/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { require $file_base . '/config.php'; $ips = constant('BANNED_IPS'); if ($ips == 'Array') { return; } $rows = explode('|', $ips); require_code('failure'); foreach ($rows as $row) { if (import_check_if_imported('ip_ban', $row)) { continue; } add_ip_ban($row); import_id_remap_put('ip_ban', $row, 0); } }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { global $SITE_INFO; require_code('failure'); $rows = $db->query('SELECT * FROM ' . $table_prefix . 'ban_groups u LEFT JOIN ' . $table_prefix . 'ban_items b ON u.id_ban_group=b.id_ban_group'); foreach ($rows as $row) { $ban_time = $row['ban_time']; //when is banned user $ban_till = $row['expire_time']; //member is banned until if ($ban_till > time() || empty($ban_till)) { $uid = $GLOBALS['OCF_DRIVER']->get_member_from_username($row['name']); if (!empty($uid) && ($uid != 1 || $uid != 2)) { if (empty($ban_till)) { $GLOBALS['SITE_DB']->query_update('f_members', array('m_is_perm_banned' => 1), array('id' => $uid)); } else { $GLOBALS['SITE_DB']->query_update('f_members', array('m_on_probation_until' => $ban_till), array('id' => $uid)); } if ($row['ip_low1'] >= 127 && empty($ban_till)) { if (import_check_if_imported('ip_ban', strval($uid))) { continue; } for ($i = $row['ip_low1']; $i <= $row['ip_high1']; $i++) { for ($j = $row['ip_low2']; $j <= $row['ip_high2']; $j++) { for ($h = $row['ip_low3']; $h <= $row['ip_high3']; $h++) { for ($f = $row['ip_low4']; $f <= $row['ip_high4']; $f++) { $ip_to_ban = strval($i) . '.' . strval($j) . '.' . strval($h) . '.' . strval($f); add_ip_ban($ip_to_ban); import_id_remap_put('ip_ban', $ip_to_ban, 0); } } } } } } } } }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { $rows = $db->query('SELECT * FROM ' . $table_prefix . 'users WHERE u_member_group=-3'); require_code('failure'); foreach ($rows as $row) { $ban_time = $row['temp_ban_time']; //when is banned user $ban_period = $row['temp_ban']; //how many days is banned $ban_till = $ban_time + $ban_period; //the user is banned till this date/time if ($ban_till < time()) { continue; } if (import_check_if_imported('ip_ban', strval($row['id']))) { continue; } add_ip_ban($row['r_ip']); import_id_remap_put('ip_ban', strval($row['id']), 0); } }
/** * The actualiser to toggle a combined IP/member ban. * * @return tempcode The UI */ function multi_ban() { $title = get_page_title('BAN_USER'); $id = either_param('id', NULL); $_ip = explode(':', strrev($id), 2); $ip = strrev($_ip[0]); $member = array_key_exists(1, $_ip) ? strrev($_ip[1]) : NULL; if (post_param_integer('confirm', 0) == 0) { $preview = do_lang_tempcode('BAN_USER_DESCRIPTION', is_null($member) ? do_lang_tempcode('NA_EM') : make_string_tempcode(strval($member)), make_string_tempcode(escape_html($ip))); $url = get_self_url(false, false); return do_template('CONFIRM_SCREEN', array('_GUID' => '3840c52b23d9034cb6f9dd529b236c97', 'TITLE' => $title, 'PREVIEW' => $preview, 'FIELDS' => form_input_hidden('confirm', '1'), 'URL' => $url)); } if (!is_null($member)) { ocf_ban_member(intval($member)); } require_code('failure'); add_ip_ban($ip); return inform_screen($title, do_lang_tempcode('SUCCESS')); }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { require_code('failure'); $rows = $db->query('SELECT * FROM ' . $table_prefix . 'usersubmitban_ip'); foreach ($rows as $row) { add_ip_ban($row['ip'], array_key_exists('i_descrip', $row) ? $row['i_descrip'] : ''); } $rows = $db->query('SELECT * FROM ' . $table_prefix . 'usersubmitban_member'); $on_same_msn = $this->on_same_msn($file_base); foreach ($rows as $row) { $member = $on_same_msn ? $row['the_member'] : import_id_remap_get('member', $row['the_member'], true); if (is_null($member)) { continue; } $GLOBALS['SITE_DB']->query_insert('usersubmitban_member', array('the_member' => $member)); } }
/** * Handle flood control for members. * * @param MEMBER The member ID that just got detected */ function ocf_flood_control($id) { global $NON_PAGE_SCRIPT; if ($NON_PAGE_SCRIPT == 1) { return; } global $FLOOD_CONTROL_ONCE; if ($FLOOD_CONTROL_ONCE) { return; } $FLOOD_CONTROL_ONCE = true; if (get_page_name() == 'join') { return; } if (!running_script('index') && !running_script('iframe')) { return; } require_code('ocf_groups'); // Set last visit time session cookie if it doesn't exist if (!array_key_exists('last_visit', $_COOKIE) && $GLOBALS['FORUM_DRIVER']->get_guest_id() != $id) { require_code('users_active_actions'); $lvt = $this->get_member_row_field($id, 'm_last_visit_time'); ocp_setcookie('last_visit', is_null($lvt) ? strval(time()) : strval($lvt), true); $new_visit = true; } else { $new_visit = false; } // Do some flood control $submitting = count($_POST) > 0 && get_param('type', NULL) !== 'ed' && get_param('type', NULL) !== 'ec' && !running_script('preview'); $restrict = $submitting ? 'flood_control_submit_secs' : 'flood_control_access_secs'; $restrict_setting = $submitting ? 'm_last_submit_time' : 'm_last_visit_time'; $restrict_answer = ocf_get_best_group_property($this->get_members_groups($id), $restrict); if (!$submitting && array_key_exists('redirect', $_GET)) { $restrict_answer = 0; } if ($restrict_answer < 0) { $restrict_answer = 0; } $last = $this->get_member_row_field($id, $restrict_setting); if ($last > time()) { $last = time() - $restrict_answer; } // Weird clock problem $wait_time = $restrict_answer - time() + $last; if ($wait_time > 0 && addon_installed('stats')) { require_code('site'); log_stats('/flood', 0); $time_threshold = 30; $count_threshold = 50; $query = 'SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'stats WHERE date_and_time>' . strval(time() - $time_threshold) . ' AND date_and_time<' . strval(time()) . ' AND ' . db_string_equal_to('ip', get_ip_address()); $count = $GLOBALS['SITE_DB']->query_value_null_ok_full($query); if ($count >= $count_threshold && addon_installed('securitylogging')) { $ip = get_ip_address(); require_code('failure'); add_ip_ban($ip); require_code('notifications'); dispatch_notification('auto_ban', NULL, do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()), do_lang('AUTO_BAN_DOS_MESSAGE', $ip, integer_format($count_threshold), integer_format($time_threshold), get_site_default_lang()), NULL, A_FROM_SYSTEM_PRIVILEGED); } if (!function_exists('require_lang')) { require_code('lang'); } if (!function_exists('do_lang_tempcode')) { require_code('tempcode'); } require_lang('ocf'); warn_exit(do_lang_tempcode('FLOOD_CONTROL_RESTRICT', integer_format($wait_time))); } $extra = $submitting ? array('m_last_submit_time' => time()) : array(); $dif = time() - $this->get_member_row_field($id, 'm_last_visit_time'); if ($dif < 0) { $dif = 0; } // can happen if system clock changes if (is_guest($id)) { if (get_value('session_prudence') !== '1') { global $SESSION_CACHE; $num_guests = 0; foreach ($SESSION_CACHE as $c) { if (!array_key_exists('the_user', $c)) { continue; } // Workaround to HipHop PHP weird bug if ($c['last_activity'] > time() - 60 * 4 && is_guest($c['the_user'])) { $num_guests++; } } $dif *= $num_guests; } else { $restrict_answer = 0; } } if ($submitting || count($_POST) == 0 && $dif > $wait_time) { if ($restrict_answer != 0 || $dif > 180 || $new_visit) { $old_ip = $this->get_member_row_field($id, 'm_ip_address'); $change_map = array('m_last_visit_time' => time()); if (get_ip_address() != $old_ip) { $change_map['m_ip_address'] = get_ip_address(); } if (get_db_type() != 'xml') { $this->connection->query_update('f_members', $change_map + $extra, array('id' => $id), '', 1, NULL, false, true); } } } }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { require_code('failure'); $rows = $db->query('SELECT * FROM ' . $table_prefix . 'banlist WHERE ' . db_string_not_equal_to('ban_ip', '')); foreach ($rows as $row) { if (import_check_if_imported('ip_ban', strval($row['ban_id']))) { continue; } add_ip_ban($this->_un_phpbb_ip($row['ban_ip'])); import_id_remap_put('ip_ban', strval($row['ban_id']), 0); } }
/** * Log a hackattack, then displays an error message. It also attempts to send an e-mail to the staff alerting them of the hackattack. * * @param ID_TEXT The reason for the hack attack. This has to be a language string codename * @param SHORT_TEXT A parameter for the hack attack language string (this should be based on a unique ID, preferably) * @param SHORT_TEXT A more illustrative parameter, which may be anything (e.g. a title) */ function _log_hack_attack_and_exit($reason, $reason_param_a = '', $reason_param_b = '') { if (function_exists('set_time_limit')) { @set_time_limit(4); } global $EXTRA_HEAD; if (!isset($EXTRA_HEAD)) { $EXTRA_HEAD = new ocp_tempcode(); } $EXTRA_HEAD->attach('<meta name="robots" content="noindex" />'); // XHTMLXHTML $GLOBALS['HTTP_STATUS_CODE'] = '403'; if (!headers_sent()) { if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 403 Forbidden'); } // Stop spiders ever storing the URL that caused this } if (!addon_installed('securitylogging')) { warn_exit(do_lang_tempcode('HACK_ATTACK_USER')); } $ip = get_ip_address(); $ip2 = ocp_srv('REMOTE_ADDR'); if (!is_valid_ip($ip2)) { $ip2 = ''; } if ($ip2 == $ip || $ip2 == '' || ocp_srv('SERVER_ADDR') == $ip2) { $ip2 = NULL; } if (function_exists('get_member')) { $id = get_member(); $username = $GLOBALS['FORUM_DRIVER']->get_username($id); if (is_null($username)) { $username = do_lang('UNKNOWN'); } } else { $id = db_get_first_id(); $username = function_exists('do_lang') ? do_lang('UNKNOWN') : 'Unknown'; } $url = ocp_srv('PHP_SELF') . '?' . ocp_srv('QUERY_STRING'); $post = ''; foreach ($_POST as $key => $val) { if (!is_string($val)) { continue; } $post .= $key . ' => ' . $val . "\n\n"; } $count = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip)); $alt_ip = false; if (!is_null($ip2)) { $count2 = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip2)); if ($count2 > $count) { $count = $count2; $alt_ip = true; } } $hack_threshold = 5; if (array_key_exists('FORUM_DRIVER', $GLOBALS) && function_exists('get_member') && $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { $count = 0; } $new_row = array('user_agent' => substr(get_browser_string(), 0, 255), 'referer' => substr(ocp_srv('HTTP_REFERER'), 0, 255), 'user_os' => substr(get_os_string(), 0, 255), 'reason' => $reason, 'reason_param_a' => substr($reason_param_a, 0, 255), 'reason_param_b' => substr($reason_param_b, 0, 255), 'url' => substr($url, 0, 255), 'data_post' => $post, 'the_user' => $id, 'date_and_time' => time(), 'ip' => $ip); $ip_ban_todo = NULL; if ($count >= $hack_threshold && get_option('autoban') != '0') { // Test we're not banning a good bot $se_ip_lists = array('http://www.iplists.com.nyud.net/nw/google.txt', 'http://www.iplists.com.nyud.net/nw/msn.txt', 'http://www.iplists.com.nyud.net/infoseek.txt', 'http://www.iplists.com.nyud.net/nw/inktomi.txt', 'http://www.iplists.com.nyud.net/nw/lycos.txt', 'http://www.iplists.com.nyud.net/nw/askjeeves.txt', 'http://www.iplists.com.nyud.net/northernlight.txt', 'http://www.iplists.com.nyud.net/nw/altavista.txt', 'http://www.iplists.com.nyud.net/nw/misc.txt'); $ip_stack = array(); $ip_bits = explode(strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':', $alt_ip ? $ip2 : $ip); foreach ($ip_bits as $i => $ip_bit) { $buildup = ''; for ($j = 0; $j <= $i; $j++) { if ($buildup != '') { $buildup .= strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':'; } $buildup .= $ip_bits[$j]; } $ip_stack[] = $buildup; } $is_se = false; foreach ($se_ip_lists as $ip_list) { $ip_list_file = http_download_file($ip_list, NULL, false); if (is_string($ip_list_file)) { $ip_list_array = explode(chr(10), $ip_list_file); foreach ($ip_stack as $ip_s) { if (in_array($ip_s, $ip_list_array)) { $is_se = true; } } if ($is_se) { break; } } } $dns = @gethostbyaddr($alt_ip ? $ip2 : $ip); if (preg_match('#(\\s|,|^)gethostbyname(\\s|$|,)#i', @ini_get('disable_functions')) != 0 || @gethostbyname($dns) === ($alt_ip ? $ip2 : $ip)) { $se_domain_names = array('googlebot.com', 'google.com', 'msn.com', 'yahoo.com', 'ask.com', 'aol.com'); foreach ($se_domain_names as $domain_name) { if (substr($dns, -strlen($domain_name) - 1) == '.' . $domain_name) { $is_se = true; break; } } } if (!$is_se && ($alt_ip ? $ip2 : $ip) != '127.0.0.1') { $rows = $GLOBALS['SITE_DB']->query_select('hackattack', array('*'), array('ip' => $alt_ip ? $ip2 : $ip)); $rows[] = $new_row; $summary = ''; foreach ($rows as $row) { $full_reason = do_lang($row['reason'], $row['reason_param_a'], $row['reason_param_b'], NULL, get_site_default_lang()); $summary .= "\n" . ' - ' . $full_reason . ' [' . $row['url'] . ']'; } add_ip_ban($alt_ip ? $ip2 : $ip, $full_reason); $_ip_ban_url = build_url(array('page' => 'admin_ipban', 'type' => 'misc'), get_module_zone('admin_ipban'), NULL, false, false, true); $ip_ban_url = $_ip_ban_url->evaluate(); $ip_ban_todo = do_lang('AUTO_BAN_HACK_MESSAGE', $alt_ip ? $ip2 : $ip, integer_format($hack_threshold), array($summary, $ip_ban_url), get_site_default_lang()); } } $GLOBALS['SITE_DB']->query_insert('hackattack', $new_row); if (!is_null($ip2)) { $new_row['ip'] = $ip2; $GLOBALS['SITE_DB']->query_insert('hackattack', $new_row); } if (function_exists('do_lang')) { $reason_full = do_lang($reason, $reason_param_a, $reason_param_b, NULL, get_site_default_lang()); $_stack_trace = get_html_trace(); $stack_trace = str_replace('html', 'html', $_stack_trace->evaluate()); $time = get_timezoned_date(time(), true, true, true); $message = do_template('HACK_ATTEMPT_MAIL', array('_GUID' => '6253b3c42c5e6c70d20afa9d1f5b40bd', 'STACK_TRACE' => $stack_trace, 'USER_AGENT' => get_browser_string(), 'REFERER' => ocp_srv('HTTP_REFERER'), 'USER_OS' => get_os_string(), 'REASON' => $reason_full, 'IP' => $ip, 'ID' => strval($id), 'USERNAME' => $username, 'TIME_RAW' => strval(time()), 'TIME' => $time, 'URL' => $url, 'POST' => $post), get_site_default_lang()); require_code('notifications'); $subject = do_lang('HACK_ATTACK_SUBJECT', $ip, NULL, NULL, get_site_default_lang()); dispatch_notification('hack_attack', NULL, $subject, $message->evaluate(get_site_default_lang(), false), NULL, A_FROM_SYSTEM_PRIVILEGED); if (!is_null($ip_ban_todo)) { $subject = do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()); dispatch_notification('auto_ban', NULL, $subject, $ip_ban_todo, NULL, A_FROM_SYSTEM_PRIVILEGED); } } if (preg_match('#^localhost[\\.\\:$]#', ocp_srv('HTTP_HOST')) != 0 && substr(get_base_url(), 0, 17) == 'http://localhost/') { fatal_exit(do_lang('HACK_ATTACK')); } warn_exit(do_lang_tempcode('HACK_ATTACK_USER')); }
/** * The actualiser to delete trackbacks. * * @return tempcode The UI */ function delete_trackbacks() { $title = get_page_title('DELETE_TRACKBACKS'); foreach ($_POST as $key => $val) { if (!is_string($val)) { continue; } if (substr($key, 0, 10) == 'trackback_') { $id = intval(substr($key, 10)); switch ($val) { case '2': if (addon_installed('securitylogging')) { $trackback_ip = $GLOBALS['SITE_DB']->query_value_null_ok('trackbacks', 'trackback_ip', array('id' => $id)); if (is_null($trackback_ip)) { break; } require_code('failure'); add_ip_ban($trackback_ip, do_lang('TRACKBACK_SPAM')); } // Intentionally no 'break' line below // Intentionally no 'break' line below case '1': $GLOBALS['SITE_DB']->query_delete('trackbacks', array('id' => $id), '', 1); break; // (zero is do nothing) } } } // Show it worked / Refresh $text = do_lang_tempcode('SUCCESS'); $url = get_param('redirect', NULL); if (is_null($url)) { $_url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF'); $url = $_url->evaluate(); } return redirect_screen($title, $url, $text); }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { global $SITE_INFO; require_code('failure'); $rows = $db->query('SELECT * FROM ' . $table_prefix . 'ban_groups u LEFT JOIN ' . $table_prefix . 'ban_items b ON u.ID_BAN_GROUP = b.ID_BAN_GROUP'); foreach ($rows as $row) { $ban_time = $row['ban_time']; //when is banned user $ban_till = $row['expire_time']; //member is banned until if ($ban_till > time() || empty($ban_till)) { $user = $db->query_select('members', array('ID_MEMBER'), array('memberName' => $row['name'])); if (isset($user[0]['ID_MEMBER']) && $user[0]['ID_MEMBER'] != 0) { $uid = $user[0]['ID_MEMBER']; if (empty($ban_till)) { $GLOBALS['SITE_DB']->query_update('f_members', array('m_is_perm_banned' => 1), array('id' => $uid)); } else { $GLOBALS['SITE_DB']->query_update('f_members', array('m_on_probation_until' => $ban_till), array('id' => $uid)); } if ($row['ip_low1'] >= 127 && empty($ban_till)) { if (import_check_if_imported('ip_ban', strval($uid))) { continue; } for ($i = $row['ip_low1']; $i <= $row['ip_high1']; $i++) { for ($j = $row['ip_low2']; $j <= $row['ip_high2']; $j++) { for ($h = $row['ip_low3']; $h <= $row['ip_high3']; $h++) { for ($f = $row['ip_low4']; $f <= $row['ip_high4']; $f++) { $ip_to_ban = strval($i . '.' . $j . '.' . $h . '.' . $f); add_ip_ban($ip_to_ban); import_id_remap_put('ip_ban', $ip_to_ban, 0); } } } } } } } } }
/** * Ban the specified IP address. * * @param IP The IP address to ban * @param LONG_TEXT Explanation for ban */ function ban_ip($ip, $descrip = '') { $ban = trim($ip); if ($ban != '' && !compare_ip_address($ban, get_ip_address())) { require_code('failure'); add_ip_ban($ban, $descrip); } elseif (compare_ip_address($ban, get_ip_address())) { attach_message(do_lang_tempcode('AVOIDING_BANNING_SELF'), 'warn'); } }
/** * Standard modular run function. * * @return tempcode The result of execution. */ function run() { $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/investigateuser'; $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_trace'; require_lang('submitban'); require_lang('security'); require_code('lookup'); if (addon_installed('securitylogging')) { $ip_ban_url = build_url(array('page' => 'admin_ipban'), get_module_zone('admin_ipban')); $GLOBALS['HELPER_PANEL_TEXT'] = comcode_to_tempcode(do_lang('DOC_ACTIONLOG_BAN_HELP', $ip_ban_url->evaluate())); } $param = get_param('param', get_param('id', '')); if ($param == '') { breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')))); $title = get_page_title('INVESTIGATE_USER'); require_code('form_templates'); $submit_name = do_lang_tempcode('INVESTIGATE_USER'); $post_url = build_url(array('page' => '_SELF'), '_SELF', NULL, false, true); $fields = form_input_line(do_lang_tempcode('DETAILS'), do_lang_tempcode('DESCRIPTION_INVESTIGATE'), 'param', '', false); breadcrumb_set_self(do_lang_tempcode('SEARCH')); return do_template('FORM_SCREEN', array('_GUID' => '9cc407037ec01a8f3483746a22889471', 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'TITLE' => $title, 'TEXT' => '', 'SUBMIT_NAME' => $submit_name, 'FIELDS' => $fields, 'URL' => $post_url)); } else { if (is_numeric($param)) { $title = get_page_title('INVESTIGATE_USER_BY_MEMBER_ID'); } elseif (strpos($param, '.') !== false) { $title = get_page_title('INVESTIGATE_USER_BY_IP'); } else { $title = get_page_title('INVESTIGATE_USER_BY_USERNAME'); } $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2); if (count($test) == 1) { $test[1] = 'DESC'; } list($sortable, $sort_order) = $test; $name = mixed(); $id = mixed(); $ip = mixed(); $rows = lookup_member_page($param, $name, $id, $ip); if (is_null($name)) { $name = do_lang('UNKNOWN'); } if (is_null($id)) { $id = $GLOBALS['FORUM_DRIVER']->get_guest_id(); } if (is_null($ip)) { $ip = ''; } $all_banned = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip', array('ip'))); $ip_list = new ocp_tempcode(); $groups = array(); foreach ($rows as $row) { if (strpos($row['ip'], ':') !== false) { $bits = explode(':', $row['ip']); $bits[count($bits) - 1] = '*'; $ip_masked = implode(':', $bits); } else { $bits = explode('.', $row['ip']); $bits[count($bits) - 1] = '*'; $ip_masked = implode('.', $bits); } if (!array_key_exists($ip_masked, $groups)) { $groups[$ip_masked] = array(); } $groups[$ip_masked][] = $row; } $all_ips = array(); foreach ($groups as $mask => $group) { foreach ($group as $row) { $all_ips[] = $row['ip']; } $all_ips[] = $mask; } if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') { if (!array_key_exists('banned', $_POST)) { $_POST['banned'] = array(); } require_code('failure'); $all_banned_filtered = array(); foreach ($all_ips as $bip) { if (addon_installed('securitylogging')) { if (in_array($bip, $_POST['banned'])) { add_ip_ban($bip); $all_banned_filtered[] = $bip; } else { remove_ip_ban($bip); } } } $all_banned = $all_banned_filtered; } foreach ($groups as $mask => $group) { $inner_ip_list = new ocp_tempcode(); $one_sub_is_banned = false; foreach ($group as $row) { $date = get_timezoned_date($row['date_and_time']); $lookup_url = build_url(array('page' => '_SELF', 'param' => $row['ip']), '_SELF'); $inner_ip_list->attach(do_template('LOOKUP_IP_LIST_ENTRY', array('_GUID' => '94a133f5f711bbf09100346661e3f7c9', 'UNIQID' => uniqid('', true), 'LOOKUP_URL' => $lookup_url, 'DATE' => $date, '_DATE' => strval($row['date_and_time']), 'IP' => $row['ip'], 'BANNED' => in_array($row['ip'], $all_banned)))); if (in_array($row['ip'], $all_banned)) { $one_sub_is_banned = true; } } $ip_list->attach(do_template('LOOKUP_IP_LIST_GROUP', array('OPEN_DEFAULT' => $one_sub_is_banned, 'UNIQID' => uniqid('', true), 'BANNED' => in_array($mask, $all_banned), 'MASK' => $mask, 'GROUP' => $inner_ip_list))); } $stats = get_stats_track($id, $ip, get_param_integer('start', 0), get_param_integer('max', 10), $sortable, $sort_order); $points_url = addon_installed('points') ? build_url(array('page' => 'points', 'type' => 'member', 'id' => $id), get_module_zone('points')) : NULL; if (addon_installed('authors')) { $author_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'authors', 'author' => $name), get_module_zone('authors')); } else { $author_url = NULL; } if (addon_installed('search')) { $search_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'search', 'type' => 'results', 'content' => '', 'author' => $name, 'days' => '-1', 'sort' => 'add_date', 'direction' => 'DESC'), get_module_zone('search')); } else { $search_url = NULL; } $profile_url = is_guest($id) ? NULL : $GLOBALS['FORUM_DRIVER']->member_profile_url($id, false, true); if (addon_installed('actionlog')) { $action_log_url = is_guest($id) ? NULL : build_url(array('page' => 'admin_actionlog', 'type' => 'list', 'id' => $id), get_module_zone('admin_actionlog')); } else { $action_log_url = NULL; } $alerts = $ip == '' ? new ocp_tempcode() : find_security_alerts(array('ip' => $ip)); $member_banned = $GLOBALS['FORUM_DRIVER']->is_banned($id); $ip_banned = $ip != '' && !is_null($GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $ip))); $banned_test_2 = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_member', 'the_member', array('the_member' => $id)); $submitter_banned = !is_null($banned_test_2); $member_ban_link = NULL; $ip_ban_link = NULL; $submitter_ban_link = NULL; if (addon_installed('securitylogging')) { if (get_forum_type() == 'ocf' && !is_guest($id) && $id != get_member()) { $member_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_member_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog')))); } if ($ip != '' && $ip != get_ip_address()) { $ip_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_ip_ban', 'id' => $ip), get_module_zone('admin_actionlog')))); } if (!is_guest($id) && $id != get_member()) { $submitter_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_submitter_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog')))); } } breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')), array('_SELF:_SELF:misc', do_lang_tempcode('SEARCH')))); breadcrumb_set_self(do_lang_tempcode('RESULT')); return do_template('LOOKUP_SCREEN', array('_GUID' => 'dc6effaa043949940b809f6aa5a1f944', 'TITLE' => $title, 'ALERTS' => $alerts, 'STATS' => $stats, 'IP_LIST' => $ip_list, 'IP_BANNED' => $ip_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'SUBMITTER_BANNED' => $submitter_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BANNED' => $member_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BAN_LINK' => $member_ban_link, 'SUBMITTER_BAN_LINK' => $submitter_ban_link, 'IP_BAN_LINK' => $ip_ban_link, 'ID' => strval($id), 'IP' => $ip, 'NAME' => $name, 'SEARCH_URL' => $search_url, 'AUTHOR_URL' => $author_url, 'POINTS_URL' => $points_url, 'PROFILE_URL' => $profile_url, 'ACTION_LOG_URL' => $action_log_url)); } }
/** * Standard import function. * * @param object The DB connection to import from * @param string The table prefix the target prefix is using * @param PATH The base directory we are importing from */ function import_ip_bans($db, $table_prefix, $file_base) { $rows = $db->query('SELECT * FROM ' . $table_prefix . 'users u LEFT JOIN ' . $table_prefix . 'banned b ON u.uid = b.uid WHERE b.gid=7'); require_code('failure'); foreach ($rows as $row) { $ban_time = $row['dateline']; //when is banned user $ban_period = $row['bantime']; //how many days/months/years is banned $perm_banned = false; if ($ban_period == '---') { //permanantly banned $perm_banned = true; } else { //calculate the ban period $period_array = array_map('intval', explode('-', $ban_period)); if (isset($period_array[0]) && $period_array[0] > 0) { $ban_till = $ban_time + strtotime("+ " . $period_array[0] . " day", strtotime($ban_time)); //the user is banned till this date/time } elseif (isset($period_array[1]) && $period_array[1] > 0) { $ban_till = $ban_time + strtotime("+ " . $period_array[1] . " month", strtotime($ban_time)); //the user is banned till this date/time } elseif (isset($period_array[2]) && $period_array[2] > 0) { $ban_till = $ban_time + strtotime("+ " . $period_array[2] . " year", strtotime($ban_time)); //the user is banned till this date/time } } $ban_till = $ban_time + $ban_period; //the user is banned till this date/time if (!$perm_banned) { continue; } //add just IPs of permanently banned users if (import_check_if_imported('ip_ban', strval($row['uid']))) { continue; } add_ip_ban($row['lastip']); import_id_remap_put('ip_ban', strval($row['lastip']), 0); } }
/** * Standard aed_module add actualiser. * * @return ID_TEXT The entry added */ function add_actualisation() { $explanation = post_param('explanation'); $member_id = post_param_integer('member_id'); $message = post_param('message', ''); $username = $GLOBALS['FORUM_DRIVER']->get_username($member_id); if (is_null($username)) { warn_exit(do_lang_tempcode('_USER_NO_EXIST', escape_html($username))); } $save = post_param('save'); if ($save != '') { $GLOBALS['FORUM_DB']->query_delete('f_saved_warnings', array('s_title' => $save), '', 1); $GLOBALS['FORUM_DB']->query_insert('f_saved_warnings', array('s_title' => $save, 's_explanation' => $explanation, 's_message' => $message)); } // Send PT if ($message != '') { require_code('ocf_topics_action'); require_code('ocf_topics_action2'); require_code('ocf_posts_action'); require_code('ocf_posts_action2'); $_title = do_lang('NEW_WARNING_TO_YOU'); $pt_topic_id = ocf_make_topic(NULL, '', '', 1, 1, 0, 0, 0, get_member(), $member_id); $post_id = ocf_make_post($pt_topic_id, $_title, $message, 0, true, 1, 1, NULL, NULL, NULL, NULL, NULL, NULL, NULL, false); send_pt_notification($post_id, $_title, $pt_topic_id, $member_id); } // Topic silencing $silence_from_topic = post_param_integer('topic_id', NULL); if (!is_null($silence_from_topic)) { $_silence_from_topic = get_input_date('silence_from_topic'); $GLOBALS['SITE_DB']->query_delete('msp', array('member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'topics', 'category_name' => strval($silence_from_topic))); } else { $_silence_from_topic = NULL; } if (!is_null($_silence_from_topic)) { $GLOBALS['SITE_DB']->query_insert('msp', array('active_until' => $_silence_from_topic, 'member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'topics', 'category_name' => strval($silence_from_topic), 'the_value' => '0')); } else { $silence_from_topic = NULL; } // Forum silencing $silence_from_forum = post_param_integer('forum_id', NULL); if (!is_null($silence_from_forum)) { $GLOBALS['SITE_DB']->query_delete('msp', array('member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum))); $GLOBALS['SITE_DB']->query_delete('msp', array('member_id' => $member_id, 'specific_permission' => 'submit_midrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum))); $_silence_from_forum = get_input_date('silence_from_forum'); } else { $_silence_from_forum = NULL; } if (!is_null($_silence_from_forum)) { $GLOBALS['SITE_DB']->query_insert('msp', array('active_until' => $_silence_from_forum, 'member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum), 'the_value' => '0')); $GLOBALS['SITE_DB']->query_insert('msp', array('active_until' => $_silence_from_forum, 'member_id' => $member_id, 'specific_permission' => 'submit_midrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum), 'the_value' => '0')); } else { $silence_from_forum = NULL; } // Probation $probation = post_param_integer('probation', 0); if (has_specific_permission(get_member(), 'probate_members')) { if ($probation != 0) { $on_probation_until = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_on_probation_until'); if (is_null($on_probation_until) || $on_probation_until < time()) { $on_probation_until = time(); } $on_probation_until += $probation * 60 * 60 * 24; $GLOBALS['FORUM_DB']->query_update('f_members', array('m_on_probation_until' => $on_probation_until), array('id' => $member_id), '', 1); } } // Ban member if (has_specific_permission(get_member(), 'member_maintenance')) { $banned_member = post_param_integer('banned_member', 0); if ($banned_member == 1) { $GLOBALS['FORUM_DB']->query_update('f_members', array('m_is_perm_banned' => 1), array('id' => $member_id), '', 1); } } else { $banned_member = 0; } // IP ban $banned_ip = ''; if (addon_installed('securitylogging')) { if (has_actual_page_access(get_member(), 'admin_ipban')) { $_banned_ip = post_param_integer('banned_ip', 0); if ($_banned_ip == 1) { $banned_ip = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_ip_address'); require_code('failure'); add_ip_ban($banned_ip); } } } // Change group $changed_usergroup_from = NULL; if (has_specific_permission(get_member(), 'member_maintenance')) { $__changed_usergroup_from = post_param('changed_usergroup_from'); if ($__changed_usergroup_from == '') { $_changed_usergroup_from = NULL; } else { $_changed_usergroup_from = intval($__changed_usergroup_from); } if (!is_null($_changed_usergroup_from) && $_changed_usergroup_from != -1) { $changed_usergroup_from = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_primary_group'); $GLOBALS['FORUM_DB']->query_update('f_members', array('m_primary_group' => $_changed_usergroup_from), array('id' => $member_id), '', 1); } } // Prepare to charge points (used in ocf_make_warning) $charged_points = post_param_integer('charged_points', 0); // Make the warning $warning_id = ocf_make_warning($member_id, $explanation, NULL, NULL, post_param_integer('is_warning', 0), $silence_from_topic, $silence_from_forum, $probation, $banned_ip, $charged_points, $banned_member, $changed_usergroup_from); // Charge points if (addon_installed('points')) { if (has_actual_page_access(get_member(), 'admin_points')) { if ($charged_points != 0) { require_code('points2'); charge_member($member_id, $charged_points, do_lang('FOR_PUNISHMENT', strval($warning_id))); } } } return strval($warning_id); }