/** * The actualiser to toggle an IP ban. * * @return tempcode The UI */ function toggle_ip_ban() { $ip = get_param('id'); $test = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $ip)); if (is_null($test)) { $title = get_page_title('IP_BANNED'); if ($ip == get_ip_address()) { warn_exit(do_lang_tempcode('AVOIDING_BANNING_SELF')); } if (post_param_integer('confirm', 0) == 0) { $preview = do_lang_tempcode('BAN_IP_DESCRIPTION', escape_html($ip)); $url = get_self_url(false, false); return do_template('CONFIRM_SCREEN', array('TITLE' => $title, 'PREVIEW' => $preview, 'FIELDS' => form_input_hidden('confirm', '1'), 'URL' => $url)); } require_code('failure'); add_ip_ban($ip); log_it('IP_BANNED', $ip); } else { $title = get_page_title('IP_UNBANNED'); if (post_param_integer('confirm', 0) == 0) { $preview = do_lang_tempcode('UNBAN_IP_DESCRIPTION', escape_html($ip)); $url = get_self_url(false, false); return do_template('CONFIRM_SCREEN', array('TITLE' => $title, 'PREVIEW' => $preview, 'FIELDS' => form_input_hidden('confirm', '1'), 'URL' => $url)); } require_code('failure'); remove_ip_ban($ip); log_it('IP_UNBANNED', $ip); } persistant_cache_delete('IP_BANS'); // Show it worked / Refresh $_url = get_param('redirect', NULL); if (!is_null($_url)) { $url = make_string_tempcode($_url); } else { $url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF'); } return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); }
/** * The actualiser for managing banned IPs. * * @return tempcode The UI */ function actual() { require_code('failure'); $old_bans = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip')); $bans = post_param('bans'); $_bans = explode(chr(10), $bans); foreach ($old_bans as $ban) { if (preg_match('#^' . preg_quote($ban, '#') . '(\\s|$)#m', $bans) == 0) { remove_ip_ban($ban); } } $matches = array(); foreach ($_bans as $ban) { if (trim($ban) == '') { continue; } preg_match('#^([^\\s]+)(.*)$#', $ban, $matches); $ip = $matches[1]; if (preg_match('#^[a-f0-9\\.\\*:]+$#U', $ip) == 0) { attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID', $ban), 'warn'); } else { if ($ip == get_ip_address()) { attach_message(do_lang_tempcode('WONT_BAN_SELF', $ban), 'warn'); } elseif ($ip == ocp_srv('SERVER_ADDR')) { attach_message(do_lang_tempcode('WONT_BAN_SERVER', $ban), 'warn'); } if (!in_array($ip, $old_bans)) { ban_ip($ip, trim($matches[2])); $old_bans[] = $ip; } } } // Show it worked / Refresh $title = get_page_title('IP_BANS'); $refresh_url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF'); return redirect_screen($title, $refresh_url, do_lang_tempcode('SUCCESS')); }
function GetBanFromUID($uid) { $res = DB::Execute("SELECT flags,reason,expiry,appeal FROM {P}Bans WHERE uid='{$uid}'"); if ($res->RecordCount() == 0) { return array(); } // NO BAN $row = $res->FetchRow(); list($flags, $reason, $expiry, $appeal) = $row; $td = $expiry - $_SERVER['REQUEST_TIME']; // echo "TD: $td"; if ($td < 0) { remove_id_ban($uid); remove_ip_ban($ip); return array(); } return $row; }
/** * Unban the specified IP address. * * @param IP The IP address to unban */ function unban_ip($ip) { require_code('failure'); $unban = trim($ip); remove_ip_ban($unban); }
/** * Standard modular run function. * * @return tempcode The result of execution. */ function run() { $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/investigateuser'; $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_trace'; require_lang('submitban'); require_lang('security'); require_code('lookup'); if (addon_installed('securitylogging')) { $ip_ban_url = build_url(array('page' => 'admin_ipban'), get_module_zone('admin_ipban')); $GLOBALS['HELPER_PANEL_TEXT'] = comcode_to_tempcode(do_lang('DOC_ACTIONLOG_BAN_HELP', $ip_ban_url->evaluate())); } $param = get_param('param', get_param('id', '')); if ($param == '') { breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')))); $title = get_page_title('INVESTIGATE_USER'); require_code('form_templates'); $submit_name = do_lang_tempcode('INVESTIGATE_USER'); $post_url = build_url(array('page' => '_SELF'), '_SELF', NULL, false, true); $fields = form_input_line(do_lang_tempcode('DETAILS'), do_lang_tempcode('DESCRIPTION_INVESTIGATE'), 'param', '', false); breadcrumb_set_self(do_lang_tempcode('SEARCH')); return do_template('FORM_SCREEN', array('_GUID' => '9cc407037ec01a8f3483746a22889471', 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'TITLE' => $title, 'TEXT' => '', 'SUBMIT_NAME' => $submit_name, 'FIELDS' => $fields, 'URL' => $post_url)); } else { if (is_numeric($param)) { $title = get_page_title('INVESTIGATE_USER_BY_MEMBER_ID'); } elseif (strpos($param, '.') !== false) { $title = get_page_title('INVESTIGATE_USER_BY_IP'); } else { $title = get_page_title('INVESTIGATE_USER_BY_USERNAME'); } $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2); if (count($test) == 1) { $test[1] = 'DESC'; } list($sortable, $sort_order) = $test; $name = mixed(); $id = mixed(); $ip = mixed(); $rows = lookup_member_page($param, $name, $id, $ip); if (is_null($name)) { $name = do_lang('UNKNOWN'); } if (is_null($id)) { $id = $GLOBALS['FORUM_DRIVER']->get_guest_id(); } if (is_null($ip)) { $ip = ''; } $all_banned = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip', array('ip'))); $ip_list = new ocp_tempcode(); $groups = array(); foreach ($rows as $row) { if (strpos($row['ip'], ':') !== false) { $bits = explode(':', $row['ip']); $bits[count($bits) - 1] = '*'; $ip_masked = implode(':', $bits); } else { $bits = explode('.', $row['ip']); $bits[count($bits) - 1] = '*'; $ip_masked = implode('.', $bits); } if (!array_key_exists($ip_masked, $groups)) { $groups[$ip_masked] = array(); } $groups[$ip_masked][] = $row; } $all_ips = array(); foreach ($groups as $mask => $group) { foreach ($group as $row) { $all_ips[] = $row['ip']; } $all_ips[] = $mask; } if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') { if (!array_key_exists('banned', $_POST)) { $_POST['banned'] = array(); } require_code('failure'); $all_banned_filtered = array(); foreach ($all_ips as $bip) { if (addon_installed('securitylogging')) { if (in_array($bip, $_POST['banned'])) { add_ip_ban($bip); $all_banned_filtered[] = $bip; } else { remove_ip_ban($bip); } } } $all_banned = $all_banned_filtered; } foreach ($groups as $mask => $group) { $inner_ip_list = new ocp_tempcode(); $one_sub_is_banned = false; foreach ($group as $row) { $date = get_timezoned_date($row['date_and_time']); $lookup_url = build_url(array('page' => '_SELF', 'param' => $row['ip']), '_SELF'); $inner_ip_list->attach(do_template('LOOKUP_IP_LIST_ENTRY', array('_GUID' => '94a133f5f711bbf09100346661e3f7c9', 'UNIQID' => uniqid('', true), 'LOOKUP_URL' => $lookup_url, 'DATE' => $date, '_DATE' => strval($row['date_and_time']), 'IP' => $row['ip'], 'BANNED' => in_array($row['ip'], $all_banned)))); if (in_array($row['ip'], $all_banned)) { $one_sub_is_banned = true; } } $ip_list->attach(do_template('LOOKUP_IP_LIST_GROUP', array('OPEN_DEFAULT' => $one_sub_is_banned, 'UNIQID' => uniqid('', true), 'BANNED' => in_array($mask, $all_banned), 'MASK' => $mask, 'GROUP' => $inner_ip_list))); } $stats = get_stats_track($id, $ip, get_param_integer('start', 0), get_param_integer('max', 10), $sortable, $sort_order); $points_url = addon_installed('points') ? build_url(array('page' => 'points', 'type' => 'member', 'id' => $id), get_module_zone('points')) : NULL; if (addon_installed('authors')) { $author_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'authors', 'author' => $name), get_module_zone('authors')); } else { $author_url = NULL; } if (addon_installed('search')) { $search_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'search', 'type' => 'results', 'content' => '', 'author' => $name, 'days' => '-1', 'sort' => 'add_date', 'direction' => 'DESC'), get_module_zone('search')); } else { $search_url = NULL; } $profile_url = is_guest($id) ? NULL : $GLOBALS['FORUM_DRIVER']->member_profile_url($id, false, true); if (addon_installed('actionlog')) { $action_log_url = is_guest($id) ? NULL : build_url(array('page' => 'admin_actionlog', 'type' => 'list', 'id' => $id), get_module_zone('admin_actionlog')); } else { $action_log_url = NULL; } $alerts = $ip == '' ? new ocp_tempcode() : find_security_alerts(array('ip' => $ip)); $member_banned = $GLOBALS['FORUM_DRIVER']->is_banned($id); $ip_banned = $ip != '' && !is_null($GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $ip))); $banned_test_2 = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_member', 'the_member', array('the_member' => $id)); $submitter_banned = !is_null($banned_test_2); $member_ban_link = NULL; $ip_ban_link = NULL; $submitter_ban_link = NULL; if (addon_installed('securitylogging')) { if (get_forum_type() == 'ocf' && !is_guest($id) && $id != get_member()) { $member_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_member_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog')))); } if ($ip != '' && $ip != get_ip_address()) { $ip_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_ip_ban', 'id' => $ip), get_module_zone('admin_actionlog')))); } if (!is_guest($id) && $id != get_member()) { $submitter_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_submitter_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog')))); } } breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')), array('_SELF:_SELF:misc', do_lang_tempcode('SEARCH')))); breadcrumb_set_self(do_lang_tempcode('RESULT')); return do_template('LOOKUP_SCREEN', array('_GUID' => 'dc6effaa043949940b809f6aa5a1f944', 'TITLE' => $title, 'ALERTS' => $alerts, 'STATS' => $stats, 'IP_LIST' => $ip_list, 'IP_BANNED' => $ip_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'SUBMITTER_BANNED' => $submitter_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BANNED' => $member_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BAN_LINK' => $member_ban_link, 'SUBMITTER_BAN_LINK' => $submitter_ban_link, 'IP_BAN_LINK' => $ip_ban_link, 'ID' => strval($id), 'IP' => $ip, 'NAME' => $name, 'SEARCH_URL' => $search_url, 'AUTHOR_URL' => $author_url, 'POINTS_URL' => $points_url, 'PROFILE_URL' => $profile_url, 'ACTION_LOG_URL' => $action_log_url)); } }
/** * Actualiser to undo a certain type of punitive action. * * @return tempcode Result (redirect page) */ function undo_banned_ip() { $title = get_page_title('UNBAN_IP'); require_code('failure'); $id = post_param_integer('id'); $member_id = $GLOBALS['FORUM_DB']->query_value('f_warnings', 'w_member_id', array('id' => $id)); $banned_ip = $GLOBALS['FORUM_DB']->query_value('f_warnings', 'p_banned_ip', array('id' => $id)); remove_ip_ban($banned_ip); $GLOBALS['FORUM_DB']->query_update('f_warnings', array('p_banned_ip' => ''), array('id' => $id), '', 1); log_it('UNBAN_IP', strval($id), $banned_ip); // Show it worked / Refresh $url = build_url(array('page' => '_SELF', 'type' => 'history', 'id' => $member_id), '_SELF'); return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); }
if (isset($_POST['id'])) { remove_id_ban($id); redirect('User ID unbanned.'); } break; case 'unban_ip': if (!$moderator && !$administrator) { add_error('You are not wise enough.', true); } if (!filter_var($_GET['id'], FILTER_VALIDATE_IP)) { add_error('That is not a valid IP address.', true); } $id = $_GET['id']; $page_title = 'Unban IP address ' . $id; if (isset($_POST['id'])) { remove_ip_ban($id); redirect('IP address unbanned.'); } break; case 'delete_topic': if (!$moderator && !$administrator) { add_error('You are not wise enough.', true); } if (!ctype_digit($_GET['id'])) { add_error('Invalid topic ID.', true); } $id = intval($_GET['id']); $page_title = 'Delete topic'; if (isset($_POST['id'])) { // Move record to user's trash. DB::Execute(DB::Prepare('INSERT INTO {P}Trash (uid, headline, body, time) SELECT topics.author, topics.headline, topics.body, UNIX_TIMESTAMP() FROM {P}Topics as topics WHERE topics.id = ?;'), array($id));