Example #1
0
 /**
  * The actualiser to toggle an IP ban.
  *
  * @return tempcode		The UI
  */
 function toggle_ip_ban()
 {
     $ip = get_param('id');
     $test = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $ip));
     if (is_null($test)) {
         $title = get_page_title('IP_BANNED');
         if ($ip == get_ip_address()) {
             warn_exit(do_lang_tempcode('AVOIDING_BANNING_SELF'));
         }
         if (post_param_integer('confirm', 0) == 0) {
             $preview = do_lang_tempcode('BAN_IP_DESCRIPTION', escape_html($ip));
             $url = get_self_url(false, false);
             return do_template('CONFIRM_SCREEN', array('TITLE' => $title, 'PREVIEW' => $preview, 'FIELDS' => form_input_hidden('confirm', '1'), 'URL' => $url));
         }
         require_code('failure');
         add_ip_ban($ip);
         log_it('IP_BANNED', $ip);
     } else {
         $title = get_page_title('IP_UNBANNED');
         if (post_param_integer('confirm', 0) == 0) {
             $preview = do_lang_tempcode('UNBAN_IP_DESCRIPTION', escape_html($ip));
             $url = get_self_url(false, false);
             return do_template('CONFIRM_SCREEN', array('TITLE' => $title, 'PREVIEW' => $preview, 'FIELDS' => form_input_hidden('confirm', '1'), 'URL' => $url));
         }
         require_code('failure');
         remove_ip_ban($ip);
         log_it('IP_UNBANNED', $ip);
     }
     persistant_cache_delete('IP_BANS');
     // Show it worked / Refresh
     $_url = get_param('redirect', NULL);
     if (!is_null($_url)) {
         $url = make_string_tempcode($_url);
     } else {
         $url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
     }
     return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
 }
Example #2
0
 /**
  * The actualiser for managing banned IPs.
  *
  * @return tempcode		The UI
  */
 function actual()
 {
     require_code('failure');
     $old_bans = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip'));
     $bans = post_param('bans');
     $_bans = explode(chr(10), $bans);
     foreach ($old_bans as $ban) {
         if (preg_match('#^' . preg_quote($ban, '#') . '(\\s|$)#m', $bans) == 0) {
             remove_ip_ban($ban);
         }
     }
     $matches = array();
     foreach ($_bans as $ban) {
         if (trim($ban) == '') {
             continue;
         }
         preg_match('#^([^\\s]+)(.*)$#', $ban, $matches);
         $ip = $matches[1];
         if (preg_match('#^[a-f0-9\\.\\*:]+$#U', $ip) == 0) {
             attach_message(do_lang_tempcode('IP_ADDRESS_NOT_VALID', $ban), 'warn');
         } else {
             if ($ip == get_ip_address()) {
                 attach_message(do_lang_tempcode('WONT_BAN_SELF', $ban), 'warn');
             } elseif ($ip == ocp_srv('SERVER_ADDR')) {
                 attach_message(do_lang_tempcode('WONT_BAN_SERVER', $ban), 'warn');
             }
             if (!in_array($ip, $old_bans)) {
                 ban_ip($ip, trim($matches[2]));
                 $old_bans[] = $ip;
             }
         }
     }
     // Show it worked / Refresh
     $title = get_page_title('IP_BANS');
     $refresh_url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
     return redirect_screen($title, $refresh_url, do_lang_tempcode('SUCCESS'));
 }
Example #3
0
function GetBanFromUID($uid)
{
    $res = DB::Execute("SELECT flags,reason,expiry,appeal FROM {P}Bans WHERE uid='{$uid}'");
    if ($res->RecordCount() == 0) {
        return array();
    }
    // NO BAN
    $row = $res->FetchRow();
    list($flags, $reason, $expiry, $appeal) = $row;
    $td = $expiry - $_SERVER['REQUEST_TIME'];
    //	echo "TD: $td";
    if ($td < 0) {
        remove_id_ban($uid);
        remove_ip_ban($ip);
        return array();
    }
    return $row;
}
Example #4
0
/**
 * Unban the specified IP address.
 *
 * @param  IP				The IP address to unban
 */
function unban_ip($ip)
{
    require_code('failure');
    $unban = trim($ip);
    remove_ip_ban($unban);
}
Example #5
0
 /**
  * Standard modular run function.
  *
  * @return tempcode	The result of execution.
  */
 function run()
 {
     $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/investigateuser';
     $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_trace';
     require_lang('submitban');
     require_lang('security');
     require_code('lookup');
     if (addon_installed('securitylogging')) {
         $ip_ban_url = build_url(array('page' => 'admin_ipban'), get_module_zone('admin_ipban'));
         $GLOBALS['HELPER_PANEL_TEXT'] = comcode_to_tempcode(do_lang('DOC_ACTIONLOG_BAN_HELP', $ip_ban_url->evaluate()));
     }
     $param = get_param('param', get_param('id', ''));
     if ($param == '') {
         breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS'))));
         $title = get_page_title('INVESTIGATE_USER');
         require_code('form_templates');
         $submit_name = do_lang_tempcode('INVESTIGATE_USER');
         $post_url = build_url(array('page' => '_SELF'), '_SELF', NULL, false, true);
         $fields = form_input_line(do_lang_tempcode('DETAILS'), do_lang_tempcode('DESCRIPTION_INVESTIGATE'), 'param', '', false);
         breadcrumb_set_self(do_lang_tempcode('SEARCH'));
         return do_template('FORM_SCREEN', array('_GUID' => '9cc407037ec01a8f3483746a22889471', 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'TITLE' => $title, 'TEXT' => '', 'SUBMIT_NAME' => $submit_name, 'FIELDS' => $fields, 'URL' => $post_url));
     } else {
         if (is_numeric($param)) {
             $title = get_page_title('INVESTIGATE_USER_BY_MEMBER_ID');
         } elseif (strpos($param, '.') !== false) {
             $title = get_page_title('INVESTIGATE_USER_BY_IP');
         } else {
             $title = get_page_title('INVESTIGATE_USER_BY_USERNAME');
         }
         $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
         if (count($test) == 1) {
             $test[1] = 'DESC';
         }
         list($sortable, $sort_order) = $test;
         $name = mixed();
         $id = mixed();
         $ip = mixed();
         $rows = lookup_member_page($param, $name, $id, $ip);
         if (is_null($name)) {
             $name = do_lang('UNKNOWN');
         }
         if (is_null($id)) {
             $id = $GLOBALS['FORUM_DRIVER']->get_guest_id();
         }
         if (is_null($ip)) {
             $ip = '';
         }
         $all_banned = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip', array('ip')));
         $ip_list = new ocp_tempcode();
         $groups = array();
         foreach ($rows as $row) {
             if (strpos($row['ip'], ':') !== false) {
                 $bits = explode(':', $row['ip']);
                 $bits[count($bits) - 1] = '*';
                 $ip_masked = implode(':', $bits);
             } else {
                 $bits = explode('.', $row['ip']);
                 $bits[count($bits) - 1] = '*';
                 $ip_masked = implode('.', $bits);
             }
             if (!array_key_exists($ip_masked, $groups)) {
                 $groups[$ip_masked] = array();
             }
             $groups[$ip_masked][] = $row;
         }
         $all_ips = array();
         foreach ($groups as $mask => $group) {
             foreach ($group as $row) {
                 $all_ips[] = $row['ip'];
             }
             $all_ips[] = $mask;
         }
         if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
             if (!array_key_exists('banned', $_POST)) {
                 $_POST['banned'] = array();
             }
             require_code('failure');
             $all_banned_filtered = array();
             foreach ($all_ips as $bip) {
                 if (addon_installed('securitylogging')) {
                     if (in_array($bip, $_POST['banned'])) {
                         add_ip_ban($bip);
                         $all_banned_filtered[] = $bip;
                     } else {
                         remove_ip_ban($bip);
                     }
                 }
             }
             $all_banned = $all_banned_filtered;
         }
         foreach ($groups as $mask => $group) {
             $inner_ip_list = new ocp_tempcode();
             $one_sub_is_banned = false;
             foreach ($group as $row) {
                 $date = get_timezoned_date($row['date_and_time']);
                 $lookup_url = build_url(array('page' => '_SELF', 'param' => $row['ip']), '_SELF');
                 $inner_ip_list->attach(do_template('LOOKUP_IP_LIST_ENTRY', array('_GUID' => '94a133f5f711bbf09100346661e3f7c9', 'UNIQID' => uniqid('', true), 'LOOKUP_URL' => $lookup_url, 'DATE' => $date, '_DATE' => strval($row['date_and_time']), 'IP' => $row['ip'], 'BANNED' => in_array($row['ip'], $all_banned))));
                 if (in_array($row['ip'], $all_banned)) {
                     $one_sub_is_banned = true;
                 }
             }
             $ip_list->attach(do_template('LOOKUP_IP_LIST_GROUP', array('OPEN_DEFAULT' => $one_sub_is_banned, 'UNIQID' => uniqid('', true), 'BANNED' => in_array($mask, $all_banned), 'MASK' => $mask, 'GROUP' => $inner_ip_list)));
         }
         $stats = get_stats_track($id, $ip, get_param_integer('start', 0), get_param_integer('max', 10), $sortable, $sort_order);
         $points_url = addon_installed('points') ? build_url(array('page' => 'points', 'type' => 'member', 'id' => $id), get_module_zone('points')) : NULL;
         if (addon_installed('authors')) {
             $author_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'authors', 'author' => $name), get_module_zone('authors'));
         } else {
             $author_url = NULL;
         }
         if (addon_installed('search')) {
             $search_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'search', 'type' => 'results', 'content' => '', 'author' => $name, 'days' => '-1', 'sort' => 'add_date', 'direction' => 'DESC'), get_module_zone('search'));
         } else {
             $search_url = NULL;
         }
         $profile_url = is_guest($id) ? NULL : $GLOBALS['FORUM_DRIVER']->member_profile_url($id, false, true);
         if (addon_installed('actionlog')) {
             $action_log_url = is_guest($id) ? NULL : build_url(array('page' => 'admin_actionlog', 'type' => 'list', 'id' => $id), get_module_zone('admin_actionlog'));
         } else {
             $action_log_url = NULL;
         }
         $alerts = $ip == '' ? new ocp_tempcode() : find_security_alerts(array('ip' => $ip));
         $member_banned = $GLOBALS['FORUM_DRIVER']->is_banned($id);
         $ip_banned = $ip != '' && !is_null($GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $ip)));
         $banned_test_2 = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_member', 'the_member', array('the_member' => $id));
         $submitter_banned = !is_null($banned_test_2);
         $member_ban_link = NULL;
         $ip_ban_link = NULL;
         $submitter_ban_link = NULL;
         if (addon_installed('securitylogging')) {
             if (get_forum_type() == 'ocf' && !is_guest($id) && $id != get_member()) {
                 $member_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_member_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog'))));
             }
             if ($ip != '' && $ip != get_ip_address()) {
                 $ip_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_ip_ban', 'id' => $ip), get_module_zone('admin_actionlog'))));
             }
             if (!is_guest($id) && $id != get_member()) {
                 $submitter_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_submitter_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog'))));
             }
         }
         breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')), array('_SELF:_SELF:misc', do_lang_tempcode('SEARCH'))));
         breadcrumb_set_self(do_lang_tempcode('RESULT'));
         return do_template('LOOKUP_SCREEN', array('_GUID' => 'dc6effaa043949940b809f6aa5a1f944', 'TITLE' => $title, 'ALERTS' => $alerts, 'STATS' => $stats, 'IP_LIST' => $ip_list, 'IP_BANNED' => $ip_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'SUBMITTER_BANNED' => $submitter_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BANNED' => $member_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BAN_LINK' => $member_ban_link, 'SUBMITTER_BAN_LINK' => $submitter_ban_link, 'IP_BAN_LINK' => $ip_ban_link, 'ID' => strval($id), 'IP' => $ip, 'NAME' => $name, 'SEARCH_URL' => $search_url, 'AUTHOR_URL' => $author_url, 'POINTS_URL' => $points_url, 'PROFILE_URL' => $profile_url, 'ACTION_LOG_URL' => $action_log_url));
     }
 }
Example #6
0
 /**
  * Actualiser to undo a certain type of punitive action.
  *
  * @return tempcode		Result (redirect page)
  */
 function undo_banned_ip()
 {
     $title = get_page_title('UNBAN_IP');
     require_code('failure');
     $id = post_param_integer('id');
     $member_id = $GLOBALS['FORUM_DB']->query_value('f_warnings', 'w_member_id', array('id' => $id));
     $banned_ip = $GLOBALS['FORUM_DB']->query_value('f_warnings', 'p_banned_ip', array('id' => $id));
     remove_ip_ban($banned_ip);
     $GLOBALS['FORUM_DB']->query_update('f_warnings', array('p_banned_ip' => ''), array('id' => $id), '', 1);
     log_it('UNBAN_IP', strval($id), $banned_ip);
     // Show it worked / Refresh
     $url = build_url(array('page' => '_SELF', 'type' => 'history', 'id' => $member_id), '_SELF');
     return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
 }
Example #7
0
     if (isset($_POST['id'])) {
         remove_id_ban($id);
         redirect('User ID unbanned.');
     }
     break;
 case 'unban_ip':
     if (!$moderator && !$administrator) {
         add_error('You are not wise enough.', true);
     }
     if (!filter_var($_GET['id'], FILTER_VALIDATE_IP)) {
         add_error('That is not a valid IP address.', true);
     }
     $id = $_GET['id'];
     $page_title = 'Unban IP address ' . $id;
     if (isset($_POST['id'])) {
         remove_ip_ban($id);
         redirect('IP address unbanned.');
     }
     break;
 case 'delete_topic':
     if (!$moderator && !$administrator) {
         add_error('You are not wise enough.', true);
     }
     if (!ctype_digit($_GET['id'])) {
         add_error('Invalid topic ID.', true);
     }
     $id = intval($_GET['id']);
     $page_title = 'Delete topic';
     if (isset($_POST['id'])) {
         // Move record to user's trash.
         DB::Execute(DB::Prepare('INSERT INTO {P}Trash (uid, headline, body, time) SELECT topics.author, topics.headline, topics.body, UNIX_TIMESTAMP() FROM {P}Topics as topics WHERE topics.id = ?;'), array($id));