/**
* Standard modular run function for OcCLE hooks.
*
* @param array The options with which the command was called
* @param array The parameters with which the command was called
* @param array A reference to the OcCLE filesystem object
* @return array Array of stdcommand, stdhtml, stdout, and stderr responses
*/
function run($options, $parameters, &$occle_fs)
{
if (array_key_exists('h', $options) || array_key_exists('help', $options)) {
return array('', do_command_help('ban_ip', array('h', 'u'), array(true)), '', '');
} else {
if (!array_key_exists(0, $parameters)) {
return array('', '', '', do_lang('MISSING_PARAM', '1', 'ban_ip'));
}
require_code('submit');
if (array_key_exists('u', $options) || array_key_exists('unban', $options)) {
unban_ip($parameters[0]);
} else {
ban_ip($parameters[0], array_key_exists(1, $parameters) ? $parameters[1] : '');
}
return array('', '', do_lang('SUCCESS'), '');
}
}
/**
* The actualiser for managing banned IPs.
*
* @return tempcode The UI
*/
function actual()
{
require_code('failure');
$old_bans = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip'));
$bans = post_param('bans');
$_bans = explode(chr(10), $bans);
foreach ($old_bans as $ban) {
if (preg_match('#^' . preg_quote($ban, '#') . '(\\s|$)#m', $bans) == 0) {
remove_ip_ban($ban);
}
}
$matches = array();
foreach ($_bans as $ban) {
if (trim($ban) == '') {
continue;
}
preg_match('#^([^\\s]+)(.*)$#', $ban, $matches);
$ip = $matches[1];
if (preg_match('#^[a-f0-9\\.\\*:]+$#U', $ip) == 0) {
attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID', $ban), 'warn');
} else {
if ($ip == get_ip_address()) {
attach_message(do_lang_tempcode('WONT_BAN_SELF', $ban), 'warn');
} elseif ($ip == ocp_srv('SERVER_ADDR')) {
attach_message(do_lang_tempcode('WONT_BAN_SERVER', $ban), 'warn');
}
if (!in_array($ip, $old_bans)) {
ban_ip($ip, trim($matches[2]));
$old_bans[] = $ip;
}
}
}
// Show it worked / Refresh
$title = get_page_title('IP_BANS');
$refresh_url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
return redirect_screen($title, $refresh_url, do_lang_tempcode('SUCCESS'));
}
function killspam($id)
{
global $db;
require_once mnminclude . 'link.php';
require_once mnminclude . 'votes.php';
require_once mnminclude . 'tags.php';
$user = $db->get_row('SELECT * FROM ' . table_users . " where user_id={$id}");
if (!$user->user_id) {
return;
}
canIChangeUser($user->user_level);
$db->query('UPDATE `' . table_users . "` SET user_enabled=0, `user_pass` = '63205e60098a9758101eeff9df0912ccaaca6fca3e50cdce3', user_level = 'Spammer' WHERE `user_id` = {$id}");
$results = $db->get_results($sql = "SELECT comment_id, comment_link_id FROM `" . table_comments . "` WHERE `comment_user_id` = {$id}");
if ($results) {
foreach ($results as $result) {
$db->query($sql = 'UPDATE `' . table_comments . '` SET `comment_status` = "spam" WHERE `comment_id` = "' . $result->comment_id . '"');
$vars = array('comment_id' => $result->comment_id);
check_actions('comment_spam', $vars);
$link = new Link();
$link->id = $result->comment_link_id;
$link->read();
$link->recalc_comments();
$link->store();
}
}
ban_ip($user->user_ip, $user->user_lastip);
$results = $db->get_results("SELECT * FROM `" . table_groups . "` WHERE group_creator = '{$id}'");
if ($results) {
foreach ($results as $result) {
$db->query('DELETE FROM `' . table_group_member . '` WHERE member_group_id = ' . $result->group_id);
$db->query('DELETE FROM `' . table_group_shared . '` WHERE share_group_id = ' . $result->group_id);
}
}
$db->query("DELETE FROM `" . table_groups . "` WHERE group_creator = '{$id}'");
$results = $db->get_results("SELECT vote_id,vote_link_id FROM `" . table_votes . "` WHERE `vote_user_id` = {$id}");
if ($results) {
foreach ($results as $result) {
$db->query('DELETE FROM `' . table_votes . '` WHERE `vote_id` = "' . $result->vote_id . '"');
$link = new Link();
$link->id = $result->vote_link_id;
$link->read();
$vote = new Vote();
$vote->type = 'links';
$vote->link = $result->vote_link_id;
if (Voting_Method == 1) {
$link->votes = $vote->count();
$link->reports = $link->count_all_votes("<0");
} elseif (Voting_Method == 2) {
$link->votes = $vote->rating();
$link->votecount = $vote->count();
$link->reports = $link->count_all_votes("<0");
} elseif (Voting_Method == 3) {
$link->votes = $vote->count();
$link->karma = $vote->karma();
$link->reports = $link->count_all_votes("<0");
}
$link->store_basic();
$link->check_should_publish();
}
}
$results = $db->get_results($sql = "SELECT link_id, link_url FROM `" . table_links . "` WHERE `link_author` = {$id}");
global $USER_SPAM_RULESET, $FRIENDLY_DOMAINS;
$filename = mnmpath . $USER_SPAM_RULESET;
$lines = file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$approved = file(mnmpath . $FRIENDLY_DOMAINS, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if ($results) {
foreach ($results as $result) {
if (preg_match('/:\\/\\/(www\\.)?([^\\/]+)(\\/|$)/', $result->link_url, $m)) {
$domain = strtoupper($m[2]) . "\n";
if (!in_array($domain, $lines) && !in_array($domain, $approved)) {
$lines[] = $domain;
$changed = 1;
}
}
$vars = array('link_id' => $result->link_id);
check_actions('story_spam', $vars);
}
}
if ($changed) {
if (is_writable($filename)) {
if ($handle = fopen($filename, 'w')) {
fwrite($handle, join("\n", $lines));
fclose($handle);
}
}
}
$db->query($sql = 'UPDATE `' . table_links . '` SET `link_status` = "spam" WHERE `link_author` = "' . $id . '"');
$db->query('DELETE FROM `' . table_saved_links . '` WHERE `saved_user_id` = "' . $id . '"');
$db->query('DELETE FROM `' . table_trackbacks . '` WHERE `trackback_user_id` = "' . $id . '"');
$db->query('DELETE FROM `' . table_friends . '` WHERE `friend_id` = "' . $id . '"');
$db->query('DELETE FROM `' . table_messages . "` WHERE `sender`={$id} OR `receiver`={$id}");
}
//UNBAN
if (isset($_POST['unban_ip'])) {
if (isset($_POST['unban_ips'])) {
$ips = $_POST['unban_ips'];
$bans = file(PATH_BAN_FILE);
if (FALSE == $bans) {
return GP_ERR_FOPEN_BAN_FILE;
}
for ($i = 0; $i < count($bans); $i++) {
$bans[$i] = trim($bans[$i]);
}
$ips = array_unique(array_diff($bans, $ips));
//remove the IPs that match
$fh = fopen(PATH_BAN_FILE, "w");
if (FALSE == $fh) {
return GP_ERR_FOPEN_BAN_FILE;
}
$unban = ban_ip($fh, $ips);
//write the remaining IPs
fclose($fh);
if (TRUE != $unban) {
return $unban;
} else {
return GP_UNBANNED;
}
} else {
return GP_ERR_NO_IP;
}
}
return TRUE;
/* vim: set ts=4 sw=4 tw=80 sts=4 fdm=marker nowrap et :*/
<?php require_once "sandtrap/sandtrap.php"; ban_ip();
function order_action($core)
{
$action = $core->get['a'] ? $core->get['a'] : null;
$id = $core->post['id'] ? (int) $core->post['id'] : ($core->get['id'] ? (int) $core->get['id'] : 0);
switch ($action) {
case 'order-notify':
$prev = (int) $core->get['prev'];
if ($core->user->comp && !$core->user->call) {
echo json_encode(array('previous' => time(), 'ords' => $core->db->field("SELECT COUNT(*) FROM " . DB_ORDER . " WHERE order_status = 1 AND order_time >= '{$prev}' AND comp_id = '" . $core->user->comp . "'")));
} else {
echo json_encode(array('previous' => time(), 'ords' => $core->db->field("SELECT COUNT(*) FROM " . DB_ORDER . " WHERE order_status = 1 AND order_time >= '{$prev}'")));
}
$core->_die();
case 'order-spsr':
$comp = $core->user->comp ? $core->wmsale->get('comp', $core->user->comp) : false;
$to = $core->text->line($core->post['to']);
$area = $core->text->line($core->post['area']);
$price = $core->text->line($core->post['price']);
require_once PATH . 'lib/spsr.php';
if ($comp['comp_spsr_login'] && $comp['comp_spsr_pass']) {
$spsr = new SPSRtrack($comp['comp_spsr_login'], $comp['comp_spsr_pass'], $comp['comp_spsr'], SPSR_COOKIE);
} else {
$spsr = new SPSRtrack(SPSR_LOGIN, SPSR_PASS, SPSR_ID, SPSR_COOKIE);
}
$info = $spsr->price($comp['comp_spsr_from'] ? $comp['comp_spsr_from'] : SPSR_CITY, $to, $area, $price);
unset($spsr);
echo json_encode($info);
$core->_die();
case 'order-rupost':
$to = (int) $core->get['to'];
$price = (int) $core->get['price'];
$req = $reqmd5 = array('apikey' => RUP_API, 'method' => 'calc', 'from_index' => RUP_FROM, 'to_index' => $to, 'weight' => RUP_WG, 'ob_cennost_rub' => $price);
$reqmd5[] = RUP_KEY;
$req['hash'] = md5(implode('|', $reqmd5));
$info = json_decode(curl('http://russianpostcalc.ru/api_v1.php', $req), true);
if ($info['calc']) {
$d = 0;
$c = 0;
foreach ($info['calc'] as $i) {
if ($i['type'] == 'rp_1class') {
$d = $i['days'];
$c = $i['cost'];
break;
}
}
$res = $d ? array('ok' => 1, 'dd' => $d, 'cost' => $c) : array('error' => 'nodelivery');
} else {
$res = array('error' => 'bad');
}
echo json_encode($res);
$core->_die();
case 'order-phone':
$phone = preg_replace('#([^0-9]+)#', '', $core->get['phone']);
$ptc = substr($phone, 1, 6);
$data = $core->db->row("SELECT * FROM " . DB_PDB . " WHERE `phone` = '{$ptc}' LIMIT 1");
if ($data) {
$place = $data['region'];
if ($data['city']) {
$place .= ', ' . $data['city'];
}
printf("<b>База</b>: %s (%s)", $data['operator'], $place);
}
$curl = curl_init('http://mnp.tele2.ru/gateway.php?' . substr($phone, 1));
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_REFERER, 'http://mnp.tele2.ru/whois.html');
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json, text/javascript, */*; q=0.01', 'Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3', 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8', 'X-Requested-With: XMLHttpRequest'));
$tele2 = curl_exec($curl);
curl_close($curl);
if ($tele2) {
$tele2info = json_decode($tele2, true);
if (is_array($tele2info['response'])) {
if ($data) {
echo '<br />';
}
printf("<b>Tele2</b>: %s (%s)", $tele2info['response']['mnc']['value'], $tele2info['response']['geocode']['value']);
}
}
$core->_die();
case 'order-move':
$comp = (int) $core->post['comp'];
if (($core->user->level || $core->user->call) && $comp && order_edit($core, $id, array('comp' => $comp))) {
msgo($core, 'move');
} else {
msgo($core, 'nomove');
}
case 'order-pickup':
if ($oid = order_take($core, $id)) {
$core->go($core->url('i', 'order', $oid));
} else {
$core->go($core->url('m', 'order', 'pickup'));
}
case 'order-call':
$status = $core->text->link($core->post['status']);
if ($status == 'del' && !$core->user->level) {
msgo($core, 'call');
}
if ($status == 'shave' && !($core->user->level || $core->user->shave)) {
msgo($core, 'call');
}
if ($cs = order_accept($status)) {
order_edit($core, $id, $cs);
}
msgo($core, 'call');
case 'order-send':
$code = $core->text->line($core->post['code']);
if (order_edit($core, $id, array('status' => 8, 'track' => $code))) {
msgo($core, 'send');
} else {
msgo($core, 'nocode');
}
case 'order-trackcall':
$status = (int) $core->post['status'];
$core->db->query("UPDATE " . DB_ORDER . " SET track_calls = track_calls + 1, track_result = '{$status}', track_call = '" . time() . "' WHERE order_id = '{$id}' LIMIT 1");
msgo($core, 'called');
case 'order-esend':
if (order_edit($core, $id, array('status' => 8))) {
msgo($core, 'send');
} else {
msgo($core, 'nocode');
}
case 'order-snew':
$core->db->query("UPDATE " . DB_ORDER . " SET order_courier = 0 WHERE order_id = '{$id}' LIMIT 1");
msgo($core, 'save');
case 'order-sold':
$core->db->query("UPDATE " . DB_ORDER . " SET order_courier = 1 WHERE order_id = '{$id}' LIMIT 1");
msgo($core, 'save');
case 'order-courier':
$from = $core->post['from'] ? form2date($core->post['from']) : false;
$to = $core->post['to'] ? form2date($core->post['to']) : false;
$onew = $core->post['new'] ? 1 : 0;
$mark = $core->post['mark'] ? 1 : 0;
$done = $core->post['done'] ? 1 : 0;
$comp = $core->wmsale->get('comp', $core->user->comp);
require_once PATH_LIB . 'addr.php';
require_once PATH_LIB . 'docs.php';
docs_spsr_make($core, $comp, $from, $to, $onew, $mark, $done);
$core->_die();
case 'order-packed':
if (order_edit($core, $id, array('status' => 7))) {
msgo($core, 'pack');
} else {
msgo($core, 'error');
}
case 'order-arrive':
if (order_edit($core, $id, array('status' => 9))) {
msgo($core, 'arrive');
} else {
msgo($core, 'error');
}
case 'order-done':
if (order_edit($core, $id, array('status' => 10))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-return':
if (order_edit($core, $id, array('status' => 11))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-uncheck':
if (order_edit($core, $id, array('check' => 0))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-reset':
if (order_edit($core, $id, array('status' => 12))) {
msgo($core, 'done');
} else {
msgo($core, 'error');
}
case 'order-docs':
$ord = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
if ($core->user->level || $core->user->call || $core->user->id == $ord['user_id'] || $core->user->comp == $ord['comp_id']) {
$comp = $core->wmsale->get('comp', $ord['comp_id']);
require_once PATH_LIB . 'docs.php';
docs_xls_make($ord, $comp);
$core->_die();
} else {
$core->go($core->url('mm', '', 'access'));
}
case 'order-edit':
$changes = array();
$order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
$status = $order['order_status'];
// Basic order info
if (isset($core->post['name'])) {
$changes['name'] = $core->text->line($core->post['name']);
}
if (isset($core->post['addr'])) {
$changes['addr'] = $core->text->line($core->post['addr']);
}
if (isset($core->post['area'])) {
$changes['area'] = $core->text->line($core->post['area']);
}
if (isset($core->post['city'])) {
$changes['city'] = $core->text->line($core->post['city']);
}
if (isset($core->post['street'])) {
$changes['street'] = $core->text->line($core->post['street']);
}
if (isset($core->post['phone'])) {
$changes['phone'] = preg_replace('#([^0-9]+)#', '', $core->post['phone']);
}
if (isset($core->post['index'])) {
$changes['index'] = (int) $core->post['index'];
}
if (isset($core->post['track'])) {
$changes['track'] = $core->text->line($core->post['track']);
}
// Item delivery and counts
if (isset($core->post['delivery'])) {
$changes['delivery'] = (int) $core->post['delivery'];
}
if (isset($core->post['discount'])) {
$changes['discount'] = (int) $core->post['discount'];
}
if (isset($core->post['more'])) {
$changes['more'] = (int) $core->post['more'];
}
if (isset($core->post['counts'])) {
$changes['counts'] = array();
foreach ($core->post['counts'] as $i => $c) {
if ($c = (int) $c) {
$changes['counts'][(int) $i] = $c;
}
}
}
if (isset($core->post['comment'])) {
$changes['comment'] = $core->text->line($core->post['comment']);
}
if (isset($core->post['meta']) && is_array($core->post['meta'])) {
$changes['meta'] = array();
foreach ($core->post['meta'] as $k => $v) {
$changes['meta'][$k] = stripslashes($v);
}
}
// Check for status
$act = $core->text->link($core->post['act']);
switch ($status) {
case 2:
case 3:
case 4:
// Order accept progress
if ($status == 'del' && !$core->user->level) {
break;
}
if ($status == 'shave' && !($core->user->level || $core->user->shave)) {
break;
}
if ($cs = order_accept($act)) {
$changes += $cs;
}
break;
case 6:
// Packing
if ($act == 'done') {
$changes['status'] = 7;
}
break;
case 7:
// Sending
if ($act == 'done') {
$changes['status'] = 8;
}
if ($act == 'back') {
$changes['status'] = 6;
}
break;
case 8:
case 9:
// Delivery and payment
if ($act == 'done') {
$changes['status'] = $status + 1;
}
if ($act == 'return') {
$changes['status'] = 11;
}
if ($act == 'back') {
$changes['status'] = $status - 1;
}
break;
}
// Checks and controls of orders
if ($core->post['check']) {
$changes['check'] = 1;
}
if ($core->post['uncheck']) {
$changes['check'] = 0;
}
// Saving order data
order_edit($core, $id, $changes, $order);
// Processing bans
if ($core->post['banip'] || $core->post['banphone']) {
require_once PATH . 'lib/ban.php';
if ($core->post['banip']) {
ban_ip($core, $order['order_ip'], true);
}
if ($core->post['banphone']) {
ban_phone($core, $order['order_phone']);
}
}
// Processing order cancels
if ($core->post['delip'] || $core->post['delphone']) {
$sql = "SELECT order_id FROM " . DB_ORDER . " WHERE order_id != '" . $order['order_id'] . "' AND order_status < 5 AND comp_id = '" . $order['comp_id'] . "'";
if ($core->post['delip']) {
$sql .= " AND order_ip = '" . $order['order_ip'] . "'";
}
if ($core->post['delphone']) {
$sql .= " AND order_phone = '" . $order['order_phone'] . "'";
}
$ids = $core->db->col($sql);
foreach ($ids as $i) {
order_edit($core, $i, array('status' => 5, 'reason' => 7));
}
}
// Order save competed, returning back
if ($core->post['next']) {
$core->go($core->url('a', 'order-pickup', ''));
} else {
$core->go($core->post['r'] ? $core->post['r'] : $core->url('mm', 'order', 'save'));
}
case 'track-info':
$order = $core->db->row("SELECT * FROM " . DB_ORDER . " WHERE order_id = '{$id}' LIMIT 1");
if ($order['track_code']) {
$core->tpl->load('track', 'track');
$core->tpl->vars('track', array('id' => $id));
switch ($order['order_delivery']) {
case 1:
require_once PATH . 'lib/track.php';
$info = PostTracker::info($order['track_code']);
break;
case 2:
require_once PATH . 'lib/spsr.php';
$info = SPSRtrack::info($order['track_code']);
break;
}
foreach ($info as $i) {
$core->tpl->block('track', 'place', array('date' => $i['date'] . ($i['time'] ? ' ' . $i['time'] : ''), 'status' => $i['status'], 'city' => $i['city']));
}
$core->tpl->output('track');
}
$core->_die();
}
return false;
}