/* Login Authorization using COOKIES */ if ($action == 'dologin') { // Do we have correct username and password ? $member_db = user_search($username); $md5_hash = $member_db[UDB_PASS]; $cmd5_password = hash_generate($password, $md5_hash); if (in_array($member_db[UDB_PASS], $cmd5_password)) { $_SESS['ix'] = $username; $_SESS['user'] = $username; if ($rememberme == 'yes') { $_SESS['@'] = true; } elseif (isset($_SESS['@'])) { unset($_SESS['@']); } add_to_log($username, 'login'); user_remove_ban($ip); // Modify Last Login $member_db[UDB_LAST] = time(); user_update($username, $member_db); $is_loged_in = true; send_cookie(); } else { $_SESS['user'] = false; $bandata = user_addban($ip, time() + 3600); $result .= getpart('block_ban', $bandata[1], date('d-m-Y H:i:s', $bandata[2])); add_to_log($username, lang('Wrong username/password')); $is_loged_in = false; send_cookie(); } } } else {
// ******************************************************************************** // Add IP // ******************************************************************************** if ($action == "add" or $action == "quickadd") { if (!empty($add_ip)) { user_addban($add_ip); } // from editcomments if ($action == "quickadd") { die_stat(false, str_replace('%1', $add_ip, lang('The IP %1 is now banned from commenting'))); } } elseif ($action == "remove") { if (empty($remove_ip)) { msg("error", lang('Error!'), lang("The IP or nick cannot be blank"), '#GOBACK'); } user_remove_ban($remove_ip); } // ******************************************************************************** // List all IP // ******************************************************************************** echoheader("options", lang("Blocking IP / Nickname"), make_breadcrumbs('main/options=options/Block IP or nickname')); $c = 0; $iplist = array(); // read all lines $ips = fopen(SERVDIR . '/cdata/ipban.db.php', 'r'); while (!feof($ips)) { $dip = explode('|', fgets($ips)); if (empty($dip[0])) { continue; } if (substr($dip[0], 0, 2) == '<' . '?') {
function user_getban($ip, $stat = true) { $users_ban = load_database('users_ban', 'ipban.db'); // Check for masked IP if present that if (preg_match('~^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$~', $ip, $ei)) { $ip = '(' . $ei[1] . '|\\*)\\.(' . $ei[2] . '|\\*)\\.(' . $ei[3] . '|\\*)\\.(' . $ei[4] . '|\\*)'; } else { $ip = preg_sanitize($ip); } if (empty($ip)) { return false; } if (preg_match('~^' . $ip . '\\|.*$~im', $users_ban, $c)) { $list = explode('|', $c[0]); // With expire time user has unblocked if ($list[2] && $list[2] < time()) { user_remove_ban($ip); return false; } // Status message return $stat ? 'blocked' : $list; } else { return false; } }