From ec36f1dc877e206e89c02b61a875f5f8b50dd20d Mon Sep 17 00:00:00 2001 From: Cameron Date: Wed, 25 May 2016 15:10:00 -0700 Subject: [PATCH] IP handler checks and fixes. --- e107_admin/banlist.php | 2 +- e107_admin/users_extended.php | 1 + e107_handlers/form_handler.php | 2 +- e107_handlers/iphandler_class.php | 73 ++++++++++++++++++++++++-- e107_handlers/theme_handler.php | 7 ++- e107_plugins/forum/forum.php | 2 +- e107_plugins/forum/forum_viewtopic.php | 2 +- 7 files changed, 80 insertions(+), 9 deletions(-) diff --git a/e107_admin/banlist.php b/e107_admin/banlist.php index 8271461c0..c522164a2 100644 --- a/e107_admin/banlist.php +++ b/e107_admin/banlist.php @@ -328,7 +328,7 @@ class banlist_ui extends e_admin_ui
".$ipAdministrator->getBanTypeString($bt, TRUE)."
- ".$frm->textarea('ban_text_'.($i), $pref['ban_messages'][$bt], 4, 120)." + ".$frm->textarea('ban_text_'.($i), $pref['ban_messages'][$bt], 4, 120, array('size'=>'xxlarge'))." ".ban_time_dropdown('', BANLAN_32, $pref['ban_durations'][$bt], 'ban_time_'.($i))." diff --git a/e107_admin/users_extended.php b/e107_admin/users_extended.php index 1b9718a85..0ea9d3890 100755 --- a/e107_admin/users_extended.php +++ b/e107_admin/users_extended.php @@ -451,6 +451,7 @@ e107::js('footer-inline', js()); if(isset($new_data['user_extended_struct_values'])) { + $new_data['user_extended_struct_values'] = array_filter($new_data['user_extended_struct_values']); $new_data['user_extended_struct_values'] = implode(',',$new_data['user_extended_struct_values']); } diff --git a/e107_handlers/form_handler.php b/e107_handlers/form_handler.php index da5754147..b1634cb21 100644 --- a/e107_handlers/form_handler.php +++ b/e107_handlers/form_handler.php @@ -3613,7 +3613,7 @@ class e_form case 'ip': //$e107 = e107::getInstance(); - $value = e107::getIPHandler()->ipDecode($value); + $value = "".e107::getIPHandler()->ipDecode($value).'';; // else same break; diff --git a/e107_handlers/iphandler_class.php b/e107_handlers/iphandler_class.php index d97066a01..6e97c5fb9 100644 --- a/e107_handlers/iphandler_class.php +++ b/e107_handlers/iphandler_class.php @@ -100,7 +100,7 @@ class eIPHandler */ private $ourIP = ''; - + private $debug = false; /** * Host name of current user * Initialised when requested @@ -156,6 +156,7 @@ class eIPHandler public function __construct($configDir = '') { $configDir = trim($configDir); + if ($configDir) { $this->ourConfigDir = realpath($configDir); @@ -164,6 +165,8 @@ class eIPHandler { $this->ourConfigDir = e_SYSTEM.eIPHandler::BAN_FILE_DIRECTORY; } + + $this->ourIP = $this->ipEncode($this->getCurrentIP()); $this->makeUserToken(); $ipStatus = $this->checkIP($this->ourIP); @@ -181,6 +184,19 @@ class eIPHandler // Continue here - user not banned (so far) } + public function setIP($ip) + { + $this->ourIP = $this->ipEncode($ip); + + } + + + public function debug($value) + { + $this->debug = ($value === true) ? true: false; + } + + /** @@ -401,7 +417,13 @@ class eIPHandler exit(); } // Otherwise just display any message and die + if($this->debug) + { + print_a("User Banned"); + } + echo $line; + die(); } } @@ -471,10 +493,25 @@ class eIPHandler { $now = time(); $checkLists = $this->getWhiteBlackList(); + + if($this->debug) + { + echo "

Banlist.php

"; + print_a($checkLists); + print_a("Now: ".$now. " ".date('r',$now)); + } + + foreach ($checkLists as $val) { if (strpos($addr, $val['ip']) === 0) // See if our address begins with an entry - handles wildcards { // Match found + + if($this->debug) + { + print_a("Found ".$addr." in file. TimeLimit: ".date('r',$val['time_limit'])); + } + if (($val['time_limit'] == 0) || ($val['time_limit'] > $now)) { // Indefinite ban, or timed ban (not expired) or whitelist entry if ($val['action']== eIPHandler::BAN_TYPE_LEGACY) return eIPHandler::BAN_TYPE_MANUAL; // Precautionary @@ -485,6 +522,7 @@ class eIPHandler $this->clearBan = $val['ip']; // Note what triggered the match - it could be a wildcard (although timed ban unlikely!) return 0; // Can just return - shouldn't be another entry } + } return 0; } @@ -832,11 +870,14 @@ class eIPHandler } } + + // do other checks - main IP check is in _construct() if($this->actionCount) { $ip = $this->getip(); // This will be in normalised IPV6 form - if ($ip != e107::LOCALHOST_IP && $ip != e107::LOCALHOST_IP2) - { // Check host name, user email to see if banned + + if ($ip != e107::LOCALHOST_IP && $ip != e107::LOCALHOST_IP2) // Check host name, user email to see if banned + { $vals = array(); if (e107::getPref('enable_rdns')) { @@ -850,10 +891,21 @@ class eIPHandler if (count($vals)) { $vals = array_unique($vals); // Could get identical values from domain name check and email check + + if($this->debug) + { + print_a($vals); + } + + $match = "`banlist_ip`='".implode("' OR `banlist_ip`='", $vals)."'"; $this->checkBan($match); } } + elseif($this->debug) + { + print_a("IP is LocalHost - skipping ban-check"); + } } } @@ -917,8 +969,23 @@ class eIPHandler echo $tp->toHTML(varset($pref['ban_messages'][$row['banlist_bantype']])); // Show message if one set } //$admin_log->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, 'BAN_03', 'LAN_AUDIT_LOG_003', $query, FALSE, LOG_TO_ROLLING); + + if($this->debug) + { + echo "
query: ".$query;
+				echo "\nBanned
"; + } + exit(); } + + if($this->debug) + { + echo "query: ".$query; + echo "
Not Banned "; + } + + //$admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","No ban found",$query,FALSE,LOG_TO_ROLLING); return TRUE; // Email address OK } diff --git a/e107_handlers/theme_handler.php b/e107_handlers/theme_handler.php index 4b10e5f44..67024a89a 100644 --- a/e107_handlers/theme_handler.php +++ b/e107_handlers/theme_handler.php @@ -1344,8 +1344,11 @@ class themeHandler //TODO Later. - // $itext .= e107::getForm()->userclass('layoutUserclass['.$key.']',null, null, array('options'=>'public,member,admin,classes,no-excludes','size'=>'xxlarge')); - + if(e_DEBUG === true) + { + $itext .= "(Not functional yet)"; + $itext .= e107::getForm()->userclass('layoutUserclass['.$key.']',null, null, array('options'=>'public,member,admin,classes,no-excludes','size'=>'xxlarge')); + } $itext .= " \n"; diff --git a/e107_plugins/forum/forum.php b/e107_plugins/forum/forum.php index b9cf469cd..d2280ceec 100644 --- a/e107_plugins/forum/forum.php +++ b/e107_plugins/forum/forum.php @@ -327,6 +327,7 @@ if (!$forumList) $forum_string = ''; $pVars = new e_vars; $frm = e107::getForm(); + foreach ($forumList['parents'] as $parent) { $status = parse_parent($parent); @@ -391,7 +392,6 @@ function parse_forum($f, $restricted_string = '') if(USER && is_array($newflag_list) && in_array($f['forum_id'], $newflag_list)) { - $fVars->NEWFLAG = "".IMAGE_new.''; } elseif(empty($f['forum_replies']) && defined('IMAGE_noreplies')) diff --git a/e107_plugins/forum/forum_viewtopic.php b/e107_plugins/forum/forum_viewtopic.php index 4da1326e4..2389a93b9 100644 --- a/e107_plugins/forum/forum_viewtopic.php +++ b/e107_plugins/forum/forum_viewtopic.php @@ -530,7 +530,7 @@ if ($forum->checkPerm($thread->threadInfo['thread_forum_id'], 'post') && $thread $url = e107::url('forum','post', null, array('query'=>$urlParms));; // ."?f=rp&id=".$thread->threadInfo['thread_id']."&post=".$thread->threadInfo['thread_id']; $tVars->QUICKREPLY = " -
$thread->threadId)) . "' method='post'> +