コード例 #1
0
ファイル: wowbb.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     require $file_base . '/config.php';
     $ips = constant('BANNED_IPS');
     if ($ips == 'Array') {
         return;
     }
     $rows = explode('|', $ips);
     require_code('failure');
     foreach ($rows as $row) {
         if (import_check_if_imported('ip_ban', $row)) {
             continue;
         }
         add_ip_ban($row);
         import_id_remap_put('ip_ban', $row, 0);
     }
 }
コード例 #2
0
ファイル: smf2.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     global $SITE_INFO;
     require_code('failure');
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'ban_groups u LEFT JOIN ' . $table_prefix . 'ban_items b ON u.id_ban_group=b.id_ban_group');
     foreach ($rows as $row) {
         $ban_time = $row['ban_time'];
         //when is banned user
         $ban_till = $row['expire_time'];
         //member is banned until
         if ($ban_till > time() || empty($ban_till)) {
             $uid = $GLOBALS['OCF_DRIVER']->get_member_from_username($row['name']);
             if (!empty($uid) && ($uid != 1 || $uid != 2)) {
                 if (empty($ban_till)) {
                     $GLOBALS['SITE_DB']->query_update('f_members', array('m_is_perm_banned' => 1), array('id' => $uid));
                 } else {
                     $GLOBALS['SITE_DB']->query_update('f_members', array('m_on_probation_until' => $ban_till), array('id' => $uid));
                 }
                 if ($row['ip_low1'] >= 127 && empty($ban_till)) {
                     if (import_check_if_imported('ip_ban', strval($uid))) {
                         continue;
                     }
                     for ($i = $row['ip_low1']; $i <= $row['ip_high1']; $i++) {
                         for ($j = $row['ip_low2']; $j <= $row['ip_high2']; $j++) {
                             for ($h = $row['ip_low3']; $h <= $row['ip_high3']; $h++) {
                                 for ($f = $row['ip_low4']; $f <= $row['ip_high4']; $f++) {
                                     $ip_to_ban = strval($i) . '.' . strval($j) . '.' . strval($h) . '.' . strval($f);
                                     add_ip_ban($ip_to_ban);
                                     import_id_remap_put('ip_ban', $ip_to_ban, 0);
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
コード例 #3
0
ファイル: aef.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'users WHERE u_member_group=-3');
     require_code('failure');
     foreach ($rows as $row) {
         $ban_time = $row['temp_ban_time'];
         //when is banned user
         $ban_period = $row['temp_ban'];
         //how many days is banned
         $ban_till = $ban_time + $ban_period;
         //the user is banned till this date/time
         if ($ban_till < time()) {
             continue;
         }
         if (import_check_if_imported('ip_ban', strval($row['id']))) {
             continue;
         }
         add_ip_ban($row['r_ip']);
         import_id_remap_put('ip_ban', strval($row['id']), 0);
     }
 }
コード例 #4
0
 /**
  * The actualiser to toggle a combined IP/member ban.
  *
  * @return tempcode		The UI
  */
 function multi_ban()
 {
     $title = get_page_title('BAN_USER');
     $id = either_param('id', NULL);
     $_ip = explode(':', strrev($id), 2);
     $ip = strrev($_ip[0]);
     $member = array_key_exists(1, $_ip) ? strrev($_ip[1]) : NULL;
     if (post_param_integer('confirm', 0) == 0) {
         $preview = do_lang_tempcode('BAN_USER_DESCRIPTION', is_null($member) ? do_lang_tempcode('NA_EM') : make_string_tempcode(strval($member)), make_string_tempcode(escape_html($ip)));
         $url = get_self_url(false, false);
         return do_template('CONFIRM_SCREEN', array('_GUID' => '3840c52b23d9034cb6f9dd529b236c97', 'TITLE' => $title, 'PREVIEW' => $preview, 'FIELDS' => form_input_hidden('confirm', '1'), 'URL' => $url));
     }
     if (!is_null($member)) {
         ocf_ban_member(intval($member));
     }
     require_code('failure');
     add_ip_ban($ip);
     return inform_screen($title, do_lang_tempcode('SUCCESS'));
 }
コード例 #5
0
ファイル: ocp_merge.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     require_code('failure');
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'usersubmitban_ip');
     foreach ($rows as $row) {
         add_ip_ban($row['ip'], array_key_exists('i_descrip', $row) ? $row['i_descrip'] : '');
     }
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'usersubmitban_member');
     $on_same_msn = $this->on_same_msn($file_base);
     foreach ($rows as $row) {
         $member = $on_same_msn ? $row['the_member'] : import_id_remap_get('member', $row['the_member'], true);
         if (is_null($member)) {
             continue;
         }
         $GLOBALS['SITE_DB']->query_insert('usersubmitban_member', array('the_member' => $member));
     }
 }
コード例 #6
0
ファイル: ocf.php プロジェクト: erico-deh/ocPortal
 /**
  * Handle flood control for members.
  *
  * @param  MEMBER			The member ID that just got detected
  */
 function ocf_flood_control($id)
 {
     global $NON_PAGE_SCRIPT;
     if ($NON_PAGE_SCRIPT == 1) {
         return;
     }
     global $FLOOD_CONTROL_ONCE;
     if ($FLOOD_CONTROL_ONCE) {
         return;
     }
     $FLOOD_CONTROL_ONCE = true;
     if (get_page_name() == 'join') {
         return;
     }
     if (!running_script('index') && !running_script('iframe')) {
         return;
     }
     require_code('ocf_groups');
     // Set last visit time session cookie if it doesn't exist
     if (!array_key_exists('last_visit', $_COOKIE) && $GLOBALS['FORUM_DRIVER']->get_guest_id() != $id) {
         require_code('users_active_actions');
         $lvt = $this->get_member_row_field($id, 'm_last_visit_time');
         ocp_setcookie('last_visit', is_null($lvt) ? strval(time()) : strval($lvt), true);
         $new_visit = true;
     } else {
         $new_visit = false;
     }
     // Do some flood control
     $submitting = count($_POST) > 0 && get_param('type', NULL) !== 'ed' && get_param('type', NULL) !== 'ec' && !running_script('preview');
     $restrict = $submitting ? 'flood_control_submit_secs' : 'flood_control_access_secs';
     $restrict_setting = $submitting ? 'm_last_submit_time' : 'm_last_visit_time';
     $restrict_answer = ocf_get_best_group_property($this->get_members_groups($id), $restrict);
     if (!$submitting && array_key_exists('redirect', $_GET)) {
         $restrict_answer = 0;
     }
     if ($restrict_answer < 0) {
         $restrict_answer = 0;
     }
     $last = $this->get_member_row_field($id, $restrict_setting);
     if ($last > time()) {
         $last = time() - $restrict_answer;
     }
     // Weird clock problem
     $wait_time = $restrict_answer - time() + $last;
     if ($wait_time > 0 && addon_installed('stats')) {
         require_code('site');
         log_stats('/flood', 0);
         $time_threshold = 30;
         $count_threshold = 50;
         $query = 'SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'stats WHERE date_and_time>' . strval(time() - $time_threshold) . ' AND date_and_time<' . strval(time()) . ' AND ' . db_string_equal_to('ip', get_ip_address());
         $count = $GLOBALS['SITE_DB']->query_value_null_ok_full($query);
         if ($count >= $count_threshold && addon_installed('securitylogging')) {
             $ip = get_ip_address();
             require_code('failure');
             add_ip_ban($ip);
             require_code('notifications');
             dispatch_notification('auto_ban', NULL, do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()), do_lang('AUTO_BAN_DOS_MESSAGE', $ip, integer_format($count_threshold), integer_format($time_threshold), get_site_default_lang()), NULL, A_FROM_SYSTEM_PRIVILEGED);
         }
         if (!function_exists('require_lang')) {
             require_code('lang');
         }
         if (!function_exists('do_lang_tempcode')) {
             require_code('tempcode');
         }
         require_lang('ocf');
         warn_exit(do_lang_tempcode('FLOOD_CONTROL_RESTRICT', integer_format($wait_time)));
     }
     $extra = $submitting ? array('m_last_submit_time' => time()) : array();
     $dif = time() - $this->get_member_row_field($id, 'm_last_visit_time');
     if ($dif < 0) {
         $dif = 0;
     }
     // can happen if system clock changes
     if (is_guest($id)) {
         if (get_value('session_prudence') !== '1') {
             global $SESSION_CACHE;
             $num_guests = 0;
             foreach ($SESSION_CACHE as $c) {
                 if (!array_key_exists('the_user', $c)) {
                     continue;
                 }
                 // Workaround to HipHop PHP weird bug
                 if ($c['last_activity'] > time() - 60 * 4 && is_guest($c['the_user'])) {
                     $num_guests++;
                 }
             }
             $dif *= $num_guests;
         } else {
             $restrict_answer = 0;
         }
     }
     if ($submitting || count($_POST) == 0 && $dif > $wait_time) {
         if ($restrict_answer != 0 || $dif > 180 || $new_visit) {
             $old_ip = $this->get_member_row_field($id, 'm_ip_address');
             $change_map = array('m_last_visit_time' => time());
             if (get_ip_address() != $old_ip) {
                 $change_map['m_ip_address'] = get_ip_address();
             }
             if (get_db_type() != 'xml') {
                 $this->connection->query_update('f_members', $change_map + $extra, array('id' => $id), '', 1, NULL, false, true);
             }
         }
     }
 }
コード例 #7
0
ファイル: phpbb2.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     require_code('failure');
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'banlist WHERE ' . db_string_not_equal_to('ban_ip', ''));
     foreach ($rows as $row) {
         if (import_check_if_imported('ip_ban', strval($row['ban_id']))) {
             continue;
         }
         add_ip_ban($this->_un_phpbb_ip($row['ban_ip']));
         import_id_remap_put('ip_ban', strval($row['ban_id']), 0);
     }
 }
コード例 #8
0
ファイル: failure.php プロジェクト: erico-deh/ocPortal
/**
 * Log a hackattack, then displays an error message. It also attempts to send an e-mail to the staff alerting them of the hackattack.
 *
 * @param  ID_TEXT		The reason for the hack attack. This has to be a language string codename
 * @param  SHORT_TEXT	A parameter for the hack attack language string (this should be based on a unique ID, preferably)
 * @param  SHORT_TEXT	A more illustrative parameter, which may be anything (e.g. a title)
 */
function _log_hack_attack_and_exit($reason, $reason_param_a = '', $reason_param_b = '')
{
    if (function_exists('set_time_limit')) {
        @set_time_limit(4);
    }
    global $EXTRA_HEAD;
    if (!isset($EXTRA_HEAD)) {
        $EXTRA_HEAD = new ocp_tempcode();
    }
    $EXTRA_HEAD->attach('<meta name="robots" content="noindex" />');
    // XHTMLXHTML
    $GLOBALS['HTTP_STATUS_CODE'] = '403';
    if (!headers_sent()) {
        if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
            header('HTTP/1.0 403 Forbidden');
        }
        // Stop spiders ever storing the URL that caused this
    }
    if (!addon_installed('securitylogging')) {
        warn_exit(do_lang_tempcode('HACK_ATTACK_USER'));
    }
    $ip = get_ip_address();
    $ip2 = ocp_srv('REMOTE_ADDR');
    if (!is_valid_ip($ip2)) {
        $ip2 = '';
    }
    if ($ip2 == $ip || $ip2 == '' || ocp_srv('SERVER_ADDR') == $ip2) {
        $ip2 = NULL;
    }
    if (function_exists('get_member')) {
        $id = get_member();
        $username = $GLOBALS['FORUM_DRIVER']->get_username($id);
        if (is_null($username)) {
            $username = do_lang('UNKNOWN');
        }
    } else {
        $id = db_get_first_id();
        $username = function_exists('do_lang') ? do_lang('UNKNOWN') : 'Unknown';
    }
    $url = ocp_srv('PHP_SELF') . '?' . ocp_srv('QUERY_STRING');
    $post = '';
    foreach ($_POST as $key => $val) {
        if (!is_string($val)) {
            continue;
        }
        $post .= $key . ' => ' . $val . "\n\n";
    }
    $count = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip));
    $alt_ip = false;
    if (!is_null($ip2)) {
        $count2 = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip2));
        if ($count2 > $count) {
            $count = $count2;
            $alt_ip = true;
        }
    }
    $hack_threshold = 5;
    if (array_key_exists('FORUM_DRIVER', $GLOBALS) && function_exists('get_member') && $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
        $count = 0;
    }
    $new_row = array('user_agent' => substr(get_browser_string(), 0, 255), 'referer' => substr(ocp_srv('HTTP_REFERER'), 0, 255), 'user_os' => substr(get_os_string(), 0, 255), 'reason' => $reason, 'reason_param_a' => substr($reason_param_a, 0, 255), 'reason_param_b' => substr($reason_param_b, 0, 255), 'url' => substr($url, 0, 255), 'data_post' => $post, 'the_user' => $id, 'date_and_time' => time(), 'ip' => $ip);
    $ip_ban_todo = NULL;
    if ($count >= $hack_threshold && get_option('autoban') != '0') {
        // Test we're not banning a good bot
        $se_ip_lists = array('http://www.iplists.com.nyud.net/nw/google.txt', 'http://www.iplists.com.nyud.net/nw/msn.txt', 'http://www.iplists.com.nyud.net/infoseek.txt', 'http://www.iplists.com.nyud.net/nw/inktomi.txt', 'http://www.iplists.com.nyud.net/nw/lycos.txt', 'http://www.iplists.com.nyud.net/nw/askjeeves.txt', 'http://www.iplists.com.nyud.net/northernlight.txt', 'http://www.iplists.com.nyud.net/nw/altavista.txt', 'http://www.iplists.com.nyud.net/nw/misc.txt');
        $ip_stack = array();
        $ip_bits = explode(strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':', $alt_ip ? $ip2 : $ip);
        foreach ($ip_bits as $i => $ip_bit) {
            $buildup = '';
            for ($j = 0; $j <= $i; $j++) {
                if ($buildup != '') {
                    $buildup .= strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':';
                }
                $buildup .= $ip_bits[$j];
            }
            $ip_stack[] = $buildup;
        }
        $is_se = false;
        foreach ($se_ip_lists as $ip_list) {
            $ip_list_file = http_download_file($ip_list, NULL, false);
            if (is_string($ip_list_file)) {
                $ip_list_array = explode(chr(10), $ip_list_file);
                foreach ($ip_stack as $ip_s) {
                    if (in_array($ip_s, $ip_list_array)) {
                        $is_se = true;
                    }
                }
                if ($is_se) {
                    break;
                }
            }
        }
        $dns = @gethostbyaddr($alt_ip ? $ip2 : $ip);
        if (preg_match('#(\\s|,|^)gethostbyname(\\s|$|,)#i', @ini_get('disable_functions')) != 0 || @gethostbyname($dns) === ($alt_ip ? $ip2 : $ip)) {
            $se_domain_names = array('googlebot.com', 'google.com', 'msn.com', 'yahoo.com', 'ask.com', 'aol.com');
            foreach ($se_domain_names as $domain_name) {
                if (substr($dns, -strlen($domain_name) - 1) == '.' . $domain_name) {
                    $is_se = true;
                    break;
                }
            }
        }
        if (!$is_se && ($alt_ip ? $ip2 : $ip) != '127.0.0.1') {
            $rows = $GLOBALS['SITE_DB']->query_select('hackattack', array('*'), array('ip' => $alt_ip ? $ip2 : $ip));
            $rows[] = $new_row;
            $summary = '';
            foreach ($rows as $row) {
                $full_reason = do_lang($row['reason'], $row['reason_param_a'], $row['reason_param_b'], NULL, get_site_default_lang());
                $summary .= "\n" . ' - ' . $full_reason . ' [' . $row['url'] . ']';
            }
            add_ip_ban($alt_ip ? $ip2 : $ip, $full_reason);
            $_ip_ban_url = build_url(array('page' => 'admin_ipban', 'type' => 'misc'), get_module_zone('admin_ipban'), NULL, false, false, true);
            $ip_ban_url = $_ip_ban_url->evaluate();
            $ip_ban_todo = do_lang('AUTO_BAN_HACK_MESSAGE', $alt_ip ? $ip2 : $ip, integer_format($hack_threshold), array($summary, $ip_ban_url), get_site_default_lang());
        }
    }
    $GLOBALS['SITE_DB']->query_insert('hackattack', $new_row);
    if (!is_null($ip2)) {
        $new_row['ip'] = $ip2;
        $GLOBALS['SITE_DB']->query_insert('hackattack', $new_row);
    }
    if (function_exists('do_lang')) {
        $reason_full = do_lang($reason, $reason_param_a, $reason_param_b, NULL, get_site_default_lang());
        $_stack_trace = get_html_trace();
        $stack_trace = str_replace('html', '&#104;tml', $_stack_trace->evaluate());
        $time = get_timezoned_date(time(), true, true, true);
        $message = do_template('HACK_ATTEMPT_MAIL', array('_GUID' => '6253b3c42c5e6c70d20afa9d1f5b40bd', 'STACK_TRACE' => $stack_trace, 'USER_AGENT' => get_browser_string(), 'REFERER' => ocp_srv('HTTP_REFERER'), 'USER_OS' => get_os_string(), 'REASON' => $reason_full, 'IP' => $ip, 'ID' => strval($id), 'USERNAME' => $username, 'TIME_RAW' => strval(time()), 'TIME' => $time, 'URL' => $url, 'POST' => $post), get_site_default_lang());
        require_code('notifications');
        $subject = do_lang('HACK_ATTACK_SUBJECT', $ip, NULL, NULL, get_site_default_lang());
        dispatch_notification('hack_attack', NULL, $subject, $message->evaluate(get_site_default_lang(), false), NULL, A_FROM_SYSTEM_PRIVILEGED);
        if (!is_null($ip_ban_todo)) {
            $subject = do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang());
            dispatch_notification('auto_ban', NULL, $subject, $ip_ban_todo, NULL, A_FROM_SYSTEM_PRIVILEGED);
        }
    }
    if (preg_match('#^localhost[\\.\\:$]#', ocp_srv('HTTP_HOST')) != 0 && substr(get_base_url(), 0, 17) == 'http://localhost/') {
        fatal_exit(do_lang('HACK_ATTACK'));
    }
    warn_exit(do_lang_tempcode('HACK_ATTACK_USER'));
}
コード例 #9
0
 /**
  * The actualiser to delete trackbacks.
  *
  * @return tempcode		The UI
  */
 function delete_trackbacks()
 {
     $title = get_page_title('DELETE_TRACKBACKS');
     foreach ($_POST as $key => $val) {
         if (!is_string($val)) {
             continue;
         }
         if (substr($key, 0, 10) == 'trackback_') {
             $id = intval(substr($key, 10));
             switch ($val) {
                 case '2':
                     if (addon_installed('securitylogging')) {
                         $trackback_ip = $GLOBALS['SITE_DB']->query_value_null_ok('trackbacks', 'trackback_ip', array('id' => $id));
                         if (is_null($trackback_ip)) {
                             break;
                         }
                         require_code('failure');
                         add_ip_ban($trackback_ip, do_lang('TRACKBACK_SPAM'));
                     }
                     // Intentionally no 'break' line below
                 // Intentionally no 'break' line below
                 case '1':
                     $GLOBALS['SITE_DB']->query_delete('trackbacks', array('id' => $id), '', 1);
                     break;
                     // (zero is do nothing)
             }
         }
     }
     // Show it worked / Refresh
     $text = do_lang_tempcode('SUCCESS');
     $url = get_param('redirect', NULL);
     if (is_null($url)) {
         $_url = build_url(array('page' => '_SELF', 'type' => 'misc'), '_SELF');
         $url = $_url->evaluate();
     }
     return redirect_screen($title, $url, $text);
 }
コード例 #10
0
ファイル: smf.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     global $SITE_INFO;
     require_code('failure');
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'ban_groups u LEFT JOIN ' . $table_prefix . 'ban_items b ON u.ID_BAN_GROUP = b.ID_BAN_GROUP');
     foreach ($rows as $row) {
         $ban_time = $row['ban_time'];
         //when is banned user
         $ban_till = $row['expire_time'];
         //member is banned until
         if ($ban_till > time() || empty($ban_till)) {
             $user = $db->query_select('members', array('ID_MEMBER'), array('memberName' => $row['name']));
             if (isset($user[0]['ID_MEMBER']) && $user[0]['ID_MEMBER'] != 0) {
                 $uid = $user[0]['ID_MEMBER'];
                 if (empty($ban_till)) {
                     $GLOBALS['SITE_DB']->query_update('f_members', array('m_is_perm_banned' => 1), array('id' => $uid));
                 } else {
                     $GLOBALS['SITE_DB']->query_update('f_members', array('m_on_probation_until' => $ban_till), array('id' => $uid));
                 }
                 if ($row['ip_low1'] >= 127 && empty($ban_till)) {
                     if (import_check_if_imported('ip_ban', strval($uid))) {
                         continue;
                     }
                     for ($i = $row['ip_low1']; $i <= $row['ip_high1']; $i++) {
                         for ($j = $row['ip_low2']; $j <= $row['ip_high2']; $j++) {
                             for ($h = $row['ip_low3']; $h <= $row['ip_high3']; $h++) {
                                 for ($f = $row['ip_low4']; $f <= $row['ip_high4']; $f++) {
                                     $ip_to_ban = strval($i . '.' . $j . '.' . $h . '.' . $f);
                                     add_ip_ban($ip_to_ban);
                                     import_id_remap_put('ip_ban', $ip_to_ban, 0);
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
コード例 #11
0
ファイル: submit.php プロジェクト: erico-deh/ocPortal
/**
 * Ban the specified IP address.
 *
 * @param  IP				The IP address to ban
 * @param  LONG_TEXT		Explanation for ban
 */
function ban_ip($ip, $descrip = '')
{
    $ban = trim($ip);
    if ($ban != '' && !compare_ip_address($ban, get_ip_address())) {
        require_code('failure');
        add_ip_ban($ban, $descrip);
    } elseif (compare_ip_address($ban, get_ip_address())) {
        attach_message(do_lang_tempcode('AVOIDING_BANNING_SELF'), 'warn');
    }
}
コード例 #12
0
ファイル: admin_lookup.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard modular run function.
  *
  * @return tempcode	The result of execution.
  */
 function run()
 {
     $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/investigateuser';
     $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_trace';
     require_lang('submitban');
     require_lang('security');
     require_code('lookup');
     if (addon_installed('securitylogging')) {
         $ip_ban_url = build_url(array('page' => 'admin_ipban'), get_module_zone('admin_ipban'));
         $GLOBALS['HELPER_PANEL_TEXT'] = comcode_to_tempcode(do_lang('DOC_ACTIONLOG_BAN_HELP', $ip_ban_url->evaluate()));
     }
     $param = get_param('param', get_param('id', ''));
     if ($param == '') {
         breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS'))));
         $title = get_page_title('INVESTIGATE_USER');
         require_code('form_templates');
         $submit_name = do_lang_tempcode('INVESTIGATE_USER');
         $post_url = build_url(array('page' => '_SELF'), '_SELF', NULL, false, true);
         $fields = form_input_line(do_lang_tempcode('DETAILS'), do_lang_tempcode('DESCRIPTION_INVESTIGATE'), 'param', '', false);
         breadcrumb_set_self(do_lang_tempcode('SEARCH'));
         return do_template('FORM_SCREEN', array('_GUID' => '9cc407037ec01a8f3483746a22889471', 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => '', 'TITLE' => $title, 'TEXT' => '', 'SUBMIT_NAME' => $submit_name, 'FIELDS' => $fields, 'URL' => $post_url));
     } else {
         if (is_numeric($param)) {
             $title = get_page_title('INVESTIGATE_USER_BY_MEMBER_ID');
         } elseif (strpos($param, '.') !== false) {
             $title = get_page_title('INVESTIGATE_USER_BY_IP');
         } else {
             $title = get_page_title('INVESTIGATE_USER_BY_USERNAME');
         }
         $test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
         if (count($test) == 1) {
             $test[1] = 'DESC';
         }
         list($sortable, $sort_order) = $test;
         $name = mixed();
         $id = mixed();
         $ip = mixed();
         $rows = lookup_member_page($param, $name, $id, $ip);
         if (is_null($name)) {
             $name = do_lang('UNKNOWN');
         }
         if (is_null($id)) {
             $id = $GLOBALS['FORUM_DRIVER']->get_guest_id();
         }
         if (is_null($ip)) {
             $ip = '';
         }
         $all_banned = collapse_1d_complexity('ip', $GLOBALS['SITE_DB']->query_select('usersubmitban_ip', array('ip')));
         $ip_list = new ocp_tempcode();
         $groups = array();
         foreach ($rows as $row) {
             if (strpos($row['ip'], ':') !== false) {
                 $bits = explode(':', $row['ip']);
                 $bits[count($bits) - 1] = '*';
                 $ip_masked = implode(':', $bits);
             } else {
                 $bits = explode('.', $row['ip']);
                 $bits[count($bits) - 1] = '*';
                 $ip_masked = implode('.', $bits);
             }
             if (!array_key_exists($ip_masked, $groups)) {
                 $groups[$ip_masked] = array();
             }
             $groups[$ip_masked][] = $row;
         }
         $all_ips = array();
         foreach ($groups as $mask => $group) {
             foreach ($group as $row) {
                 $all_ips[] = $row['ip'];
             }
             $all_ips[] = $mask;
         }
         if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
             if (!array_key_exists('banned', $_POST)) {
                 $_POST['banned'] = array();
             }
             require_code('failure');
             $all_banned_filtered = array();
             foreach ($all_ips as $bip) {
                 if (addon_installed('securitylogging')) {
                     if (in_array($bip, $_POST['banned'])) {
                         add_ip_ban($bip);
                         $all_banned_filtered[] = $bip;
                     } else {
                         remove_ip_ban($bip);
                     }
                 }
             }
             $all_banned = $all_banned_filtered;
         }
         foreach ($groups as $mask => $group) {
             $inner_ip_list = new ocp_tempcode();
             $one_sub_is_banned = false;
             foreach ($group as $row) {
                 $date = get_timezoned_date($row['date_and_time']);
                 $lookup_url = build_url(array('page' => '_SELF', 'param' => $row['ip']), '_SELF');
                 $inner_ip_list->attach(do_template('LOOKUP_IP_LIST_ENTRY', array('_GUID' => '94a133f5f711bbf09100346661e3f7c9', 'UNIQID' => uniqid('', true), 'LOOKUP_URL' => $lookup_url, 'DATE' => $date, '_DATE' => strval($row['date_and_time']), 'IP' => $row['ip'], 'BANNED' => in_array($row['ip'], $all_banned))));
                 if (in_array($row['ip'], $all_banned)) {
                     $one_sub_is_banned = true;
                 }
             }
             $ip_list->attach(do_template('LOOKUP_IP_LIST_GROUP', array('OPEN_DEFAULT' => $one_sub_is_banned, 'UNIQID' => uniqid('', true), 'BANNED' => in_array($mask, $all_banned), 'MASK' => $mask, 'GROUP' => $inner_ip_list)));
         }
         $stats = get_stats_track($id, $ip, get_param_integer('start', 0), get_param_integer('max', 10), $sortable, $sort_order);
         $points_url = addon_installed('points') ? build_url(array('page' => 'points', 'type' => 'member', 'id' => $id), get_module_zone('points')) : NULL;
         if (addon_installed('authors')) {
             $author_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'authors', 'author' => $name), get_module_zone('authors'));
         } else {
             $author_url = NULL;
         }
         if (addon_installed('search')) {
             $search_url = $name == do_lang('UNKNOWN') ? NULL : build_url(array('page' => 'search', 'type' => 'results', 'content' => '', 'author' => $name, 'days' => '-1', 'sort' => 'add_date', 'direction' => 'DESC'), get_module_zone('search'));
         } else {
             $search_url = NULL;
         }
         $profile_url = is_guest($id) ? NULL : $GLOBALS['FORUM_DRIVER']->member_profile_url($id, false, true);
         if (addon_installed('actionlog')) {
             $action_log_url = is_guest($id) ? NULL : build_url(array('page' => 'admin_actionlog', 'type' => 'list', 'id' => $id), get_module_zone('admin_actionlog'));
         } else {
             $action_log_url = NULL;
         }
         $alerts = $ip == '' ? new ocp_tempcode() : find_security_alerts(array('ip' => $ip));
         $member_banned = $GLOBALS['FORUM_DRIVER']->is_banned($id);
         $ip_banned = $ip != '' && !is_null($GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $ip)));
         $banned_test_2 = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_member', 'the_member', array('the_member' => $id));
         $submitter_banned = !is_null($banned_test_2);
         $member_ban_link = NULL;
         $ip_ban_link = NULL;
         $submitter_ban_link = NULL;
         if (addon_installed('securitylogging')) {
             if (get_forum_type() == 'ocf' && !is_guest($id) && $id != get_member()) {
                 $member_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_member_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog'))));
             }
             if ($ip != '' && $ip != get_ip_address()) {
                 $ip_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_ip_ban', 'id' => $ip), get_module_zone('admin_actionlog'))));
             }
             if (!is_guest($id) && $id != get_member()) {
                 $submitter_ban_link = do_template('ACTION_LOGS_TOGGLE_LINK', array('URL' => build_url(array('page' => 'admin_actionlog', 'type' => 'toggle_submitter_ban', 'id' => $id, 'redirect' => get_self_url(true)), get_module_zone('admin_actionlog'))));
             }
         }
         breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')), array('_SELF:_SELF:misc', do_lang_tempcode('SEARCH'))));
         breadcrumb_set_self(do_lang_tempcode('RESULT'));
         return do_template('LOOKUP_SCREEN', array('_GUID' => 'dc6effaa043949940b809f6aa5a1f944', 'TITLE' => $title, 'ALERTS' => $alerts, 'STATS' => $stats, 'IP_LIST' => $ip_list, 'IP_BANNED' => $ip_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'SUBMITTER_BANNED' => $submitter_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BANNED' => $member_banned ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), 'MEMBER_BAN_LINK' => $member_ban_link, 'SUBMITTER_BAN_LINK' => $submitter_ban_link, 'IP_BAN_LINK' => $ip_ban_link, 'ID' => strval($id), 'IP' => $ip, 'NAME' => $name, 'SEARCH_URL' => $search_url, 'AUTHOR_URL' => $author_url, 'POINTS_URL' => $points_url, 'PROFILE_URL' => $profile_url, 'ACTION_LOG_URL' => $action_log_url));
     }
 }
コード例 #13
0
ファイル: mybb.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard import function.
  *
  * @param  object			The DB connection to import from
  * @param  string			The table prefix the target prefix is using
  * @param  PATH			The base directory we are importing from
  */
 function import_ip_bans($db, $table_prefix, $file_base)
 {
     $rows = $db->query('SELECT * FROM ' . $table_prefix . 'users u LEFT JOIN ' . $table_prefix . 'banned b ON u.uid = b.uid WHERE b.gid=7');
     require_code('failure');
     foreach ($rows as $row) {
         $ban_time = $row['dateline'];
         //when is banned user
         $ban_period = $row['bantime'];
         //how many days/months/years is banned
         $perm_banned = false;
         if ($ban_period == '---') {
             //permanantly banned
             $perm_banned = true;
         } else {
             //calculate the ban period
             $period_array = array_map('intval', explode('-', $ban_period));
             if (isset($period_array[0]) && $period_array[0] > 0) {
                 $ban_till = $ban_time + strtotime("+ " . $period_array[0] . " day", strtotime($ban_time));
                 //the user is banned till this date/time
             } elseif (isset($period_array[1]) && $period_array[1] > 0) {
                 $ban_till = $ban_time + strtotime("+ " . $period_array[1] . " month", strtotime($ban_time));
                 //the user is banned till this date/time
             } elseif (isset($period_array[2]) && $period_array[2] > 0) {
                 $ban_till = $ban_time + strtotime("+ " . $period_array[2] . " year", strtotime($ban_time));
                 //the user is banned till this date/time
             }
         }
         $ban_till = $ban_time + $ban_period;
         //the user is banned till this date/time
         if (!$perm_banned) {
             continue;
         }
         //add just IPs of permanently banned users
         if (import_check_if_imported('ip_ban', strval($row['uid']))) {
             continue;
         }
         add_ip_ban($row['lastip']);
         import_id_remap_put('ip_ban', strval($row['lastip']), 0);
     }
 }
コード例 #14
0
ファイル: warnings.php プロジェクト: erico-deh/ocPortal
 /**
  * Standard aed_module add actualiser.
  *
  * @return ID_TEXT		The entry added
  */
 function add_actualisation()
 {
     $explanation = post_param('explanation');
     $member_id = post_param_integer('member_id');
     $message = post_param('message', '');
     $username = $GLOBALS['FORUM_DRIVER']->get_username($member_id);
     if (is_null($username)) {
         warn_exit(do_lang_tempcode('_USER_NO_EXIST', escape_html($username)));
     }
     $save = post_param('save');
     if ($save != '') {
         $GLOBALS['FORUM_DB']->query_delete('f_saved_warnings', array('s_title' => $save), '', 1);
         $GLOBALS['FORUM_DB']->query_insert('f_saved_warnings', array('s_title' => $save, 's_explanation' => $explanation, 's_message' => $message));
     }
     // Send PT
     if ($message != '') {
         require_code('ocf_topics_action');
         require_code('ocf_topics_action2');
         require_code('ocf_posts_action');
         require_code('ocf_posts_action2');
         $_title = do_lang('NEW_WARNING_TO_YOU');
         $pt_topic_id = ocf_make_topic(NULL, '', '', 1, 1, 0, 0, 0, get_member(), $member_id);
         $post_id = ocf_make_post($pt_topic_id, $_title, $message, 0, true, 1, 1, NULL, NULL, NULL, NULL, NULL, NULL, NULL, false);
         send_pt_notification($post_id, $_title, $pt_topic_id, $member_id);
     }
     // Topic silencing
     $silence_from_topic = post_param_integer('topic_id', NULL);
     if (!is_null($silence_from_topic)) {
         $_silence_from_topic = get_input_date('silence_from_topic');
         $GLOBALS['SITE_DB']->query_delete('msp', array('member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'topics', 'category_name' => strval($silence_from_topic)));
     } else {
         $_silence_from_topic = NULL;
     }
     if (!is_null($_silence_from_topic)) {
         $GLOBALS['SITE_DB']->query_insert('msp', array('active_until' => $_silence_from_topic, 'member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'topics', 'category_name' => strval($silence_from_topic), 'the_value' => '0'));
     } else {
         $silence_from_topic = NULL;
     }
     // Forum silencing
     $silence_from_forum = post_param_integer('forum_id', NULL);
     if (!is_null($silence_from_forum)) {
         $GLOBALS['SITE_DB']->query_delete('msp', array('member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum)));
         $GLOBALS['SITE_DB']->query_delete('msp', array('member_id' => $member_id, 'specific_permission' => 'submit_midrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum)));
         $_silence_from_forum = get_input_date('silence_from_forum');
     } else {
         $_silence_from_forum = NULL;
     }
     if (!is_null($_silence_from_forum)) {
         $GLOBALS['SITE_DB']->query_insert('msp', array('active_until' => $_silence_from_forum, 'member_id' => $member_id, 'specific_permission' => 'submit_lowrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum), 'the_value' => '0'));
         $GLOBALS['SITE_DB']->query_insert('msp', array('active_until' => $_silence_from_forum, 'member_id' => $member_id, 'specific_permission' => 'submit_midrange_content', 'the_page' => '', 'module_the_name' => 'forums', 'category_name' => strval($silence_from_forum), 'the_value' => '0'));
     } else {
         $silence_from_forum = NULL;
     }
     // Probation
     $probation = post_param_integer('probation', 0);
     if (has_specific_permission(get_member(), 'probate_members')) {
         if ($probation != 0) {
             $on_probation_until = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_on_probation_until');
             if (is_null($on_probation_until) || $on_probation_until < time()) {
                 $on_probation_until = time();
             }
             $on_probation_until += $probation * 60 * 60 * 24;
             $GLOBALS['FORUM_DB']->query_update('f_members', array('m_on_probation_until' => $on_probation_until), array('id' => $member_id), '', 1);
         }
     }
     // Ban member
     if (has_specific_permission(get_member(), 'member_maintenance')) {
         $banned_member = post_param_integer('banned_member', 0);
         if ($banned_member == 1) {
             $GLOBALS['FORUM_DB']->query_update('f_members', array('m_is_perm_banned' => 1), array('id' => $member_id), '', 1);
         }
     } else {
         $banned_member = 0;
     }
     // IP ban
     $banned_ip = '';
     if (addon_installed('securitylogging')) {
         if (has_actual_page_access(get_member(), 'admin_ipban')) {
             $_banned_ip = post_param_integer('banned_ip', 0);
             if ($_banned_ip == 1) {
                 $banned_ip = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_ip_address');
                 require_code('failure');
                 add_ip_ban($banned_ip);
             }
         }
     }
     // Change group
     $changed_usergroup_from = NULL;
     if (has_specific_permission(get_member(), 'member_maintenance')) {
         $__changed_usergroup_from = post_param('changed_usergroup_from');
         if ($__changed_usergroup_from == '') {
             $_changed_usergroup_from = NULL;
         } else {
             $_changed_usergroup_from = intval($__changed_usergroup_from);
         }
         if (!is_null($_changed_usergroup_from) && $_changed_usergroup_from != -1) {
             $changed_usergroup_from = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_primary_group');
             $GLOBALS['FORUM_DB']->query_update('f_members', array('m_primary_group' => $_changed_usergroup_from), array('id' => $member_id), '', 1);
         }
     }
     // Prepare to charge points (used in ocf_make_warning)
     $charged_points = post_param_integer('charged_points', 0);
     // Make the warning
     $warning_id = ocf_make_warning($member_id, $explanation, NULL, NULL, post_param_integer('is_warning', 0), $silence_from_topic, $silence_from_forum, $probation, $banned_ip, $charged_points, $banned_member, $changed_usergroup_from);
     // Charge points
     if (addon_installed('points')) {
         if (has_actual_page_access(get_member(), 'admin_points')) {
             if ($charged_points != 0) {
                 require_code('points2');
                 charge_member($member_id, $charged_points, do_lang('FOR_PUNISHMENT', strval($warning_id)));
             }
         }
     }
     return strval($warning_id);
 }