>"; </div>";
$text .= "<div style='text-align:center'><br />".BANLAN_13."<a href='".e_ADMIN."users.php'><img src='".e_IMAGE."admin_images/users_16.png' alt='' /></a></div>"; $text .= "<div style='text-align:center'><br />".BANLAN_13."<a href='".e_ADMIN."users.php'><img src='".$images_path."users_16.png' alt='' /></a></div>";
if(!varsettrue($pref['enable_rdns'])) if(!varsettrue($pref['enable_rdns']))
{ {
$text .= "<div style='text-align:center'><br />".BANLAN_12."</div>"; $text .= "<div style='text-align:center'><br />".BANLAN_12."</div>";
} }
$ns->tablerender(BANLAN_9, $text);
break; // End of 'Add' and 'Edit'
$ns->tablerender(BANLAN_9, $text); case 'list' :
default :
if ($action != "edit") { $text = $rs->form_open("post", e_SELF, "ban_form")."<div style='text-align:center'>".$rs->form_hidden("ban_secure", "1");
$text = $rs->form_open("post", e_SELF, "ban_form")."<div style='text-align:center'>".$rs->form_hidden("ban_secure", "1"); if (!$ban_total = $sql->db_Select("banlist","*","ORDER BY banlist_ip","nowhere"))
if (!$ban_total = $sql->db_Select("banlist","*","ORDER BY banlist_ip","nowhere")) { {
$text .= "<div style='text-align:center'>".BANLAN_2."</div>"; $text .= "<div style='text-align:center'>".BANLAN_2."</div>";
} else { }
else
{
$text .= "<table class='fborder' style='".ADMIN_WIDTH."'> $text .= "<table class='fborder' style='".ADMIN_WIDTH."'>
<colgroup>
<col style='width:10%' />
<col style='width:5%' />
<col style='width:35%' />
<col style='width:30%' />
<col style='width:10%' />
<col style='width:10%' />
</colgroup>
<tr> <tr>
<td style='width:70%' class='fcaption'>".BANLAN_10."</td> <td class='fcaption'>".BANLAN_17."</td>
<td style='width:30%' class='fcaption'>".LAN_OPTIONS."</td> <td class='fcaption'>".BANLAN_20."</td>
<td class='fcaption'>".BANLAN_10."</td>
<td class='fcaption'>".BANLAN_19."</td>
<td class='fcaption'>".BANLAN_18."</td>
<td class='fcaption'>".LAN_OPTIONS."</td>
</tr>"; </tr>";
$count = 0; $count = 0;
while ($row = $sql->db_Fetch()) { while ($row = $sql->db_Fetch())
extract($row); {
$banlist_reason = str_replace("LAN_LOGIN_18", BANLAN_11, $banlist_reason); extract($row);
$text .= "<tr><td style='width:70%' class='forumheader3'>$banlist_ip<br />".BANLAN_7.": $banlist_reason</td> $banlist_reason = str_replace("LAN_LOGIN_18", BANLAN_11, $banlist_reason);
<td style='width:30%; text-align:center' class='forumheader3'>".$rs->form_button("submit", "main_edit_$count", LAN_EDIT, "onclick=\"document.getElementById('ban_form').action='".e_SELF."?edit-$banlist_ip'\"").$rs->form_button("submit", "main_delete_$count", BANLAN_4, "onclick=\"document.getElementById('ban_form').action='".e_SELF."?remove-$banlist_ip'\"")."</td>\n</tr>"; $text .= "<tr>
<td class='forumheader3'>".($banlist_datestamp ? strftime(BAN_TIME_FORMAT,$banlist_datestamp) : BANLAN_22 )."</td>
<td class='forumheader3'><a title='".constant('BANLAN_11'.$banlist_bantype)."'>".constant('BANLAN_10'.$banlist_bantype)."</a></td>
<td class='forumheader3'>{$banlist_ip}<br />".BANLAN_7.": {$banlist_reason}</td>
<td class='forumheader3'>{$banlist_notes}</td>
<td class='forumheader3'>".($banlist_banexpires ? strftime(BAN_TIME_FORMAT,$banlist_banexpires).(($banlist_banexpires < time()) ? ' ('.BANLAN_34.')' : '')
: BANLAN_21)."<br />
".ban_time_dropdown("onchange=\"urljump('".e_SELF."?newtime-{$banlist_ip}-'+this.value)\"")."</td>
<td style='width:30%; text-align:center' class='forumheader3'>
<a href='".e_SELF."?edit-{$banlist_ip}'><img src='".$images_path."edit_16.png' alt='".LAN_EDIT."' title='".LAN_EDIT."' style='border:0px' /></a>
<input name='delete_ban_entry' type='image' src='".$images_path."delete_16.png' alt='".LAN_DELETE."' title='".LAN_DELETE."' style='border:0px'
onclick=\" var r = jsconfirm('".$tp->toJS(LAN_CONFIRMDEL." [".$banlist_ip."]")."');
if (r) { document.getElementById('ban_form').action='".e_SELF."?remove-{$banlist_ip}'; } return r; \" /></td>";
$count++; $count++;
} }
$text .= "</table>\n"; $text .= "</table>\n";
} }
$text .= "</div>".$rs->form_close(); $text .= "</div>".$rs->form_close();
$ns->tablerender(BANLAN_3, $text); $ns->tablerender(BANLAN_3, $text);
} // End of case 'list' and the default case
} // End switch ($action)
require_once("footer.php"); require_once("footer.php");
function banlist_adminmenu()
{
$action = (e_QUERY) ? e_QUERY : "list";
$var['list']['text'] = BANLAN_14; // List existing bans
$var['list']['link'] = e_SELF."?list";
$var['list']['perm'] = "W";
$var['add']['text'] = BANLAN_25; // Add a new ban
$var['add']['link'] = e_SELF."?add";
$var['add']['perm'] = "W";
if(getperms("0"))
{
$var['options']['text'] = BANLAN_15;
$var['options']['link'] = e_SELF."?options";
$var['options']['perm'] = "0";
}
show_admin_menu(BANLAN_16, $action, $var);
}
?> ?>

View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_admin/fla.php,v $ | $Source: /cvs_backup/e107_0.8/e107_admin/fla.php,v $
| $Revision: 1.1.1.1 $ | $Revision: 1.2 $
| $Date: 2006-12-02 04:33:22 $ | $Date: 2007-12-09 16:42:22 $
| $Author: mcfly_e107 $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
require_once("../class2.php"); require_once("../class2.php");
@@ -44,14 +44,15 @@ if(isset($_POST['delbanSubmit']))
$bancount = 0; $bancount = 0;
foreach($_POST['flaban'] as $ban) foreach($_POST['flaban'] as $ban)
{ {
if($sql -> db_Select("generic", "*", "gen_id=$ban")) if($sql -> db_Select("generic", "*", "gen_id={$ban}"))
{ {
$at = $sql -> db_Fetch(); $at = $sql -> db_Fetch();
$banlist_ip = $at['gen_ip']; $e107->add_ban(4,FLALAN_4,$at['gen_ip'],ADMINID);
$sql->db_Insert("banlist", "'$banlist_ip', '".ADMINID."', '".FLALAN_4."' "); // $banlist_ip = $at['gen_ip'];
$sql -> db_Delete("generic", "gen_id='$ban' "); // $sql->db_Insert("banlist", "'$banlist_ip', '".ADMINID."', '".FLALAN_4."' ");
$bancount ++; $sql -> db_Delete("generic", "gen_id='$ban' ");
} $bancount ++;
}
} }
$message .= ", ".FLALAN_5.": ".$bancount; $message .= ", ".FLALAN_5.": ".$bancount;
} }
@@ -83,7 +84,7 @@ if (isset($message)) {
$gen = new convert; $gen = new convert;
$fla_total = $sql->db_Count("generic", "(*)", "WHERE gen_type='failed_login'"); $fla_total = $sql->db_Count("generic", "(*)", "WHERE gen_type='failed_login'");
if(!$sql -> db_Select("generic", "*", "gen_type='failed_login' ORDER BY gen_datestamp DESC LIMIT $from,$amount")) if(!$sql -> db_Select("generic", "*", "gen_type='failed_login' ORDER BY gen_datestamp DESC LIMIT {$from},{$amount}"))
{ {
$text = "<div style='text-align: center;'>".FLALAN_2."</div>"; $text = "<div style='text-align: center;'>".FLALAN_2."</div>";
} }
@@ -113,8 +114,8 @@ else
<td style='width: 50%;' class='forumheader3'>".str_replace(":::", "<br />", htmlentities($gen_chardata, ENT_QUOTES, CHARSET))."</td> <td style='width: 50%;' class='forumheader3'>".str_replace(":::", "<br />", htmlentities($gen_chardata, ENT_QUOTES, CHARSET))."</td>
<td style='width: 20%;' class='forumheader'>".$fa['gen_ip']."<br />{$host}</td> <td style='width: 20%;' class='forumheader'>".$fa['gen_ip']."<br />{$host}</td>
<td style='width: 10%; text-align: left;' class='forumheader3'> <td style='width: 10%; text-align: left;' class='forumheader3'>
<input type='checkbox' name='fladelete[]' value='$gen_id' /> ".LAN_DELETE."<br /> <input type='checkbox' name='fladelete[]' value='{$gen_id}' /> ".LAN_DELETE."<br />
<input type='checkbox' name='flaban[]' value='$gen_id' /> ".LAN_BAN." <input type='checkbox' name='flaban[]' value='{$gen_id}' /> ".LAN_BAN."
</td> </td>
</tr> </tr>
"; ";

View File

@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_admin/userinfo.php,v $ | $Source: /cvs_backup/e107_0.8/e107_admin/userinfo.php,v $
| $Revision: 1.1.1.1 $ | $Revision: 1.2 $
| $Date: 2006-12-02 04:33:30 $ | $Date: 2007-12-09 16:42:22 $
| $Author: mcfly_e107 $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
require_once("../class2.php"); require_once("../class2.php");
@@ -40,7 +40,7 @@ if (isset($ipd)) {
$sql->db_Select("chatbox", "*", "cb_ip='$ipd' LIMIT 0,20"); $sql->db_Select("chatbox", "*", "cb_ip='$ipd' LIMIT 0,20");
$host = $e107->get_host_name($ipd); $host = $e107->get_host_name($ipd);
$text = USFLAN_3." <b>".$ipd."</b> [ ".USFLAN_4.": $host ]<br /> $text = USFLAN_3." <b>".$ipd."</b> [ ".USFLAN_4.": $host ]<br />
<i><a href=\"banlist.php?".$ipd."\">".USFLAN_5."</a></i> <i><a href=\"banlist.php?add-".$ipd."\">".USFLAN_5."</a></i>
<br /><br />"; <br /><br />";
while (list($cb_id, $cb_nick, $cb_message, $cb_datestamp, $cb_blocked, $cb_ip ) = $sql->db_Fetch()) { while (list($cb_id, $cb_nick, $cb_message, $cb_datestamp, $cb_blocked, $cb_ip ) = $sql->db_Fetch()) {

View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $ | $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $
| $Revision: 1.7 $ | $Revision: 1.8 $
| $Date: 2007-11-01 22:01:38 $ | $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -153,7 +153,8 @@ if (isset($_POST['update_options']))
// ------- Prune Users. -------------- // ------- Prune Users. --------------
if (isset($_POST['prune'])) { if (isset($_POST['prune']))
{
$e107cache->clear("online_menu_member_total"); $e107cache->clear("online_menu_member_total");
$e107cache->clear("online_menu_member_newest"); $e107cache->clear("online_menu_member_newest");
$text = USRLAN_56." "; $text = USRLAN_56." ";
@@ -211,11 +212,11 @@ if (isset($_POST['adduser'])) {
if ($sql->db_Count("user", "(*)", "WHERE user_email='".$_POST['email']."' AND user_ban='1' ")) { if ($sql->db_Count("user", "(*)", "WHERE user_email='".$_POST['email']."' AND user_ban='1' ")) {
message_handler("P_ALERT", USRLAN_147); message_handler("P_ALERT", USRLAN_147);
$error = TRUE; $error = TRUE;
} }
if ($sql->db_Count("banlist", "(*)", "WHERE banlist_ip='".$_POST['email']."'")) { if ($sql->db_Count("banlist", "(*)", "WHERE banlist_ip='".$_POST['email']."'")) {
message_handler("P_ALERT", USRLAN_148); message_handler("P_ALERT", USRLAN_148);
$error = TRUE; $error = TRUE;
} }
if (!$error) { if (!$error) {
@@ -270,8 +271,9 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "ban")
} }
else else
{ {
$sql -> db_Insert("banlist", "'".$row['user_ip']."', '".USERID."', '".$row['user_name']."' "); $e107->add_ban(6,USRLAN_149.$row['user_name'].'/'.$row['user_loginname'],$row['user_ip'],USERID);
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137)); // $sql -> db_Insert("banlist", "'".$row['user_ip']."', '".USERID."', '".$row['user_name']."' ");
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137));
} }
} }
} }
@@ -389,8 +391,25 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "unadmin" && getperms
if (isset($_POST['useraction']) && $_POST['useraction'] == "verify") if (isset($_POST['useraction']) && $_POST['useraction'] == "verify")
{ {
$uid = intval($_POST['userid']); $uid = intval($_POST['userid']);
if ($sql->db_Update("user", "user_ban='0' WHERE user_id='{$uid}' "))
if ($sql->db_Select("user", "*", "user_id='".$uid."' "))
{ {
if ($row = $sql->db_Fetch())
{
// Add in the initial classes, if this is the time
$init_classes = '';
if ($pref['init_class_stage'] == '2')
{
$init_classes = explode(',',varset($pref['initial_user_classes'],''));
if ($init_classes)
{ // Update the user classes
$row['user_class'] = $tp->toDB(implode(',',array_unique(array_merge($init_classes, explode(',',$row['user_class'])))));
$init_classes = ", user_class='".$row['user_class']."' ";
}
}
$sql->db_Update("user", "user_ban='0'{$init_classes} WHERE user_id='".$uid."' ");
// $e_event->trigger("userveri", $row); // We do this from signup.php - should we do it here?
$user->show_message(USRLAN_86); $user->show_message(USRLAN_86);
if(!$action){ $action = "main"; } if(!$action){ $action = "main"; }
if(!$sub_action){ $sub_action = "user_id"; } if(!$sub_action){ $sub_action = "user_id"; }
@@ -416,6 +435,7 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "verify")
} }
} }
} }
}
} }
} }
@@ -463,21 +483,29 @@ if (isset($action) && $action == "create") {
require_once("footer.php"); require_once("footer.php");
class users{
function show_existing_users($action, $sub_action, $id, $from, $amount) {
// ##### Display scrolling list of existing news items ---------------------------------------------------------------------------------------------------------
class users
{
function show_existing_users($action, $sub_action, $id, $from, $amount)
{
global $sql, $rs, $ns, $tp, $mySQLdefaultdb,$pref,$unverified; global $sql, $rs, $ns, $tp, $mySQLdefaultdb,$pref,$unverified;
// save the display choices. // save the display choices.
if(isset($_POST['searchdisp'])){ if(isset($_POST['searchdisp']))
{
$pref['admin_user_disp'] = implode("|",$_POST['searchdisp']); $pref['admin_user_disp'] = implode("|",$_POST['searchdisp']);
save_prefs(); save_prefs();
} }
if(!$pref['admin_user_disp']){ if(!$pref['admin_user_disp'])
{
$search_display = array("user_name","user_class"); $search_display = array("user_name","user_class");
}else{ }
else
{
$search_display = explode("|",$pref['admin_user_disp']); $search_display = explode("|",$pref['admin_user_disp']);
} }
@@ -969,7 +997,7 @@ class users{
<td style='width:70%' class='forumheader3'> <td style='width:70%' class='forumheader3'>
".$rs->form_text("email", 60, "", 100)." ".$rs->form_text("email", 60, "", 100)."
</td> </td>
</tr>"; </tr>\n";
if (!is_object($sql)) $sql = new db; if (!is_object($sql)) $sql = new db;
@@ -978,7 +1006,7 @@ class users{
<td colspan='2' style='text-align:center' class='forumheader'> <td colspan='2' style='text-align:center' class='forumheader'>
".USRLAN_120." ".USRLAN_120."
</td> </td>
</tr>"; </tr>\n";
$c = 0; $c = 0;
while ($row = $sql->db_Fetch()) { while ($row = $sql->db_Fetch()) {
$class[$c][0] = $row['userclass_id']; $class[$c][0] = $row['userclass_id'];
@@ -986,10 +1014,13 @@ class users{
$class[$c][2] = $row['userclass_description']; $class[$c][2] = $row['userclass_description'];
$c++; $c++;
} }
for($a = 0; $a <= (count($class)-1); $a++) { $init_classes = explode(',',varset($pref['initial_user_classes'],''));
for($a = 0; $a <= (count($class)-1); $a++)
{
$selected = in_array($class[$a][0],$init_classes) ? " checked='checked'" : "";
$text .= "<tr><td style='width:30%' class='forumheader'> $text .= "<tr><td style='width:30%' class='forumheader'>
<input type='checkbox' name='userclass[]' value='".$class[$a][0]."' />".$class[$a][1]." <input type='checkbox' name='userclass[]' value='".$class[$a][0]."'{$selected} />".$class[$a][1]."
</td><td style='width:70%' class='forumheader3'> ".$class[$a][2]."</td></tr>"; </td><td style='width:70%' class='forumheader3'> ".$class[$a][2]."</td></tr>\n";
} }
} }
$text .= " $text .= "
@@ -1042,7 +1073,7 @@ class users{
} }
else else
{ {
$this->show_message(USRLAN_141.": ".$name); $this->show_message(USRLAN_141.": ".$name);
} }
} }
@@ -1091,21 +1122,21 @@ class users{
function check_bounces($bounce_act='first_check', $bounce_arr = '') function check_bounces($bounce_act='first_check', $bounce_arr = '')
{ {
global $sql,$pref; global $sql,$pref;
include(e_HANDLER."pop3_class.php"); include(e_HANDLER."pop3_class.php");
if (!trim($bounce_act)) $bounce_act='first_check'; if (!trim($bounce_act)) $bounce_act='first_check';
// echo "Check bounces. Action: {$bounce_act}; Entries: {$bounce_arr}<br />"; // echo "Check bounces. Action: {$bounce_act}; Entries: {$bounce_arr}<br />";
$obj= new receiveMail($pref['mail_bounce_user'],$pref['mail_bounce_pass'],$pref['mail_bounce_email'],$pref['mail_bounce_pop3'],'pop3','110'); $obj= new receiveMail($pref['mail_bounce_user'],$pref['mail_bounce_pass'],$pref['mail_bounce_email'],$pref['mail_bounce_pop3'],'pop3','110');
$del_count = 0; $del_count = 0;
if ($bounce_act !='first_check') if ($bounce_act !='first_check')
{ // Must do some deleting { // Must do some deleting
$obj->connect(); $obj->connect();
$tot=$obj->getTotalMails(); $tot=$obj->getTotalMails();
$del_array = explode(',',$bounce_arr); $del_array = explode(',',$bounce_arr);
for($i=1;$i<=$tot;$i++) for($i=1;$i<=$tot;$i++)
{ // Scan all emails; delete current one if meets the criteria { // Scan all emails; delete current one if meets the criteria
$dodel = FALSE; $dodel = FALSE;
switch ($bounce_act) switch ($bounce_act)
@@ -1145,75 +1176,75 @@ class users{
$del_count++; // Keep track of number of emails deleted $del_count++; // Keep track of number of emails deleted
} }
} // End - Delete one email } // End - Delete one email
$obj->close_mailbox(); // This actually deletes the emails $obj->close_mailbox(); // This actually deletes the emails
} // End of email deletion } // End of email deletion
// Now list the emails that are left // Now list the emails that are left
$obj->connect(); $obj->connect();
$tot=$obj->getTotalMails(); $tot=$obj->getTotalMails();
$found = FALSE; $found = FALSE;
$DEL = ($pref['mail_bounce_delete']) ? TRUE : FALSE; $DEL = ($pref['mail_bounce_delete']) ? TRUE : FALSE;
$text = "<br /><div><form method='post' action='".e_SELF.$qry."'><table class='fborder' style='".ADMIN_WIDTH."'> $text = "<br /><div><form method='post' action='".e_SELF.$qry."'><table class='fborder' style='".ADMIN_WIDTH."'>
<tr><td class='fcaption' style='width:5%'>#</td><td class='fcaption'>e107-id</td><td class='fcaption'>email</td><td class='fcaption'>Subject</td><td class='fcaption'>Bounce</td></tr>\n"; <tr><td class='fcaption' style='width:5%'>#</td><td class='fcaption'>e107-id</td><td class='fcaption'>email</td><td class='fcaption'>Subject</td><td class='fcaption'>Bounce</td></tr>\n";
for($i=1;$i<=$tot;$i++) for($i=1;$i<=$tot;$i++)
{ {
$head=$obj->getHeaders($i); $head=$obj->getHeaders($i);
if($head['bounce']) if($head['bounce'])
{ // Its a 'bounce' email { // Its a 'bounce' email
if (ereg('.*X-e107-id:(.*)MIME', $obj->getBody($i), $result)) if (ereg('.*X-e107-id:(.*)MIME', $obj->getBody($i), $result))
{ {
if($result[1]) if($result[1])
{ {
$id[$i] = intval($result[1]); // This should be a user ID - but not on special mailers! $id[$i] = intval($result[1]); // This should be a user ID - but not on special mailers!
// Try and pull out an email address from body - should be the one that failed // Try and pull out an email address from body - should be the one that failed
if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result)) if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{ {
$emails[$i] = "'".$result[0]."'"; $emails[$i] = "'".$result[0]."'";
} }
$found = TRUE; $found = TRUE;
} }
} }
elseif (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result)) elseif (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{ {
if($result[0] && $result[0] != $pref['mail_bounce_email']) if($result[0] && $result[0] != $pref['mail_bounce_email'])
{ {
$emails[$i] = "'".$result[0]."'"; $emails[$i] = "'".$result[0]."'";
$found = TRUE; $found = TRUE;
} }
elseif($result[1] && $result[1] != $pref['mail_bounce_email']) elseif($result[1] && $result[1] != $pref['mail_bounce_email'])
{ {
$emails[$i] = "'".$result[1]."'"; $emails[$i] = "'".$result[1]."'";
$found = TRUE; $found = TRUE;
} }
} }
if ($DEL && $found) if ($DEL && $found)
{ // Auto-delete bounced emails once noticed (if option set) { // Auto-delete bounced emails once noticed (if option set)
$obj->deleteMails($i); $obj->deleteMails($i);
$del_count++; $del_count++;
} }
} }
else else
{ // Its a warning message or similar { // Its a warning message or similar
// $id[$i] = ''; // Don't worry about an ID for now // $id[$i] = ''; // Don't worry about an ID for now
// Try and pull out an email address from body - should be the one that failed // Try and pull out an email address from body - should be the one that failed
if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result)) if (preg_match("/[\._a-zA-Z0-9-]+@[\._a-zA-Z0-9-]+/i", $obj->getBody($i), $result))
{ {
$wmails[$i] = "'".$result[0]."'"; $wmails[$i] = "'".$result[0]."'";
} }
} }
$text .= "<tr><td class='forumheader3'>".$i."</td><td class='forumheader3'>".$id[$i]."</td><td class='forumheader3'>".(isset($emails[$i]) ? $emails[$i] : $wmails[$i])."</td><td class='forumheader3'>".$head['subject']."</td><td class='forumheader3'>".($head['bounce'] ? ADMIN_TRUE_ICON : ADMIN_FALSE_ICON); $text .= "<tr><td class='forumheader3'>".$i."</td><td class='forumheader3'>".$id[$i]."</td><td class='forumheader3'>".(isset($emails[$i]) ? $emails[$i] : $wmails[$i])."</td><td class='forumheader3'>".$head['subject']."</td><td class='forumheader3'>".($head['bounce'] ? ADMIN_TRUE_ICON : ADMIN_FALSE_ICON);
$text .= "<input type='checkbox' name='delete_email[]' value='{$i}' /></td></tr>\n"; $text .= "<input type='checkbox' name='delete_email[]' value='{$i}' /></td></tr>\n";
} }
if ($tot) if ($tot)
{ // Option to delete emails - only if there are some in the list { // Option to delete emails - only if there are some in the list
$text .= "</table><table style='".ADMIN_WIDTH."'><tr> $text .= "</table><table style='".ADMIN_WIDTH."'><tr>
<td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delnonbouncesubmit' value='".USRLAN_153."' /></td>\n <td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delnonbouncesubmit' value='".USRLAN_153."' /></td>\n
@@ -1221,8 +1252,8 @@ class users{
<td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delcheckedsubmit' value='".USRLAN_149."' /></td>\n <td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delcheckedsubmit' value='".USRLAN_149."' /></td>\n
<td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delallsubmit' value='".USRLAN_150."' /></td>\n <td class='forumheader3' style='text-align: center;'><input class='button' type='submit' name='delallsubmit' value='".USRLAN_150."' /></td>\n
</td></tr>"; </td></tr>";
} }
$text .= "</table></form></div>"; $text .= "</table></form></div>";
array_unique($id); array_unique($id);
array_unique($emails); array_unique($emails);

View File

@@ -4,7 +4,7 @@
+ ----------------------------------------------------------------------------+ + ----------------------------------------------------------------------------+
| e107 website system | e107 website system
| |
| <EFBFBD>Steve Dunstan 2001-2002 | ?Steve Dunstan 2001-2002
| http://e107.org | http://e107.org
| jalist@e107.org | jalist@e107.org
| |
@@ -12,9 +12,15 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $ | $Source: /cvs_backup/e107_0.8/e107_handlers/admin_log_class.php,v $
| $Revision: 1.3 $ | $Revision: 1.4 $
| $Date: 2007-11-04 09:10:54 $ | $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $ | $Author: e107steved $
To do:
1. Do we need to check for presence of elements of debug_backtrace() to avoid notices?
2. Reflect possible DB structure changes once finalised
3. Ad user audit trail
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -35,6 +41,7 @@ class e_admin_log {
'log_level' => 2, 'log_level' => 2,
'backtrace' => false, 'backtrace' => false,
); );
var $rldb = NULL; // Database used by logging routine
/** /**
* Constructor. Sets up constants and overwrites default options where set. * Constructor. Sets up constants and overwrites default options where set.
@@ -42,41 +49,23 @@ class e_admin_log {
* @param array $options * @param array $options
* @return e_admin_log * @return e_admin_log
*/ */
function e_admin_log ($options = array()){ function e_admin_log ($options = array())
foreach ($options as $key => $val) { {
$this->_options[$key] = $val; foreach ($options as $key => $val)
} {
$this->_options[$key] = $val;
}
/** define("E_LOG_INFORMATIVE", 0); // Minimal Log Level, including really minor stuff
* Minmal Log Level, including really minor stuff define("E_LOG_NOTICE", 1); // More important than informative, but less important than notice
* define("E_LOG_WARNING", 2); // Not anything serious, but important information
*/ define("E_LOG_FATAL", 3); // An event so bad your site ceased execution.
define("E_LOG_PLUGIN", 4); // Plugin information
define("E_LOG_INFORMATIVE", 0);
// Logging actions
/** define("LOG_TO_ADMIN", 1);
* More important than informative, but less important than notice define("LOG_TO_AUDIT", 2);
* define("LOG_TO_ROLLING", 4);
*/
define("E_LOG_NOTICE", 1);
/**
* Not anything serious, but important information
*
*/
define("E_LOG_WARNING", 2);
/**
* An event so bad your site ceased execution.
*
*/
define("E_LOG_FATAL", 3);
/*
* Plugin Information.
*/
define("E_LOG_PLUGIN", 4);
} }
/** /**
@@ -86,43 +75,170 @@ class e_admin_log {
* @param string $event_detail * @param string $event_detail
* @param int $event_type Log level * @param int $event_type Log level
*/ */
function log_event ($event_title, $event_detail, $event_type = E_LOG_INFORMATIVE) { // Legacy entry point (not used by much) - retained for completeness.
global $e107, $sql, $tp; // (Should really only be used for admin events anyway - not debugging)
if($event_type >= $this->_options['log_level']) { function log_event($event_title, $event_detail, $event_type = E_LOG_INFORMATIVE)
$event_title = $tp -> toDB($event_title, true,false,'no_html'); {
$event_detail = $tp -> toDB($event_detail, true,false,'no_html'); global $e107, $tp;
$event_type = $tp -> toDB($event_type, true,false,'no_html'); if($event_type >= $this->_options['log_level'])
$time_stamp = time(); {
$uid = (USERID !== FALSE) ? USERID : '0'; if($this->_options['backtrace'] == true)
$ip = $e107->getip(); {
if($this->_options['backtrace'] == true) { $event_detail .= "\n\n".debug_backtrace();
$event_detail .= "\n\n".debug_backtrace();
}
$sql->db_Insert('dblog', "'', '{$event_type}', {$time_stamp}, {$uid}, '{$ip}', '{$event_title}', '{$event_detail}' ");
} }
$this->e_log_event($event_type,-1,"ADMIN",$event_title,$event_detail,FALSE,LOG_TO_ADMIN);
}
} }
function get_log_events($count = 15, $offset) { // ***************************** START OF ADDITIONS **************************
global $sql; /*
$count = intval($count); Example call: (Deliberately pick separators that shouldn't be in file names)
e_log_event(E_LOG_NOTICE,__FILE__."|".__FUNCTION__."@".__LINE__,"ECODE","Event Title","explanatory message",FALSE,LOG_TO_ADMIN);
or:
e_log_event(E_LOG_NOTICE,debug_backtrace(),"ECODE","Event Title","explanatory message",TRUE,LOG_TO_ROLLING);
Parameters:
$importance - importance of event - 0..4 or so
$source_call - either: string identifying calling file/routine
or: a number 0..9 identifying info to log from debug_backtrace()
or: empty string, in which case first entry from debug_backtrace() logged
or: an array, assumed to be from passing debug_backtrace() as a parameter, in which case relevant
information is extracted and the argument list from the first entry logged
or: -1, in which case no information logged
$eventcode - abbreviation listing event type
$event_title - title of event - pass standard 'LAN_ERROR_nn' defines to allow language translation
$explain - detail of event
$finished - if TRUE, aborts execution
$target_logs - flags indicating which logs to update - if entry to be posted in several logs, add (or 'OR') their defines:
LOG_TO_ADMIN - admin log
LOG_TO_AUDIT - audit log
LOG_TO_ROLLING - rolling log
*/
function e_log_event($importance, $source_call, $eventcode = "GEN", $event_title="Untitled", $explain = "", $finished = FALSE, $target_logs = LOG_TO_AUDIT)
{
global $pref, $e107, $tp;
list($time_usec, $time_sec) = explode(" ", microtime()); // Log event time immediately to minimise uncertainty
if ($this->rldb == NULL) $this->rldb = new db; // Better use our own db - don't know what else is going on
if (is_bool($target_logs))
{ // Handle the legacy stuff for now - some old code used a boolean to select admin or rolling logs
$target_logs = $target_logs ? LOG_TO_ADMIN : LOG_TO_ROLLING;
} }
//---------------------------------------
// Calculations common to all logs
//---------------------------------------
$userid = (USER === TRUE) ? USERID : 0;
$userstring = ( USER === true ? USERNAME : "LAN_ANONYMOUS");
$userIP = $e107->getip();
$importance = $tp->toDB($importance,true,false,'no_html');
$eventcode = $tp->toDB($eventcode,true,false,'no_html');
$explain = $tp->toDB($explain,true,false,'no_html');
$event_title = $tp->toDB($event_title,true,false,'no_html');
$source_call = $tp->toDB($source_call,true,false,'no_html');
//---------------------------------------
// Admin Log
//---------------------------------------
if ($target_logs & LOG_TO_ADMIN)
{ // Admin log - assume all fields valid
$this->rldb->db_Insert("dblog", " 0, ".intval($time_usec).','.intval($time_sec).", '{$importance}', '{$eventcode}', {$userid}, '{$userIP}', '{$event_title}', '{$explain}' ");
}
//---------------------------------------
// Audit Log
//---------------------------------------
// Add in audit log here
//---------------------------------------
// Rolling Log
//---------------------------------------
if (($target_logs & LOG_TO_ROLLING) && varsettrue($pref['roll_log_active']))
{ // Rolling log
// Process source_call info
//---------------------------------------
if (is_numeric($source_call) && ($source_call >= 0))
{
$back_count = 1;
$i = 0;
if (is_numeric($source_call) || ($source_call == ''))
{
$back_count = $source_call + 1;
$source_call = debug_backtrace();
$i = 1; // Don't want to print the entry parameters to this function - we know all that!
}
}
if (is_array($source_call))
{ // Print the debug_backtrace() array
while ($i < $back_count)
{
$source_call[$i]['file'] = $e107->fix_windows_paths($source_call[$i]['file']); // Needed for Windoze hosts.
$source_call[$i]['file'] = str_replace($e107->file_path,"",$source_call[$i]['file']); // We really just want a e107 root-relative path. Strip out the root bit
$tmp = $source_call[$i]['file']."|".$source_call[$i]['class'].$source_call[$i]['type'].$source_call[$i]['function']."@".$source_call[$i]['line'];
foreach ($source_call[$i]['args'] as $k => $v)
{ // Add in the arguments
$explain .= "<br />".$k."=".$v;
}
$i++;
if ($i < $back_count) $explain .= "<br />-------------------";
if (!isset($tmp1)) $tmp1 = $tmp; // Pick off the immediate caller as the source
}
if (isset($tmp1)) $source_call = $tmp1; else $source_call = 'Root level';
}
else
{
$source_call = $e107->fix_windows_paths($source_call); // Needed for Windoze hosts.
$source_call = str_replace($e107->file_path,"",$source_call); // We really just want a e107 root-relative path. Strip out the root bit
}
// else $source_call is a string
// Save new rolling log record
$this->rldb->db_Insert("rl_history","0, ".intval($time_sec).', '.intval($time_usec).", '{$importance}', '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$source_call}', '{$event_title}', '{$explain}' ");
// Now delete any old stuff
$this->rldb->db_Delete("rl_history", "dblog_datestamp < '".intval(time() - (varset($pref['roll_log_days'],7)*86400))."' ");
}
if ($finished) exit; // Optional abort for all logs
}
function get_log_events($count = 15, $offset)
{
global $sql;
$count = intval($count);
return "Not implemented yet";
}
/** /**
* Removes all events older than $days, or truncates the table if $days == false * Removes all events older than $days, or truncates the table if $days == false
* *
* @param int $days * @param int $days
*/ */
function purge_log_events($days) { function purge_log_events($days)
{
global $sql; global $sql;
if($days == false) { if($days == false)
// $days is false, so truncate the log table { // $days is false, so truncate the log table
$sql->db_Select_gen("TRUNCATE TABLE #dblog "); $sql->db_Select_gen("TRUNCATE TABLE #dblog ");
} else { }
// $days is set, so remove all entries older than that. else
$days = intval($days); { // $days is set, so remove all entries older than that.
$mintime = $days * 24 * 60 * 60; $days = intval($days);
$time = time() - $mintime; $mintime = $days * 24 * 60 * 60;
$sql->db_Delete("dblog", "WHERE `dblog_datestamp` < {$time}", true); $time = time() - $mintime;
$sql->db_Delete("dblog", "WHERE `dblog_datestamp` < {$time}", true);
} }
} }
} }

View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_handlers/e107_class.php,v $ | $Source: /cvs_backup/e107_0.8/e107_handlers/e107_class.php,v $
| $Revision: 1.9 $ | $Revision: 1.10 $
| $Date: 2007-08-13 19:56:35 $ | $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -192,16 +192,58 @@ class e107{
if ($ip != '127.0.0.1') if ($ip != '127.0.0.1')
{ {
if ($sql->db_Select("banlist", "*", "banlist_ip='".$tp -> toDB($_SERVER['REMOTE_ADDR'], true)."' OR banlist_ip='".USEREMAIL."' OR banlist_ip='{$ip}' OR banlist_ip='{$wildcard}' OR banlist_ip='{$wildcard2}' {$bhost}")) check_ban("banlist_ip='".$tp -> toDB($_SERVER['REMOTE_ADDR'], true)."' OR banlist_ip='".USEREMAIL."' OR banlist_ip='{$ip}' OR banlist_ip='{$wildcard}' OR banlist_ip='{$wildcard2}' {$bhost}");
{
header("HTTP/1.1 403 Forbidden", true);
// enter a message here if you want some text displayed to banned users ...
exit();
}
} }
} }
} }
// Check the banlist table. $query is used to determine the match.
// If $show_error, displays "HTTP/1.1 403 Forbidden"
// If $do_return, will always return with ban status - TRUE for OK, FALSE for banned.
// If return permitted, will never display a message for a banned user; otherwise will display any message then exit
function check_ban($query,$show_error=TRUE, $do_return = FALSE)
{
global $sql, $tp, $pref, $admin_log;
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Check for Ban",$query,FALSE,LOG_TO_ROLLING);
if ($sql->db_Select('banlist','*',$query))
{
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Active Ban",$query,FALSE,LOG_TO_ROLLING);
if ($show_error) header("HTTP/1.1 403 Forbidden", true);
if (isset($pref['ban_messages']))
{ // May want to display a message
$row = $sql->db_Fetch(); // Get the type of the ban
if (($row['banlist_banexpires'] > 0) && ($row['banlist_banexpires'] < time()))
{ // Ban has expired - delete from DB
$sql->db_Delete('banlist', $query);
return TRUE;
}
// Ban still current here
if ($do_return) return FALSE;
echo $tp->toHTML(varsettrue($pref['ban_messages'][$row['banlist_bantype']])); // Show message if one set
}
exit();
}
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","No ban found",$query,FALSE,LOG_TO_ROLLING);
return TRUE; // Email address OK
}
// Add an entry to the banlist. $bantype = 1 for manual, 2 for flooding, 4 for multiple logins
function add_ban($bantype,$ban_message='',$ban_ip='',$ban_user = 0,$ban_notes='')
{
global $sql, $pref;
if (!$ban_message) $ban_message = 'No explanation given';
if (!$ban_ip) $ban_ip = $this->getip();
$ban_ip = preg_replace("/[^\w@\.]*/",'',urldecode($ban_ip)); // Make sure no special characters
if (!$ban_ip) return;
// Add using an array - handles DB changes better
$sql->db_Insert('banlist',array('banlist_ip' => $ban_ip, 'banlist_bantype' => $bantype, 'banlist_datestamp' => time(),
'banlist_banexpires' => (varsettrue($pref['ban_durations'][$bantype]) ? time() + ($pref['ban_durations'][$bantype]*60*60) : 0),
'banlist_admin' => $ban_user, 'banlist_reason' => $ban_message, 'banlist_notes' => $ban_notes));
}
/** /**
* Get the current user's IP address * Get the current user's IP address
* *

View File

@@ -12,8 +12,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $ | $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
| $Revision: 1.7 $ | $Revision: 1.8 $
| $Date: 2007-10-28 19:20:48 $ | $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -48,9 +48,9 @@ class userlogin {
} }
$fip = $e107->getip(); $fip = $e107->getip();
if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) { // $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
exit; $e107->check_ban("banlist_ip='{$fip}' ",FALSE);
} // if($sql -> db_Select("banlist", "*", "banlist_ip='{$fip}' ")) { exit;}
$autologin = intval($autologin); $autologin = intval($autologin);
@@ -81,6 +81,7 @@ class userlogin {
$userpass = md5(utf8_decode($ouserpass)); $userpass = md5(utf8_decode($ouserpass));
} }
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'Doing final checks',FALSE,LOG_TO_ROLLING);
if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'")) if (!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."'"))
{ // Invalid user { // Invalid user
define("LOGINMESSAGE", LAN_300."<br /><br />"); define("LOGINMESSAGE", LAN_300."<br /><br />");
@@ -95,13 +96,15 @@ class userlogin {
} }
else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 ")) else if(!$sql->db_Select("user", "*", "user_loginname = '".$tp -> toDB($username)."' AND user_password = '{$userpass}' AND user_ban!=2 "))
{ // Banned user { // Banned user
define("LOGINMESSAGE", LAN_302."<br /><br />"); define("LOGINMESSAGE", LAN_302."<br /><br />");
$sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'"); // $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User is banned: '.$tp -> toDB($username),FALSE,LOG_TO_ROLLING);
$this -> checkibr($fip); $sql -> db_Insert("generic", "0, 'failed_login', '".time()."', 0, '{$fip}', 0, '".LAN_LOGIN_15." ::: ".LAN_LOGIN_1.": ".$tp -> toDB($username)."'");
return FALSE; $this -> checkibr($fip);
return FALSE;
} }
else else
{ // User is OK as far as core is concerned { // User is OK as far as core is concerned
// $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
$ret = $e_event->trigger("preuserlogin", $username); $ret = $e_event->trigger("preuserlogin", $username);
if ($ret!='') if ($ret!='')
{ {
@@ -189,15 +192,19 @@ class userlogin {
} }
} }
function checkibr($fip) { function checkibr($fip)
global $sql, $pref, $tp; {
if($pref['autoban'] == 1 || $pref['autoban'] == 3){ // Flood + Login or Login Only. global $sql, $pref, $tp, $e107;
$fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='$fip' AND gen_type='failed_login' "); if($pref['autoban'] == 1 || $pref['autoban'] == 3)
if($fails > 10) { { // Flood + Login or Login Only.
$sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' "); $fails = $sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$fip}' AND gen_type='failed_login' ");
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' "); if($fails > 10)
} {
$e107->add_ban(4,LAN_LOGIN_18,$fip,1);
// $sql -> db_Insert("banlist", "'$fip', '1', '".LAN_LOGIN_18."' ");
$sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '$fip', '$user_id', '".LAN_LOGIN_20.": ".$tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
} }
}
} }
function update_xup($user_id, $user_xup = "") { function update_xup($user_id, $user_xup = "") {

View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/help/banlist.php,v $ | $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/help/banlist.php,v $
| $Revision: 1.2 $ | $Revision: 1.3 $
| $Date: 2007-02-11 10:33:36 $ | $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -20,6 +20,17 @@
if (!defined('e107_INIT')) { exit; } if (!defined('e107_INIT')) { exit; }
$caption = "Banning users from your site"; $caption = "Banning users from your site";
if (e_QUERY) list($action,$junk) = explode('.',e_QUERY); else $action = 'list';
switch ($action)
{
case 'options' :
$text = "This page sets the default behaviour for various types of ban.<br />
If a message is specified, this will be shown to the user (where appropriate); otherwise they will most likely get a blank screen<br />
The ban will persist for the time specified; after which it will be cleared next time they access the site.";
break;
case 'edit' :
case 'add' :
$text = "You can ban users from your site at this screen.<br /> $text = "You can ban users from your site at this screen.<br />
Either enter their full IP address or use a wildcard to ban a range of IP addresses. You can also enter an email address to stop a user registering as a member on your site.<br /><br /> Either enter their full IP address or use a wildcard to ban a range of IP addresses. You can also enter an email address to stop a user registering as a member on your site.<br /><br />
<b>Banning by IP address:</b><br /> <b>Banning by IP address:</b><br />
@@ -29,6 +40,19 @@ Entering the IP address 123.123.123.* will stop anyone in that IP range from vis
Entering the email address foo@bar.com will stop anyone using that email address from registering as a member on your site.<br /> Entering the email address foo@bar.com will stop anyone using that email address from registering as a member on your site.<br />
Entering the email address *@bar.com will stop anyone using that email domain from registering as a member on your site.<br /><br /> Entering the email address *@bar.com will stop anyone using that email domain from registering as a member on your site.<br /><br />
<b>Banning by user name</b><br /> <b>Banning by user name</b><br />
This is done from the user administration page."; This is done from the user administration page.<br /><br />";
break;
case 'list' :
default :
$text = "This page shows a list of all IP addresses, hostnames and email addresses which are banned.
(Banned users are shown on the user administration page)<br /><br />
<b>Automatic Bans</b><br />
E107 automatically bans individual IP addresses if they attempt to flood the site, as well as addresses with failed logins.<br />
These bans also appear in this list. You can select (on the options page) what to do for each type of ban.<br /><br />
<b>Removing a ban</b><br />
You can set an expiry period for each type of ban, in which case the entry is removed once the ban period expires. Otherwise the
ban remains until you remove it.<br />
You can modify the ban period from this page - times are calculated from now.";
}
$ns -> tablerender($caption, $text); $ns -> tablerender($caption, $text);
?> ?>

View File

@@ -4,8 +4,8 @@
| e107 website system - Language File. | e107 website system - Language File.
| |
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_banlist.php,v $ | $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_banlist.php,v $
| $Revision: 1.2 $ | $Revision: 1.3 $
| $Date: 2007-02-11 10:33:36 $ | $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -19,7 +19,60 @@ define("BANLAN_8", "Ban Address");
define("BANLAN_9", "Ban users from site by email, IP or host address"); define("BANLAN_9", "Ban users from site by email, IP or host address");
define("BANLAN_10", "IP / Email / Reason"); define("BANLAN_10", "IP / Email / Reason");
define("BANLAN_11", "Auto-ban: More than 10 failed login attempts"); define("BANLAN_11", "Auto-ban: More than 10 failed login attempts");
define("BANLAN_12", "Note: Reverse DNS is currently disabled, it must be enabled to allow banning by host. Banning by IP and email will still function normally."); define("BANLAN_12", "Note: Reverse DNS is currently disabled; it must be enabled to allow banning by host. Banning by IP and email address will still function normally.");
define("BANLAN_13", "Note: To ban a user by user name, go to the users admin page: "); define("BANLAN_13", "Note: To ban a user by user name, go to the users admin page: ");
define('BANLAN_14','Ban List');
define('BANLAN_15','Options');
define('BANLAN_16','Banning');
define('BANLAN_17','Ban Date');
define('BANLAN_18','Ban expires');
define('BANLAN_19','Notes');
define('BANLAN_20','Type');
define('BANLAN_21','Never');
define('BANLAN_22','Unknown');
define('BANLAN_23','day(s)');
define('BANLAN_24','hours');
define('BANLAN_25','Add an entry');
define('BANLAN_26','Currently ');
define('BANLAN_27','Invalid characters in IP address stripped - now:');
define('BANLAN_28','Ban type');
define('BANLAN_29','Message to show');
define('BANLAN_30','Ban duration');
define('BANLAN_31','(Use an empty message if you wish the user to get a blank screen)');
define('BANLAN_32','Indefinite');
define('BANLAN_33','Settings Updated');
define('BANLAN_34','Expired');
define('BANLAN_35','');
define('BANLAN_36','');
define('BANLAN_37','');
define('BANLAN_38','');
define('BANLAN_39','');
define('BANLAN_40','');
// Ban types - block reserved 100-109
define('BANLAN_100', 'Unknown');
define('BANLAN_101','Manual');
define('BANLAN_102','Flood');
define('BANLAN_103','Hit count');
define('BANLAN_104', 'Login failure');
define('BANLAN_105', 'Imported');
define('BANLAN_106', 'User');
define('BANLAN_107', 'Unknown');
define('BANLAN_108', 'Unknown');
define('BANLAN_109', 'Unknown');
// Detailed explanations for ban types - block reserved 110-119
define('BANLAN_110', 'Most likely a ban that was imposed before E107 was upgraded to 0.8');
define('BANLAN_111', 'Entered by an admin');
define('BANLAN_112', 'Attempts to update the site too fast');
define('BANLAN_113', 'Attempts to access the site too frequently from the same address');
define('BANLAN_114', 'Multiple failed login attempts from the same user');
define('BANLAN_115', 'Added from an external list');
define('BANLAN_116', 'IP address banned on account of user ban');
define('BANLAN_117', 'Spare reason');
define('BANLAN_118', 'Spare reason');
define('BANLAN_119', 'Spare reason');
define('BANLAN_120', 'Unknown');
?> ?>

View File

@@ -4,8 +4,8 @@
| e107 website system - Language File. | e107 website system - Language File.
| |
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_users.php,v $ | $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_users.php,v $
| $Revision: 1.6 $ | $Revision: 1.7 $
| $Date: 2007-09-28 20:50:21 $ | $Date: 2007-12-09 16:42:23 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -133,35 +133,10 @@ define("USRLAN_135", "No IP address found in user's info; IP not banned");
define("USRLAN_136", "Multiple users found with IP address of {IP}; IP not banned."); define("USRLAN_136", "Multiple users found with IP address of {IP}; IP not banned.");
define("USRLAN_137", "Users IP address of {IP} banned."); define("USRLAN_137", "Users IP address of {IP} banned.");
define("USRLAN_138", "Unverified users");
define("USRLAN_139", "Your account has been activated.\n\nYou can visit {SITEURL} and log into the site using the login information you provided.");
define("USRLAN_140", "Email Re-sent to");
define("USRLAN_141", "Failed to Re-send email to");
define("USRLAN_142", "with the following activation link");
define("USRLAN_143", "Check For Bounces");
define("USRLAN_144", "Resend Confirmation Email to All");
define("USRLAN_145", "Bounced users");
define("USRLAN_146", "Member information is available to");
define("USRLAN_147", "Email address is already used by a banned user");
define("USRLAN_148", "Email address is banned");
define("USRLAN_149", "Delete checked emails");
define("USRLAN_150", "Delete all emails");
define("USRLAN_151", "Clear bounce, require Activation");
define("USRLAN_152", "Clear bounce and Activate");
define("USRLAN_153", "Delete non-bounce emails");
define("USRLAN_154", "Clear email for checked");
define("USRLAN_155", "Total {TOTAL} emails found. {DELCOUNT} deleted through options.<br />{DELUSER} users marked as 'bounced' (out of {FOUND} emails)");
define("LAN_MAINADMIN","Main Admin"); define("LAN_MAINADMIN","Main Admin");
define("LAN_ADMIN","Admin"); define("LAN_ADMIN","Admin");
define("LAN_NOTVERIFIED","Not Verified"); define("LAN_NOTVERIFIED","Not Verified");
define("LAN_BANNED","Banned"); define("LAN_BANNED","Banned");
define("LAN_BOUNCED","Bounced");
define("DUSRLAN_1", "ID"); define("DUSRLAN_1", "ID");
define("DUSRLAN_2", "Display Name"); define("DUSRLAN_2", "Display Name");
@@ -201,4 +176,21 @@ define("DUSRLAN_35", "Picture");
define("DUSRLAN_36", "Password Change"); define("DUSRLAN_36", "Password Change");
define("DUSRLAN_37", "XUP"); define("DUSRLAN_37", "XUP");
define("USRLAN_138", "Unverified users");
define("USRLAN_139", "Your account has been activated.\n\nYou can visit {SITEURL} and log into the site using the login information you provided.");
define("USRLAN_140", "Email Re-sent to");
define("USRLAN_141", "Failed to Re-send email to");
define("USRLAN_142", "with the following activation link");
define("LAN_BOUNCED","Bounced");
define("USRLAN_143", "Check For Bounces");
define("USRLAN_144", "Resend Confirmation Email to All");
define("USRLAN_145", "Bounced users");
define("USRLAN_146", "Member information is available to");
define("USRLAN_147", "Email address is already used by a banned user");
define("USRLAN_148", "Email address is banned");
define('USRLAN_149', "User banned: ");
?> ?>

View File

@@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org). | GNU General Public License (http://gnu.org).
| |
| $Source: /cvs_backup/e107_0.8/signup.php,v $ | $Source: /cvs_backup/e107_0.8/signup.php,v $
| $Revision: 1.11 $ | $Revision: 1.12 $
| $Date: 2007-10-11 19:46:29 $ | $Date: 2007-12-09 16:42:22 $
| $Author: e107steved $ | $Author: e107steved $
+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+
*/ */
@@ -40,7 +40,9 @@ include_once(e_FILE."shortcode/batch/signup_shortcodes.php");
$signup_imagecode = ($pref['signcode'] && extension_loaded("gd")); $signup_imagecode = ($pref['signcode'] && extension_loaded("gd"));
// Resend Activation Email -------------------------------------------> //-------------------------------
// Resend Activation Email
//-------------------------------
if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1)) if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1))
{ {
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE); e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE);
@@ -273,7 +275,9 @@ if(USER)
exit; exit;
} }
// After clicking the activation link ------------------------- //----------------------------------------
// After clicking the activation link
//----------------------------------------
if (e_QUERY) if (e_QUERY)
{ {
$qs = explode(".", e_QUERY); $qs = explode(".", e_QUERY);
@@ -303,19 +307,30 @@ if (e_QUERY)
$e107cache->clear("online_menu_totals"); $e107cache->clear("online_menu_totals");
if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' ")) if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' "))
{ {
if ($row = $sql->db_Fetch()) if ($row = $sql->db_Fetch())
{
// Set initial classes, and any which the user can opt to join
$init_classes = '';
if ($pref['init_class_stage'] == '2')
{ {
$sql->db_Update("user", "user_ban='0', user_sess='' WHERE user_sess='".$tp -> toDB($qs[2], true)."' "); $init_classes = explode(',',varset($pref['initial_user_classes'],''));
$e_event->trigger("userveri", $row); if ($init_classes)
require_once(HEADERF); { // Update the user classes
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME; $row['user_class'] = $tp->toDB(implode(',',array_unique(array_merge($init_classes, explode(',',$row['user_class'])))));
$ns->tablerender(LAN_402, $text); $init_classes = ", user_class='".$row['user_class']."' ";
require_once(FOOTERF); }
exit;
} }
$sql->db_Update("user", "user_ban='0', user_sess=''{$init_classes} WHERE user_sess='".$tp -> toDB($qs[2], true)."' ");
$e_event->trigger("userveri", $row);
require_once(HEADERF);
$text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
$ns->tablerender(LAN_402, $text);
require_once(FOOTERF);
exit;
}
} }
else else
{ { // Invalid activation code
header("location: ".e_BASE."index.php"); header("location: ".e_BASE."index.php");
exit; exit;
} }
@@ -323,6 +338,9 @@ if (e_QUERY)
} }
//----------------------------------------
// Initial signup (registration)
//----------------------------------------
if (isset($_POST['register'])) if (isset($_POST['register']))
{ {
$_POST['xupexist'] = trim(varset($_POST['xupexist'],'')); $_POST['xupexist'] = trim(varset($_POST['xupexist'],''));
@@ -485,7 +503,7 @@ global $db_debug;
$email_confirm = ""; $email_confirm = "";
$email_address_OK = FALSE; $email_address_OK = FALSE;
} }
// Always validate an email address if entered. If its blank, that's OK if checking disabled // Always validate an email address if entered. If its blank, that's OK if checking disabled
$_POST['email'] = $tp->toDB(trim(varset($_POST['email'],''))); $_POST['email'] = $tp->toDB(trim(varset($_POST['email'],'')));
$do_email_validate = !varset($pref['disable_emailcheck'],FALSE) || ($_POST['email'] !=''); $do_email_validate = !varset($pref['disable_emailcheck'],FALSE) || ($_POST['email'] !='');
@@ -535,12 +553,15 @@ global $db_debug;
// Check Email against banlist. // Check Email against banlist.
$wc = $tp -> toDB("*".trim(substr($_POST['email'], strpos($_POST['email'], "@")))); $wc = $tp -> toDB("*".trim(substr($_POST['email'], strpos($_POST['email'], "@"))));
if ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'")) // if ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'"))
if ($do_email_validate && !$e107->check_ban("banlist_ip='".$_POST['email']."' OR banlist_ip='{$wc}'",FALSE,TRUE))
{ {
$email_address_OK = FALSE; $email_address_OK = FALSE;
$brow = $sql -> db_Fetch(); $brow = $sql -> db_Fetch();
$error = TRUE; $error = TRUE;
if($brow['banlist_reason']) $error_message = varsettrue($pref['ban_messages'][$row['banlist_bantype']]);
if (!$error_message) exit;
/* if($brow['banlist_reason'])
{ {
$repl = array("\n","\r","<br />"); $repl = array("\n","\r","<br />");
$error_message = str_replace($repl,"\\n",$tp->toHTML($brow['banlist_reason'],"","nobreak, defs"))."\\n"; $error_message = str_replace($repl,"\\n",$tp->toHTML($brow['banlist_reason'],"","nobreak, defs"))."\\n";
@@ -550,7 +571,7 @@ global $db_debug;
{ {
exit; exit;
} }
} */ }
// Check email address on remote server (if enabled) - but only if previous checks passed. // Check email address on remote server (if enabled) - but only if previous checks passed.
if ($do_email_validate && $email_address_OK && varsettrue($pref['signup_remote_emailcheck']) && $error != TRUE) if ($do_email_validate && $email_address_OK && varsettrue($pref['signup_remote_emailcheck']) && $error != TRUE)
@@ -576,19 +597,19 @@ global $db_debug;
// Check for Duplicate Email address - but only if previous checks passed. // Check for Duplicate Email address - but only if previous checks passed.
if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' ")) if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' "))
{ {
$chk = $sql -> db_Fetch(); $chk = $sql -> db_Fetch();
if($chk['user_ban']== 2 && $chk['user_sess']) if($chk['user_ban']== 2 && $chk['user_sess'])
{ // duplicate because unactivated { // duplicate because unactivated
$error = TRUE; $error = TRUE;
header("Location: ".e_BASE."signup.php?resend"); header("Location: ".e_BASE."signup.php?resend");
exit; exit;
} }
else else
{ {
$email_address_OK = FALSE; $email_address_OK = FALSE;
$error_message .= LAN_408."\\n"; $error_message .= LAN_408."\\n";
$error = TRUE; $error = TRUE;
} }
} }
// Extended Field validation // Extended Field validation
@@ -630,10 +651,11 @@ global $db_debug;
if($error_message) if($error_message)
{ {
message_handler("P_ALERT", $error_message); message_handler("P_ALERT", $error_message);
} }
// ========== End of verification.. ==================================================== // ========== End of verification.. ==============
// If no errors, we can enter the new member in the DB
if (!$error) if (!$error)
{ {
@@ -646,7 +668,7 @@ global $db_debug;
if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1'")) if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1'"))
{ {
exit; exit;
} }
$username = $tp -> toDB(strip_tags($_POST['name'])); $username = $tp -> toDB(strip_tags($_POST['name']));
@@ -664,7 +686,8 @@ global $db_debug;
} }
$u_key = md5(uniqid(rand(), 1)); $u_key = md5(uniqid(rand(), 1));
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$_POST['email']."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' "); // ************* Possible class insert
$nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$tp -> toDB($_POST['email'])."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' ");
if(!$nid) if(!$nid)
{ {
require_once(HEADERF); require_once(HEADERF);
@@ -674,16 +697,16 @@ global $db_debug;
if ($pref['user_reg_veri']) if ($pref['user_reg_veri'])
{ { // Verification required (may be by email or by admin)
// ==== Update Userclass =======>
if ($_POST['class']) // Set initial classes, and any which the user can opt to join
{ $init_classes = array();
unset($insert_class); if ($pref['init_class_stage'] == '1') $init_classes = explode(',',varset($pref['initial_user_classes'],''));
sort($_POST['class']); if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class']));
$insert_class = implode(",",$_POST['class']); if (count($init_classes))
$sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' "); {
} $sql->db_Update("user", "user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id='".$nid."' ");
}
// ========= save extended fields into db table. ===== // ========= save extended fields into db table. =====
@@ -737,7 +760,7 @@ global $db_debug;
exit; exit;
} }
else else
{ { // User can be signed up immediately
require_once(HEADERF); require_once(HEADERF);
if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".md5($_POST['password1'])."'")) if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".md5($_POST['password1'])."'"))
@@ -746,18 +769,17 @@ global $db_debug;
require_once(FOOTERF); require_once(FOOTERF);
exit; exit;
} }
$sql->db_Update("user", "user_ban = '0' WHERE user_id = '{$nid}'");
// ==== Update Userclass =======
if ($_POST['class']) // Set initial classes, and any which the user can opt to join
{ $init_classes = explode(',',varset($pref['initial_user_classes'],''));
unset($insert_class); if (isset($_POST['class'])) $init_classes = array_unique(array_merge($init_classes, $_POST['class']));
sort($_POST['class']);
$insert_class = implode(",",$_POST['class']); // Set member as registered, update classes
$sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' "); $sql->db_Update("user", "user_ban = '0', user_class='".$tp -> toDB(implode(',',$init_classes))."' WHERE user_id = '{$nid}'");
}
// ======== save extended fields to DB table. // ======== save extended fields to DB table.
if($ue_fields) if($ue_fields)
{ {
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')"); $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')");