Ban handling improvements - most checking done before DB opened (much faster if user is banned).

Fix some bugs in ban admin pages. Separate handler for IP- and ban-related functions (moves them out of e107_class)
2025-08-04 21:57:51 +02:00 · 2011-12-28 10:01:25 +00:00
parent db9b9c1a57
commit 389705683e
10 changed files with 1891 additions and 239 deletions
--- a/class2.php
+++ b/class2.php
@@ -223,6 +223,9 @@ $e107_paths = compact('ADMIN_DIRECTORY', 'FILES_DIRECTORY', 'IMAGES_DIRECTORY',
 $sql_info = compact('mySQLserver', 'mySQLuser', 'mySQLpassword', 'mySQLdefaultdb', 'mySQLprefix');
 $e107 = e107::getInstance()->initCore($e107_paths, realpath(dirname(__FILE__)), $sql_info, varset($E107_CONFIG, array()));
 e107::getSingleton('eIPHandler');			// This auto-handles bans etc
 ### NEW Register Autoload - do it asap
 if(!function_exists('spl_autoload_register'))
 {
@@ -777,8 +780,8 @@ if (!class_exists('e107table', false))
 $ns = e107::getRender(); //TODO - find & replace $ns, $e107->ns
 // EONE-134 - bad e_module could destroy e107 instance
-$e107 = e107::getInstance();
+$e107 = e107::getInstance();		// Is this needed now?
-$e107->ban();
+e107::getIPHandler()->ban();
 if(varset($pref['force_userupdate']) && USER && !isset($_E107['no_forceuserupdate']))
 {
--- a/e107_admin/banlist.php
+++ b/e107_admin/banlist.php
--- a/e107_admin/sql/core_sql.php
+++ b/e107_admin/sql/core_sql.php
@@ -73,7 +73,7 @@ CREATE TABLE audit_log (
 CREATE TABLE banlist (
  banlist_ip varchar(100) NOT NULL default '',
-  banlist_bantype tinyint(3) unsigned NOT NULL default '0',
+  banlist_bantype tinyint(3) signed NOT NULL default '0',
  banlist_datestamp int(10) unsigned NOT NULL default '0',
  banlist_banexpires int(10) unsigned NOT NULL default '0',
  banlist_admin smallint(5) unsigned NOT NULL default '0',
--- a/e107_core/xml/default_install.xml
+++ b/e107_core/xml/default_install.xml
@@ -17,6 +17,7 @@
 		<core name="auth_method"></core>
 		<core name="autoban">1</core>
 		<core name="autologinpostsignup">1</core>
 		<core name="ban_date_format">%H:%M %d-%m-%y</core>
 		<core name="ban_max_online_access">100,200</core>
 		<core name="ban_retrigger">0</core>
 		<core name="cachestatus"></core>
--- a/e107_handlers/e107_class.php
+++ b/e107_handlers/e107_class.php
@@ -200,6 +200,7 @@ class e107
 		'user_class'					 => '{e_HANDLER}userclass_class.php',
 		'userlogin'					 	 => '{e_HANDLER}login.php',
 		'xmlClass'						 => '{e_HANDLER}xml_class.php',
 		'eIPHandler'					 => '{e_HANDLER}iphandler_class.php',
 	);
@@ -224,7 +225,7 @@ class e107
 	 * Constructor
 	 *
 	 * Use {@link getInstance()}, direct instantiating
-	 * is not possible for signleton objects
+	 * is not possible for singleton objects
 	 *
 	 * @return void
 	 */
@@ -668,7 +669,6 @@ class e107
 		//singleton object found - overload not possible
 		if(self::getRegistry($id))
 		{
 			return self::getRegistry($id);
 		}
@@ -914,7 +914,7 @@ class e107
 	 */
 	public static function getParser()
 	{
-		return self::getSingleton('e_parse', e_HANDLER.'e_parse_class.php'); //WARNING - don't change this - inifinite loop!!!
+		return self::getSingleton('e_parse', e_HANDLER.'e_parse_class.php'); //WARNING - don't change this - infinite loop!!!
 	}
 	/**
@@ -1155,6 +1155,16 @@ class e107
 		return self::getSingleton('language', true);
 	}
 	/**
 	 * Retrieve IP/ban handler singleton object
 	 *
 	 * @return language
 	 */
 	public static function getIPHandler()
 	{
 		return self::getSingleton('eIPHandler', true);
 	}
 	/**
 	 * Retrieve Xml handler singleton or new instance object
 	 * @param mixed $singleton false - new instance, true - singleton from default registry location, 'string' - registry path
@@ -2558,6 +2568,7 @@ class e107
 	 * FIXME - create eBanHelper, move it there
 	 * @return void
 	 */
 	 /* No longer required - moved to eIPHelper class
 	public function ban()
 	{
 		$sql = e107::getDb();
@@ -2603,7 +2614,7 @@ class e107
 				$this->check_ban($match);
 			}
 		}
-	}
+	} */
 	/**
 	 * Check the banlist table. $query is used to determine the match.
@@ -2618,6 +2629,7 @@ class e107
 	 * @param boolean $do_return
 	 * @return boolean
 	 */
 	 /* No longer required - moved to eIPHelper class
 	public function check_ban($query, $show_error = TRUE, $do_return = FALSE)
 	{
 		$sql = e107::getDb();
@@ -2665,7 +2677,7 @@ class e107
 		}
 		//$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","No ban found",$query,FALSE,LOG_TO_ROLLING);
 		return TRUE; // Email address OK
-	}
+	} */
 	/**
@@ -2684,6 +2696,9 @@ class e107
 	 */
 	public function add_ban($bantype, $ban_message = '', $ban_ip = '', $ban_user = 0, $ban_notes = '')
 	{
 		return e107::getIPHandler()->add_ban($bantype, $ban_message, $ban_ip, $ban_user, $ban_notes);
 		/*
 		global $sql, $pref, $e107, $admin_log;
 		$sql = e107::getDb();
 		$pref = e107::getPref();
@@ -2697,7 +2712,9 @@ class e107
 		{
 			$ban_ip = $this->getip();
 		}
-		$ban_ip = preg_replace('/[^\w@\.]*/', '', urldecode($ban_ip)); // Make sure no special characters
+		*/
 		//$ban_ip = preg_replace('/[^\w@\.]*/', '', urldecode($ban_ip)); // Make sure no special characters
 		/*
 		if(!$ban_ip)
 		{
 			return FALSE;
@@ -2714,17 +2731,19 @@ class e107
 		}
 		// Add using an array - handles DB changes better
 		$sql->db_Insert('banlist', array('banlist_ip' => $ban_ip , 'banlist_bantype' => $bantype , 'banlist_datestamp' => time() , 'banlist_banexpires' => (varsettrue($pref['ban_durations'][$bantype]) ? time()+($pref['ban_durations'][$bantype]*60*60) : 0) , 'banlist_admin' => $ban_user , 'banlist_reason' => $ban_message , 'banlist_notes' => $ban_notes));
-		return TRUE;
+		return TRUE;  */
 	}
 	/**
 	 * Get the current user's IP address
 	 * returns the address in internal 'normalised' IPV6 format - so most code should continue to work provided the DB Field is big enougn
-	 * FIXME - move to eHelper
+	 * FIXME - call ipHandler directly
 	 * @return string
 	 */
 	public function getip()
 	{
 		return e107::getIPHandler()->getIP(FALSE);
 		/*
 		if(!$this->_ip_cache)
 		{
 			$ip=$_SERVER['REMOTE_ADDR'];
@@ -2750,16 +2769,18 @@ class e107
 			$this->_ip_cache = $this->ipEncode($ip); // Normalise for storage
 		}
 		return $this->_ip_cache;
 		*/
 	}
 	/**
 	 * Encode an IP address to internal representation. Returns string if successful; FALSE on error
 	 * Default separates fields with ':'; set $div='' to produce a 32-char packed hex string
-	 * FIXME - move to eHelper
+	 * FIXME - moved to ipHandler - check for calls elsewhere
 	 * @param string $ip
 	 * @param string $div divider
 	 * @return string encoded IP
 	 */
 	 /*
 	public function ipEncode($ip, $div = ':')
 	{
 		$ret = '';
@@ -2802,20 +2823,23 @@ class e107
 			return str_repeat('0000'.$div, 5).'ffff'.$div.$temp;
 		}
 		return FALSE; // Unknown
-	}
+	} */
 	/**
 	 * Takes an encoded IP address - returns a displayable one
 	 * Set $IP4Legacy TRUE to display 'old' (IPv4) addresses in the familiar dotted format,
 	 * FALSE to display in standard IPV6 format
 	 * Should handle most things that can be thrown at it.
-	 * FIXME - move to eHelper
+	 * FIXME - moved to ipHandler - check for calls elsewhere
 	 * @param string $ip encoded IP
 	 * @param boolean $IP4Legacy
 	 * @return string decoded IP
 	 */
-	public function ipDecode($ip, $IP4Legacy = TRUE)
+
 	public function ipdecode($ip, $IP4Legacy = TRUE)
 	{
 		return e107::getIPHandler()->ipDecode($ip, $IP4Legacy);
 		/*
 		if (strstr($ip,'.'))
 		{
 			if ($IP4Legacy) return $ip;			// Assume its unencoded IPV4
@@ -2872,17 +2896,21 @@ class e107
 			$ret = implode('.',$z);
 		}
-		return $ret;
+		return $ret; */
 	}
 	/**
 	 * Given a string which may be IP address, email address etc, tries to work out what it is
-	 * FIXME - move to eHelper
+	 * Movet to eIPHandler class
 	 * FIXME - moved to ipHandler - check for calls elsewhere
 	 * @param string $string
 	 * @return string ip|email|url|ftp|unknown
 	 */
 	 /*
 	public function whatIsThis($string)
 	{
 		//return e107::getIPHandler()->whatIsThis($string);
 		if (strstr($string,'@')) return 'email';		// Email address
 		if (strstr($string,'http://')) return 'url';
 		if (strstr($string,'ftp://')) return 'ftp';
@@ -2892,14 +2920,16 @@ class e107
 			return 'ip';
 		}
 		return 'unknown';
-	}
+	} */
 	/**
 	 * Retrieve & cache host name
 	 *
 	 * @param string $ip_address
 	 * @return string host name
 	 * FIXME - moved to ipHandler - check for calls elsewhere
 	 */
 	 /*
 	public function get_host_name($ip_address)
 	{
 		if(!$this->_host_name_cache[$ip_address])
@@ -2907,7 +2937,7 @@ class e107
 			$this->_host_name_cache[$ip_address] = gethostbyaddr($ip_address);
 		}
 		return $this->_host_name_cache[$ip_address];
-	}
+	} */
 	/**
 	 * MOVED TO eHelper::parseMemorySize()
@@ -3181,6 +3211,10 @@ class e107
 				$ret = e107::getOnline();
 			break;
 			case 'eIPHandler':
 				$ret = e107::getIPHandler();
 				break;
 			case 'user_class':
 				$ret = e107::getUserClass();
 			break;
--- a/e107_handlers/iphandler_class.php
+++ b/e107_handlers/iphandler_class.php
--- a/e107_handlers/login.php
+++ b/e107_handlers/login.php
@@ -54,7 +54,7 @@ class userlogin
 	public function __construct()
 	{
 		$this->e107 = e107::getInstance();
-		$this->userIP = $this->e107->getip();
+		$this->userIP = e107::getIPHandler()->getIP();
 		$this->userMethods = e107::getUserSession();
 	}
@@ -92,7 +92,8 @@ class userlogin
 		}
 //	    $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
-		$this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE);			// This will exit if a ban is in force
+//		$this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE);			// This will exit if a ban is in force
 		e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ",FALSE);			// This will exit if a ban is in force
 		$forceLogin = ($autologin == 'signup');
 		$autologin = intval($autologin);		// Will decode to zero if forced login
@@ -227,7 +228,7 @@ class userlogin
 		/* restrict more than one person logging in using same us/pw */
 		if($pref['disallowMultiLogin'])
 		{
-			if($this->e107->sql -> db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
+			if($this->e107->sql->db_Select("online", "online_ip", "online_user_id='".$user_id.".".$user_name."'"))
 			{
 				return $this->invalidLogin($username,LOGIN_MULTIPLE,$user_id);
 			}
@@ -342,7 +343,7 @@ class userlogin
 		}
 		// User is in DB here
-		$this->userData = $this->e107->sql -> db_Fetch(MYSQL_ASSOC);		// Get user info
+		$this->userData = $this->e107->sql->db_Fetch(MYSQL_ASSOC);		// Get user info
 		$this->userData['user_perms'] = trim($this->userData['user_perms']);
 		$this->lookEmail = $this->lookEmail && ($username == $this->userData['user_email']);		// Know whether login name or email address used now
@@ -510,11 +511,11 @@ class userlogin
 		{		// See if ban required (formerly the checkibr() function)
 			if($pref['autoban'] == 1 || $pref['autoban'] == 3)
 			{ // Flood + Login or Login Only.
-				$fails = $this->e107->sql -> db_Count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' ");
+				$fails = $this->e107->sql->db_Count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' ");
 				if($fails > 10)
 				{
 					$this->e107->add_ban(4,LAN_LOGIN_18,$this->userIP,1);
-					$this->e107->sql -> db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$this->userIP}', '{$extra_text}', '".LAN_LOGIN_20.": ".$this->e107->tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
+					$this->e107->sql->db_Insert("generic", "0, 'auto_banned', '".time()."', 0, '{$this->userIP}', '{$extra_text}', '".LAN_LOGIN_20.": ".$this->e107->tp -> toDB($username).", ".LAN_LOGIN_17.": ".md5($ouserpass)."' ");
 				}
 			}
 		}
--- a/e107_languages/English/admin/lan_banlist.php
+++ b/e107_languages/English/admin/lan_banlist.php
@@ -10,17 +10,17 @@
 +----------------------------------------------------------------------------+
 */
 // define("BANLAN_1", "Ban removed.");
-define("BANLAN_2", 'No bans in list.');
+define('BANLAN_2', 'No bans in list.');
-define("BANLAN_3", "Existing Bans");
+define('BANLAN_3', 'Existing Bans');
 // define("BANLAN_4", "Remove ban");
-define("BANLAN_5", "Enter IP, email address, or host");
+define('BANLAN_5', 'Enter IP, email address, or host');
-define("BANLAN_7", "Reason");
+define('BANLAN_7', 'Reason');
-define("BANLAN_8", "Ban Address");
+define('BANLAN_8', 'Ban Address');
-define("BANLAN_9", "Ban users from site by email, IP or host address");
+define('BANLAN_9', 'Ban users from site by email, IP or host address');
-define("BANLAN_10", "IP / Email / Reason");
+define('BANLAN_10', 'IP / Email / Reason');
-define("BANLAN_11", "Auto-ban: More than 10 failed login attempts");
+define('BANLAN_11', 'Auto-ban: More than 10 failed login attempts');
-define("BANLAN_12", "Note: Reverse DNS is currently disabled; it must be enabled to allow banning by host.  Banning by IP and email address will still function normally.");
+define('BANLAN_12', 'Note: Reverse DNS is currently disabled; it must be enabled to allow banning by host.  Banning by IP and email address will still function normally.');
-define("BANLAN_13", "Note: To ban a user by user name, go to the users admin page: ");
+define('BANLAN_13', 'Note: To ban a user by user name, go to the users admin page: ');
 define('BANLAN_14','Ban List');
 define('BANLAN_15','Messages/Ban Periods');
 define('BANLAN_16','Banning');
@@ -36,7 +36,7 @@ define('BANLAN_25','Add to Banlist');
 define('BANLAN_26','Currently ');
 define('BANLAN_27','Invalid characters in IP address stripped - now:');
 define('BANLAN_28','Ban type');
-define('BANLAN_29','Message to show');
+define('BANLAN_29','Message to show to banned user');
 define('BANLAN_30','Ban duration');
 define('BANLAN_31','(Use an empty message if you wish the user to get a blank screen)');
 define('BANLAN_32','Indefinite');
@@ -55,7 +55,7 @@ define('BANLAN_44','Use expiry date/time from import');
 define('BANLAN_45','Import');
 define('BANLAN_46','Import File:');
 define('BANLAN_47','File upload error');
-//define('BANLAN_48','Error importing file');
+define('BANLAN_48','Deleted --NUM-- expired ban list entries');
 define('BANLAN_49','CSV import: Unbalanced quotes in line ');
 define('BANLAN_50','CSV import: Error writing banlist record at line ');
 define('BANLAN_51','CSV import: Success, --NUM-- lines imported from file ');
@@ -88,6 +88,19 @@ define('BANLAN_77','Messages/Ban Periods');
 // define('BANLAN_78','Hit count exceeded (--HITS-- requests within allotted time)');
 define('BANLAN_79','CSV Export format:');
 define('BANLAN_80','CSV Import format:');
 define('BANLAN_81','Ban Action Log');
 define('BANLAN_82', 'No entries in Ban Action Log');
 define('BANLAN_83', 'Date/Time');
 define('BANLAN_84', 'IP Address');
 define('BANLAN_85', 'Additional information');
 define('BANLAN_86', 'Ban-related events');
 define('BANLAN_87', 'Total --NUM-- entries in list');
 define('BANLAN_88', 'Empty Ban Action Log');
 define('BANLAN_89', 'Log File Deleted');
 define('BANLAN_90', 'Error deleting log file');
 define('BANLAN_91', 'Date/time format for ban log');
 define('BANLAN_92', 'See the strftime function page at php.net');
 define('BANLAN_93', '');
 // Ban types - block reserved 100-109
 define('BANLAN_100', 'Unknown');
@@ -113,6 +126,6 @@ define('BANLAN_117', 'Spare reason');
 define('BANLAN_118', 'Spare reason');
 define('BANLAN_119', 'Indicates an import error - previously imported bans');
-define('BANLAN_120', 'Unknown');
+define('BANLAN_120', 'Whitelist entry');
 ?>
--- a/e107_languages/English/admin/lan_log_messages.php
+++ b/e107_languages/English/admin/lan_log_messages.php
@@ -88,6 +88,7 @@ define('LAN_AL_BANLIST_08','Banlist options updated');
 define('LAN_AL_BANLIST_09','Banlist entry edited');
 define('LAN_AL_BANLIST_10','Whitelist entry edited');
 define('LAN_AL_BANLIST_11','Whitelist hit for ban entry');
 define('LAN_AL_BANLIST_12','Expired bans cleared');
 // Comment-related events
--- a/e107_languages/English/lan_userclass.php
+++ b/e107_languages/English/lan_userclass.php
@@ -9,19 +9,19 @@
 |     $Author$
 +----------------------------------------------------------------------------+
 */
-define("UC_LAN_0", "Everyone (public)");
+define('UC_LAN_0', 'Everyone (public)');
-define("UC_LAN_1", "Guests");
+define('UC_LAN_1', 'Guests');
-define("UC_LAN_2", "No One (inactive)");
+define('UC_LAN_2', 'No One (inactive)');
-define("UC_LAN_3", "Members");
+define('UC_LAN_3', 'Members');
-define("UC_LAN_4", "Read Only");
+define('UC_LAN_4', 'Read Only');
-define("UC_LAN_5", "Admin");
+define('UC_LAN_5', 'Admin');
-define("UC_LAN_6", "Main Admin");
+define('UC_LAN_6', 'Main Admin');
 define('UC_LAN_7', 'Forum Moderators');
 define('UC_LAN_8','Admins and Mods');
 define('UC_LAN_9','New Users');
 define('UC_LAN_10', 'Search Bots');
-define('UC_LAN_INVERT', "Not --CLASS--");
+define('UC_LAN_INVERT', 'Not --CLASS--');
-define('UC_LAN_INVERTLABEL', "Everyone but..");
+define('UC_LAN_INVERTLABEL', 'Everyone but..');
 ?>