Ejemplo n.º 1
0
function BanEdit()
{
    global $txt, $modSettings, $context, $ban_request, $scripturl, $smcFunc;
    $_REQUEST['bg'] = empty($_REQUEST['bg']) ? 0 : (int) $_REQUEST['bg'];
    // Adding or editing a ban trigger?
    if (!empty($_POST['add_new_trigger']) || !empty($_POST['edit_trigger'])) {
        checkSession();
        $newBan = !empty($_POST['add_new_trigger']);
        $values = array('id_ban_group' => $_REQUEST['bg'], 'hostname' => '', 'email_address' => '', 'id_member' => 0, 'ip_low1' => 0, 'ip_high1' => 0, 'ip_low2' => 0, 'ip_high2' => 0, 'ip_low3' => 0, 'ip_high3' => 0, 'ip_low4' => 0, 'ip_high4' => 0);
        // Preset all values that are required.
        if ($newBan) {
            $insertKeys = array('id_ban_group' => 'int', 'hostname' => 'string', 'email_address' => 'string', 'id_member' => 'int', 'ip_low1' => 'int', 'ip_high1' => 'int', 'ip_low2' => 'int', 'ip_high2' => 'int', 'ip_low3' => 'int', 'ip_high3' => 'int', 'ip_low4' => 'int', 'ip_high4' => 'int');
        } else {
            $updateString = '
				hostname = {string:hostname}, email_address = {string:email_address}, id_member = {int:id_member},
				ip_low1 = {int:ip_low1}, ip_high1 = {int:ip_high1},
				ip_low2 = {int:ip_low2}, ip_high2 = {int:ip_high2},
				ip_low3 = {int:ip_low3}, ip_high3 = {int:ip_high3},
				ip_low4 = {int:ip_low4}, ip_high4 = {int:ip_high4}';
        }
        if ($_POST['bantype'] == 'ip_ban') {
            $ip = trim($_POST['ip']);
            $ip_parts = ip2range($ip);
            $ip_check = checkExistingTriggerIP($ip_parts, $ip);
            if (!$ip_check) {
                fatal_lang_error('invalid_ip', false);
            }
            $values = array_merge($values, $ip_check);
            $modlogInfo['ip_range'] = $_POST['ip'];
        } elseif ($_POST['bantype'] == 'hostname_ban') {
            if (preg_match('/[^\\w.\\-*]/', $_POST['hostname']) == 1) {
                fatal_lang_error('invalid_hostname', false);
            }
            // Replace the * wildcard by a MySQL compatible wildcard %.
            $_POST['hostname'] = str_replace('*', '%', $_POST['hostname']);
            $values['hostname'] = $_POST['hostname'];
            $modlogInfo['hostname'] = $_POST['hostname'];
        } elseif ($_POST['bantype'] == 'email_ban') {
            if (preg_match('/[^\\w.\\-\\+*@]/', $_POST['email']) == 1) {
                fatal_lang_error('invalid_email', false);
            }
            $_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));
            // Check the user is not banning an admin.
            $request = $smcFunc['db_query']('', '
				SELECT id_member
				FROM {db_prefix}members
				WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
					AND email_address LIKE {string:email}
				LIMIT 1', array('admin_group' => 1, 'email' => $_POST['email']));
            if ($smcFunc['db_num_rows']($request) != 0) {
                fatal_lang_error('no_ban_admin', 'critical');
            }
            $smcFunc['db_free_result']($request);
            $values['email_address'] = $_POST['email'];
            $modlogInfo['email'] = $_POST['email'];
        } elseif ($_POST['bantype'] == 'user_ban') {
            $_POST['user'] = preg_replace('~&#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES));
            $request = $smcFunc['db_query']('', '
				SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
				FROM {db_prefix}members
				WHERE member_name = {string:user_name} OR real_name = {string:user_name}
				LIMIT 1', array('admin_group' => 1, 'user_name' => $_POST['user']));
            if ($smcFunc['db_num_rows']($request) == 0) {
                fatal_lang_error('invalid_username', false);
            }
            list($memberid, $isAdmin) = $smcFunc['db_fetch_row']($request);
            $smcFunc['db_free_result']($request);
            if ($isAdmin && $isAdmin != 'f') {
                fatal_lang_error('no_ban_admin', 'critical');
            }
            $values['id_member'] = $memberid;
            $modlogInfo['member'] = $memberid;
        } else {
            fatal_lang_error('no_bantype_selected', false);
        }
        if ($newBan) {
            $smcFunc['db_insert']('', '{db_prefix}ban_items', $insertKeys, $values, array('id_ban'));
        } else {
            $smcFunc['db_query']('', '
				UPDATE {db_prefix}ban_items
				SET ' . $updateString . '
				WHERE id_ban = {int:ban_item}
					AND id_ban_group = {int:id_ban_group}', array_merge($values, array('ban_item' => (int) $_REQUEST['bi'])));
        }
        // Log the addion of the ban entry into the moderation log.
        logAction('ban', $modlogInfo + array('new' => $newBan, 'type' => $_POST['bantype']));
        // Register the last modified date.
        updateSettings(array('banLastUpdated' => time()));
        // Update the member table to represent the new ban situation.
        updateBanMembers();
    } elseif (!empty($_POST['remove_selection']) && !empty($_POST['ban_items']) && is_array($_POST['ban_items'])) {
        checkSession();
        // Making sure every deleted ban item is an integer.
        foreach ($_POST['ban_items'] as $key => $value) {
            $_POST['ban_items'][$key] = (int) $value;
        }
        $smcFunc['db_query']('', '
			DELETE FROM {db_prefix}ban_items
			WHERE id_ban IN ({array_int:ban_list})
				AND id_ban_group = {int:ban_group}', array('ban_list' => $_POST['ban_items'], 'ban_group' => $_REQUEST['bg']));
        // It changed, let the settings and the member table know.
        updateSettings(array('banLastUpdated' => time()));
        updateBanMembers();
    } elseif (!empty($_POST['modify_ban']) || !empty($_POST['add_ban'])) {
        checkSession();
        $addBan = !empty($_POST['add_ban']);
        if (empty($_POST['ban_name'])) {
            fatal_lang_error('ban_name_empty', false);
        }
        // Let's not allow HTML in ban names, it's more evil than beneficial.
        $_POST['ban_name'] = $smcFunc['htmlspecialchars']($_POST['ban_name'], ENT_QUOTES);
        // Check whether a ban with this name already exists.
        $request = $smcFunc['db_query']('', '
			SELECT id_ban_group
			FROM {db_prefix}ban_groups
			WHERE name = {string:new_ban_name}' . ($addBan ? '' : '
				AND id_ban_group != {int:ban_group}') . '
			LIMIT 1', array('ban_group' => $_REQUEST['bg'], 'new_ban_name' => $_POST['ban_name']));
        if ($smcFunc['db_num_rows']($request) == 1) {
            fatal_lang_error('ban_name_exists', false, array($_POST['ban_name']));
        }
        $smcFunc['db_free_result']($request);
        $_POST['reason'] = $smcFunc['htmlspecialchars']($_POST['reason'], ENT_QUOTES);
        $_POST['notes'] = $smcFunc['htmlspecialchars']($_POST['notes'], ENT_QUOTES);
        $_POST['notes'] = str_replace(array("\r", "\n", '  '), array('', '<br />', '&nbsp; '), $_POST['notes']);
        $_POST['expiration'] = $_POST['expiration'] == 'never' ? 'NULL' : ($_POST['expiration'] == 'expired' ? '0' : ($_POST['expire_date'] != $_POST['old_expire'] ? time() + 24 * 60 * 60 * (int) $_POST['expire_date'] : 'expire_time'));
        $_POST['full_ban'] = empty($_POST['full_ban']) ? '0' : '1';
        $_POST['cannot_post'] = !empty($_POST['full_ban']) || empty($_POST['cannot_post']) ? '0' : '1';
        $_POST['cannot_register'] = !empty($_POST['full_ban']) || empty($_POST['cannot_register']) ? '0' : '1';
        $_POST['cannot_login'] = !empty($_POST['full_ban']) || empty($_POST['cannot_login']) ? '0' : '1';
        if ($addBan) {
            // Adding some ban triggers?
            if ($addBan && !empty($_POST['ban_suggestion']) && is_array($_POST['ban_suggestion'])) {
                $ban_triggers = array();
                $ban_logs = array();
                if (in_array('main_ip', $_POST['ban_suggestion']) && !empty($_POST['main_ip'])) {
                    $ip = trim($_POST['main_ip']);
                    $ip_parts = ip2range($ip);
                    if (!checkExistingTriggerIP($ip_parts, $ip)) {
                        fatal_lang_error('invalid_ip', false);
                    }
                    $ban_triggers[] = array($ip_parts[0]['low'], $ip_parts[0]['high'], $ip_parts[1]['low'], $ip_parts[1]['high'], $ip_parts[2]['low'], $ip_parts[2]['high'], $ip_parts[3]['low'], $ip_parts[3]['high'], '', '', 0);
                    $ban_logs[] = array('ip_range' => $_POST['main_ip']);
                }
                if (in_array('hostname', $_POST['ban_suggestion']) && !empty($_POST['hostname'])) {
                    if (preg_match('/[^\\w.\\-*]/', $_POST['hostname']) == 1) {
                        fatal_lang_error('invalid_hostname', false);
                    }
                    // Replace the * wildcard by a MySQL wildcard %.
                    $_POST['hostname'] = str_replace('*', '%', $_POST['hostname']);
                    $ban_triggers[] = array(0, 0, 0, 0, 0, 0, 0, 0, substr($_POST['hostname'], 0, 255), '', 0);
                    $ban_logs[] = array('hostname' => $_POST['hostname']);
                }
                if (in_array('email', $_POST['ban_suggestion']) && !empty($_POST['email'])) {
                    if (preg_match('/[^\\w.\\-\\+*@]/', $_POST['email']) == 1) {
                        fatal_lang_error('invalid_email', false);
                    }
                    $_POST['email'] = strtolower(str_replace('*', '%', $_POST['email']));
                    $ban_triggers[] = array(0, 0, 0, 0, 0, 0, 0, 0, '', substr($_POST['email'], 0, 255), 0);
                    $ban_logs[] = array('email' => $_POST['email']);
                }
                if (in_array('user', $_POST['ban_suggestion']) && (!empty($_POST['bannedUser']) || !empty($_POST['user']))) {
                    // We got a username, let's find its ID.
                    if (empty($_POST['bannedUser'])) {
                        $_POST['user'] = preg_replace('~&amp;#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES));
                        $request = $smcFunc['db_query']('', '
							SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
							FROM {db_prefix}members
							WHERE member_name = {string:username} OR real_name = {string:username}
							LIMIT 1', array('admin_group' => 1, 'username' => $_POST['user']));
                        if ($smcFunc['db_num_rows']($request) == 0) {
                            fatal_lang_error('invalid_username', false);
                        }
                        list($_POST['bannedUser'], $isAdmin) = $smcFunc['db_fetch_row']($request);
                        $smcFunc['db_free_result']($request);
                        if ($isAdmin && $isAdmin != 'f') {
                            fatal_lang_error('no_ban_admin', 'critical');
                        }
                    }
                    $ban_triggers[] = array(0, 0, 0, 0, 0, 0, 0, 0, '', '', (int) $_POST['bannedUser']);
                    $ban_logs[] = array('member' => $_POST['bannedUser']);
                }
                if (!empty($_POST['ban_suggestion']['ips']) && is_array($_POST['ban_suggestion']['ips'])) {
                    $_POST['ban_suggestion']['ips'] = array_unique($_POST['ban_suggestion']['ips']);
                    // Don't add the main IP again.
                    if (in_array('main_ip', $_POST['ban_suggestion'])) {
                        $_POST['ban_suggestion']['ips'] = array_diff($_POST['ban_suggestion']['ips'], array($_POST['main_ip']));
                    }
                    foreach ($_POST['ban_suggestion']['ips'] as $ip) {
                        $ip_parts = ip2range($ip);
                        // They should be alright, but just to be sure...
                        if (count($ip_parts) != 4) {
                            fatal_lang_error('invalid_ip', false);
                        }
                        $ban_triggers[] = array($ip_parts[0]['low'], $ip_parts[0]['high'], $ip_parts[1]['low'], $ip_parts[1]['high'], $ip_parts[2]['low'], $ip_parts[2]['high'], $ip_parts[3]['low'], $ip_parts[3]['high'], '', '', 0);
                        $ban_logs[] = array('ip_range' => $ip);
                    }
                }
            }
            // Yes yes, we're ready to add now.
            $smcFunc['db_insert']('', '{db_prefix}ban_groups', array('name' => 'string-20', 'ban_time' => 'int', 'expire_time' => 'raw', 'cannot_access' => 'int', 'cannot_register' => 'int', 'cannot_post' => 'int', 'cannot_login' => 'int', 'reason' => 'string-255', 'notes' => 'string-65534'), array($_POST['ban_name'], time(), $_POST['expiration'], $_POST['full_ban'], $_POST['cannot_register'], $_POST['cannot_post'], $_POST['cannot_login'], $_POST['reason'], $_POST['notes']), array('id_ban_group'));
            $_REQUEST['bg'] = $smcFunc['db_insert_id']('{db_prefix}ban_groups', 'id_ban_group');
            // Now that the ban group is added, add some triggers as well.
            if (!empty($ban_triggers) && !empty($_REQUEST['bg'])) {
                // Put in the ban group ID.
                foreach ($ban_triggers as $k => $trigger) {
                    array_unshift($ban_triggers[$k], $_REQUEST['bg']);
                }
                // Log what we are doing!
                foreach ($ban_logs as $log_details) {
                    logAction('ban', $log_details + array('new' => 1));
                }
                $smcFunc['db_insert']('', '{db_prefix}ban_items', array('id_ban_group' => 'int', 'ip_low1' => 'int', 'ip_high1' => 'int', 'ip_low2' => 'int', 'ip_high2' => 'int', 'ip_low3' => 'int', 'ip_high3' => 'int', 'ip_low4' => 'int', 'ip_high4' => 'int', 'hostname' => 'string-255', 'email_address' => 'string-255', 'id_member' => 'int'), $ban_triggers, array('id_ban'));
            }
        } else {
            $smcFunc['db_query']('', '
				UPDATE {db_prefix}ban_groups
				SET
					name = {string:ban_name},
					reason = {string:reason},
					notes = {string:notes},
					expire_time = {raw:expiration},
					cannot_access = {int:cannot_access},
					cannot_post = {int:cannot_post},
					cannot_register = {int:cannot_register},
					cannot_login = {int:cannot_login}
				WHERE id_ban_group = {int:id_ban_group}', array('expiration' => $_POST['expiration'], 'cannot_access' => $_POST['full_ban'], 'cannot_post' => $_POST['cannot_post'], 'cannot_register' => $_POST['cannot_register'], 'cannot_login' => $_POST['cannot_login'], 'id_ban_group' => $_REQUEST['bg'], 'ban_name' => $_POST['ban_name'], 'reason' => $_POST['reason'], 'notes' => $_POST['notes']));
        }
        // No more caching, we have something new here.
        updateSettings(array('banLastUpdated' => time()));
        updateBanMembers();
    }
    // If we're editing an existing ban, get it from the database.
    if (!empty($_REQUEST['bg'])) {
        $context['ban_items'] = array();
        $request = $smcFunc['db_query']('', '
			SELECT
				bi.id_ban, bi.hostname, bi.email_address, bi.id_member, bi.hits,
				bi.ip_low1, bi.ip_high1, bi.ip_low2, bi.ip_high2, bi.ip_low3, bi.ip_high3, bi.ip_low4, bi.ip_high4,
				bg.id_ban_group, bg.name, bg.ban_time, bg.expire_time, bg.reason, bg.notes, bg.cannot_access, bg.cannot_register, bg.cannot_login, bg.cannot_post,
				IFNULL(mem.id_member, 0) AS id_member, mem.member_name, mem.real_name
			FROM {db_prefix}ban_groups AS bg
				LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_ban_group = bg.id_ban_group)
				LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = bi.id_member)
			WHERE bg.id_ban_group = {int:current_ban}', array('current_ban' => $_REQUEST['bg']));
        if ($smcFunc['db_num_rows']($request) == 0) {
            fatal_lang_error('ban_not_found', false);
        }
        while ($row = $smcFunc['db_fetch_assoc']($request)) {
            if (!isset($context['ban'])) {
                $context['ban'] = array('id' => $row['id_ban_group'], 'name' => $row['name'], 'expiration' => array('status' => $row['expire_time'] === null ? 'never' : ($row['expire_time'] < time() ? 'expired' : 'still_active_but_we_re_counting_the_days'), 'days' => $row['expire_time'] > time() ? floor(($row['expire_time'] - time()) / 86400) : 0), 'reason' => $row['reason'], 'notes' => $row['notes'], 'cannot' => array('access' => !empty($row['cannot_access']), 'post' => !empty($row['cannot_post']), 'register' => !empty($row['cannot_register']), 'login' => !empty($row['cannot_login'])), 'is_new' => false);
            }
            if (!empty($row['id_ban'])) {
                $context['ban_items'][$row['id_ban']] = array('id' => $row['id_ban'], 'hits' => $row['hits']);
                if (!empty($row['ip_high1'])) {
                    $context['ban_items'][$row['id_ban']]['type'] = 'ip';
                    $context['ban_items'][$row['id_ban']]['ip'] = range2ip(array($row['ip_low1'], $row['ip_low2'], $row['ip_low3'], $row['ip_low4']), array($row['ip_high1'], $row['ip_high2'], $row['ip_high3'], $row['ip_high4']));
                } elseif (!empty($row['hostname'])) {
                    $context['ban_items'][$row['id_ban']]['type'] = 'hostname';
                    $context['ban_items'][$row['id_ban']]['hostname'] = str_replace('%', '*', $row['hostname']);
                } elseif (!empty($row['email_address'])) {
                    $context['ban_items'][$row['id_ban']]['type'] = 'email';
                    $context['ban_items'][$row['id_ban']]['email'] = str_replace('%', '*', $row['email_address']);
                } elseif (!empty($row['id_member'])) {
                    $context['ban_items'][$row['id_ban']]['type'] = 'user';
                    $context['ban_items'][$row['id_ban']]['user'] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'href' => $scripturl . '?action=profile;u=' . $row['id_member'], 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>');
                } else {
                    unset($context['ban_items'][$row['id_ban']]);
                    $smcFunc['db_query']('', '
						DELETE FROM {db_prefix}ban_items
						WHERE id_ban = {int:current_ban}', array('current_ban' => $row['id_ban']));
                }
            }
        }
        $smcFunc['db_free_result']($request);
    } else {
        $context['ban'] = array('id' => 0, 'name' => '', 'expiration' => array('status' => 'never', 'days' => 0), 'reason' => '', 'notes' => '', 'ban_days' => 0, 'cannot' => array('access' => true, 'post' => false, 'register' => false, 'login' => false), 'is_new' => true);
        $context['ban_suggestions'] = array('main_ip' => '', 'hostname' => '', 'email' => '', 'member' => array('id' => 0));
        // Overwrite some of the default form values if a user ID was given.
        if (!empty($_REQUEST['u'])) {
            $request = $smcFunc['db_query']('', '
				SELECT id_member, real_name, member_ip, email_address
				FROM {db_prefix}members
				WHERE id_member = {int:current_user}
				LIMIT 1', array('current_user' => (int) $_REQUEST['u']));
            if ($smcFunc['db_num_rows']($request) > 0) {
                list($context['ban_suggestions']['member']['id'], $context['ban_suggestions']['member']['name'], $context['ban_suggestions']['main_ip'], $context['ban_suggestions']['email']) = $smcFunc['db_fetch_row']($request);
            }
            $smcFunc['db_free_result']($request);
            if (!empty($context['ban_suggestions']['member']['id'])) {
                $context['ban_suggestions']['href'] = $scripturl . '?action=profile;u=' . $context['ban_suggestions']['member']['id'];
                $context['ban_suggestions']['member']['link'] = '<a href="' . $context['ban_suggestions']['href'] . '">' . $context['ban_suggestions']['member']['name'] . '</a>';
                // Default the ban name to the name of the banned member.
                $context['ban']['name'] = $context['ban_suggestions']['member']['name'];
                // Would be nice if we could also ban the hostname.
                if (preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $context['ban_suggestions']['main_ip']) == 1 && empty($modSettings['disableHostnameLookup'])) {
                    $context['ban_suggestions']['hostname'] = host_from_ip($context['ban_suggestions']['main_ip']);
                }
                // Find some additional IP's used by this member.
                $context['ban_suggestions']['message_ips'] = array();
                $request = $smcFunc['db_query']('ban_suggest_message_ips', '
					SELECT DISTINCT poster_ip
					FROM {db_prefix}messages
					WHERE id_member = {int:current_user}
						AND poster_ip RLIKE {string:poster_ip_regex}
					ORDER BY poster_ip', array('current_user' => (int) $_REQUEST['u'], 'poster_ip_regex' => '^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$'));
                while ($row = $smcFunc['db_fetch_assoc']($request)) {
                    $context['ban_suggestions']['message_ips'][] = $row['poster_ip'];
                }
                $smcFunc['db_free_result']($request);
                $context['ban_suggestions']['error_ips'] = array();
                $request = $smcFunc['db_query']('ban_suggest_error_ips', '
					SELECT DISTINCT ip
					FROM {db_prefix}log_errors
					WHERE id_member = {int:current_user}
						AND ip RLIKE {string:poster_ip_regex}
					ORDER BY ip', array('current_user' => (int) $_REQUEST['u'], 'poster_ip_regex' => '^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$'));
                while ($row = $smcFunc['db_fetch_assoc']($request)) {
                    $context['ban_suggestions']['error_ips'][] = $row['ip'];
                }
                $smcFunc['db_free_result']($request);
                // Borrowing a few language strings from profile.
                loadLanguage('Profile');
            }
        }
    }
    // Template needs this to show errors using javascript
    loadLanguage('Errors');
    // If we're in wireless mode remove the admin template layer and use a special template.
    if (WIRELESS && WIRELESS_PROTOCOL != 'wap') {
        $context['sub_template'] = WIRELESS_PROTOCOL . '_ban_edit';
        foreach ($context['template_layers'] as $k => $v) {
            if (strpos($v, 'generic_menu') === 0) {
                unset($context['template_layers'][$k]);
            }
        }
    } else {
        $context['sub_template'] = 'ban_edit';
    }
}
Ejemplo n.º 2
0
/**
 * This function validates the ban triggers
 *
 * @package Bans
 * @param mixed[] $triggers
 */
function validateTriggers(&$triggers)
{
    $db = database();
    $ban_errors = Error_Context::context('ban', 1);
    if (empty($triggers)) {
        $ban_errors->addError('ban_empty_triggers');
    }
    $ban_triggers = array();
    $log_info = array();
    // Go through each trigger and make sure its valid
    foreach ($triggers as $key => $value) {
        if (!empty($value)) {
            if ($key == 'member') {
                continue;
            }
            if ($key == 'main_ip') {
                $value = trim($value);
                $ip_parts = ip2range($value);
                if (!checkExistingTriggerIP($ip_parts, $value)) {
                    $ban_errors->addError('invalid_ip');
                } else {
                    $ban_triggers['main_ip'] = array('ip_low1' => $ip_parts[0]['low'], 'ip_high1' => $ip_parts[0]['high'], 'ip_low2' => $ip_parts[1]['low'], 'ip_high2' => $ip_parts[1]['high'], 'ip_low3' => $ip_parts[2]['low'], 'ip_high3' => $ip_parts[2]['high'], 'ip_low4' => $ip_parts[3]['low'], 'ip_high4' => $ip_parts[3]['high'], 'ip_low5' => $ip_parts[4]['low'], 'ip_high5' => $ip_parts[4]['high'], 'ip_low6' => $ip_parts[5]['low'], 'ip_high6' => $ip_parts[5]['high'], 'ip_low7' => $ip_parts[6]['low'], 'ip_high7' => $ip_parts[6]['high'], 'ip_low8' => $ip_parts[7]['low'], 'ip_high8' => $ip_parts[7]['high']);
                }
            } elseif ($key == 'hostname') {
                if (preg_match('/[^\\w.\\-*]/', $value) == 1) {
                    $ban_errors->addError('invalid_hostname');
                } else {
                    // Replace the * wildcard by a MySQL wildcard %.
                    $value = substr(str_replace('*', '%', $value), 0, 255);
                    $ban_triggers['hostname']['hostname'] = $value;
                }
            } elseif ($key == 'email') {
                if (preg_match('/[^\\w.\\-\\+*@]/', $value) == 1) {
                    $ban_errors->addError('invalid_email');
                }
                // Check the user is not banning an admin.
                $request = $db->query('', '
					SELECT id_member
					FROM {db_prefix}members
					WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
						AND email_address LIKE {string:email}
					LIMIT 1', array('admin_group' => 1, 'email' => $value));
                if ($db->num_rows($request) != 0) {
                    $ban_errors->addError('no_ban_admin');
                }
                $db->free_result($request);
                $value = substr(strtolower(str_replace('*', '%', $value)), 0, 255);
                $ban_triggers['email']['email_address'] = $value;
            } elseif ($key == 'user') {
                $user = preg_replace('~&amp;#(\\d{4,5}|[2-9]\\d{2,4}|1[2-9]\\d);~', '&#$1;', Util::htmlspecialchars($value, ENT_QUOTES));
                $request = $db->query('', '
					SELECT id_member, (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AS isAdmin
					FROM {db_prefix}members
					WHERE member_name = {string:username} OR real_name = {string:username}
					LIMIT 1', array('admin_group' => 1, 'username' => $user));
                if ($db->num_rows($request) == 0) {
                    $ban_errors->addError('invalid_username');
                }
                list($value, $isAdmin) = $db->fetch_row($request);
                $db->free_result($request);
                if ($isAdmin && strtolower($isAdmin) != 'f') {
                    unset($value);
                    $ban_errors->addError('no_ban_admin');
                } else {
                    $ban_triggers['user']['id_member'] = $value;
                }
            } elseif (in_array($key, array('ips_in_messages', 'ips_in_errors'))) {
                // Special case, those two are arrays themselves
                $values = array_unique($value);
                // Don't add the main IP again.
                if (isset($triggers['main_ip'])) {
                    $values = array_diff($values, array($triggers['main_ip']));
                }
                unset($value);
                foreach ($values as $val) {
                    $val = trim($val);
                    $ip_parts = ip2range($val);
                    if (!checkExistingTriggerIP($ip_parts, $val)) {
                        $ban_errors->addError('invalid_ip');
                    } else {
                        $ban_triggers[$key][] = array('ip_low1' => $ip_parts[0]['low'], 'ip_high1' => $ip_parts[0]['high'], 'ip_low2' => $ip_parts[1]['low'], 'ip_high2' => $ip_parts[1]['high'], 'ip_low3' => $ip_parts[2]['low'], 'ip_high3' => $ip_parts[2]['high'], 'ip_low4' => $ip_parts[3]['low'], 'ip_high4' => $ip_parts[3]['high'], 'ip_low5' => $ip_parts[4]['low'], 'ip_high5' => $ip_parts[4]['high'], 'ip_low6' => $ip_parts[5]['low'], 'ip_high6' => $ip_parts[5]['high'], 'ip_low7' => $ip_parts[6]['low'], 'ip_high7' => $ip_parts[6]['high'], 'ip_low8' => $ip_parts[7]['low'], 'ip_high8' => $ip_parts[7]['high']);
                        $log_info[] = array('value' => $val, 'bantype' => 'ip_range');
                    }
                }
            } else {
                $ban_errors->addError('no_bantype_selected');
            }
            if (isset($value) && !is_array($value)) {
                $log_info[] = array('value' => $value, 'bantype' => $key);
            }
        }
    }
    return array('ban_triggers' => $ban_triggers, 'log_info' => $log_info);
}