sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); } $current_banlist = $db->sql_fetchrowset($result); $kill_session_sql = ""; for($i = 0; $i < count($user_list); $i++) { $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { if($user_list[$i] == $current_banlist[$j]['ban_userid']) { $in_banlist = true; } } if(!$in_banlist) { $kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . "session_user_id = $user_list[$i]"; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) VALUES (" . $user_list[$i] . ")"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); } } } for($i = 0; $i < count($ip_list); $i++) { $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { if($ip_list[$i] == $current_banlist[$j]['ban_ip']) { $in_banlist = true; } } if(!$in_banlist) { if( preg_match("/(ff\.)|(\.ff)/is", chunk_split($ip_list[$i], 2, ".")) ) { $kill_ip_sql = "session_ip LIKE '" . str_replace(".", "", preg_replace("/(ff\.)|(\.ff)/is", "%", chunk_split($ip_list[$i], 2, "."))) . "'"; } else { $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'"; } $kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . $kill_ip_sql; $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) VALUES ('" . $ip_list[$i] . "')"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); } } } // // Now we'll delete all entries from the // session table with any of the banned // user or IP info just entered into the // ban table ... this will force a session // initialisation resulting in an instant // ban // if( $kill_session_sql != "" ) { $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE $kill_session_sql"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); } } for($i = 0; $i < count($email_list); $i++) { $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { if( $email_list[$i] == $current_banlist[$j]['ban_email'] ) { $in_banlist = true; } } if( !$in_banlist ) { $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); } } } $where_sql = ""; if(isset($HTTP_POST_VARS['unban_user'])) { $user_list = $HTTP_POST_VARS['unban_user']; for($i = 0; $i < count($user_list); $i++) { if($user_list[$i] != -1) { if($where_sql != "") { $where_sql .= ", "; } $where_sql .= $user_list[$i]; } } } if( isset($HTTP_POST_VARS['unban_ip']) ) { $ip_list = $HTTP_POST_VARS['unban_ip']; for($i = 0; $i < count($ip_list); $i++) { if($ip_list[$i] != -1) { if($where_sql != "") { $where_sql .= ", "; } $where_sql .= $ip_list[$i]; } } } if( isset($HTTP_POST_VARS['unban_email']) ) { $email_list = $HTTP_POST_VARS['unban_email']; for($i = 0; $i < count($email_list); $i++) { if($email_list[$i] != -1) { if($where_sql != "") { $where_sql .= ", "; } $where_sql .= $email_list[$i]; } } } if( $where_sql != "" ) { $sql = "DELETE FROM " . BANLIST_TABLE . " WHERE ban_id IN ($where_sql)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); } } $message = $lang['Ban_update_sucessful'] . "

" . sprintf($lang['Click_return_banadmin'], "", "") . "

" . sprintf($lang['Click_return_admin_index'], "", ""); message_die(GENERAL_MESSAGE, $message); } else { $template->set_filenames(array( "body" => "admin/user_ban_body.tpl") ); $template->assign_vars(array( "L_BAN_TITLE" => $lang['Ban_control'], "L_BAN_EXPLAIN" => $lang['Ban_explain'], "L_BAN_EXPLAIN_WARN" => $lang['Ban_explain_warn'], "L_IP_OR_HOSTNAME" => $lang['IP_hostname'], "L_EMAIL_ADDRESS" => $lang['Email_address'], "L_SUBMIT" => $lang['Submit'], "L_RESET" => $lang['Reset'], "S_BANLIST_ACTION" => append_sid("admin_user_ban.$phpEx")) ); $userban_count = 0; $sql = "SELECT user_id, username FROM " . USERS_TABLE . " WHERE user_id <> " . ANONYMOUS . " ORDER BY username ASC"; $u_result = $db->sql_query($sql); $user_list = $db->sql_fetchrowset($u_result); $select_userlist = ""; for($i = 0; $i < count($user_list); $i++) { $select_userlist .= "" . $user_list[$i]['username'] . ""; $userban_count++; } $select_userlist = "" . $select_userlist . ""; $template->assign_vars(array( "L_BAN_USER" => $lang['Ban_username'], "L_BAN_USER_EXPLAIN" => $lang['Ban_username_explain'], "L_BAN_IP" => $lang['Ban_IP'], "L_BAN_IP_EXPLAIN" => $lang['Ban_IP_explain'], "L_BAN_EMAIL" => $lang['Ban_email'], "L_BAN_EMAIL_EXPLAIN" => $lang['Ban_email_explain'], "S_BAN_USERLIST_SELECT" => $select_userlist) ); $userban_count = 0; $ipban_count = 0; $emailban_count = 0; $sql = "SELECT b.ban_id, u.user_id, u.username FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u WHERE u.user_id = b.ban_userid AND b.ban_userid <> 0 AND u.user_id <> " . ANONYMOUS . " ORDER BY u.user_id ASC"; $u_result = $db->sql_query($sql); $user_list = $db->sql_fetchrowset($u_result); $select_userlist = ""; for($i = 0; $i < count($user_list); $i++) { $select_userlist .= "" . $user_list[$i]['username'] . ""; $userban_count++; } if( $select_userlist == "" ) { $select_userlist = "" . $lang['No_banned_users'] . ""; } $select_userlist = "" . $select_userlist; $select_userlist .= ""; $sql = "SELECT ban_id, ban_ip, ban_email FROM " . BANLIST_TABLE; $b_result = $db->sql_query($sql); $banlist = $db->sql_fetchrowset($b_result); $select_iplist = ""; $select_emaillist = ""; for($i = 0; $i < $db->sql_numrows($b_result); $i++) { $ban_id = $banlist[$i]['ban_id']; if( !empty($banlist[$i]['ban_ip']) ) { $ban_ip = str_replace("255", "*", decode_ip($banlist[$i]['ban_ip'])); $select_iplist .= "$ban_ip"; $ipban_count++; } else if( !empty($banlist[$i]['ban_email']) ) { $ban_email = $banlist[$i]['ban_email']; $select_emaillist .= "$ban_email"; $emailban_count++; } } if($select_iplist == "") { $select_iplist = "" . $lang['No_banned_ip'] . ""; } if( $select_emaillist == "") { $select_emaillist = "" . $lang['No_banned_email'] . ""; } $select_iplist = "" . $select_iplist . ""; $select_emaillist = "" . $select_emaillist . ""; $template->assign_vars(array( "L_UNBAN_USER" => $lang['Unban_username'], "L_UNBAN_USER_EXPLAIN" => $lang['Unban_username_explain'], "L_UNBAN_IP" => $lang['Unban_IP'], "L_UNBAN_IP_EXPLAIN" => $lang['Unban_IP_explain'], "L_UNBAN_EMAIL" => $lang['Unban_email'], "L_UNBAN_EMAIL_EXPLAIN" => $lang['Unban_email_explain'], "S_UNBAN_USERLIST_SELECT" => $select_userlist, "S_UNBAN_IPLIST_SELECT" => $select_iplist, "S_UNBAN_EMAILLIST_SELECT" => $select_emaillist, "S_BAN_ACTION" => append_sid("admin_user_ban.$phpEx")) ); } $template->pparse("body"); include('page_footer_admin.'.$phpEx); ?>