diff --git a/class2.php b/class2.php index dc74f98ab..903a050c9 100644 --- a/class2.php +++ b/class2.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/class2.php,v $ -| $Revision: 1.35 $ -| $Date: 2007-12-22 12:39:23 $ +| $Revision: 1.36 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -910,7 +910,7 @@ function js_location($qry){ exit; } else { echo "\n"; exit; -} + } } function check_email($email) { @@ -1103,8 +1103,10 @@ function save_prefs($table = 'core', $uid = USERID, $row_val = '') //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// -class e_online { - function online($online_tracking = false, $flood_control = false) { +class e_online +{ + function online($online_tracking = false, $flood_control = false) + { if($online_tracking == true || $flood_control == true) { global $online_timeout, $online_warncount, $online_bancount; @@ -1129,7 +1131,8 @@ class e_online { if (USER) { // Find record that matches IP or visitor, or matches user info - if ($sql->db_Select("online", "*", "(`online_ip` = '{$ip}' AND `online_user_id` = '0') OR `online_user_id` = '{$udata}'")) { + if ($sql->db_Select("online", "*", "(`online_ip` = '{$ip}' AND `online_user_id` = '0') OR `online_user_id` = '{$udata}'")) + { $row = $sql->db_Fetch(); if ($row['online_user_id'] == $udata) { @@ -1160,7 +1163,9 @@ class e_online { } } $sql->db_Update("online", $query); - } else { + } + else + { $sql->db_Insert("online", " '".time()."', '0', '{$udata}', '{$ip}', '{$page}', 1, 0"); } } @@ -1194,10 +1199,12 @@ class e_online { if ($row['online_pagecount'] > $online_bancount && ($row['online_ip'] != "127.0.0.1")) { // $sql->db_Insert("banlist", "'{$ip}', '0', 'Hit count exceeded ({$row['online_pagecount']} requests within allotted time)' "); - $e107->add_ban(2,"Hit count exceeded ({$row['online_pagecount']} requests within allotted time)",$ip,0); + if ($e107->add_ban(2,"Hit count exceeded ({$row['online_pagecount']} requests within allotted time)",$ip,0)) + { $e_event->trigger("flood", $ip); exit; } + } if ($row['online_pagecount'] >= $online_warncount && $row['online_ip'] != "127.0.0.1") { echo "
".LAN_WARNING."

".CORE_LAN6."
"; diff --git a/e107_admin/banlist.php b/e107_admin/banlist.php index 9548b36cf..9e7f4ab11 100644 --- a/e107_admin/banlist.php +++ b/e107_admin/banlist.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_admin/banlist.php,v $ -| $Revision: 1.6 $ -| $Date: 2007-12-23 21:15:48 $ +| $Revision: 1.7 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -217,7 +217,7 @@ function ban_time_dropdown($click_js = '', $zero_text=BANLAN_21, $curval=-1,$dro // Character options for import & export $separator_char = array(1 => ',', 2 => '|'); -$quote_char = array(1 => '', 2 => "'", 3 => '"'); +$quote_char = array(1 => '(none)', 2 => "'", 3 => '"'); function select_box($name, $data, $curval = FALSE) @@ -274,7 +274,7 @@ switch ($action) ".ban_time_dropdown('',BANLAN_32,$pref['ban_durations'][$i],'ban_time[]')." - "; + "; } $text .= " \n"; @@ -293,10 +293,9 @@ switch ($action) // Edit/add form first $text .= "
- - + @@ -398,8 +397,8 @@ switch ($action) if ($message) $ns->tablerender(BANLAN_48, "
{$message}
"); $text = "
- -
".BANLAN_5.": ".BANLAN_5.": {$rdns_warn}
+ +
@@ -409,7 +408,7 @@ switch ($action) $spacer = ''; for ($i = 0; $i < BAN_REASON_COUNT; $i++) { - $text .= $spacer." ".constant('BANLAN_10'.$i)." - ".constant('BANLAN_11'.$i); + $text .= $spacer." ".constant('BANLAN_10'.$i)." - ".constant('BANLAN_11'.$i); $spacer = "
\n"; } $text .= "
".select_box('ban_separator',$separator_char).' '.BANLAN_37; @@ -421,16 +420,16 @@ switch ($action) // Now do the import options $text = "
- -
+ +
"; $text .= " @@ -503,6 +502,7 @@ switch ($action) } $text .= ""; } + $text .= ''; } $text .= "
".BANLAN_42."".BANLAN_15."
\n"; - $text .= " ".BANLAN_43.'
'; - $text .= " ".BANLAN_44; + $text .= " ".BANLAN_43.'
'; + $text .= " ".BANLAN_44; $text .= "		".select_box('ban_separator',$separator_char).' '.BANLAN_37; $text .= "
".select_box('ban_quote',$quote_char).' '.BANLAN_38."
{$val}
\n"; } diff --git a/e107_admin/fla.php b/e107_admin/fla.php index 6bda4977b..bc87146a1 100644 --- a/e107_admin/fla.php +++ b/e107_admin/fla.php @@ -11,13 +11,14 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_admin/fla.php,v $ -| $Revision: 1.2 $ -| $Date: 2007-12-09 16:42:22 $ +| $Revision: 1.3 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ require_once("../class2.php"); -if (!getperms("4")) { +if (!getperms("4")) +{ header("location:".e_BASE."index.php"); exit; } @@ -26,20 +27,25 @@ $e_sub_cat = 'failed_login'; require_once("auth.php"); $tmp = (e_QUERY) ? explode(".", e_QUERY) : ""; -$from = (!$tmp[0]) ? 0 : intval($tmp[0]); -$amount = (!$tmp[1]) ? 50 : intval($tmp[1]); +$from = intval(varset($tmp[0], 0)); +$amount = intval(varset($tmp[1], 50)); if(isset($_POST['delbanSubmit'])) { - + $message = ''; $delcount = 0; + $spacer = ''; foreach($_POST['fladelete'] as $delete) { - $delcount ++; - $sql -> db_Delete("generic", "gen_id='$delete' "); + $delcount ++; + $sql -> db_Delete("generic", "gen_id='{$delete}' "); + } + if ($delcount) + { + $message .= FLALAN_3.": ".$delcount; + $spacer = '
'; } - $message = FLALAN_3.": ".$delcount; $bancount = 0; foreach($_POST['flaban'] as $ban) @@ -47,14 +53,18 @@ if(isset($_POST['delbanSubmit'])) if($sql -> db_Select("generic", "*", "gen_id={$ban}")) { $at = $sql -> db_Fetch(); - $e107->add_ban(4,FLALAN_4,$at['gen_ip'],ADMINID); + if (!$e107->add_ban(4,FLALAN_4,$at['gen_ip'],ADMINID)) + { // IP on whitelist (although possibly we shouldn't get to this stage, but check anyway + $message .= $spacer.str_replace(FLALAN_18,'--IP--',$at['gen_ip']); + $spacer = '
'; + } // $banlist_ip = $at['gen_ip']; // $sql->db_Insert("banlist", "'$banlist_ip', '".ADMINID."', '".FLALAN_4."' "); - $sql -> db_Delete("generic", "gen_id='$ban' "); + $sql -> db_Delete("generic", "gen_id='{$ban}' "); $bancount ++; } } - $message .= ", ".FLALAN_5.": ".$bancount; + $message .= $spacer.FLALAN_5.": ".$bancount; } diff --git a/e107_admin/users.php b/e107_admin/users.php index f49f3f84c..4c367b631 100644 --- a/e107_admin/users.php +++ b/e107_admin/users.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_admin/users.php,v $ -| $Revision: 1.8 $ -| $Date: 2007-12-09 16:42:22 $ +| $Revision: 1.9 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -249,7 +249,7 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "ban") // $sub_action = $_POST['userid']; $sql->db_Select("user", "*", "user_id='".$_POST['userid']."'"); $row = $sql->db_Fetch(); - if ($row['user_perms'] == "0") + if (($row['user_perms'] == "0") || ($row['user_perms'] == "0.")) { $user->show_message(USRLAN_7); } @@ -257,24 +257,29 @@ if (isset($_POST['useraction']) && $_POST['useraction'] == "ban") { if($sql->db_Update("user", "user_ban='1' WHERE user_id='".$_POST['userid']."' ")) { - $user->show_message(USRLAN_8); + $user->show_message(USRLAN_8); } if(trim($row['user_ip']) == "") { - $user->show_message(USRLAN_135); + $user->show_message(USRLAN_135); } else { - if($sql->db_Count("user", "(*)", "WHERE user_ip = '{$row['user_ip']}'") > 1) - { - $user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_136)); - } - else - { - $e107->add_ban(6,USRLAN_149.$row['user_name'].'/'.$row['user_loginname'],$row['user_ip'],USERID); -// $sql -> db_Insert("banlist", "'".$row['user_ip']."', '".USERID."', '".$row['user_name']."' "); + if($sql->db_Count("user", "(*)", "WHERE user_ip = '{$row['user_ip']}'") > 1) + { // Multiple users have same IP address + $user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_136)); + } + else + { + if ($e107->add_ban(6,USRLAN_149.$row['user_name'].'/'.$row['user_loginname'],$row['user_ip'],USERID)) + { // Successful IP ban $user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137)); } + else + { // IP address on whitelist + $user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_150)); + } + } } } $action = "main"; @@ -780,7 +785,7 @@ class users $text .= "
".LAN_DISPLAYOPT."
"; $text .= " diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index e0cc8e0eb..02160830a 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -11,8 +11,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/e107_class.php,v $ -| $Revision: 1.11 $ -| $Date: 2007-12-16 11:14:47 $ +| $Revision: 1.12 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -220,7 +220,6 @@ class e107{ if ($show_error) header("HTTP/1.1 403 Forbidden", true); if (isset($pref['ban_messages'])) { // May want to display a message - $row = $sql->db_Fetch(); // Get the type of the ban if (($row['banlist_banexpires'] > 0) && ($row['banlist_banexpires'] < time())) { // Ban has expired - delete from DB $sql->db_Delete('banlist', $query); @@ -230,6 +229,7 @@ class e107{ if ($do_return) return FALSE; echo $tp->toHTML(varsettrue($pref['ban_messages'][$row['banlist_bantype']])); // Show message if one set } + $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,'BAN_03','LAN_AUDIT_LOG_003',$query,FALSE,LOG_TO_ROLLING); exit(); } // $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","No ban found",$query,FALSE,LOG_TO_ROLLING); @@ -238,17 +238,26 @@ class e107{ // Add an entry to the banlist. $bantype = 1 for manual, 2 for flooding, 4 for multiple logins + // Returns TRUE if ban accepted. + // Returns FALSE if ban not accepted (i.e. because on whitelist, or invalid IP specified) function add_ban($bantype,$ban_message='',$ban_ip='',$ban_user = 0,$ban_notes='') { global $sql, $pref; if (!$ban_message) $ban_message = 'No explanation given'; if (!$ban_ip) $ban_ip = $this->getip(); $ban_ip = preg_replace("/[^\w@\.]*/",'',urldecode($ban_ip)); // Make sure no special characters - if (!$ban_ip) return; + if (!$ban_ip) return FALSE; + // See if the address is in the whitelist + if ($sql->db_Select('banlist','*','`banlist_bantype` >= '.BAN_TYPE_WHITELIST)) + { // Got a whitelist entry for this + $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"BANLIST_11",'AL_BAN_LAN_11',$ban_ip,FALSE,LOG_TO_ROLLING); + return FALSE; + } // Add using an array - handles DB changes better $sql->db_Insert('banlist',array('banlist_ip' => $ban_ip, 'banlist_bantype' => $bantype, 'banlist_datestamp' => time(), 'banlist_banexpires' => (varsettrue($pref['ban_durations'][$bantype]) ? time() + ($pref['ban_durations'][$bantype]*60*60) : 0), 'banlist_admin' => $ban_user, 'banlist_reason' => $ban_message, 'banlist_notes' => $ban_notes)); + return TRUE; } diff --git a/e107_handlers/login.php b/e107_handlers/login.php index 8bd534214..b07859e2f 100644 --- a/e107_handlers/login.php +++ b/e107_handlers/login.php @@ -12,8 +12,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $ -| $Revision: 1.9 $ -| $Date: 2007-12-15 15:06:40 $ +| $Revision: 1.10 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -227,20 +227,45 @@ class userlogin { } } - function update_xup($user_id, $user_xup = "") { + // This is called to update user settings from a XUP file - usually because the file name has changed. + // $user_xup has the new file name + function update_xup($user_id, $user_xup = "") + { global $sql, $tp; - if($user_xup) { + if($user_xup) + { require_once(e_HANDLER."xml_class.php"); $xml = new parseXml; - if($rawData = $xml -> getRemoteXmlFile($user_xup)) { + if($rawData = $xml -> getRemoteXmlFile($user_xup)) + { preg_match_all("#\#si", $rawData, $match); $count = 0; - foreach($match[1] as $value) { + foreach($match[1] as $value) + { $$value = $tp -> toDB($match[2][$count]); $count++; } - $sql -> db_Update("user", "user_login='{$FN}', user_hideemail='{EMAILHIDE}', user_signature='{$SIG}', user_sess='{$PHOTO}', user_image='{$AV}', user_timezone='{$TZ}' WHERE user_id='".intval($user_id)."'"); + // List of fields in main user record, and their corresponding XUP fields + $main_fields = array('user_realname' => 'FN', + 'user_hideemail'=>'EMAILHIDE', + 'user_signature'=>'SIG', + 'user_sess'=>'PHOTO', + 'user_image'=>'AV', + 'user_timezone'=>'TZ'); + + $new_values = array(); + foreach ($main_fields as $f => $v) + { + if (isset($$v) && $$v) + { + $new_values[$f] = $$v; + } + } + + // Use of db_updateArray() ensures only non-empty fields are changed + $sql -> db_UpdateArray("user", $new_values, "WHERE user_id='".intval($user_id)."'"); +// $sql -> db_Update("user", "user_realname='{$FN}', user_hideemail='{$EMAILHIDE}', user_signature='{$SIG}', user_sess='{$PHOTO}', user_image='{$AV}', user_timezone='{$TZ}' WHERE user_id='".intval($user_id)."'"); $ue_fields = ""; $fields = array("URL" => "homepage", diff --git a/e107_handlers/mysql_class.php b/e107_handlers/mysql_class.php index be836a267..aa434caf6 100644 --- a/e107_handlers/mysql_class.php +++ b/e107_handlers/mysql_class.php @@ -12,8 +12,8 @@ | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/e107_handlers/mysql_class.php,v $ -| $Revision: 1.20 $ -| $Date: 2007-12-18 20:57:37 $ +| $Revision: 1.21 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ | +----------------------------------------------------------------------------+ @@ -30,7 +30,7 @@ $db_ConnectionID = NULL; * MySQL Abstraction class * * @package e107 -* @version $Revision: 1.20 $ +* @version $Revision: 1.21 $ * @author $Author: e107steved $ */ class db { @@ -350,6 +350,45 @@ class db { } } + /* Similar to db_Update(), but splits the variables and the 'WHERE' clause. + $vars may be an array (fieldname=>newvalue) of fields to be updated, or a simple list. + $arg is usually a 'WHERE' clause + */ + function db_UpdateArray($table, $vars, $arg, $debug = FALSE, $log_type = '', $log_remark = '') + { + $table = $this->db_IsLang($table); + $this->mySQLcurTable = $table; + + if(!$this->mySQLaccess) + { + global $db_ConnectionID; + $this->mySQLaccess = $db_ConnectionID; + } + + $new_data = ''; + if (is_array($vars)) + { + $spacer = ''; + foreach ($vars as $fn => $fv) + { + $new_data .= $spacer."`{$fn}`='{$fv}'"; + $spacer = ', '; + } + $vars = ''; + } + if ($result = $this->mySQLresult = $this->db_Query('UPDATE '.MPREFIX.$table.' SET '.$new_data.$vars.' '.$arg, NULL, 'db_UpdateArray', $debug, $log_type, $log_remark)) + { + $result = mysql_affected_rows($this->mySQLaccess); + if ($result == -1) return FALSE; // Error return from mysql_affected_rows + return $result; + } + else + { + $this->dbError("db_Update ($query)"); + return FALSE; + } + } + /** * @return array MySQL row * @param string $mode diff --git a/e107_languages/English/admin/lan_banlist.php b/e107_languages/English/admin/lan_banlist.php index b17ed6238..61eb0bc8a 100644 --- a/e107_languages/English/admin/lan_banlist.php +++ b/e107_languages/English/admin/lan_banlist.php @@ -4,8 +4,8 @@ | e107 website system - Language File. | | $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_banlist.php,v $ -| $Revision: 1.5 $ -| $Date: 2007-12-16 11:14:53 $ +| $Revision: 1.6 $ +| $Date: 2007-12-26 13:21:34 $ | $Author: e107steved $ +----------------------------------------------------------------------------+ */ @@ -22,7 +22,7 @@ define("BANLAN_11", "Auto-ban: More than 10 failed login attempts"); define("BANLAN_12", "Note: Reverse DNS is currently disabled; it must be enabled to allow banning by host. Banning by IP and email address will still function normally."); define("BANLAN_13", "Note: To ban a user by user name, go to the users admin page: "); define('BANLAN_14','Ban List'); -define('BANLAN_15','Options'); +define('BANLAN_15','Messages/Ban Periods'); define('BANLAN_16','Banning'); define('BANLAN_17','Ban Date'); define('BANLAN_18','Ban expires'); diff --git a/e107_languages/English/admin/lan_fla.php b/e107_languages/English/admin/lan_fla.php index 7883b46c3..25acb400b 100644 --- a/e107_languages/English/admin/lan_fla.php +++ b/e107_languages/English/admin/lan_fla.php @@ -4,9 +4,9 @@ | e107 website system - Language File. | | $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_fla.php,v $ -| $Revision: 1.1.1.1 $ -| $Date: 2006-12-02 04:34:40 $ -| $Author: mcfly_e107 $ +| $Revision: 1.2 $ +| $Date: 2007-12-26 13:21:34 $ +| $Author: e107steved $ +----------------------------------------------------------------------------+ */ define("FLALAN_1", "Failed login attempts"); @@ -26,5 +26,6 @@ define("FLALAN_14", "uncheck all ban checkboxes"); define("FLALAN_15", "The following IP address(es) have been auto-banned - user attempted more than ten failed logins"); define("FLALAN_16", "delete this auto ban list"); define("FLALAN_17", "Auto-ban list deleted"); +define('FLALAN_18', "Could not ban IP address --IP-- - on whitelist"); ?> \ No newline at end of file diff --git a/e107_languages/English/admin/lan_log_messages.php b/e107_languages/English/admin/lan_log_messages.php index 97e91f9ad..5fe9ee929 100644 --- a/e107_languages/English/admin/lan_log_messages.php +++ b/e107_languages/English/admin/lan_log_messages.php @@ -1,6 +1,6 @@ \ No newline at end of file