mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-08 08:35:31 +02:00
Code Issues Releases Wiki Activity

Some refactoring/fixing of user_ban()

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@5276 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Bart van Bragt 2005-10-23 13:17:43 +00:00
parent 9209c975af
commit 042aaba879
1 changed files with 154 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
phpBB/includes/functions_user.php
View File

@ -296,9 +296,18 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
return false; return false;
} }
/** /**
* Ban User * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
*/ *
* @param string $mode Type of ban. One of the following: user, ip, email
* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
* @param int $ban_len Ban length in minutes
* @param string $ban_len_other Ban length as a date (Y-m-d)
* @param boolean $ban_exclude Exclude these entities from banning?
* @param string $ban_reason String describing the reason for this ban
* @return boolean
*/
function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason) function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason)
{ {
global $db, $user, $auth; global $db, $user, $auth;
@ -314,6 +323,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$current_time = time(); $current_time = time();
// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
if ($ban_len) if ($ban_len)
{ {
if ($ban_len != -1 || !$ban_len_other) if ($ban_len != -1 || !$ban_len_other)
@ -340,13 +350,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (in_array('*', $ban_list)) if (in_array('*', $ban_list))
{ {
// Ban all users (it's a good thing that you can exclude people)
$banlist[] = '*'; $banlist[] = '*';
} }
else else
{ {
// Select the relevant user_ids. The array_diff thingy is there to add quotes around usernames and remove empty elements.
$sql = 'SELECT user_id $sql = 'SELECT user_id
FROM ' . USERS_TABLE . ' FROM ' . USERS_TABLE . '
WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'\\1'", $ban_list), array("''"))) . ')'; WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'" . $db->sql_escape("\\1") . "'", $ban_list), array("''"))) . ')';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) if ($row = $db->sql_fetchrow($result))
@ -357,6 +369,10 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
} }
while ($row = $db->sql_fetchrow($result)); while ($row = $db->sql_fetchrow($result));
} }
else
{
trigger_error($user->lang['NO_USERS']);
}
} }
break; break;
@ -367,6 +383,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
{ {
if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode)) if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
{ {
// This is an IP range
// Don't ask about all this, just don't ask ... ! // Don't ask about all this, just don't ask ... !
$ip_1_counter = $ip_range_explode[1]; $ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5]; $ip_1_end = $ip_range_explode[5];
@ -381,7 +398,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ip_2_counter = 256; $ip_2_counter = 256;
$ip_2_fragment = 256; $ip_2_fragment = 256;
$banlist[] = "'$ip_1_counter.*'"; $banlist[] = "$ip_1_counter.*";
} }
while ($ip_2_counter <= $ip_2_end) while ($ip_2_counter <= $ip_2_end)
@ -394,7 +411,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ip_3_counter = 256; $ip_3_counter = 256;
$ip_3_fragment = 256; $ip_3_fragment = 256;
$banlist[] = "'$ip_1_counter.$ip_2_counter.*'"; $banlist[] = "$ip_1_counter.$ip_2_counter.*";
} }
while ($ip_3_counter <= $ip_3_end) while ($ip_3_counter <= $ip_3_end)
@ -407,12 +424,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ip_4_counter = 256; $ip_4_counter = 256;
$ip_4_fragment = 256; $ip_4_fragment = 256;
$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'"; $banlist[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
} }
while ($ip_4_counter <= $ip_4_end) while ($ip_4_counter <= $ip_4_end)
{ {
$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'"; $banlist[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
$ip_4_counter++; $ip_4_counter++;
} }
$ip_3_counter++; $ip_3_counter++;
@ -424,23 +441,30 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
} }
else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item))) else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
{ {
// hostname
$ip_ary = gethostbynamel(trim($ban_item)); $ip_ary = gethostbynamel(trim($ban_item));
foreach ($ip_ary as $ip) foreach ($ip_ary as $ip)
{ {
if (!empty($ip)) if (!empty($ip))
{ {
$banlist[] = "'" . $ip . "'"; $banlist[] = $ip;
} }
} }
} }
else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item))) else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
{ {
$banlist[] = "'" . trim($ban_item) . "'"; // Normal IP address
$banlist[] = trim($ban_item);
} }
else if (preg_match('#^\*$#', trim($ban_item))) else if (preg_match('#^\*$#', trim($ban_item)))
{ {
$banlist[] = "'*'"; // Ban all IPs
$banlist[] = "*";
}
else
{
trigger_error('NO_IPS_DEFINED');
} }
} }
break; break;
@ -452,12 +476,19 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
{ {
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item))) if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
{ {
$banlist[] = "'" . trim($ban_item) . "'"; $banlist[] = trim($ban_item);
} }
} }
if (sizeof($ban_list) == 0)
{
// TODO: translate this
trigger_error('No valid email addresses found');
}
break; break;
} }
// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
$sql = "SELECT $type $sql = "SELECT $type
FROM " . BANLIST_TABLE . " FROM " . BANLIST_TABLE . "
WHERE $type <> '' WHERE $type <> ''
@ -476,11 +507,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
break; break;
case 'ip': case 'ip':
$banlist_tmp[] = "'" . $row['ban_ip'] . "'"; $banlist_tmp[] = $row['ban_ip'];
break; break;
case 'email': case 'email':
$banlist_tmp[] = "'" . $row['ban_email'] . "'"; $banlist_tmp[] = $row['ban_email'];
break; break;
} }
} }
@ -490,57 +521,56 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
unset($banlist_tmp); unset($banlist_tmp);
} }
// We have some entities to ban
if (sizeof($banlist)) if (sizeof($banlist))
{ {
$sql = ''; $sql = '';
$sql_ary = array();
foreach ($banlist as $ban_entry) foreach ($banlist as $ban_entry)
{ {
switch (SQL_LAYER) $sql_ary[] = array(
{ $type => $ban_entry,
case 'mysql': 'ban_start' => $current_time,
$sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "')"; 'ban_end' => $ban_end,
break; 'ban_exclude' => $ban_exclude,
'ban_reason' => $ban_reason);
case 'mysql4':
case 'mysqli':
case 'mssql':
case 'mssql_odbc':
case 'sqlite':
$sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "'";
break;
default:
$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "')";
$db->sql_query($sql);
$sql = '';
}
} }
$sql = $db->sql_build_array('MULTI_INSERT', $sql_ary);
if ($sql) if ($sql)
{ {
$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason) $sql = 'INSERT INTO ' . BANLIST_TABLE . $sql;
VALUES $sql";
$db->sql_query($sql); $db->sql_query($sql);
} }
// If we are banning we want to logout anyone matching the ban
if (!$ban_exclude) if (!$ban_exclude)
{ {
$sql = '';
switch ($mode) switch ($mode)
{ {
case 'user': case 'user':
$sql = 'WHERE session_user_id IN (' . implode(', ', $banlist) . ')'; $sql_where = 'WHERE session_user_id IN (' . implode(', ', $banlist) . ')';
break; break;
case 'ip': case 'ip':
$sql = 'WHERE session_ip IN (' . implode(', ', $banlist) . ')'; $banlist_sql = array();
foreach($banlist as $ban_entry)
{
$banlist_sql[] = "'" . $db->sql_escape($ban_entry) . "'";
}
$sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_sql) . ')';
break; break;
case 'email': case 'email':
$banlist_sql = array();
foreach($banlist as $ban_entry)
{
$banlist_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'";
}
$sql = 'SELECT user_id $sql = 'SELECT user_id
FROM ' . USERS_TABLE . ' FROM ' . USERS_TABLE . '
WHERE user_email IN (' . implode(', ', $banlist) . ')'; WHERE user_email IN (' . implode(', ', $banlist_sql) . ')';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$sql_in = array(); $sql_in = array();
@ -553,19 +583,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
} }
while ($row = $db->sql_fetchrow($result)); while ($row = $db->sql_fetchrow($result));
$sql = 'WHERE session_user_id IN (' . str_replace('*', '%', implode(', ', $sql_in)) . ")"; $sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")";
}
else
{
trigger_error('NO_EMAIL_TO_BAN');
} }
break; break;
} }
if ($sql) if (isset($sql_where))
{ {
$sql = 'DELETE FROM ' . SESSIONS_TABLE . " $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
$sql"; $sql_where";
$db->sql_query($sql); $db->sql_query($sql);
} }
} }
@ -579,8 +605,10 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
// Update log // Update log
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_'; $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
return true;
} }
// There was nothing to ban/exclude
return false; return false;
} }
@ -601,8 +629,6 @@ function user_unban($mode, $ban)
if ($unban_sql) if ($unban_sql)
{ {
$l_unban_list = '';
// Grab details of bans for logging information later // Grab details of bans for logging information later
switch ($mode) switch ($mode)
{ {
@ -627,15 +653,16 @@ function user_unban($mode, $ban)
} }
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$sql = 'DELETE FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
$db->sql_query($sql);
$l_unban_list = '';
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info']; $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
} }
$sql = 'DELETE FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
$db->sql_query($sql);
if (!function_exists('add_log')) if (!function_exists('add_log'))
{ {
global $phpbb_root_path, $phpEx; global $phpbb_root_path, $phpEx;