diff --git a/phpBB/admin/admin_ban.php b/phpBB/admin/admin_ban.php index 8f3cb6abf1..82e3979a8a 100644 --- a/phpBB/admin/admin_ban.php +++ b/phpBB/admin/admin_ban.php @@ -21,7 +21,7 @@ define('IN_PHPBB', 1); -if(!empty($setmodules)) +if (!empty($setmodules)) { if (!$auth->acl_get('a_ban')) { @@ -66,6 +66,7 @@ if (isset($_POST['bansubmit']) || isset($_GET['bansubmit'])) $ban_list = array_unique(explode("\n", $ban)); $ban_list_log = implode(', ', $ban_list); + $ban_exclude = (!empty($_POST['banexclude'])) ? 1 : 0; $ban_reason = (isset($_POST['banreason'])) ? $_POST['banreason'] : ''; if (!empty($_POST['banlength'])) @@ -216,7 +217,8 @@ if (isset($_POST['bansubmit']) || isset($_GET['bansubmit'])) $sql = "SELECT $type FROM " . BANLIST_TABLE . " - WHERE $type <> ''"; + WHERE $type <> '' + AND ban_exclude = $ban_exclude"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -249,57 +251,58 @@ if (isset($_POST['bansubmit']) || isset($_GET['bansubmit'])) { for($i = 0; $i < count($banlist); $i++) { - $sql = "INSERT INTO " . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_reason) - VALUES (" . $banlist[$i] . ", $current_time, $ban_end, '$ban_reason')"; + $sql = "INSERT INTO " . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason) + VALUES (" . $banlist[$i] . ", $current_time, $ban_end, $ban_exclude, '$ban_reason')"; $db->sql_query($sql); } - $sql = ''; - switch ($mode) + if (!$ban_exclude) { - case 'user': - $sql = "WHERE session_user_id IN (" . implode(', ', $banlist) . ")"; - break; + $sql = ''; + switch ($mode) + { + case 'user': + $sql = "WHERE session_user_id IN (" . implode(', ', $banlist) . ")"; + break; - case 'ip': - $sql = "WHERE session_ip IN (" . implode(', ', $banlist) . ")"; - break; + case 'ip': + $sql = "WHERE session_ip IN (" . implode(', ', $banlist) . ")"; + break; - case 'email': - $sql = "SELECT user_id - FROM " . USERS_TABLE . " - WHERE user_email IN (" . implode(', ', $banlist) . ")"; - $result = $db->sql_query($sql); + case 'email': + $sql = "SELECT user_id + FROM " . USERS_TABLE . " + WHERE user_email IN (" . implode(', ', $banlist) . ")"; + $result = $db->sql_query($sql); - $sql = ''; - if ($row = $db->sql_fetchrow($result)) - { - do + $sql = ''; + if ($row = $db->sql_fetchrow($result)) { - $sql .= (($sql != '') ? ', ' : '') . $row['user_id']; + do + { + $sql .= (($sql != '') ? ', ' : '') . $row['user_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql = "WHERE session_user_id IN (" . str_replace('*', '%', $sql) . ")"; } - while ($row = $db->sql_fetchrow($result)); + break; + } - $sql = "WHERE session_user_id IN (" . str_replace('*', '%', $sql) . ")"; - } - break; + if ($sql != '') + { + $sql = "DELETE FROM " . SESSIONS_TABLE . " + $sql"; + $db->sql_query($sql); + } } - if ($sql != '') - { - $sql = "DELETE FROM " . SESSIONS_TABLE . " - $sql"; - $db->sql_query($sql); - } - - // // Update log - // - add_admin_log('log_ban_' . $mode, $ban_reason, $ban_list_log); + $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'log_ban_'; + add_admin_log($log_entry . $mode, $ban_reason, $ban_list_log); } - $message = $user->lang['Ban_update_sucessful'] . '

' . sprintf($user->lang['Click_return_banadmin'], '', '') . '

' . sprintf($user->lang['Click_return_admin_index'], '', ''); - message_die(MESSAGE, $message); + trigger_error($user->lang['Ban_update_sucessful']); } else if (isset($_POST['unbansubmit'])) @@ -319,7 +322,7 @@ else if (isset($_POST['unbansubmit'])) add_admin_log('log_unban_' . $mode, sizeof($_POST['unban'])); } - message_die(MESSAGE, $user->lang['Ban_update_sucessful']); + trigger_error($user->lang['Ban_update_sucessful']); } // @@ -392,7 +395,8 @@ switch ($mode) { do { - $banned_options .= ''; + + $banned_options .= '' . $row['username'] . ''; $banned_length .= (($banned_length != '') ? ', ' : '') . '\'' . ($ban_end_text[(($row['ban_end'] - $row['ban_start']) / 60)]) . '\''; $banned_reasons .= (($banned_reasons != '') ? ', ' : '') . '\'' . addslashes($row['ban_reason']) . '\''; } @@ -402,9 +406,10 @@ switch ($mode) $l_ban_title = $user->lang['Ban_users']; $l_ban_explain = $user->lang['Ban_username_explain']; + $l_ban_exclude_explain = $user->lang['BAN_USER_EXCLUDE_EXPLAIN']; $l_unban_title = $user->lang['Unban_username']; $l_unban_explain = $user->lang['Unban_username_explain']; - $l_ban_cell = $user->lang['Username']; + $l_ban_cell = $user->lang['USERNAME']; $l_no_ban_cell = $user->lang['No_banned_users']; $s_submit_extra = ''; @@ -436,6 +441,7 @@ switch ($mode) $l_ban_title = $user->lang['Ban_ips']; $l_ban_explain = $user->lang['Ban_IP_explain']; + $l_ban_exclude_explain = $user->lang['BAN_IP_EXCLUDE_EXPLAIN']; $l_unban_title = $user->lang['Unban_IP']; $l_unban_explain = $user->lang['Unban_IP_explain']; $l_ban_cell = $user->lang['IP_hostname']; @@ -470,6 +476,7 @@ switch ($mode) $l_ban_title = $user->lang['Ban_emails']; $l_ban_explain = $user->lang['Ban_email_explain']; + $l_ban_exclude_explain = $user->lang['BAN_EMAIL_EXCLUDE_EXPLAIN']; $l_unban_title = $user->lang['Unban_email']; $l_unban_explain = $user->lang['Unban_email_explain']; $l_ban_cell = $user->lang['Email_address']; @@ -497,16 +504,20 @@ switch ($mode) - : + : lang['Ban_length']; ?>: -   +   + + + lang['BAN_EXCLUDE']; ?>:
+ lang['YES']; ?>   lang['NO']; ?> lang['Ban_reason']; ?>: - +     diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 7def737c02..ce066cfd1f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -171,7 +171,10 @@ class session $this->data['user_id'] = $user_id = ANONYMOUS; } - $sql = "SELECT ban_ip, ban_userid, ban_email + // Is user banned? Are they excempt? + $banned = false; + + $sql = "SELECT ban_ip, ban_userid, ban_email, ban_exclude FROM " . BANLIST_TABLE . " WHERE ban_end >= $current_time OR ban_end = 0"; @@ -179,16 +182,30 @@ class session while ($row = $db->sql_fetchrow($result)) { - if (( $row['user_id'] == $this->data['user_id'] || + if (( + ($row['user_id'] == $this->data['user_id']) || ($row['ban_ip'] && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $this->ip)) || ($row['ban_email'] && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $this->data['user_email']))) && !$this->data['user_founder']) { - trigger_error('You_been_banned'); + if (!empty($row['ban_exclude'])) + { + $banned = false; + break; + } + else + { + $banned = true; + } } } $db->sql_freeresult($result); + if ($banned) + { + trigger_error('You_been_banned'); + } + // Is there an existing session? If so, grab last visit time from that $this->data['session_last_visit'] = ($this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time()); diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index 26b756b2db..3602843d05 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -73,10 +73,9 @@ CREATE TABLE phpbb_banlist ( ban_email varchar(50), ban_start int(11), ban_end int(11), + ban_exclude tinyint(1) DEFAULT '0' NOT NULL, ban_reason varchar(255), - PRIMARY KEY (ban_id), - KEY ban_ip_user_id (ban_ip, ban_userid), - KEY ban_email (ban_email) + PRIMARY KEY (ban_id) ); @@ -95,7 +94,7 @@ CREATE TABLE phpbb_config ( # -------------------------------------------------------- # -# Table structure for table 'phpbb_disallow' <- combine with banlist +# Table structure for table 'phpbb_disallow' # CREATE TABLE phpbb_disallow ( disallow_id mediumint(8) UNSIGNED NOT NULL auto_increment,