}
if (!isset($ban)) {
error(_("That ban doesn't exist or is not for you."));
}
if ($ban['expires'] && $ban['expires'] - $ban['created'] <= $config['ban_appeals_min_length']) {
error(_("You cannot appeal a ban of this length."));
}
$query = query("SELECT `denied` FROM ``ban_appeals`` WHERE `ban_id` = {$ban_id}") or error(db_error());
$ban_appeals = $query->fetchAll(PDO::FETCH_COLUMN);
if (count($ban_appeals) >= $config['ban_appeals_max']) {
error(_("You cannot appeal this ban again."));
}
foreach ($ban_appeals as $is_denied) {
if (!$is_denied) {
error(_("There is already a pending appeal for this ban."));
}
}
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)");
$query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':message', $_POST['appeal']);
$query->execute() or error(db_error($query));
displayBan($ban);
} else {
if (!file_exists($config['has_installed'])) {
header('Location: install.php', true, $config['redirect_http']);
} else {
// They opened post.php in their browser manually.
error($config['error']['nopost']);
}
}
function checkBan($board = false)
{
global $config;
if (!isset($_SERVER['REMOTE_ADDR'])) {
// Server misconfiguration
return;
}
if (event('check-ban', $board)) {
return true;
}
$bans = Bans::find($_SERVER['REMOTE_ADDR'], $board, $config['show_modname']);
foreach ($bans as &$ban) {
if ($ban['expires'] && $ban['expires'] < time()) {
Bans::delete($ban['id']);
if ($config['require_ban_view'] && !$ban['seen']) {
if (!isset($_POST['json_response'])) {
displayBan($ban);
} else {
header('Content-Type: text/json');
die(json_encode(array('error' => true, 'banned' => true)));
}
}
} else {
if (!isset($_POST['json_response'])) {
displayBan($ban);
} else {
header('Content-Type: text/json');
die(json_encode(array('error' => true, 'banned' => true)));
}
}
}
// I'm not sure where else to put this. It doesn't really matter where; it just needs to be called every
// now and then to keep the ban list tidy.
if ($config['cache']['enabled'] && ($last_time_purged = cache::get('purged_bans_last'))) {
if (time() - $last_time_purged < $config['purge_bans']) {
return;
}
}
//Bans::purge();
if ($config['cache']['enabled']) {
cache::set('purged_bans_last', time());
}
}
function checkBan($board = 0)
{
global $config;
if (!isset($_SERVER['REMOTE_ADDR'])) {
// Server misconfiguration
return;
}
if (event('check-ban', $board)) {
return true;
}
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':board', $board);
$query->execute() or error(db_error($query));
if ($query->rowCount() < 1 && $config['ban_range']) {
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1");
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':board', $board);
$query->execute() or error(db_error($query));
}
if ($query->rowCount() < 1 && $config['ban_cidr'] && !isIPv6()) {
// my most insane SQL query yet
$query = prepare("SELECT `set`, `expires`, `reason`, `board`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board)\n\t\t\tAND (\t\t\t\t\t\n\t\t\t\t`ip` REGEXP '^(\\[0-9]+\\.\\[0-9]+\\.\\[0-9]+\\.\\[0-9]+\\)\\/(\\[0-9]+)\$'\n\t\t\t\t\tAND\n\t\t\t\t:ip >= INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1))\n\t\t\t\t\tAND\n\t\t\t\t:ip < INET_ATON(SUBSTRING_INDEX(`ip`, '/', 1)) + POW(2, 32 - SUBSTRING_INDEX(`ip`, '/', -1))\n\t\t\t)\n\t\t\tORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1");
$query->bindValue(':ip', ip2long($_SERVER['REMOTE_ADDR']));
$query->bindValue(':board', $board);
$query->execute() or error(db_error($query));
}
if ($ban = $query->fetch()) {
if ($ban['expires'] && $ban['expires'] < time()) {
// Ban expired
$query = prepare("DELETE FROM `bans` WHERE `id` = :id LIMIT 1");
$query->bindValue(':id', $ban['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
return;
}
displayBan($ban);
}
}