function doLogList($cond)
{
$log_fields = array('user' => array('table' => 'users', 'key' => 'id', 'fields' => '_userfields'), 'user2' => array('table' => 'users', 'key' => 'id', 'fields' => '_userfields'), 'thread' => array('table' => 'threads', 'key' => 'id', 'fields' => 'id,title'), 'post' => array('table' => 'posts', 'key' => 'id', 'fields' => 'id'), 'forum' => array('table' => 'forums', 'key' => 'id', 'fields' => 'id,title'), 'forum2' => array('table' => 'forums', 'key' => 'id', 'fields' => 'id,title'), 'pm' => array('table' => 'pmsgs', 'key' => 'id', 'fields' => 'id'));
$bucket = 'log_fields';
include 'lib/pluginloader.php';
$joinfields = '';
$joinstatements = '';
foreach ($log_fields as $field => $data) {
$joinfields .= ", {$field}.({$data['fields']}) \n";
$joinstatements .= "LEFT JOIN {{$data['table']}} AS {$field} ON l.{$field}!='0' AND {$field}.{$data['key']}=l.{$field} \n";
}
$logR = Query("\tSELECT \n\t\t\t\t\t\tl.*\n\t\t\t\t\t\t{$joinfields}\n\t\t\t\t\tFROM \n\t\t\t\t\t\t{log} l\n\t\t\t\t\t\t{$joinstatements}\n\t\t\t\t\tWHERE {$cond}\n\t\t\t\t\tORDER BY date DESC\n\t\t\t\t\tLIMIT 100");
//TODO Paging
while ($item = Fetch($logR)) {
$event = formatEvent($item);
$ip = formatIP($item["ip"]);
$cellClass = ($cellClass + 1) % 2;
$log .= "\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t" . str_replace(" ", " ", TimeUnits(time() - $item['date'])) . "\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell{$cellClass}\">\n\t\t\t\t\t{$event}\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell{$cellClass}\">\n\t\t\t\t\t{$ip}\n\t\t\t\t</td>\n\t\t\t</tr>";
}
echo "\n\t\t<table class=\"outline margin\">\n\t\t\t<tr class=\"header1\">\n\t\t\t\t<th>\n\t\t\t\t\t" . __("Time") . "\n\t\t\t\t</th>\n\t\t\t\t<th>\n\t\t\t\t\t" . __("Event") . "\n\t\t\t\t</th>\n\t\t\t\t<th>\n\t\t\t\t\t" . __("IP") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t{$log}\n\t\t</table>";
}
$profileParts = array();
$foo = array();
$foo[__("Name")] = $minipic . htmlspecialchars($user['displayname'] ? $user['displayname'] : $user['name']) . ($user['displayname'] ? " (" . $user['name'] . ")" : "");
if ($title) {
$foo[__("Title")] = $title;
}
if ($currentRank) {
$foo[__("Rank")] = $currentRank;
}
if ($toNextRank) {
$foo[__("To next rank")] = $toNextRank;
}
$foo[__("Karma")] = $karma . $karmaLinks;
$foo[__("Total posts")] = format("{0} ({1} per day)", $posts, $averagePosts);
$foo[__("Total threads")] = format("{0} ({1} per day)", $threads, $averageThreads);
$foo[__("Registered on")] = format("{0} ({1} ago)", cdate($dateformat, $user['regdate']), TimeUnits($daysKnown * 86400));
$foo[__("Score")] = $score;
$foo[__("Browser")] = $user['lastknownbrowser'];
if ($loguser['powerlevel'] > 0) {
$foo[__("Last known IP")] = $user['lastip'] . " " . IP2C($user['lastip']);
}
$profileParts[__("General information")] = $foo;
$foo = array();
$foo[__("Email address")] = $emailField;
if ($homepage) {
$foo[__("Homepage")] = CleanUpPost($homepage);
}
$profileParts[__("Contact information")] = $foo;
$foo = array();
$foo[__("Theme")] = $themes[$user['theme']];
$foo[__("Items per page")] = Plural($user['postsperpage'], __("post")) . ", " . Plural($user['threadsperpage'], __("thread"));
{
$rIPBan = Query("select * from {ipbans} where instr({0}, ip)=1", $ip);
while ($ipban = Fetch($rIPBan)) {
// check if this IP ban is actually good
// if the last character is a number, IPs have to match precisely
if (ctype_alnum(substr($ipban['ip'], -1)) && $ip !== $ipban['ip']) {
continue;
}
return $ipban;
}
return false;
}
$ipban = isIPBanned($_SERVER['REMOTE_ADDR']);
if ($ipban) {
$adminemail = Settings::get('ownerEmail');
print "You have been IP-banned from this board" . ($ipban['date'] ? " until " . gmdate("M jS Y, G:i:s", $ipban['date']) . " (GMT). That's " . TimeUnits($ipban['date'] - time()) . " left" : "") . ". Attempting to get around this in any way will result in worse things.";
print '<br>Reason: ' . $ipban['reason'];
if ($adminemail) {
print '<br><br>If you were erroneously banned, contact the board owner at: ' . $adminemail;
}
exit;
}
function doHash($data)
{
return hash('sha256', $data, FALSE);
}
$loguser = NULL;
if ($_COOKIE['logsession'] && !$ipban) {
$session = Fetch(Query("SELECT * FROM {sessions} WHERE id={0}", doHash($_COOKIE['logsession'] . SALT)));
if ($session) {
$loguser = Fetch(Query("SELECT * FROM {users} WHERE id={0}", $session["user"]));
// Access: administrators only
$title = __("IP bans");
CheckPermission('admin.manageipbans');
MakeCrumbs(array(actionLink("admin") => __("Admin"), actionLink("ipbans") => __("IP ban manager")));
if (isset($_POST['actionadd'])) {
//This doesn't allow you to ban IP ranges...
//if(!filter_var($_POST['ip'], FILTER_VALIDATE_IP))
// Alert("Invalid IP");
//else
if (isIPBanned($_POST['ip'])) {
Alert("Already banned IP!");
} else {
$rIPBan = Query("insert into {ipbans} (ip, reason, date) values ({0}, {1}, {2})", $_POST['ip'], $_POST['reason'], (int) $_POST['days'] > 0 ? time() + (int) $_POST['days'] * 86400 : 0);
Alert(__("Added."), __("Notice"));
}
} elseif ($_GET['action'] == "delete") {
$rIPBan = Query("delete from {ipbans} where ip={0} limit 1", $_GET['ip']);
Alert(__("Removed."), __("Notice"));
}
$rIPBan = Query("select * from {ipbans} order by date desc, ip asc");
$banList = "";
while ($ipban = Fetch($rIPBan)) {
$cellClass = ($cellClass + 1) % 2;
if ($ipban['date']) {
$date = formatdate($ipban['date']) . " (" . TimeUnits($ipban['date'] - time()) . " left)";
} else {
$date = __("Permanent");
}
$banList .= "\n\t<tr class=\"cell{$cellClass}\">\n\t\t<td>" . htmlspecialchars($ipban['ip']) . "</td>\n\t\t<td>" . htmlspecialchars($ipban['reason']) . "</td>\n\t\t<td>{$date}</td>\n\t\t<td><a href=\"" . actionLink("ipbans", "", "ip=" . htmlspecialchars($ipban['ip']) . "&action=delete") . "\">✘</a></td>\n\t</tr>";
}
print "\n<table class=\"outline margin width50\">\n\t<tr class=\"header1\">\n\t\t<th>" . __("IP") . "</th>\n\t\t<th>" . __("Reason") . "</th>\n\t\t<th>" . __("Date") . "</th>\n\t\t<th> </th>\n\t</tr>\n\t{$banList}\n</table>\n\n<form action=\"" . htmlentities(actionLink("ipbans")) . "\" method=\"post\">\n\t<table class=\"outline margin width50\">\n\t\t<tr class=\"header1\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t" . __("Add") . "\n\t\t\t</th>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t" . __("IP") . "\n\t\t\t</td>\n\t\t\t<td class=\"cell0\">\n\t\t\t\t<input type=\"text\" name=\"ip\" style=\"width: 98%;\" maxlength=\"45\" />\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t" . __("Reason") . "\n\t\t\t</td>\n\t\t\t<td class=\"cell1\">\n\t\t\t\t<input type=\"text\" name=\"reason\" style=\"width: 98%;\" maxlength=\"100\" />\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t" . __("For") . "\n\t\t\t</td>\n\t\t\t<td class=\"cell1\">\n\t\t\t\t<input type=\"text\" name=\"days\" size=\"13\" maxlength=\"13\" /> " . __("days") . "\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr class=\"cell2\">\n\t\t\t<td></td>\n\t\t\t<td>\n\t\t\t\t<input type=\"submit\" name=\"actionadd\" value=\"" . __("Add") . "\" />\n\t\t\t</td>\n\t\t</tr>\n\t</table>\n</form>";
$time = 0;
$expire = 0;
} else {
$time = $_POST['time'] * $_POST['timemult'];
$expire = time() + $time;
}
if ($expire) {
$bantitle = __('Banned until ') . formatdate($expire);
} else {
$bantitle = __('Banned permanently');
}
if (trim($_POST['reason'])) {
$bantitle .= __(': ') . $_POST['reason'];
}
Query("update {users} set tempbanpl = {0}, tempbantime = {1}, primarygroup = {4}, title = {3} where id = {2}", $user['u_primarygroup'], $expire, $id, $bantitle, Settings::get('bannedGroup'));
Report($loguser['name'] . ' banned ' . $user['u_name'] . ($expire ? ' for ' . TimeUnits($time) : ' permanently') . ($_POST['reason'] ? ': ' . $_POST['reason'] : '.'), true);
die(header('Location: ' . actionLink('profile', $id, '', $user['name'])));
} else {
if ($_POST['unban']) {
if ($_POST['token'] !== $loguser['token']) {
Kill('No.');
}
if ($user['u_primarygroup'] != Settings::get('bannedGroup')) {
Kill(__('This user is not banned.'));
}
Query("update {users} set primarygroup = tempbanpl, tempbantime = {0}, title = {1} where id = {2}", 0, '', $id);
Report($loguser['name'] . ' unbanned ' . $user['u_name'] . '.', true);
die(header('Location: ' . actionLink('profile', $id, '', $user['name'])));
}
}
if (isset($_GET['unban'])) {
<?php
include "lib/common.php";
if ($loguser['powerlevel'] < 1) {
Kill("Access denied.");
}
//$here = "http://helmet.kafuka.org/nikoboard";
$full = GetFullURL();
$here = substr($full, 0, strrpos($full, "/")) . "/";
$there = "./";
//"/";
$logR = Query("select * from reports order by time desc");
while ($item = Fetch($logR)) {
//print $item['text'];
$blar = $item['text'];
$blar = htmlspecialchars($blar);
$blar = str_replace("[g]", "", $blar);
$blar = str_replace("[b]", "", $blar);
$blar = str_replace("[/]", "", $blar);
$blar = str_replace("->", "→", $blar);
$blar = ereg_replace("[[:alpha:]]+://[^<>[:space:]]+[[:alnum:]/]", "<a href=\"\\0\">\\0</a>", $blar);
$blar = str_replace($here, $there, $blar);
$cellClass = ($cellClass + 1) % 2;
$log .= format("\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t{1} \n\t\t\t</td>\n\t\t\t<td class=\"cell{0}\">\n\t\t\t\t{2}\n\t\t\t</td>\n\t\t</tr>\n", $cellClass, str_replace(" ", " ", TimeUnits(time() - $item['time'])), $blar);
}
write("\n\t<table>\n\t\t<tr class=\"header1\">\n\t\t\t<th>\n\t\t\t\tTime\n\t\t\t</th>\n\t\t\t<th>\n\t\t\t\tEvent\n\t\t\t</th>\n\t\t</tr>\n\t\t{0}\n\t</table>\n", $log);
*/
$_POST['action'] = isset($_POST['action']) ? $_POST['action'] : "";
if ($_POST['action'] == __("Tempban") && $user['tempbantime'] == 0) {
if ($loguser['powerlevel'] < 3) {
Kill(__('No.'));
}
if ($user['powerlevel'] == 4) {
Kill(__("Trying to ban a root user?"));
}
$timeStamp = strtotime($_POST['until']);
if ($timeStamp === FALSE) {
Alert(__("Invalid time given. Try again."));
} else {
SendSystemPM($userid, format(__("You have been temporarily banned until {0} GMT. If you don't know why this happened, feel free to ask the one most likely to have done this. Calmly, if possible."), gmdate("M jS Y, G:[b][/b]i:[b][/b]s", $timeStamp)), __("You have been temporarily banned."));
Query("update {users} set tempbanpl = {0}, tempbantime = {1}, powerlevel = -1 where id = {2}", $user['powerlevel'], $timeStamp, $userid);
redirect(format(__("User has been banned for {0}."), TimeUnits($timeStamp - time())), actionLink("profile", $userid), __("that user's profile"));
}
}
/* QUERY PART
* ----------
*/
$failed = false;
if ($_POST['action'] == __("Edit profile")) {
$passwordEntered = false;
if ($_POST["currpassword"] != "") {
$sha = doHash($_POST["currpassword"] . $salt . $loguser['pss']);
if ($loguser['password'] == $sha) {
$passwordEntered = true;
} else {
Alert(__("Invalid password"));
$failed = true;
$thread['title'] = $lastPost['ttit'];
$thread['id'] = $lastPost['tid'];
$thread['forum'] = $lastPost['fid'];
$tags = ParseThreadTags($thread['title']);
if (!HasPermission('forum.viewforum', $lastPost['fid'])) {
$place = __("a restricted forum");
} else {
$ispublic = HasPermission('forum.viewforum', $lastPost['fid'], true);
$pid = $lastPost['pid'];
$place = actionLinkTag($tags[0], 'post', $pid) . " (" . actionLinkTag($lastPost['ftit'], 'forum', $lastPost['fid'], '', $ispublic ? $lastPost['ftit'] : '') . ")";
}
$temp[__("Last post")] = format("{0} ({1} ago)", formatdate($lastPost['date']), TimeUnits(time() - $lastPost['date'])) . "<br>" . __("in") . " " . $place;
} else {
$temp[__("Last post")] = __("Never");
}
$temp[__("Last view")] = format("{0} ({1} ago)", formatdate($user['lastactivity']), TimeUnits(time() - $user['lastactivity']));
//$temp[__("Score")] = $score;
if (HasPermission('admin.viewips')) {
$temp[__("Last user agent")] = htmlspecialchars($user['lastknownbrowser']);
$temp[__("Last IP address")] = formatIP($user['lastip']);
}
$profileParts[__("General information")] = $temp;
$temp = array();
$temp[__("Email address")] = $emailField;
if ($homepage) {
$temp[__("Homepage")] = $homepage;
}
$profileParts[__("Contact information")] = $temp;
$temp = array();
$infofile = "themes/" . $user['theme'] . "/themeinfo.txt";
if (file_exists($infofile)) {
// Access: administrators only
include "lib/common.php";
$title = __("IP bans");
AssertForbidden("editIPBans");
if ($loguser['powerlevel'] < 3) {
Kill(__("Only administrators get to manage IP bans."));
}
MakeCrumbs(array(__("Main") => "./", __("IP ban manager") => ""), "");
if ($_POST['action'] == __("Add")) {
$qIPBan = "insert into ipbans (ip, reason, date) values ('" . justEscape($_POST['ip']) . "', '" . justEscape($_POST['reason']) . "', " . ((int) $_POST['days'] > 0 ? time() + (int) $_POST['days'] * 86400 : 0) . ")";
$rIPBan = Query($qIPBan);
Alert(__("Added."), __("Notice"));
} elseif ($_GET['action'] == "delete") {
$qIPBan = "delete from ipbans where ip='" . justEscape($_GET['ip']) . "' limit 1";
$rIPBan = Query($qIPBan);
Alert(__("Removed."), __("Notice"));
}
$qIPBan = "select * from ipbans order by date desc";
$rIPBan = Query($qIPBan);
$banList = "";
while ($ipban = Fetch($rIPBan)) {
$cellClass = ($cellClass + 1) % 2;
if ($ipban['date']) {
$date = gmdate($dateformat, $ipban['date']) . " (" . TimeUnits($ipban['date'] - time()) . " left)";
} else {
$date = __("Permanent");
}
$banList .= format("\n\t<tr class=\"cell{0}\">\n\t\t<td>\n\t\t\t{1}\n\t\t</td>\n\t\t<td>\n\t\t\t{2}\n\t\t</td>\n\t\t<td>\n\t\t\t{3}\n\t\t</td>\n\t\t<td>\n\t\t\t<a href=\"ipbans.php?ip={1}&action=delete\">✘</a>\n\t\t</td>\n\t</tr>\n", $cellClass, $ipban['ip'], $ipban['reason'], $date);
}
write("\n<table class=\"outline margin width50\">\n\t<tr class=\"header1\">\n\t\t<th>" . __("IP") . "</th>\n\t\t<th>" . __("Reason") . "</th>\n\t\t<th>" . __("Date") . "</th>\n\t\t<th> </th>\n\t</tr>\n\t{0}\n</table>\n\n<form action=\"ipbans.php\" method=\"post\">\n\t<table class=\"outline margin width50\">\n\t\t<tr class=\"header1\">\n\t\t\t<th colspan=\"2\">\n\t\t\t\t" . __("Add") . "\n\t\t\t</th>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t" . __("IP") . "\n\t\t\t</td>\n\t\t\t<td class=\"cell0\">\n\t\t\t\t<input type=\"text\" name=\"ip\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t" . __("Reason") . "\n\t\t\t</td>\n\t\t\t<td class=\"cell1\">\n\t\t\t\t<input type=\"text\" name=\"reason\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td class=\"cell2\">\n\t\t\t\t" . __("For") . "\n\t\t\t</td>\n\t\t\t<td class=\"cell1\">\n\t\t\t\t<input type=\"text\" name=\"days\" size=\"13\" maxlength=\"13\" /> " . __("days") . "\n\t\t\t</td>\n\t\t</tr>\n\t\t<tr class=\"cell2\">\n\t\t\t<td></td>\n\t\t\t<td>\n\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Add") . "\" />\n\t\t\t</td>\n\t\t</tr>\n\t</table>\n</form>\n", $banList);
MakeCrumbs(array(__("Main") => "./", __("IP ban manager") => ""), "");
<table class="outline margin center" style="width: 60%; overflow: auto; margin: auto; margin-top: 40px; margin-bottom: 40px;">
<tr><td class="cell0" style="padding:60px">
<?php
$ipban['date'] = (int) $ipban['date'];
if ($ipban['date']) {
print format(__("You have been banned from this board until {0}. That's {1} left."), gmdate("M jS Y, G:i:s", $ipban['date']), TimeUnits($ipban['date'] - time()));
} else {
print __("You have been <strong>permanently</strong> banned from this board");
}
print "<br />";
print __("Attempting to get around this in any way will result in worse things.");
print "<br />";
print "<br />";
print "<b>" . __("Reason") . "</b>: " . htmlspecialchars($ipban['reason']);
print "<br />";
$bucket = "ipbanned";
include 'lib/pluginloader.php';
?>
</td></tr></table>
/* QUICK-E BAN
* -----------
*/
if ($_POST['action'] == __("Tempban") && $user['tempbantime'] == 0) {
if ($user['powerlevel'] == 4) {
include "lib/header.php";
Kill(__("Trying to ban a root user?"));
}
$timeStamp = strtotime($_POST['until']);
if ($timeStamp === FALSE) {
Alert(__("Invalid time given. Try again."));
} else {
SendSystemPM($userid, format(__("You have been temporarily banned until {0} GMT. If you don't know why this happened, feel free to ask the one most likely to have done this. Calmly, if possible."), gmdate("M jS Y, G:[b][/b]i:[b][/b]s", $timeStamp)), __("You have been temporarily banned."));
Query("update users set tempbanpl = " . $user['powerlevel'] . ", tempbantime = " . $timeStamp . ", powerlevel = -1 where id = " . $userid);
include "lib/header.php";
Redirect(format(__("User has been banned for {0}."), TimeUnits($timeStamp - time())), "profile.php?id=" . $userid, __("that user's profile"));
}
}
/* QUERY PART
* ----------
*/
$fallToEditor = true;
if ($_POST['action'] == __("Edit profile")) {
$fallToEditor = false;
$query = "UPDATE users SET ";
$sets = array();
$pluginSettings = unserialize($user['pluginsettings']);
$retlink = "<br /><br /><form action=\"editprofile.php\" method=\"post\"><input type=\"hidden\" name=\"savedpost\" value=\"" . htmlspecialchars(base64_encode(serialize($_POST))) . "\" /><a href=\"#\" onclick=\"this.parentNode.submit();\">" . __("Go back and fix that") . "</a></form>";
foreach ($tabs as $id => $tab) {
if (isset($tab['page'])) {
foreach ($tab['page'] as $id => $section) {
