Beehive PHP Cross Reference Discussion Forums

Source: /admin_banned.php - 904 lines - 37337 bytes - Summary - Text - Print

   1  <?php
   2  
   3  /*======================================================================
   4  Copyright Project Beehive Forum 2002
   5  
   6  This file is part of Beehive Forum.
   7  
   8  Beehive Forum is free software; you can redistribute it and/or modify
   9  it under the terms of the GNU General Public License as published by
  10  the Free Software Foundation; either version 3 of the License, or
  11  (at your option) any later version.
  12  
  13  Beehive Forum is distributed in the hope that it will be useful,
  14  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  GNU General Public License for more details.
  17  
  18  You should have received a copy of the GNU General Public License
  19  along with Beehive; if not, write to the Free Software
  20  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  21  USA
  22  ======================================================================*/
  23  
  24  // Bootstrap
  25  require_once  'boot.php';
  26  
  27  // Required includes
  28  require_once  BH_INCLUDE_PATH . 'admin.inc.php';
  29  require_once  BH_INCLUDE_PATH . 'banned.inc.php';
  30  require_once  BH_INCLUDE_PATH . 'cache.inc.php';
  31  require_once  BH_INCLUDE_PATH . 'constants.inc.php';
  32  require_once  BH_INCLUDE_PATH . 'form.inc.php';
  33  require_once  BH_INCLUDE_PATH . 'format.inc.php';
  34  require_once  BH_INCLUDE_PATH . 'header.inc.php';
  35  require_once  BH_INCLUDE_PATH . 'html.inc.php';
  36  require_once  BH_INCLUDE_PATH . 'messages.inc.php';
  37  require_once  BH_INCLUDE_PATH . 'session.inc.php';
  38  // End Required includes
  39  
  40  // Don't cache this page
  41  cache_disable();
  42  
  43  // Check we're logged in correctly
  44  if (!session::logged_in()) {
  45      html_guest_error();
  46  }
  47  
  48  // Check we have Admin / Moderator access
  49  if (!(session::check_perm(USER_PERM_ADMIN_TOOLS, 0))) {
  50      html_draw_error(gettext("You do not have permission to use this section."));
  51  }
  52  
  53  // Perform additional admin login.
  54  admin_check_credentials();
  55  
  56  // Form Validation
  57  $valid = true;
  58  
  59  // Array to hold error messages
  60  $error_msg_array = array();
  61  
  62  $new_ban_type = null;
  63  $new_ban_data = null;
  64  $new_ban_expires = null;
  65  $ban_type = null;
  66  $ban_data = null;
  67  $ban_expires = null;
  68  $add_new_ban_type = null;
  69  $add_new_ban_data = null;
  70  $add_new_ban_expires = null;
  71  
  72  // Column sorting stuff
  73  if (isset($_GET['sort_by'])) {
  74      if ($_GET['sort_by'] == "BANTYPE") {
  75          $sort_by = "BANTYPE";
  76      } else if ($_GET['sort_by'] == "BANDATA") {
  77          $sort_by = "BANDATA";
  78      } else if ($_GET['sort_by'] == "EXPIRES") {
  79          $sort_by = "EXPIRES";
  80      } else {
  81          $sort_by = "ID";
  82      }
  83  } else {
  84      $sort_by = "ID";
  85  }
  86  
  87  if (isset($_GET['sort_dir'])) {
  88      if ($_GET['sort_dir'] == "DESC") {
  89          $sort_dir = "DESC";
  90      } else {
  91          $sort_dir = "ASC";
  92      }
  93  } else {
  94      $sort_dir = "ASC";
  95  }
  96  
  97  if (isset($_GET['page']) && is_numeric($_GET['page'])) {
  98      $page = ($_GET['page'] > 0) ? $_GET['page'] : 1;
  99  } else if (isset($_POST['page']) && is_numeric($_POST['page'])) {
 100      $page = ($_POST['page'] > 0) ? $_POST['page'] : 1;
 101  } else {
 102      $page = 1;
 103  }
 104  
 105  // Constant translation of adding and removing bans to log entries and string display for Ban Type column.
 106  $admin_log_add_types = array(
 107      BAN_TYPE_IP => ADD_BANNED_IP,
 108      BAN_TYPE_LOGON => ADD_BANNED_LOGON,
 109      BAN_TYPE_NICK => ADD_BANNED_NICKNAME,
 110      BAN_TYPE_EMAIL => ADD_BANNED_EMAIL,
 111      BAN_TYPE_REF => ADD_BANNED_REFERER
 112  );
 113  
 114  $admin_log_rem_types = array(
 115      BAN_TYPE_IP => REMOVE_BANNED_IP,
 116      BAN_TYPE_LOGON => REMOVE_BANNED_LOGON,
 117      BAN_TYPE_NICK => REMOVE_BANNED_NICKNAME,
 118      BAN_TYPE_EMAIL => REMOVE_BANNED_EMAIL,
 119      BAN_TYPE_REF => REMOVE_BANNED_REFERER
 120  );
 121  
 122  $ban_types_dropdown_array = array(
 123      BAN_TYPE_NONE => '&nbsp;',
 124      BAN_TYPE_IP => gettext("IP ban"),
 125      BAN_TYPE_LOGON => gettext("Logon ban"),
 126      BAN_TYPE_NICK => gettext("Nickname ban"),
 127      BAN_TYPE_EMAIL => gettext("Email ban"),
 128      BAN_TYPE_REF => gettext("Referer ban")
 129  );
 130  
 131  $ban_types_list_array = array(
 132      BAN_TYPE_IP => gettext("IP ban"),
 133      BAN_TYPE_LOGON => gettext("Logon ban"),
 134      BAN_TYPE_NICK => gettext("Nickname ban"),
 135      BAN_TYPE_EMAIL => gettext("Email ban"),
 136      BAN_TYPE_REF => gettext("Referer ban")
 137  );
 138  
 139  // Are we returning somewhere?
 140  if (isset($_GET['msg']) && validate_msg($_GET['msg'])) {
 141      $ret = "messages.php?webtag=$webtag&msg={$_GET['msg']}";
 142  } else if (isset($_GET['ret']) && strlen(trim($_GET['ret'])) > 0) {
 143      $ret = rawurldecode(trim($_GET['ret']));
 144  } else if (isset($_POST['ret']) && strlen(trim($_POST['ret'])) > 0) {
 145      $ret = trim($_POST['ret']);
 146  } else {
 147      $ret = "admin_banned.php?webtag=$webtag";
 148  }
 149  
 150  // validate the return to page
 151  if (isset($ret) && strlen(trim($ret)) > 0) {
 152  
 153      $available_pages = array(
 154          'admin_user.php',
 155          'admin_users.php',
 156          'admin_visitor_log.php',
 157          'messages.php'
 158      );
 159  
 160      $available_pages_preg = implode("|^", array_map('preg_quote_callback', $available_pages));
 161  
 162      if (preg_match("/^$available_pages_preg/u", basename($ret)) < 1) {
 163          $ret = "admin_banned.php?webtag=$webtag";
 164      }
 165  }
 166  
 167  // Cancel button has been pressed.
 168  if (isset($_POST['cancel'])) {
 169  
 170      header_redirect($ret);
 171      exit;
 172  }
 173  
 174  // Delete existing ban entry
 175  if (isset($_POST['delete'])) {
 176  
 177      $valid = true;
 178  
 179      if (isset($_POST['delete_ban']) && is_array($_POST['delete_ban'])) {
 180  
 181          foreach ($_POST['delete_ban'] as $ban_id => $delete_ban) {
 182  
 183              if ($valid == true && $delete_ban == "Y" && $ban_data_array = admin_get_ban($ban_id)) {
 184  
 185                  if (remove_ban_data_by_id($ban_id)) {
 186  
 187                      admin_add_log_entry($admin_log_rem_types[$ban_data_array['BANTYPE']], array($ban_data_array['BANDATA']));
 188  
 189                  } else {
 190  
 191                      $error_msg_array[] = gettext("Failed to remove some or all of the selected bans");
 192                      $valid = false;
 193                  }
 194              }
 195          }
 196  
 197          if ($valid) {
 198  
 199              header_redirect("admin_banned.php?webtag=$webtag&removed=true");
 200              exit;
 201          }
 202      }
 203  }
 204  
 205  // Is there an URL query to process?
 206  if (isset($_GET['ban_ipaddress']) && strlen(trim($_GET['ban_ipaddress'])) > 0) {
 207  
 208      $add_new_ban_type = BAN_TYPE_IP;
 209      $add_new_ban_data = trim($_GET['ban_ipaddress']);
 210  
 211  } else if (isset($_GET['unban_ipaddress']) && strlen(trim($_GET['unban_ipaddress'])) > 0) {
 212  
 213      $unban_ipaddress = trim($_GET['unban_ipaddress']);
 214  
 215      if (!$remove_ban_id = check_ban_data(BAN_TYPE_IP, $unban_ipaddress)) {
 216          unset($remove_ban_id);
 217      }
 218  }
 219  
 220  if (isset($_GET['ban_email']) && strlen(trim($_GET['ban_email'])) > 0) {
 221  
 222      $add_new_ban_type = BAN_TYPE_EMAIL;
 223      $add_new_ban_data = trim($_GET['ban_email']);
 224  
 225  } else if (isset($_GET['unban_email']) && strlen(trim($_GET['unban_email'])) > 0) {
 226  
 227      $unban_email = trim($_GET['unban_email']);
 228  
 229      if (!$remove_ban_id = check_ban_data(BAN_TYPE_EMAIL, $unban_email)) {
 230          unset($remove_ban_id);
 231      }
 232  }
 233  
 234  if (isset($_GET['ban_referer']) && strlen(trim($_GET['ban_referer'])) > 0) {
 235  
 236      $add_new_ban_type = BAN_TYPE_REF;
 237      $add_new_ban_data = trim($_GET['ban_referer']);
 238  
 239  } else if (isset($_GET['unban_referer']) && strlen(trim($_GET['unban_referer'])) > 0) {
 240  
 241      $unban_referer = trim($_GET['unban_referer']);
 242  
 243      if (($remove_ban_id = check_ban_data(BAN_TYPE_REF, $unban_referer)) !== false) {
 244          unset($remove_ban_id);
 245      }
 246  }
 247  
 248  if (isset($_POST['add']) || isset($_POST['check'])) {
 249  
 250      if (isset($_POST['newbantype']) && is_numeric($_POST['newbantype'])) {
 251  
 252          $new_ban_type = $_POST['newbantype'];
 253  
 254          if ($new_ban_type < 1 || $new_ban_type > 5) {
 255  
 256              $error_msg_array[] = gettext("You must specify a ban type");
 257              $valid = false;
 258          }
 259  
 260      } else {
 261  
 262          $error_msg_array[] = gettext("You must specify a ban type");
 263          $valid = false;
 264      }
 265  
 266      if (isset($_POST['newbandata']) && strlen(trim($_POST['newbandata'])) > 0) {
 267  
 268          $new_ban_data = trim($_POST['newbandata']);
 269  
 270          if (preg_match("/^%+$/Du", $new_ban_data) > 0) {
 271  
 272              $error_msg_array[] = gettext("You cannot add % as a wildcard match on its own!");
 273              $valid = false;
 274          }
 275  
 276      } else {
 277  
 278          $error_msg_array[] = gettext("You must specify some ban data");
 279          $valid = false;
 280      }
 281  
 282      if (isset($_POST['newbancomment']) && strlen(trim($_POST['newbancomment'])) > 0) {
 283          $new_ban_comment = trim($_POST['newbancomment']);
 284      } else {
 285          $new_ban_comment = "";
 286      }
 287  
 288      if (isset($_POST['newbanexpiresyear']) && isset($_POST['newbanexpiresmonth']) && isset($_POST['newbanexpiresday'])) {
 289  
 290          $newbanexpiresday = trim($_POST['newbanexpiresday']);
 291          $newbanexpiresmonth = trim($_POST['newbanexpiresmonth']);
 292          $newbanexpiresyear = trim($_POST['newbanexpiresyear']);
 293  
 294          if ((is_numeric($newbanexpiresmonth) && $newbanexpiresmonth > 0) || (is_numeric($newbanexpiresday) && $newbanexpiresday > 0) || (is_numeric($newbanexpiresyear) && $newbanexpiresyear > 0)) {
 295  
 296              if (@checkdate($newbanexpiresmonth, $newbanexpiresday, $newbanexpiresyear)) {
 297  
 298                  $new_ban_expires = mktime(0, 0, 0, $newbanexpiresmonth, $newbanexpiresday, $newbanexpiresyear);
 299  
 300              } else {
 301  
 302                  $error_msg_array[] = gettext("Expiry date is invalid");
 303                  $valid = false;
 304              }
 305  
 306          } else {
 307  
 308              $new_ban_expires = 0;
 309          }
 310  
 311      } else {
 312  
 313          $new_ban_expires = 0;
 314      }
 315  
 316      if ($valid) {
 317  
 318          if (!check_ban_data($new_ban_type, $new_ban_data, $new_ban_expires)) {
 319  
 320              if (isset($_POST['add'])) {
 321  
 322                  if (add_ban_data($new_ban_type, $new_ban_data, $new_ban_comment, $new_ban_expires)) {
 323  
 324                      admin_add_log_entry($admin_log_add_types[$new_ban_type], array($new_ban_data, $new_ban_comment, $new_ban_expires));
 325                      header_redirect("admin_banned.php?webtag=$webtag&added=true");
 326                      exit;
 327  
 328                  } else {
 329  
 330                      $error_msg_array[] = gettext("Failed to add new ban");
 331                  }
 332              }
 333  
 334          } else {
 335  
 336              $error_msg_array[] = gettext("Duplicate ban data entered. Please check your wildcards to see if they already match the data entered");
 337              $valid = false;
 338          }
 339      }
 340  
 341  } else if (isset($_POST['update'])) {
 342  
 343      if (isset($_POST['ban_id']) && is_numeric($_POST['ban_id'])) {
 344  
 345          $ban_id = $_POST['ban_id'];
 346  
 347          if (isset($_POST['bantype']) && is_numeric($_POST['bantype'])) {
 348  
 349              $ban_type = $_POST['bantype'];
 350  
 351              if ($ban_type < 1 || $ban_type > 5) {
 352  
 353                  $error_msg_array[] = gettext("You must specify a ban type");
 354                  $valid = false;
 355              }
 356  
 357          } else {
 358  
 359              $error_msg_array[] = gettext("You must specify a ban type");
 360              $valid = false;
 361          }
 362  
 363          if (isset($_POST['bandata']) && strlen(trim($_POST['bandata'])) > 0) {
 364  
 365              $ban_data = trim($_POST['bandata']);
 366  
 367              if (preg_match("/^%+$/Du", $ban_data) > 0) {
 368  
 369                  $error_msg_array[] = gettext("You cannot add % as a wildcard match on its own!");
 370                  $valid = false;
 371              }
 372  
 373          } else {
 374  
 375              $error_msg_array[] = gettext("You must specify some ban data");
 376              $valid = false;
 377          }
 378  
 379          if (isset($_POST['banexpiresyear']) && isset($_POST['banexpiresmonth']) && isset($_POST['banexpiresday'])) {
 380  
 381              $banexpiresday = trim($_POST['banexpiresday']);
 382              $banexpiresmonth = trim($_POST['banexpiresmonth']);
 383              $banexpiresyear = trim($_POST['banexpiresyear']);
 384  
 385              if ((is_numeric($banexpiresmonth) && $banexpiresmonth > 0) || (is_numeric($banexpiresday) && $banexpiresday > 0) || (is_numeric($banexpiresyear) && $banexpiresyear > 0)) {
 386  
 387                  if (@checkdate($banexpiresmonth, $banexpiresday, $banexpiresyear)) {
 388  
 389                      $ban_expires = mktime(0, 0, 0, $banexpiresmonth, $banexpiresday, $banexpiresyear);
 390  
 391                  } else {
 392  
 393                      $error_msg_array[] = gettext("Expiry date is invalid");
 394                      $valid = false;
 395                  }
 396  
 397              } else {
 398  
 399                  $ban_expires = 0;
 400              }
 401  
 402          } else {
 403  
 404              $ban_expires = 0;
 405          }
 406  
 407          if (isset($_POST['bancomment']) && strlen(trim($_POST['bancomment'])) > 0) {
 408              $ban_comment = trim($_POST['bancomment']);
 409          } else {
 410              $ban_comment = "";
 411          }
 412  
 413          if (isset($_POST['old_bantype']) && strlen(trim($_POST['old_bantype'])) > 0) {
 414              $old_ban_type = trim($_POST['old_bantype']);
 415          } else {
 416              $old_ban_type = "";
 417          }
 418  
 419          if (isset($_POST['old_bandata']) && strlen(trim($_POST['old_bandata'])) > 0) {
 420              $old_ban_data = trim($_POST['old_bandata']);
 421          } else {
 422              $old_ban_data = "";
 423          }
 424  
 425          if (isset($_POST['old_banexpires']) && strlen(trim($_POST['old_banexpires'])) > 0) {
 426              $old_ban_expires = trim($_POST['old_banexpires']);
 427          } else {
 428              $old_ban_expires = 0;
 429          }
 430  
 431          if ($valid) {
 432  
 433              $dup_ban_id = check_ban_data($ban_type, $ban_data);
 434  
 435              if ((!$dup_ban_id) || ($dup_ban_id == $ban_id)) {
 436  
 437                  if (update_ban_data($ban_id, $ban_type, $ban_data, $ban_comment, $ban_expires)) {
 438  
 439                      if (($ban_type != $old_ban_type) || ($ban_data != $old_ban_data) || ($ban_expires != $old_ban_expires)) {
 440  
 441                          $log_data = array(
 442                              $ban_id,
 443                              $ban_type,
 444                              $ban_data,
 445                              $old_ban_type,
 446                              $old_ban_data,
 447                              $old_ban_expires
 448                          );
 449  
 450                          admin_add_log_entry(UPDATED_BAN, $log_data);
 451                      }
 452  
 453                      header_redirect("admin_banned.php?webtag=$webtag&edited=true");
 454                      exit;
 455                  }
 456  
 457              } else {
 458  
 459                  $error_msg_array[] = gettext("Duplicate ban data entered. Please check your wildcards to see if they already match the data entered");
 460                  $valid = false;
 461              }
 462          }
 463      }
 464  
 465  } else if (isset($_POST['addban'])) {
 466  
 467      $redirect = "admin_banned.php?webtag=$webtag&addban=true";
 468      header_redirect($redirect);
 469      exit;
 470  }
 471  
 472  if (isset($_GET['addban']) || isset($_POST['addban']) || (isset($add_new_ban_type) && isset($add_new_ban_data))) {
 473  
 474      $valid = true;
 475  
 476      html_draw_top(sprintf("title=%s", gettext("Error")), 'main_css=admin.css');
 477  
 478      echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Ban Controls"), "</h1>\n";
 479  
 480      if (isset($_POST['newbantype']) && is_numeric($_POST['newbantype'])) {
 481          $add_new_ban_type = $_POST['newbantype'];
 482      }
 483  
 484      if (isset($_POST['newbandata']) && strlen(trim($_POST['newbandata'])) > 0) {
 485          $add_new_ban_data = $_POST['newbandata'];
 486      }
 487  
 488      if (isset($_POST['newbancomment']) && strlen(trim($_POST['newbancomment'])) > 0) {
 489          $add_new_ban_comment = trim($_POST['newbancomment']);
 490      }
 491  
 492      if (isset($_POST['newbanexpiresyear']) && isset($_POST['newbanexpiresmonth']) && isset($_POST['newbanexpiresday'])) {
 493  
 494          $add_new_ban_expires_year = trim($_POST['newbanexpiresyear']);
 495          $add_new_ban_expires_month = trim($_POST['newbanexpiresmonth']);
 496          $add_new_ban_expires_day = trim($_POST['newbanexpiresday']);
 497  
 498          if ((is_numeric($add_new_ban_expires_month) && $add_new_ban_expires_month > 0) || (is_numeric($add_new_ban_expires_day) && $add_new_ban_expires_day > 0) || (is_numeric($add_new_ban_expires_year) && $add_new_ban_expires_year > 0)) {
 499  
 500              if (@checkdate($add_new_ban_expires_month, $add_new_ban_expires_day, $add_new_ban_expires_year)) {
 501  
 502                  $add_new_ban_expires = mktime(0, 0, 0, $add_new_ban_expires_month, $add_new_ban_expires_day, $add_new_ban_expires_year);
 503  
 504              } else {
 505  
 506                  html_display_error_msg(gettext("Expiry date is invalid"), '700', 'center');
 507                  $valid = false;
 508              }
 509  
 510          } else {
 511  
 512              $add_new_ban_expires = 0;
 513          }
 514  
 515      } else {
 516  
 517          $add_new_ban_expires_year = 0;
 518          $add_new_ban_expires_month = 0;
 519          $add_new_ban_expires_day = 0;
 520          $add_new_ban_expires = 0;
 521      }
 522  
 523      if (isset($add_new_ban_type) && isset($add_new_ban_data)) {
 524  
 525          if ($valid) {
 526  
 527              if (($add_new_ban_expires > 0) && ($add_new_ban_expires < time())) {
 528  
 529                  html_display_warning_msg(gettext("Selected date is in the past"), '700', 'center');
 530  
 531              } else {
 532  
 533                  if (($affected_sessions_array = check_affected_sessions($add_new_ban_type, $add_new_ban_data, $add_new_ban_expires)) !== false) {
 534  
 535                      $affected_sessions_text = implode('</li><li>', array_map('admin_prepare_affected_sessions', $affected_sessions_array));
 536                      $affected_sessions_text = sprintf("%s<ul><li>%s</li></ul>", gettext("This ban may affect the following active user sessions"), $affected_sessions_text);
 537  
 538                      html_display_warning_msg($affected_sessions_text, '700', 'center');
 539  
 540                  } else {
 541  
 542                      html_display_warning_msg(gettext("This ban affects no active sessions"), '700', 'center');
 543                  }
 544              }
 545          }
 546  
 547      } else if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
 548  
 549          html_display_error_array($error_msg_array, '700', 'center');
 550  
 551      } else {
 552  
 553          html_display_warning_msg(gettext("You can use the percent (%) wildcard symbol in any of your ban lists to obtain partial matches, i.e. '192.168.0.%' would ban all IP Addresses in the range 192.168.0.1 through 192.168.0.254"), '700', 'center');
 554      }
 555  
 556      echo "<br />\n";
 557      echo "<div align=\"center\">\n";
 558      echo "<form accept-charset=\"utf-8\" name=\"admin_banned_form\" action=\"admin_banned.php\" method=\"post\">\n";
 559      echo "  ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
 560      echo "  ", form_input_hidden('addban', null), "\n";
 561      echo "  ", form_input_hidden("ret", htmlentities_array($ret)), "\n";
 562      echo "  ", form_input_hidden("page", htmlentities_array($page)), "\n";
 563      echo "  <table cellpadding=\"0\" cellspacing=\"0\" width=\"700\">\n";
 564      echo "    <tr>\n";
 565      echo "      <td align=\"left\">\n";
 566      echo "        <table class=\"box\" width=\"100%\">\n";
 567      echo "          <tr>\n";
 568      echo "            <td align=\"left\" class=\"posthead\">\n";
 569      echo "              <table class=\"posthead\" width=\"100%\">\n";
 570      echo "                <tr>\n";
 571      echo "                  <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Add Ban"), "</td>\n";
 572      echo "                </tr>\n";
 573      echo "                <tr>\n";
 574      echo "                  <td align=\"center\">\n";
 575      echo "                    <table class=\"posthead\" width=\"95%\">\n";
 576      echo "                      <tr>\n";
 577      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\">", gettext("Ban Type"), ":</td>\n";
 578      echo "                        <td align=\"left\">", form_dropdown_array('newbantype', $ban_types_dropdown_array, (isset($add_new_ban_type) && in_array($add_new_ban_type, array_keys($ban_types_dropdown_array)) ? htmlentities_array($add_new_ban_type) : BAN_TYPE_NONE)), "</td>\n";
 579      echo "                      </tr>\n";
 580      echo "                      <tr>\n";
 581      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\">", gettext("Ban Data"), ":</td>\n";
 582      echo "                        <td align=\"left\">", form_input_text('newbandata', (isset($add_new_ban_data) ? htmlentities_array($add_new_ban_data) : ''), 52, 255), "</td>\n";
 583      echo "                      </tr>\n";
 584      echo "                      <tr>\n";
 585      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\" valign=\"top\">", gettext("Comment"), ":</td>\n";
 586      echo "                        <td align=\"left\">", form_textarea('newbancomment', (isset($add_new_ban_comment) ? htmlentities_array($add_new_ban_comment) : ''), 6, 50), "</td>\n";
 587      echo "                      </tr>\n";
 588      echo "                      <tr>\n";
 589      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\">", gettext("Ban Expires"), ":</td>\n";
 590      echo "                        <td align=\"left\">", form_date_dropdowns($add_new_ban_expires_year, $add_new_ban_expires_month, $add_new_ban_expires_day, "newbanexpires", date('Y')), "&nbsp;<span class=\"small_optional_text\">", gettext("(Optional)"), "</span></td>\n";
 591      echo "                      </tr>\n";
 592      echo "                      <tr>\n";
 593      echo "                        <td align=\"left\">&nbsp;</td>\n";
 594      echo "                        <td align=\"left\">&nbsp;</td>\n";
 595      echo "                      </tr>\n";
 596      echo "                    </table>\n";
 597      echo "                  </td>\n";
 598      echo "                </tr>\n";
 599      echo "              </table>\n";
 600      echo "            </td>\n";
 601      echo "          </tr>\n";
 602      echo "        </table>\n";
 603      echo "      </td>\n";
 604      echo "    </tr>\n";
 605      echo "    <tr>\n";
 606      echo "      <td align=\"left\">&nbsp;</td>\n";
 607      echo "    </tr>\n";
 608      echo "    <tr>\n";
 609      echo "      <td colspan=\"2\" align=\"center\">", form_submit("add", gettext("Add")), "&nbsp;", form_submit("check", gettext("Check Ban")), "&nbsp;", form_submit("cancel", gettext("Cancel")), "</td>\n";
 610      echo "    </tr>\n";
 611      echo "  </table>\n";
 612      echo "</form>\n";
 613      echo "</div>\n";
 614  
 615      html_draw_bottom();
 616  
 617  } else if (isset($_POST['ban_id']) || isset($_GET['ban_id']) || isset($remove_ban_id)) {
 618  
 619      $valid = true;
 620  
 621      if (isset($_POST['ban_id']) && is_numeric($_POST['ban_id'])) {
 622  
 623          $ban_id = $_POST['ban_id'];
 624  
 625      } else if (isset($_GET['ban_id']) && is_numeric($_GET['ban_id'])) {
 626  
 627          $ban_id = $_GET['ban_id'];
 628  
 629      } else if (isset($remove_ban_id) && is_numeric($remove_ban_id)) {
 630  
 631          $ban_id = $remove_ban_id;
 632  
 633      } else {
 634  
 635          html_draw_error(gettext("Invalid Ban ID"), 'admin_banned.php', 'get', array('back' => gettext("Back")));
 636      }
 637  
 638      if (!$ban_data_array = admin_get_ban($ban_id)) {
 639          html_draw_error(gettext("Invalid Ban ID"), 'admin_banned.php', 'get', array('back' => gettext("Back")));
 640      }
 641  
 642      html_draw_top(sprintf('title=%s', gettext("Admin - Ban Controls")), 'class=window_title', 'main_css=admin.css');
 643  
 644      echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Ban Controls"), "</h1>\n";
 645  
 646      if (isset($_POST['edit_check'])) {
 647  
 648          if (isset($_POST['bantype']) && is_numeric($_POST['bantype'])) {
 649              $ban_data_array['BANTYPE'] = $_POST['bantype'];
 650          }
 651  
 652          if (isset($_POST['bandata']) && strlen(trim($_POST['bandata'])) > 0) {
 653              $ban_data_array['BANDATA'] = trim($_POST['bandata']);
 654          }
 655  
 656          if (isset($_POST['bancomment']) && strlen(trim($_POST['bancomment'])) > 0) {
 657              $ban_data_array['COMMENT'] = trim($_POST['bancomment']);
 658          }
 659  
 660          if (isset($_POST['banexpiresyear']) && isset($_POST['banexpiresmonth']) && isset($_POST['banexpiresday'])) {
 661  
 662              $ban_data_array['EXPIRESYEAR'] = trim($_POST['banexpiresyear']);
 663              $ban_data_array['EXPIRESMONTH'] = trim($_POST['banexpiresmonth']);
 664              $ban_data_array['EXPIRESDAY'] = trim($_POST['banexpiresday']);
 665  
 666              if ((is_numeric($ban_data_array['EXPIRESMONTH']) && $ban_data_array['EXPIRESMONTH'] > 0) || (is_numeric($ban_data_array['EXPIRESDAY']) && $ban_data_array['EXPIRESDAY'] > 0) | (is_numeric($ban_data_array['EXPIRESYEAR']) && $ban_data_array['EXPIRESYEAR'] > 0)) {
 667  
 668                  if (@checkdate($ban_data_array['EXPIRESMONTH'], $ban_data_array['EXPIRESDAY'], $ban_data_array['EXPIRESYEAR'])) {
 669  
 670                      $ban_data_array['EXPIRES'] = mktime(0, 0, 0, $ban_data_array['EXPIRESMONTH'], $ban_data_array['EXPIRESDAY'], $ban_data_array['EXPIRESYEAR']);
 671  
 672                  } else {
 673  
 674                      html_display_error_msg(gettext("Expiry date is invalid"), '700', 'center');
 675                      $valid = false;
 676                  }
 677  
 678              } else {
 679  
 680                  $ban_data_array['EXPIRES'] = 0;
 681              }
 682  
 683          } else {
 684  
 685              $ban_data_array['EXPIRESYEAR'] = 0;
 686              $ban_data_array['EXPIRESMONTH'] = 0;
 687              $ban_data_array['EXPIRESDAY'] = 0;
 688              $ban_data_array['EXPIRES'] = 0;
 689          }
 690  
 691          if ($valid) {
 692  
 693              if (($ban_data_array['EXPIRES'] > 0) && ($ban_data_array['EXPIRES'] < time())) {
 694  
 695                  html_display_warning_msg(gettext("Selected date is in the past"), '700', 'center');
 696  
 697              } else {
 698  
 699                  if (($affected_sessions_array = check_affected_sessions($ban_data_array['BANTYPE'], $ban_data_array['BANDATA'], $ban_data_array['EXPIRES'])) !== false) {
 700  
 701                      $affected_sessions_text = implode('</li><li>', array_map('admin_prepare_affected_sessions', $affected_sessions_array));
 702                      $affected_sessions_text = sprintf("%s<ul><li>%s</li></ul>", gettext("This ban may affect the following active user sessions"), $affected_sessions_text);
 703  
 704                      html_display_warning_msg($affected_sessions_text, '700', 'center');
 705  
 706                  } else {
 707  
 708                      html_display_warning_msg(gettext("This ban affects no active sessions"), '700', 'center');
 709                  }
 710              }
 711          }
 712  
 713      } else if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
 714  
 715          html_display_error_array($error_msg_array, '700', 'center');
 716  
 717      } else {
 718  
 719          html_display_warning_msg(gettext("You can use the percent (%) wildcard symbol in any of your ban lists to obtain partial matches, i.e. '192.168.0.%' would ban all IP Addresses in the range 192.168.0.1 through 192.168.0.254"), '700', 'center');
 720      }
 721  
 722      echo "<br />\n";
 723      echo "<div align=\"center\">\n";
 724      echo "<form accept-charset=\"utf-8\" name=\"admin_banned_form\" action=\"admin_banned.php\" method=\"post\">\n";
 725      echo "  ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
 726      echo "  ", form_input_hidden('ban_id', htmlentities_array($ban_id)), "\n";
 727      echo "  ", form_input_hidden("delete_ban[$ban_id]", "Y"), "\n";
 728      echo "  ", form_input_hidden("ret", htmlentities_array($ret)), "\n";
 729      echo "  ", form_input_hidden("page", htmlentities_array($page)), "\n";
 730      echo "  <table cellpadding=\"0\" cellspacing=\"0\" width=\"700\">\n";
 731      echo "    <tr>\n";
 732      echo "      <td align=\"left\">\n";
 733      echo "        <table class=\"box\" width=\"100%\">\n";
 734      echo "          <tr>\n";
 735      echo "            <td align=\"left\" class=\"posthead\">\n";
 736      echo "              <table class=\"posthead\" width=\"100%\">\n";
 737      echo "                <tr>\n";
 738      echo "                  <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Edit Ban"), "</td>\n";
 739      echo "                </tr>\n";
 740      echo "                <tr>\n";
 741      echo "                  <td align=\"center\">\n";
 742      echo "                    <table class=\"posthead\" width=\"95%\">\n";
 743      echo "                      <tr>\n";
 744      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\">", gettext("Ban Type"), ":</td>\n";
 745      echo "                        <td align=\"left\">", form_dropdown_array('bantype', $ban_types_list_array, $ban_data_array['BANTYPE']), form_input_hidden('old_bantype', htmlentities_array($ban_data_array['BANTYPE'])), "</td>\n";
 746      echo "                      </tr>\n";
 747      echo "                      <tr>\n";
 748      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\">", gettext("Ban Data"), ":</td>\n";
 749      echo "                        <td align=\"left\">", form_input_text('bandata', htmlentities_array($ban_data_array['BANDATA']), 52, 255), form_input_hidden('old_bandata', htmlentities_array($ban_data_array['BANDATA'])), "</td>\n";
 750      echo "                      </tr>\n";
 751      echo "                      <tr>\n";
 752      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\" valign=\"top\">", gettext("Comment"), ":</td>\n";
 753      echo "                        <td align=\"left\">", form_textarea('bancomment', htmlentities_array($ban_data_array['COMMENT']), 6, 50), form_input_hidden('old_bancomment', htmlentities_array($ban_data_array['COMMENT'])), "</td>\n";
 754      echo "                      </tr>\n";
 755      echo "                      <tr>\n";
 756      echo "                        <td align=\"left\" width=\"150\" class=\"posthead\">", gettext("Ban Expires"), ":</td>\n";
 757      echo "                        <td align=\"left\">", form_date_dropdowns($ban_data_array['EXPIRESYEAR'], $ban_data_array['EXPIRESMONTH'], $ban_data_array['EXPIRESDAY'], "banexpires", 2002), form_input_hidden('old_banexpires', htmlentities_array($ban_data_array['EXPIRES'])), "</td>\n";
 758      echo "                      </tr>\n";
 759      echo "                      <tr>\n";
 760      echo "                        <td align=\"left\">&nbsp;</td>\n";
 761      echo "                        <td align=\"left\">&nbsp;</td>\n";
 762      echo "                      </tr>\n";
 763      echo "                    </table>\n";
 764      echo "                  </td>\n";
 765      echo "                </tr>\n";
 766      echo "              </table>\n";
 767      echo "            </td>\n";
 768      echo "          </tr>\n";
 769      echo "        </table>\n";
 770      echo "      </td>\n";
 771      echo "    </tr>\n";
 772      echo "    <tr>\n";
 773      echo "      <td align=\"left\">&nbsp;</td>\n";
 774      echo "    </tr>\n";
 775      echo "    <tr>\n";
 776      echo "      <td colspan=\"2\" align=\"center\">", form_submit("update", gettext("Save")), "&nbsp;", form_submit("edit_check", gettext("Check Ban")), "&nbsp;", form_submit("cancel", gettext("Cancel")), "</td>\n";
 777      echo "    </tr>\n";
 778      echo "  </table>\n";
 779      echo "</form>\n";
 780      echo "</div>\n";
 781  
 782      html_draw_bottom();
 783  
 784  } else {
 785  
 786      html_draw_top(sprintf('title=%s', gettext("Admin - Ban Controls")), 'class=window_title', 'main_css=admin.css');
 787  
 788      $ban_list_array = admin_get_ban_data($sort_by, $sort_dir, $page);
 789  
 790      echo "<h1>", gettext("Admin"), "<img src=\"", html_style_image('separator.png'), "\" alt=\"\" border=\"0\" />", gettext("Ban Controls"), "</h1>\n";
 791  
 792      if (isset($error_msg_array) && sizeof($error_msg_array) > 0) {
 793  
 794          html_display_error_array($error_msg_array, '86%', 'center');
 795  
 796      } else if (isset($_GET['added'])) {
 797  
 798          html_display_success_msg(gettext("Successfully added ban"), '86%', 'center');
 799  
 800      } else if (isset($_GET['removed'])) {
 801  
 802          html_display_success_msg(gettext("Successfully removed selected bans"), '86%', 'center');
 803  
 804      } else if (isset($_GET['edited'])) {
 805  
 806          html_display_success_msg(gettext("Successfully updated ban"), '86%', 'center');
 807  
 808      } else if (sizeof($ban_list_array['ban_array']) < 1) {
 809  
 810          html_display_warning_msg(gettext("There is no existing ban data. To add a ban click the 'Add New' button below."), '86%', 'center');
 811      }
 812  
 813      echo "<br />\n";
 814      echo "<div align=\"center\">\n";
 815      echo "<form accept-charset=\"utf-8\" name=\"admin_banned_form\" action=\"admin_banned.php\" method=\"post\">\n";
 816      echo "  ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
 817      echo "  ", form_input_hidden("ret", htmlentities_array($ret)), "\n";
 818      echo "  ", form_input_hidden("page", htmlentities_array($page)), "\n";
 819      echo "  <table cellpadding=\"0\" cellspacing=\"0\" width=\"86%\">\n";
 820      echo "    <tr>\n";
 821      echo "      <td align=\"left\">\n";
 822      echo "        <table class=\"box\" width=\"100%\">\n";
 823      echo "          <tr>\n";
 824      echo "            <td align=\"left\" class=\"posthead\">\n";
 825      echo "              <table class=\"posthead\" width=\"100%\">\n";
 826      echo "                 <tr>\n";
 827      echo "                   <td class=\"subhead\" align=\"left\" width=\"20\">&nbsp;</td>\n";
 828  
 829      if ($sort_by == 'BANDATA' && $sort_dir == 'ASC') {
 830          echo "                   <td class=\"subhead_sort_asc\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANDATA&amp;sort_dir=DESC&amp;page=$page\">", gettext("Ban Data"), "</a></td>\n";
 831      } else if ($sort_by == 'BANDATA' && $sort_dir == 'DESC') {
 832          echo "                   <td class=\"subhead_sort_desc\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANDATA&amp;sort_dir=ASC&amp;page=$page\">", gettext("Ban Data"), "</a></td>\n";
 833      } else if ($sort_dir == 'ASC') {
 834          echo "                   <td class=\"subhead\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANDATA&amp;sort_dir=ASC&amp;page=$page\">", gettext("Ban Data"), "</a></td>\n";
 835      } else {
 836          echo "                   <td class=\"subhead\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANDATA&amp;sort_dir=DESC&amp;page=$page\">", gettext("Ban Data"), "</a></td>\n";
 837      }
 838  
 839      if ($sort_by == 'BANTYPE' && $sort_dir == 'ASC') {
 840          echo "                   <td class=\"subhead_sort_asc\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANTYPE&amp;sort_dir=DESC&amp;page=$page\">", gettext("Ban Type"), "</a></td>\n";
 841      } else if ($sort_by == 'BANTYPE' && $sort_dir == 'DESC') {
 842          echo "                   <td class=\"subhead_sort_desc\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANTYPE&amp;sort_dir=ASC&amp;page=$page\">", gettext("Ban Type"), "</a></td>\n";
 843      } else if ($sort_dir == 'ASC') {
 844          echo "                   <td class=\"subhead\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANTYPE&amp;sort_dir=ASC&amp;page=$page\">", gettext("Ban Type"), "</a></td>\n";
 845      } else {
 846          echo "                   <td class=\"subhead\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=BANTYPE&amp;sort_dir=DESC&amp;page=$page\">", gettext("Ban Type"), "</a></td>\n";
 847      }
 848  
 849      if ($sort_by == 'EXPIRES' && $sort_dir == 'ASC') {
 850          echo "                   <td class=\"subhead_sort_asc\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=EXPIRES&amp;sort_dir=DESC&amp;page=$page\">", gettext("Ban Expires"), "</a></td>\n";
 851      } else if ($sort_by == 'EXPIRES' && $sort_dir == 'DESC') {
 852          echo "                   <td class=\"subhead_sort_desc\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=EXPIRES&amp;sort_dir=ASC&amp;page=$page\">", gettext("Ban Expires"), "</a></td>\n";
 853      } else if ($sort_dir == 'ASC') {
 854          echo "                   <td class=\"subhead\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=EXPIRES&amp;sort_dir=ASC&amp;page=$page\">", gettext("Ban Expires"), "</a></td>\n";
 855      } else {
 856          echo "                   <td class=\"subhead\" align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;sort_by=EXPIRES&amp;sort_dir=DESC&amp;page=$page\">", gettext("Ban Expires"), "</a></td>\n";
 857      }
 858  
 859      echo "                 </tr>\n";
 860  
 861      if (sizeof($ban_list_array['ban_array']) > 0) {
 862  
 863          foreach ($ban_list_array['ban_array'] as $ban_list_id => $ban_list_entry) {
 864  
 865              echo "                 <tr>\n";
 866              echo "                   <td align=\"center\">", form_checkbox("delete_ban[$ban_list_id]", "Y"), "</td>\n";
 867              echo "                   <td align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;ban_id=$ban_list_id&amp;page=$page\">{$ban_list_entry['BANDATA']}</a></td>\n";
 868              echo "                   <td align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;ban_id=$ban_list_id&amp;page=$page\">", (in_array($ban_list_entry['BANTYPE'], array_keys($ban_types_list_array)) ? $ban_types_list_array[$ban_list_entry['BANTYPE']] : gettext("Unknown")), "</a></td>\n";
 869              echo "                   <td align=\"left\"><a href=\"admin_banned.php?webtag=$webtag&amp;ban_id=$ban_list_id&amp;page=$page\">", (($ban_list_entry['EXPIRES'] > 0 && $ban_list_entry['EXPIRES'] > time()) ? format_date($ban_list_entry['EXPIRES']) : gettext("Never")), "</a></td>\n";
 870              echo "                 </tr>\n";
 871          }
 872      }
 873  
 874      echo "                 <tr>\n";
 875      echo "                   <td align=\"left\" colspan=\"5\">&nbsp;</td>\n";
 876      echo "                 </tr>\n";
 877      echo "               </table>\n";
 878      echo "             </td>\n";
 879      echo "           </tr>\n";
 880      echo "         </table>\n";
 881      echo "      </td>\n";
 882      echo "    </tr>\n";
 883      echo "    <tr>\n";
 884      echo "      <td align=\"left\">&nbsp;</td>\n";
 885      echo "    </tr>\n";
 886      echo "    <tr>\n";
 887      echo "      <td class=\"postbody\" align=\"center\">";
 888  
 889      html_page_links("admin_banned.php?webtag=$webtag&sort_by=$sort_by&sort_dir=$sort_dir&ret=$ret", $page, $ban_list_array['ban_count'], 10);
 890  
 891      echo "      </td>\n";
 892      echo "    </tr>\n";
 893      echo "    <tr>\n";
 894      echo "      <td align=\"left\">&nbsp;</td>\n";
 895      echo "    </tr>\n";
 896      echo "    <tr>\n";
 897      echo "      <td colspan=\"2\" align=\"center\">", form_submit("addban", gettext("Add New")), "&nbsp;", form_submit("delete", gettext("Delete Selected")), "</td>\n";
 898      echo "    </tr>\n";
 899      echo "  </table>\n";
 900      echo "</form>\n";
 901      echo "</div>\n";
 902  
 903      html_draw_bottom();
 904  }

title

Description

title

Description

title

Description

title

title

Body