diff --git a/phpBB/admin/admin_user_ban.php b/phpBB/admin/admin_user_ban.php index 6ee7804232..1482d705e6 100644 --- a/phpBB/admin/admin_user_ban.php +++ b/phpBB/admin/admin_user_ban.php @@ -55,28 +55,301 @@ else if( $userdata['user_level'] != ADMIN ) } -if( isset($HTTP_POST_VARS['submit']) ) +if( isset($HTTP_POST_VARS['submit']) && isset($HTTP_POST_VARS['bancontrol']) ) { + include('page_header_admin.'.$phpEx); + if($HTTP_POST_VARS['bancontrol'] == "ban") + { + $user_bansql = ""; + $email_bansql = ""; + $ip_bansql = ""; + + if(isset($HTTP_POST_VARS['user'])) + { + $user_list_temp = $HTTP_POST_VARS['user']; + + for($i = 0; $i < count($user_list_temp); $i++) + { + $user_list[] = trim($user_list_temp[$i]); + } + } + + if(isset($HTTP_POST_VARS['ip'])) + { + $ip_list_temp = explode(",", $HTTP_POST_VARS['ip']); + + for($i = 0; $i < count($ip_list_temp); $i++) + { + if( ereg("^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$", trim($ip_list_temp[$i]), $ip_range_explode) ) + { + // + // Don't ask about all this, just don't ask ... ! + // + $ip_1_counter = $ip_range_explode[1]; + $ip_1_end = $ip_range_explode[5]; + + while($ip_1_counter <= $ip_1_end) + { + $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; + $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; + + if($ip_2_counter == 0 && $ip_2_end == 254) + { + $ip_2_counter = 255; + $ip_2_fragment = 255; + + $ip_list[] = encode_ip("$ip_1_counter.255.255.255"); + } + + while($ip_2_counter <= $ip_2_end) + { + $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; + $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; + + if($ip_3_counter == 0 && $ip_3_end == 254 ) + { + $ip_3_counter = 255; + $ip_3_fragment = 255; + + $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255"); + } + + while($ip_3_counter <= $ip_3_end) + { + $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; + $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; + + if($ip_4_counter == 0 && $ip_4_end == 254) + { + $ip_4_counter = 255; + $ip_4_fragment = 255; + + $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255"); + } + + while($ip_4_counter <= $ip_4_end) + { + $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"); + $ip_4_counter++; + } + $ip_3_counter++; + } + $ip_2_counter++; + } + $ip_1_counter++; + } + } + else if( eregi("\.\*", $ip_list_temp[$i]) ) + { + $ip_list[] = encode_ip(str_replace("*", "255", trim($ip_list_temp[$i]))); + } + else if( eregi("[[:alpha:]]", $ip_list_temp[$i]) ) + { + $ip = gethostbynamel(trim($ip_list_temp[$i])); + + for($j = 0; $j < count($ip); $j++) + { + if( !empty($ip[$j]) ) + { + $ip_list[] = encode_ip($ip[$j]); + } + } + } + } + } + + if(isset($HTTP_POST_VARS['email'])) + { + $email_list_temp = explode(",", $HTTP_POST_VARS['email']); + + for($i = 0; $i < count($email_list_temp); $i++) + { + // + // This ereg match is based on one by php@unreelpro.com + // contained in the annotated php manual at php.com (ereg + // section) + // + if( eregi("^[[:alnum:]]([-_.]?[[:alnum:]]\.?)*@[[:alnum:]]([-_.]?[[:alnum:]]\.?)*\.[[:alnum:]]{0,4}$", trim( $email_list_temp[$i])) ) + { + $email_list[] = trim($email_list_temp[$i]); + } + } + } + + $sql = "SELECT * + FROM " . BANLIST_TABLE; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); + } + + $current_banlist = $db->sql_fetchrowset($result); + + for($i = 0; $i < count($user_list); $i++) + { + $in_banlist = false; + for($j = 0; $j < count($current_banlist); $j++) + { + if($user_list[$i] == $current_banlist[$j]['ban_userid']) + { + $in_banlist = true; + } + } + + if(!$in_banlist) + { + $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) + VALUES ('" . $user_list[$i] . "')"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); + } + } + } + + for($i = 0; $i < count($ip_list); $i++) + { + $in_banlist = false; + for($j = 0; $j < count($current_banlist); $j++) + { + if($ip_list[$i] == $current_banlist[$j]['ban_ip']) + { + $in_banlist = true; + } + } + + if(!$in_banlist) + { + $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) + VALUES ('" . $ip_list[$i] . "')"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); + } + } + } + + for($i = 0; $i < count($email_list); $i++) + { + $in_banlist = false; + for($j = 0; $j < count($current_banlist); $j++) + { + if($email_list[$i] == $current_banlist[$j]['ban_email']) + { + $in_banlist = true; + } + } + + if(!$in_banlist) + { + $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) + VALUES ('" . $email_list[$i] . "')"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); + } + } + } + } + else if($HTTP_POST_VARS['bancontrol'] == "unban") + { + + $where_sql = ""; + + if(isset($HTTP_POST_VARS['user'])) + { + $user_list = $HTTP_POST_VARS['user']; + + for($i = 0; $i < count($user_list); $i++) + { + if($where_sql != "") + { + $where_sql .= " OR "; + } + $where_sql .= "ban_id = " . $user_list[$i]; + } + } + + if(isset($HTTP_POST_VARS['ip'])) + { + $ip_list = $HTTP_POST_VARS['ip']; + + for($i = 0; $i < count($ip_list); $i++) + { + if($where_sql != "") + { + $where_sql .= " OR "; + } + $where_sql .= "ban_id = " . $ip_list[$i]; + } + } + + if(isset($HTTP_POST_VARS['email'])) + { + $email_list = $HTTP_POST_VARS['email']; + + for($i = 0; $i < count($email_list); $i++) + { + if($where_sql != "") + { + $where_sql .= " OR "; + } + $where_sql .= "ban_id = " . $email_list[$i]; + } + } + + if($where_sql != "") + { + $sql = "DELETE FROM " . BANLIST_TABLE . " + WHERE $where_sql"; + if( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); + } + } + } + + message_die(GENERAL_MESSAGE, $lang['Ban_update_sucessful']); } else { - $template_header = "admin/page_header.tpl"; include('page_header_admin.'.$phpEx); if( $mode == "ban" ) { + $userban_count = 0; + + $sql = "SELECT user_id, username + FROM " . USERS_TABLE . " + WHERE user_id <> " . ANONYMOUS . " + ORDER BY user_id ASC"; + $u_result = $db->sql_query($sql); + $user_list = $db->sql_fetchrowset($u_result); + + $select_userlist = ""; + for($i = 0; $i < count($user_list); $i++) + { + $select_userlist .= ""; + $userban_count++; + } + $select_userlist = ""; + $template->set_filenames(array( "body" => "admin/user_ban_body.tpl") ); + $s_hidden_fields = ""; + $template->assign_vars(array( "L_BAN_TITLE" => $lang['Ban_control'], "L_BAN_EXPLAIN" => $lang['Ban_explain'], + "L_BAN_EXPLAIN_WARN" => $lang['Ban_explain_warn'], "L_BAN_USER" => $lang['Ban_username'], + "L_BAN_USER_EXPLAIN" => $lang['Ban_username_explain'], "L_BAN_IP" => $lang['Ban_IP'], - "L_IP_OR_HOSTNAME" => $lang['Ban_IP'], + "L_IP_OR_HOSTNAME" => $lang['IP_hostname'], "L_BAN_IP_EXPLAIN" => $lang['Ban_IP_explain'], "L_BAN_EMAIL" => $lang['Ban_email'], "L_EMAIL_ADDRESS" => $lang['Email_address'], @@ -84,11 +357,102 @@ else "L_SUBMIT" => $lang['Submit'], "L_RESET" => $lang['Reset'], + "S_USERLIST_SELECT" => $select_userlist, + "S_HIDDEN_FIELDS" => $s_hidden_fields, "S_BAN_ACTION" => append_sid("admin_user_ban.$phpEx")) ); } else if( $mode == "unban" ) { + $userban_count = 0; + $ipban_count = 0; + $emailban_count = 0; + + $sql = "SELECT b.ban_id, u.user_id, u.username + FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u + WHERE u.user_id = b.ban_userid + AND b.ban_userid <> 0 + AND u.user_id <> " . ANONYMOUS . " + ORDER BY u.user_id ASC"; + $u_result = $db->sql_query($sql); + $user_list = $db->sql_fetchrowset($u_result); + + $select_userlist = ""; + for($i = 0; $i < count($user_list); $i++) + { + $select_userlist .= ""; + $userban_count++; + } + if($select_userlist == "") + { + $select_userlist = ""; + } + $select_userlist = ""; + + $sql = "SELECT ban_id, ban_ip, ban_email + FROM " . BANLIST_TABLE; + $b_result = $db->sql_query($sql); + $banlist = $db->sql_fetchrowset($b_result); + + $select_iplist = ""; + $select_emaillist = ""; + + for($i = 0; $i < $db->sql_numrows($b_result); $i++) + { + $ban_id = $banlist[$i]['ban_id']; + + if( !empty($banlist[$i]['ban_ip']) ) + { + $ban_ip = str_replace("255", "*", decode_ip($banlist[$i]['ban_ip'])); + $select_iplist .= ""; + $ipban_count++; + } + else if( !empty($banlist[$i]['ban_email']) ) + { + $ban_email = $banlist[$i]['ban_email']; + $select_emaillist .= ""; + $emailban_count++; + } + } + if($select_iplist == "") + { + $select_iplist = ""; + } + if($select_emaillist == "") + { + $select_emaillist = ""; + } + $select_iplist = ""; + $select_emaillist = ""; + + $template->set_filenames(array( + "body" => "admin/user_unban_body.tpl") + ); + + $s_hidden_fields = ""; + + $template->assign_vars(array( + "L_BAN_TITLE" => $lang['Ban_control'], + "L_BAN_EXPLAIN" => $lang['Ban_explain'], + "L_BAN_USER" => $lang['Unban_username'], + "L_BAN_USER_EXPLAIN" => $lang['Unban_username_explain'], + "L_BAN_IP" => $lang['Unban_IP'], + "L_IP_OR_HOSTNAME" => $lang['IP_hostname'], + "L_BAN_IP_EXPLAIN" => $lang['Unban_IP_explain'], + "L_BAN_EMAIL" => $lang['Unban_email'], + "L_EMAIL_ADDRESS" => $lang['Email_address'], + "L_BAN_EMAIL_EXPLAIN" => $lang['Unban_email_explain'], + "L_SUBMIT" => $lang['Submit'], + "L_RESET" => $lang['Reset'], + + "S_USERLIST_SELECT" => $select_userlist, + "S_IPLIST_SELECT" => $select_iplist, + "S_EMAILLIST_SELECT" => $select_emaillist, + "S_HIDDEN_FIELDS" => $s_hidden_fields, + "S_BAN_ACTION" => append_sid("admin_user_ban.$phpEx")) + ); + } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a5125c4913..02b5b25dee 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -276,7 +276,7 @@ function init_userprefs($userdata) if( !defined("TEMPLATE_CONFIG") ) { - message_die(CRITICAL_MESSAGE, "Couldn't open " . $board_config['default_template'] . " template config file"); + message_die(CRITICAL_ERROR, "Couldn't open " . $board_config['default_template'] . " template config file"); } } @@ -354,7 +354,7 @@ function decode_ip($int_ip) // function create_date($format, $gmepoch, $tz) { - return (gmdate($format, $gmepoch + (3600 * $tz))); + return (@gmdate($format, $gmepoch + (3600 * $tz))); } // @@ -362,7 +362,7 @@ function create_date($format, $gmepoch, $tz) // function get_gmt_ts() { - $time = time(); + $time = @time(); return($time); } diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php index 035bf8b2ea..e25d7561ae 100644 --- a/phpBB/includes/sessions.php +++ b/phpBB/includes/sessions.php @@ -30,7 +30,7 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $autologin = 0) { - global $db, $lang, $board_config; + global $db, $lang, $board_config, $phpEx; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; @@ -57,9 +57,14 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 // // Initial ban check against IP and userid // + ereg("(..)(..)(..)(..)", $user_ip, $user_ip_parts); + $sql = "SELECT ban_ip, ban_userid - FROM " . BANLIST_TABLE . " - WHERE ban_ip = '$user_ip' + FROM " . BANLIST_TABLE . " + WHERE ban_ip = '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "' + OR ban_ip = '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff' + OR ban_ip = '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff' + OR ban_ip = '" . $user_ip_parts[1] . "ffffff' OR ban_userid = $user_id"; $result = $db->sql_query($sql); if (!$result) @@ -74,6 +79,7 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 // if($ban_info['ban_ip'] || $ban_info['ban_userid']) { + include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '.'.$phpEx); message_die(CRITICAL_MESSAGE, $lang['You_been_banned']); } else diff --git a/phpBB/language/lang_english.php b/phpBB/language/lang_english.php index ce2ded97b2..d99ea8f962 100755 --- a/phpBB/language/lang_english.php +++ b/phpBB/language/lang_english.php @@ -733,14 +733,31 @@ $lang['Group_has_members'] = "This group has the following members"; // Banning $lang['Ban_control'] = "Ban Control"; -$lang['Ban_explain'] = "Here you can control the banning of users. You can achieve this by banning either or both of a specific user or an individual or range of IP's or hostnames. These methods prevent a user from even reaching the index page of your board. To prevent a user from registering under a different username you can also specify a banned email address. Please note that banning an email address alone will not prevent that user from being able to logon or post to your board, you should use one of the first two methods to achieve this."; +$lang['Ban_explain'] = "Here you can control the banning of users. You can achieve this by banning either or both of a specific user or an individual or range of IP addresses or hostnames. These methods prevent a user from even reaching the index page of your board. To prevent a user from registering under a different username you can also specify a banned email address. Please note that banning an email address alone will not prevent that user from being able to logon or post to your board, you should use one of the first two methods to achieve this."; +$lang['Ban_explain_warn'] = "Please note that entering a range of IP addresses results in all the addresses between the start and end being added to the banlist. Attempts will be made to minimise the number of addresses added to the database by introducing wildcards automatically where appropriate. If you really must enter a range try to keep it small or better yet state specific addresses."; -$lang['Ban_username'] = "Ban a specific user"; -$lang['Ban_IP'] = "Ban one or more IP's or hostnames"; +$lang['Ban_username'] = "Ban one or more specific users"; +$lang['Ban_username_explain'] = "You can ban multiple users in one go using the appropriate combination of mouse and keyboard for your computer and browser"; +$lang['Ban_IP'] = "Ban one or more IP addresses or hostnames"; +$lang['IP_hostname'] = "IP addresses or hostnames"; $lang['Ban_IP_explain'] = "To specify several different IP's or hostnames separate them with commas, to specify a range of IP's (not hostnames) separate the start and end with a hyphen (-), to specify a wildcard use *"; $lang['Ban_email'] = "Ban one or more email addresses"; $lang['Ban_email_explain'] = "To specify more than one email address separate them with commas"; +$lang['Unban_username'] = "Un-ban one more specific users"; +$lang['Unban_username_explain'] = "You can unban multiple users in one go using the appropriate combination of mouse and keyboard for your computer and browser"; +$lang['Unban_IP'] = "Un-ban one or more IP addresses"; +$lang['Unban_IP_explain'] = "You can unban multiple IP addresses in one go using the appropriate combination of mouse and keyboard for your computer and browser"; +$lang['Unban_email'] = "Un-ban one or more email addresses"; +$lang['Unban_email_explain'] = "You can unban multiple email addresses in one go using the appropriate combination of mouse and keyboard for your computer and browser"; + +$lang['No_banned_users'] = "No banned users"; +$lang['No_banned_ip'] = "No banned IP addresses"; +$lang['No_banned_email'] = "No banned email addresses"; + +$lang['Ban_update_sucessful'] = "The banlist has been updated sucessfully"; + + // Configuration $lang['Config_updated'] = "Forum Configuration Updated Sucessfully"; diff --git a/phpBB/templates/PSO/admin/user_ban_body.tpl b/phpBB/templates/PSO/admin/user_ban_body.tpl index 79f9631e1b..fa90dd7fe4 100644 --- a/phpBB/templates/PSO/admin/user_ban_body.tpl +++ b/phpBB/templates/PSO/admin/user_ban_body.tpl @@ -10,7 +10,7 @@ {L_BAN_USER} - {L_USERNAME}:  + {L_USERNAME}: 
{L_BAN_USER_EXPLAIN} {S_USERLIST_SELECT} @@ -18,18 +18,20 @@ {L_IP_OR_HOSTNAME}: 
{L_BAN_IP_EXPLAIN} - + {L_BAN_EMAIL} {L_EMAIL_ADDRESS}: 
{L_BAN_EMAIL_EXPLAIN} - + -    + {S_HIDDEN_FIELDS}   +

{L_BAN_EXPLAIN_WARN}

+
diff --git a/phpBB/templates/PSO/admin/user_unban_body.tpl b/phpBB/templates/PSO/admin/user_unban_body.tpl new file mode 100644 index 0000000000..1534b68d25 --- /dev/null +++ b/phpBB/templates/PSO/admin/user_unban_body.tpl @@ -0,0 +1,35 @@ + +
+ +

{L_BAN_TITLE}

+ +

{L_BAN_EXPLAIN}

+ +
+ + + + + + + + + + + + + + + + + + + + + + + + +
{L_BAN_USER}
{L_USERNAME}: 
{L_BAN_USER_EXPLAIN}		{S_USERLIST_SELECT}
{L_BAN_IP}
{L_IP_OR_HOSTNAME}: 
{L_BAN_IP_EXPLAIN}		{S_IPLIST_SELECT}
{L_BAN_EMAIL}
{L_EMAIL_ADDRESS}: 
{L_BAN_EMAIL_EXPLAIN}		{S_EMAILLIST_SELECT}
{S_HIDDEN_FIELDS}  
+ +
diff --git a/phpBB/templates/PSO/overall_header.tpl b/phpBB/templates/PSO/overall_header.tpl index 66aee4c690..6a10765dd9 100644 --- a/phpBB/templates/PSO/overall_header.tpl +++ b/phpBB/templates/PSO/overall_header.tpl @@ -1,7 +1,7 @@ - - - - + + + + @@ -15,7 +15,7 @@ P {font-family:{T_FONTFACE1};font-size:10pt} TH {background-color:{T_TH_COLOR3};font-family:{T_FONTFACE2};font-size:8pt;font-weight:normal} TH.secondary {background-color:{T_TH_COLOR3};font-family:{T_FONTFACE1};font-size:10pt;font-weight:normal;text-align:left} TD.tablebg {background-color:{T_TH_COLOR1}} -TD.cat {background-color:{T_TH_COLOR2}} +TD.cat {background-color:{T_TH_COLOR2};font-family:{T_FONTFACE1};font-size:12pt;font-weight:bold} TD.row1 {background-color:{T_TD_COLOR1}} TD.row2 {background-color:{T_TD_COLOR2}}