function rate_limiter(&$log)
{
$myreturn = false;
global $dbtable_prefix;
$where = '';
if (!empty($log['user_id'])) {
$where = " AND `fk_user_id`='" . $log['user_id'] . "'";
} else {
$where = " AND `ip`='" . $log['ip'] . "' AND `sess`='" . $log['sess'] . "'";
}
$query = "SELECT `limit`,`interval`,`punishment`,`fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `level_code`='" . $log['level'] . "' AND `m_value`='" . $log['membership'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$punish = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$query = "SELECT count(*) FROM `{$dbtable_prefix}site_log` WHERE `level_code`='" . $log['level'] . "' AND `time`>=DATE_SUB('" . gmdate('YmdHis') . "',INTERVAL " . $rsrow['interval'] . " MINUTE) {$where}";
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res2, 0, 0) >= $rsrow['limit']) {
$punish[$rsrow['punishment']] = $rsrow['fk_lk_id_error_message'];
}
}
if (isset($punish[_PUNISH_BANIP_])) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANIP_ . ",`what`='" . $log['ip'] . "',`reason`='" . $punish[_PUNISH_BANIP_] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANUSER_])) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANUSER_ . ",`what`='" . $log['user'] . "',`reason`='" . $punish[_PUNISH_BANUSER_] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANEMAIL_])) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANEMAIL_ . ",`what`='" . $log['email'] . "',`reason`='" . $punish[_PUNISH_BANEMAIL_] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_ERROR_])) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = isset($GLOBALS['_lang'][$punish[_PUNISH_ERROR_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_ERROR_]] : '';
redirect2page('info.php', $topass);
} elseif (isset($punish[_PUNISH_UPGRADE_])) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = isset($GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]] : '';
redirect2page(_BASEURL_ . '/info.php?type=access', $topass, '', true);
}
return $myreturn;
}
}
$input['fk_lk_id_reason'] = mysql_insert_id();
$query = "INSERT INTO `{$dbtable_prefix}lang_strings` (`lang_value`,`fk_lk_id`,`skin`) VALUES ('" . $input['reason'] . "','" . $input['fk_lk_id_reason'] . "','{$default_skin_code}')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "INSERT INTO `{$dbtable_prefix}site_bans` SET ";
foreach ($site_bans_default['defaults'] as $k => $v) {
if (isset($input[$k])) {
$query .= "`{$k}`='" . $input[$k] . "',";
}
}
$query = substr($query, 0, -1);
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Ban added.';
}
regenerate_langstrings_array();
regenerate_ban_array();
} else {
$nextpage = 'site_bans_addedit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);