diff --git a/e107_admin/admin_log.php b/e107_admin/admin_log.php index f48531818..b39fff2ec 100644 --- a/e107_admin/admin_log.php +++ b/e107_admin/admin_log.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_admin/admin_log.php,v $ -| $Revision: 1.17 $ -| $Date: 2008-08-10 11:41:01 $ +| $Revision: 1.18 $ +| $Date: 2008-11-22 12:57:25 $ | $Author: e107steved $ | | Preferences: @@ -107,12 +107,12 @@ if (isset($_POST['deleteitems']) && ($action == 'comments')) unset($back_count); if (isset($_POST['deleteoldadmin']) && isset($_POST['rolllog_clearadmin'])) { - $back_count = $_POST['rolllog_clearadmin']; + $back_count = intval($_POST['rolllog_clearadmin']); $next_action = 'confdel'; } elseif (isset($_POST['deleteoldaudit']) && isset($_POST['rolllog_clearaudit'])) { - $back_count = $_POST['rolllog_clearaudit']; + $back_count = intval($_POST['rolllog_clearaudit']); $next_action = 'auditdel'; } @@ -252,41 +252,41 @@ $last_noted_time = 0; $rl_cookiename = $pref['cookie_name']."_rl_admin"; if (isset($_POST['updatefilters']) || isset($_POST['clearfilters'])) { // Need to put the filter values into the cookie - if (!isset($_POST['clearfilters'])) - { // Only update filter values from S_POST[] if 'clear filters' not active - $start_time = $_POST['starttimedate'] + $_POST['starttimehours']*3600 + $_POST['starttimemins']*60; - $start_enabled = isset($_POST['start_enabled']); - if (isset($_POST['timelength'])) - { - $end_time = intval($_POST['timelength'])*60 + $start_time; - } - else - { - $end_time = $_POST['endtimedate'] + $_POST['endtimehours']*3600 + $_POST['endtimemins']*60; - } - $end_enabled = isset($_POST['end_enabled']); - $user_filter = $_POST['roll_user_filter']; - $event_filter = $_POST['roll_event_filter']; - $pri_filter_cond = $_POST['roll_pri_cond']; - $pri_filter_val = $_POST['roll_pri_val']; - $caller_filter = $_POST['roll_caller_filter']; - $ipaddress_filter = $_POST['roll_ipaddress_filter']; - $downloadid_filter = $_POST['roll_downloadid_filter']; - } - $cookie_string = implode("|",array($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val,$caller_filter,$ipaddress_filter,$downloadid_filter)); + if (!isset($_POST['clearfilters'])) + { // Only update filter values from S_POST[] if 'clear filters' not active + $start_time = intval($_POST['starttimedate'] + $_POST['starttimehours']*3600 + $_POST['starttimemins']*60); + $start_enabled = isset($_POST['start_enabled']); + if (isset($_POST['timelength'])) + { + $end_time = intval($_POST['timelength'])*60 + $start_time; + } + else + { + $end_time = intval($_POST['endtimedate'] + $_POST['endtimehours']*3600 + $_POST['endtimemins']*60); + } + $end_enabled = isset($_POST['end_enabled']); + $user_filter = intval($_POST['roll_user_filter']); + $event_filter = $tp->toDB($_POST['roll_event_filter']); + $pri_filter_cond = $tp->toDB($_POST['roll_pri_cond']); + $pri_filter_val = $tp->toDB($_POST['roll_pri_val']); + $caller_filter = $tp->toDB($_POST['roll_caller_filter']); + $ipaddress_filter = $e107->ipEncode($tp->toDB($_POST['roll_ipaddress_filter'])); + $downloadid_filter = $tp->toDB($_POST['roll_downloadid_filter']); + } + $cookie_string = implode("|",array($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val,$caller_filter,$ipaddress_filter,$downloadid_filter)); // echo $cookie_string."
"; // Create session cookie to store values - cookie($rl_cookiename,$cookie_string,0); // Use session cookie + cookie($rl_cookiename,$cookie_string,0); // Use session cookie } else { // Now try and get the filters from the cookie - if (isset($_COOKIE[$rl_cookiename])) - list($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val, $caller_filter,$ipaddress_filter,$downloadid_filter) = explode("|",$_COOKIE[$rl_cookiename]); - if (isset($qs[1]) && isset($qs[2]) && ($qs[1] == 'user') && ctype_digit($qs[2]) && (intval($qs[2]) > 0)) - { - $user_filter = intval($qs[2]); - } + if (isset($_COOKIE[$rl_cookiename])) + list($start_time,$start_enabled,$end_time,$end_enabled,$user_filter,$event_filter,$pri_filter_cond,$pri_filter_val, $caller_filter,$ipaddress_filter,$downloadid_filter) = explode("|",$_COOKIE[$rl_cookiename]); + if (isset($qs[1]) && isset($qs[2]) && ($qs[1] == 'user') && ctype_digit($qs[2]) && (intval($qs[2]) > 0)) + { + $user_filter = intval($qs[2]); + } } $timelength = 5; @@ -789,7 +789,7 @@ $sort_fields = array( break; case 'ipfilter' : $text .= "".RL_LAN_060."
".RL_LAN_061." - "; + "; $filter_cols += 2; break; case 'userfilter' : @@ -923,13 +923,16 @@ function log_process($matches) // Look for pseudo-code for newlines, link insertion $val = preg_replace_callback("#\[!(\w+?)(=.+?){0,1}!]#",'log_process',$row['dblog_remarks']); break; + case 'dblog_ip' : + $val = $e107->ipDecode($row['dblog_ip']); + break; case 'comment_ip' : - $val = $row['comment_ip']; - if (strlen($val) == 8) + $val = $e107->ipDecode($row['comment_ip']); +/* if (strlen($val) == 8) // New decoder should handle this automatically { $hexip = explode('.', chunk_split($val, 2, '.')); $val = hexdec($hexip[0]). '.' . hexdec($hexip[1]) . '.' . hexdec($hexip[2]) . '.' . hexdec($hexip[3]); - } + } */ break; case 'comment_comment' : $val =$tp->text_truncate($row['comment_comment'],100,'...'); // Just display first bit of comment diff --git a/e107_admin/banlist.php b/e107_admin/banlist.php index e809eb864..1cc7f4dbc 100644 --- a/e107_admin/banlist.php +++ b/e107_admin/banlist.php @@ -11,9 +11,9 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_admin/banlist.php,v $ -| $Revision: 1.10 $ -| $Date: 2008-11-14 06:01:06 $ -| $Author: e107coders $ +| $Revision: 1.11 $ +| $Date: 2008-11-22 12:57:25 $ +| $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -92,7 +92,11 @@ if (isset($_POST['ban_ip'])) 'whedit' - Editing whitelist 'whadd' - Adding to whitelist */ - $new_vals = array('banlist_ip' => $_POST['ban_ip']); + if ($e107->whatIsThis($new_ban_ip) == 'ip') + { + $new_ban_ip = $e107->IPencode($new_ban_ip); // Normalise numeric IP addresses + } + $new_vals = array('banlist_ip' => $new_ban_ip); if (isset($_POST['add_ban'])) { $new_vals['banlist_datestamp'] = time(); @@ -400,7 +404,7 @@ switch ($action) ".BANLAN_5.": - {$rdns_warn} + {$rdns_warn} "; @@ -587,7 +591,7 @@ switch ($action) $val = "".constant('BANLAN_10'.$banlist_bantype).""; break; case 'ip_reason' : - $val = $banlist_ip."
".$fv.": ".$banlist_reason; + $val = $e107->ipDecode($banlist_ip)."
".$fv.": ".$banlist_reason; break; case 'banlist_banexpires' : $val = ($banlist_banexpires ? strftime(BAN_TIME_FORMAT,$banlist_banexpires).(($banlist_banexpires < time()) ? ' ('.BANLAN_34.')' : '') @@ -596,7 +600,7 @@ switch ($action) case 'ban_options' : $val = "".LAN_EDIT." toJS(LAN_CONFIRMDEL." [".$banlist_ip."]")."'); + onclick=\" var r = jsconfirm('".$tp->toJS(LAN_CONFIRMDEL." [".$e107->ipDecode($banlist_ip)."]")."'); if (r) { document.getElementById('ban_form').action='".e_SELF."?{$del_action}-{$banlist_ip}'; } return r; \" />"; break; case 'banlist_notes' : @@ -669,7 +673,7 @@ function parse_date($instr) // Return a message function process_csv($filename, $override_imports, $override_expiry, $separator = ',', $quote = '"') { - global $sql, $pref; + global $sql, $pref, $e107; // echo "Read CSV: {$filename} separator: {$separator}, quote: {$quote} override imports: {$override_imports} override expiry: {$override_expiry}
"; // Renumber imported bans if ($override_imports) $sql->db_Update('banlist', "`banlist_bantype`=".BAN_TYPE_TEMPORARY." WHERE `banlist_bantype` = ".BAN_TYPE_IMPORTED); @@ -703,7 +707,7 @@ function process_csv($filename, $override_imports, $override_expiry, $separator switch ($field_num) { case 1 : // IP address - $field_list['banlist_ip'] = $f; + $field_list['banlist_ip'] = $e107->ipEncode($f); break; case 2 : // Original date of ban $field_list['banlist_datestamp'] = parse_date($f); diff --git a/e107_files/shortcode/batch/comment_shortcodes.php b/e107_files/shortcode/batch/comment_shortcodes.php index 43b05e146..1521e8947 100644 --- a/e107_files/shortcode/batch/comment_shortcodes.php +++ b/e107_files/shortcode/batch/comment_shortcodes.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_files/shortcode/batch/comment_shortcodes.php,v $ -| $Revision: 1.6 $ -| $Date: 2008-05-25 08:26:11 $ +| $Revision: 1.7 $ +| $Date: 2008-11-22 12:57:35 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -126,9 +126,9 @@ return $RATING; SC_END SC_BEGIN IPADDRESS -global $IPADDRESS, $comrow; +global $IPADDRESS, $comrow, $e107; //require_once(e_HANDLER."encrypt_handler.php"); -return (ADMIN ? "".COMLAN_330." ".$comrow['comment_ip']."" : ""); +return (ADMIN ? "".COMLAN_330." ".$e107->ipDecode($comrow['comment_ip'])."" : ""); SC_END SC_BEGIN LEVEL diff --git a/e107_handlers/comment_class.php b/e107_handlers/comment_class.php index df6ffaf97..2b25ad94a 100644 --- a/e107_handlers/comment_class.php +++ b/e107_handlers/comment_class.php @@ -12,8 +12,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/comment_class.php,v $ -| $Revision: 1.15 $ -| $Date: 2008-10-22 21:31:08 $ +| $Revision: 1.16 $ +| $Date: 2008-11-22 12:57:25 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -187,7 +187,7 @@ class comment { //addrating : boolean, to show rating system in rendered comment global $sql, $sc_style, $comment_shortcodes, $COMMENTSTYLE, $rater, $gen, $imode; global $pref, $comrow, $tp, $NEWIMAGE, $USERNAME, $RATING, $datestamp; - global $thisaction, $thistable, $thisid; + global $thisaction, $thistable, $thisid, $e107; if(isset($pref['comments_disabled']) && $pref['comments_disabled'] == TRUE) { @@ -221,7 +221,7 @@ class comment { $unblock = "[".COMLAN_1."] "; $block = "[".COMLAN_2."] "; $delete = "[".COMLAN_3."] "; - $userinfo = "[".COMLAN_4."]"; + $userinfo = "[".COMLAN_4."]"; if (!$COMMENTSTYLE) { @@ -390,7 +390,7 @@ class comment { if (!defined("emessage")) { - $ip = $e107->getip(); // Store IP 'in the raw' - could be IPv4 or IPv6 + $ip = $e107->getip(); // Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form $_t = time(); if($editpid) diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index af2867527..0e6a71960 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/e107_class.php,v $ -| $Revision: 1.19 $ -| $Date: 2008-10-19 11:35:00 $ +| $Revision: 1.20 $ +| $Date: 2008-11-22 12:57:25 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -203,19 +203,28 @@ class e107 */ function ban() { - global $sql, $e107, $tp, $pref; - $ban_count = $sql->db_Count("banlist"); - if($ban_count) - { - $vals = array(); - $ip = $this->getip(); - if ($ip != 'x.x.x.x') + global $sql, $e107, $tp, $pref; + $ban_count = $sql->db_Count("banlist"); + if($ban_count) { - $tmp = explode(".",$ip); - $vals[] = $tp -> toDB($_SERVER['REMOTE_ADDR'], true); - $vals[] = $tmp[0].".".$tmp[1].".".$tmp[2].".*"; - $vals[] = $tmp[0].".".$tmp[1].".*.*"; - } + $vals = array(); + $ip = $this->getip(); // This will be in normalised IPV6 form + if ($ip != 'x.x.x.x') + { + $vals[] = $ip; // Always look for exact match + if (strpos($ip,'0000:0000:0000:0000:0000:ffff:') === 0) + { // It's an IPV4 address + $vals[] = substr($ip,0,-2).'*'; + $vals[] = substr($ip,0,-4).'*'; + $vals[] = substr($ip,0,-7).'*'; // Knock off colon as well here + } + else + { // Its an IPV6 address - ban in blocks of 16 bits + $vals[] = substr($ip,0,-4).'*'; + $vals[] = substr($ip,0,-9).'*'; + $vals[] = substr($ip,0,-14).'*'; + } + } if(varsettrue($pref['enable_rdns'])) { @@ -324,33 +333,166 @@ class e107 * Get the current user's IP address * * @return string + * returns the address in internal 'normalised' IPV6 format - so most code should continue to work provided the DB Field is big enougn */ - function getip() { - if(!$this->_ip_cache){ - if (getenv('HTTP_X_FORWARDED_FOR')) { + function getip() + { + if(!$this->_ip_cache) + { + if (getenv('HTTP_X_FORWARDED_FOR')) + { $ip=$_SERVER['REMOTE_ADDR']; - if (preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip3)) { - $ip2 = array('#^0\..*#', - '#^127\..*#', // Local loopbacks - '#^192\.168\..*#', // RFC1918 - Private Network - '#^172\.(?:1[6789]|2\d|3[01])\..*#', // RFC1918 - Private network - '#^10\..*#', // RFC1918 - Private Network - '#^169\.254\..*#', // RFC3330 - Link-local, auto-DHCP - '#^2(?:2[456789]|[345][0-9])\..*#' // Single check for Class D and Class E - ); + if (preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip3)) + { + $ip2 = array('#^0\..*#', + '#^127\..*#', // Local loopbacks + '#^192\.168\..*#', // RFC1918 - Private Network + '#^172\.(?:1[6789]|2\d|3[01])\..*#', // RFC1918 - Private network + '#^10\..*#', // RFC1918 - Private Network + '#^169\.254\..*#', // RFC3330 - Link-local, auto-DHCP + '#^2(?:2[456789]|[345][0-9])\..*#' // Single check for Class D and Class E + ); $ip = preg_replace($ip2, $ip, $ip3[1]); } - } else { + } + else + { $ip = $_SERVER['REMOTE_ADDR']; } - if ($ip == "") { + if ($ip == "") + { $ip = "x.x.x.x"; } - $this->_ip_cache = $ip; + $this->_ip_cache = $this->ipEncode($ip); // Normalise for storage } return $this->_ip_cache; } + + // Encode an IP address to internal representation. Returns string if successful; FALSE on error + // Default separates fields with ':'; set $div='' to produce a 32-char packed hex string + function ipEncode($ip, $div=':') + { + $ret = ''; + $divider = ''; + if (strstr($ip,':')) + { // Its IPV6 (could have an IP4 'tail') + if (strstr($ip,'.')) + { // IPV4 'tail' to deal with + $temp = strrpos($ip,':') +1; + $ip4 = substr($ip,$temp); + $ip = substr($ip,0, $temp).$this->ip4_encode($ip4); + } + // Now 'normalise' the address + $temp = explode(':',$ip); + $s = 8 - count($temp); // One element will of course be the blank + foreach ($temp as $f) + { + if ($f == '') + { + $ret .= $divider.'0000'; // Always put in one set of zeros for the blank + $divider = $div; + if ($s > 0) + { + $ret .= str_repeat($div.'0000',$s); + $s = 0; + } + } + else + { + $ret .= $divider.sprintf('%04x',hexdec($f)); + $divider = $div; + } + } + return $ret; + } + if (strstr($ip,'.')) + { // Its IPV4 + $ipa = explode('.', $ip); + $temp = sprintf('%02x%02x%s%02x%02x', $ipa[0], $ipa[1], $div, $ipa[2], $ipa[3]); + return str_repeat('0000'.$div,5).'ffff'.$div.$temp; + } + return FALSE; // Unknown + } + + + // Takes an encoded IP address - returns a displayable one + // Set $IP4Legacy TRUE to display 'old' (IPv4) addresses in the familiar dotted format + // Should handle most things that can be thrown at it. + function ipDecode($ip, $IP4Legacy = FALSE) + { + if (strstr($ip,'.')) + { + if ($IP4Legacy) return $ip; // Assume its unencoded IPV4 + $ipa = explode('.', $ip); + $ip = '0:0:0:0:0:ffff:'.sprintf('%02x%02x:%02x%02x', $ipa[0], $ipa[1], $ipa[2], $ipa[3]); + } + if (strstr($ip,'::')) return $ip; // Assume its a compressed IPV6 address already + if ((strlen($ip) == 8) && !strstr($ip,':')) + { // Assume a 'legacy' IPV4 encoding + $ip = '0:0:0:0:0:ffff:'.implode(':',str_split($ip,4)); // Turn it into standard IPV6 + } + elseif ((strlen($ip) == 32) && !strstr($ip,':')) + { // Assume a compressed hex IPV6 + $ip = implode(':',str_split($ip,4)); + } + if (!strstr($ip,':')) return FALSE; // Return on problem - no ':'! + $temp = explode(':',$ip); + $z = 0; // State of the 'zero manager' - 0 = not started, 1 = running, 2 = done + $ret = ''; + $zc = 0; // Count zero fields (not always required) + foreach ($temp as $t) + { + $v = hexdec($t); + if (($v != 0) || ($z == 2)) + { + if ($z == 1) + { // Just finished a run of zeros + $z++; + $ret .= ':'; + } + if ($ret) $ret .= ':'; + $ret .= sprintf('%x',$v); // Drop leading zeros + } + else + { // Zero field + $z = 1; + $zc++; + } + } + if ($z == 1) + { // Need to add trailing zeros, or double colon + if ($zc > 1) $ret .= '::'; else $ret .= ':0'; + } + if ($IP4Legacy && (substr($ret,0,7) == '::ffff:')) + { + $temp = explode(':',substr($ret,7)); // Should give us two 16-bit hex values + $z = array(); + foreach ($temp as $t) + { + $zc = hexdec($t); + $z[] = intval($zc / 256); // intval needed to avoid small rounding error + $z[] = $zc % 256; + } + $ret = implode('.',$z); + } + return $ret; + } + + + // Given a string which may be IP address, email address etc, tries to work out what it is + function whatIsThis($string) + { + if (strstr($string,'@')) return 'email'; // Email address + if (strstr($string,'http://')) return 'url'; + if (strstr($string,'ftp://')) return 'ftp'; + $string = strtolower($string); + if (str_replace(' ','',strtr($string,'0123456789abcdef.:*',' ')) == '') // Delete all characters found in ipv4 or ipv6 addresses, plus wildcards + { + return 'ip'; + } + return 'unknown'; + } function get_host_name($ip_address) { diff --git a/e107_handlers/online_class.php b/e107_handlers/online_class.php index c60acbfdd..4ae9c48a0 100755 --- a/e107_handlers/online_class.php +++ b/e107_handlers/online_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/online_class.php,v $ -| $Revision: 1.2 $ -| $Date: 2008-01-13 10:51:34 $ +| $Revision: 1.3 $ +| $Date: 2008-11-22 12:57:25 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -111,7 +111,7 @@ class e_online $row['online_pagecount'] = 1; } - if ($row['online_pagecount'] > $online_bancount && ($row['online_ip'] != "127.0.0.1")) + if ($row['online_pagecount'] > $online_bancount && ($e107->ipDecode($row['online_ip'],TRUE) != "127.0.0.1")) { // $sql->db_Insert("banlist", "'{$ip}', '0', 'Hit count exceeded ({$row['online_pagecount']} requests within allotted time)' "); if ($e107->add_ban(2,"Hit count exceeded ({$row['online_pagecount']} requests within allotted time)",$ip,0)) diff --git a/e107_languages/English/admin/help/banlist.php b/e107_languages/English/admin/help/banlist.php index e233d0ad1..3e6c8c920 100644 --- a/e107_languages/English/admin/help/banlist.php +++ b/e107_languages/English/admin/help/banlist.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/help/banlist.php,v $ -| $Revision: 1.7 $ -| $Date: 2008-06-15 10:05:53 $ +| $Revision: 1.8 $ +| $Date: 2008-11-22 12:57:42 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -63,6 +63,7 @@ Either enter their full IP address or use a wildcard to ban a range of IP addres Banning by IP address:
Entering the IP address 123.123.123.123 will stop the user with that address visiting your site.
Entering the IP address 123.123.123.* will stop anyone in that IP range from visiting your site.

+IPV6 format addresses are also supported, including '::' to represent a block of zero values.

Banning by email address
Entering the email address foo@bar.com will stop anyone using that email address from registering as a member on your site.
Entering the email address *@bar.com will stop anyone using that email domain from registering as a member on your site.