PhpBB
How to restrict the visitor's IP (phpBB code): /***************************************************************************
* admin_user_ban.php
* -------------------
* Begin:tuesday, Jul 31, 2001
* Copyright: (C) 2001 the PhpBB Group
* Email: [Email]support@phpbb.com[/email]
*
* $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx EXP $
*
*
***************************************************************************/
/***************************************************************************
* This file was part of the phpBB2 port to Nuke 6.0 (c) Copyright 2002
* by Tom Nitzschner ([Email]tom@toms-home.com[/email])
* [Url]http://bbtonuke.sourceforge.net[/url] (or [url]http://www.toms-home.com) [/url]
*
* As always, make a backup before messing with anything. All code
* Release by me was considered sample code only. It May fully
* Functual, but the use of it at your own risk, if you break it,
* You get to fix it too. No Waranty is given or implied.
*
* Please post any questions/request about this port on [Url]http://bbtonuke.sourceforge.net[/url] First,
* Then on my site. All original header code and copyright messages'll be maintained
* To give credits where is due. If you modify this, the-requirement is
* That's also maintain all original copyright messages. All my work is released
* Under the GNU general public LICENSE. Please see the README for more information.
*
***************************************************************************/
/***************************************************************************
*
* This program was free software; You can redistribute it and/or modify
* It under the terms of the GNU general public License as published by
* The free software Foundation; Either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
Define (' In_phpbb ', 1);
if (!empty ($setmodules))
{
$filename = basename (__file__);
$module [' Users '] [' ban_management '] = $filename;
Return
}
//
Load Default Header
//
$phpbb _root_path = './. /';
Require ($phpbb _root_path. ' Extension.inc ');
Require ('./pagestart. $phpEx);
//
Start Program
//
if (isset ($HTTP _post_vars[' submit '))
{
$user _bansql = ';
$email _bansql = ';
$ip _bansql = ';
$user _list = Array ();
if (!empty ($HTTP _post_vars[' username '))
{
$this _userdata = get_userdata ($HTTP _post_vars[' username ');
if (! $this _userdata)
{
Message_die (General_message, $lang [' no_user_id_specified ']);
}
$user _list[] = $this _userdata[' user_id ');
}
$ip _list = Array ();
if (isset ($HTTP _post_vars[' ban_ip '))
{
$ip _list_temp = Explode (', ', $HTTP _post_vars[' ban_ip ']);
for ($i = 0; $i < count ($ip _list_temp); $i + +)
{
if (Preg_match ('/^ ([0-9]{1,3}) \. ( [0-9] {1,3}) \. ([0-9]{1,3}) \. ([0-9]{1,3}) []*\-[]* ([0-9]{1,3}) \. ([0-9]{1,3}) \. ([0-9]{1,3}) \. ([0-9]{1,3}) $/', Trim ($ip _list_temp[$i]), $ip _range_explode))
{
//
Don ' t ask about all this, just don ' t ask ...! Why
//
$ip _1_counter = $ip _range_explode[1];
$ip _1_end = $ip _range_explode[5];
while ($ip _1_counter <= $ip _1_end)
{
$ip _2_counter = ($ip _1_counter = = $ip _range_explode[1])? $ip _range_explode[2]: 0;
$ip _2_end = ($ip _1_counter < $ip _1_end)? 254: $ip _range_explode[6];
if ($ip _2_counter = = 0 && $ip _2_end = = 254)
{
$ip _2_counter = 255;
$ip _2_fragment = 255;
$ip _list[] = encode_ip ("$ip _1_counter.255.255.255");
}
while ($ip _2_counter <= $ip _2_end)
{
$ip _3_counter = ($ip _2_counter = = $ip _range_explode[2] && $ip _1_counter = = $ip _range_explode[1])? $ip _range_explode[3]: 0;
$ip _3_end = ($ip _2_counter < $ip _2_end
$ip _1_counter < $ip _1_end)? 254: $ip _range_explode[7];
if ($ip _3_counter = = 0 && $ip _3_end = = 254)
{
$ip _3_counter = 255;
$ip _3_fragment = 255;
$ip _list[] = encode_ip ("$ip _1_counter. $ip _2_counter.255.255");
}
while ($ip _3_counter <= $ip _3_end)
{
$ip _4_counter = ($ip _3_counter = = $ip _range_explode[3] && $ip _2_counter = = $ip _range_explode[2] && $ip _1 _counter = = $ip _range_explode[1])? $ip _range_explode[4]: 0;
$ip _4_end = ($ip _3_counter < $ip _3_end
$ip _2_counter < $ip _2_end)? 254: $ip _range_explode[8];
if ($ip _4_counter = = 0 && $ip _4_end = = 254)
{
$ip _4_counter = 255;
$ip _4_fragment = 255;
$ip _list[] = encode_ip ("$ip _1_counter. $ip _2_counter. $ip _3_counter.255");
}
while ($ip _4_counter <= $ip _4_end)
{
$ip _list[] = encode_ip ("$ip _1_counter. $ip _2_counter. $ip _3_counter. $ip _4_counter");
$ip _4_counter++;
}
$ip _3_counter++;
}
$ip _2_counter++;
}
$ip _1_counter++;
}
}
else if (Preg_match ('/^ ([\w\-_]\.?) {2,}$/is ', trim ($ip _list_temp[$i])))
{
$ip = Gethostbynamel (Trim ($ip _list_temp[$i]);
for ($j = 0; $j < count ($ip); $j + +)
{
if (!empty ($ip [$j]))
{
$ip _list[] = encode_ip ($ip [$j]);
}
}
}
else if (Preg_match ('/^ ([0-9]{1,3}) \. ( [0-9\*] {1,3}) \. ([0-9\*]{1,3}) \. ([0-9\*]{1,3}) $/', Trim ($ip _list_temp[$i])))
{
$ip _list[] = encode_ip (Str_replace (' * ', ' 255 ', trim ($ip _list_temp[$i]));
}
}
}
$email _list = Array ();
if (isset ($HTTP _post_vars[' Ban_email '))
{
$email _list_temp = Explode (', ', $HTTP _post_vars[' Ban_email ']);
for ($i = 0; $i < count ($email _list_temp); $i + +)
{
//
This Ereg match was based on one by [Email]php@unreelpro.com[/email]
Contained in the annotated PHP manual at php.com (ereg
Section
//
if (eregi (' ^ [: alnum:]\*]+ ([-_.] [[: alnum:]\*]+] *\.?) | (\*)) @ ([[: alnum:]]+ ([-_]?[ [: Alnum:]] +)*\.) {1,3} ([[: alnum:]]{2,6}) $ ', Trim ($email _list_temp[$i])))
{
$email _list[] = Trim ($email _list_temp[$i]);
}
}
}
$sql = "SELECT *
From ". banlist_table;
if (! ( $result = $db->sql_query ($sql)))
{
Message_die (General_error, "couldn ' t obtain banlist information", "", __line__, __file__, $sql);
}
$current _banlist = $db->sql_fetchrowset ($result);
$db->sql_freeresult ($result);
$kill _session_sql = ';
for ($i = 0; $i < count ($user _list); $i + +)
{
$in _banlist = false;
for ($j = 0; $j < count ($current _banlist); $j + +)
{
if ($user _list[$i] = = $current _banlist[$j] [' Ban_userid '])
{
$in _banlist = true;
}
}
if (! $in _banlist)
{
$kill _session_sql = ($kill _session_sql! = ')? ' OR ': '). "session_user_id =". $user _list[$i];
$sql = "INSERT into". Banlist_table. "(Ban_userid)
VALUES (". $user _list[$i]. ")";
if (! $db->sql_query ($sql))
{
Message_die (General_error, "couldn ' t insert ban_userid info into Database", "", __line__, __file__, $sql);
}
}
}
for ($i = 0; $i < count ($ip _list); $i + +)
{
$in _banlist = false;
for ($j = 0; $j < count ($current _banlist); $j + +)
{
if ($ip _list[$i] = = $current _banlist[$j] [' ban_ip '])
{
$in _banlist = true;
}
}
if (! $in _banlist)
{
if (Preg_match ('/(ff\.) | (\.FF)/is ', Chunk_split ($ip _list[$i], 2, '. ')) )
{
$kill _ip_sql = "session_ip like '". Str_replace ('. ', ', Preg_replace ('/(ff\.) | (\.FF)/is ', '% ', chunk_split ($ip _list[$i], 2, "."))) . "'";
}
Else
{
$kill _ip_sql = "session_ip = '". $ip _list[$i]. "'";
}
$kill _session_sql = ($kill _session_sql! = ')? ' OR ': '). $kill _ip_sql;
$sql = "INSERT into". Banlist_table. "(BAN_IP)
VALUES (' ". $ip _list[$i]. "')";
if (! $db->sql_query ($sql))
{
Message_die (General_error, "couldn ' t insert ban_ip info into Database", "", __line__, __file__, $sql);
}
}
}
//
Now we'll delete all entries from the session table with any of the banned
User or IP info just entered into the ban table ... this would force a session
Initialisation resulting in an instant ban
//
if ($kill _session_sql! = ')
{
$sql = "DELETE from". Sessions_table. "
WHERE $kill _session_sql ";
if (! $db->sql_query ($sql))
{
Message_die (General_error, "couldn ' t delete banned sessions from database", "", __line__, __file__, $sql);
}
}
for ($i = 0; $i < count ($email _list); $i + +)
{
$in _banlist = false;
for ($j = 0; $j < count ($current _banlist); $j + +)
{
if ($email _list[$i] = = $current _banlist[$j] [' Ban_email '])
{
$in _banlist = true;
}
}
if (! $in _banlist)
{
$sql = "INSERT into". Banlist_table. "(Ban_email)
VALUES (' ". Str_replace ("'", "'", $email _list[$i]). "')";
if (! $db->sql_query ($sql))
{
Message_die (General_error, "couldn ' t insert ban_email info into Database", "", __line__, __file__, $sql);
}
}
}
$where _sql = ';
if (isset ($HTTP _post_vars[' Unban_user '))
{
$user _list = $HTTP _post_vars[' Unban_user ');
for ($i = 0; $i < count ($user _list); $i + +)
{
if ($user _list[$i]! =-1)
{
$where _sql = ($where _sql! = ')? ', ' : ' ) . $user _list[$i];
}
}
}
if (isset ($HTTP _post_vars[' unban_ip '))
{
$ip _list = $HTTP _post_vars[' unban_ip ');
for ($i = 0; $i < count ($ip _list); $i + +)
{
if ($ip _list[$i]! =-1)
{
$where _sql = ($where _sql! = ')? ', ' : ' ) . $ip _list[$i];
}
}
}
if (isset ($HTTP _post_vars[' Unban_email '))
{
$email _list = $HTTP _post_vars[' unban_email ');
for ($i = 0; $i < count ($email _list); $i + +)
{
if ($email _list[$i]! =-1)
{
$where _sql = ($where _sql! = ')? ', ' : ' ) . $email _list[$i];
}
}
}
if ($where _sql! = ')
{
$sql = "DELETE from". Banlist_table. "
WHERE ban_id in ($where _sql) ";
if (! $db->sql_query ($sql))
{
Message_die (General_error, "couldn ' t delete ban info from database", "", __line__, __file__, $sql);
}
}
$message = $lang [' ban_update_sucessful ']. '
' . sprintf ($lang [' click_return_banadmin '], ', '). '
' . sprintf ($lang [' Click_return_admin_index '], ', ');
Message_die (General_message, $message);
}
Else
{
$template->set_filenames (Array (
' Body ' = ' admin/user_ban_body.tpl ')
);
$template->assign_vars (Array (
' L_ban_title ' = $lang [' Ban_control '],
' L_ban_explain ' = $lang [' Ban_explain '],
' L_ban_explain_warn ' = $lang [' Ban_explain_warn '],
' L_ip_or_hostname ' = $lang [' Ip_hostname '],
' L_email_address ' = $lang [' email_address '],
' L_submit ' = $lang [' SUBMIT '],
' L_reset ' = $lang [' RESET '],
' S_banlist_action ' = Append_sid ("Admin_user_ban. $phpEx"))
);
$template->assign_vars (Array (
' L_ban_user ' = $lang [' Ban_username '],
' L_ban_user_explain ' = $lang [' Ban_username_explain '],
' L_ban_ip ' = $lang [' Ban_ip '],
' L_ban_ip_explain ' = $lang [' Ban_ip_explain '],
' L_ban_email ' = $lang [' Ban_email '],
' L_ban_email_explain ' = $lang [' Ban_email_explain '])
);
$userban _count = 0;
$ipban _count = 0;
$emailban _count = 0;
$sql = "Select b.ban_id, u.user_id, U.username
From ". Banlist_table. "B,". Users_table. "U
WHERE u.user_id = B.ban_userid
and B.ban_userid <> 0
and u.user_id <>. " ANONYMOUS. "
ORDER by u.user_id ASC ";
if (! ( $result = $db->sql_query ($sql)))
{
Message_die (General_error, ' Could not a Select current user_id ban list ', ' __line__, __file__, $sql);
}
$user _list = $db->sql_fetchrowset ($result);
$db->sql_freeresult ($result);
$select _userlist = ';
for ($i = 0; $i < count ($user _list); $i + +)
{
$select _userlist. = ' ' . $user _list[$i] [' username ']. '';
$userban _count++;
}
if ($select _userlist = = ')
{
$select _userlist = ' ' . $lang [' No_banned_users ']. '';
}
$select _userlist = ' ' . $select _userlist. '';
$sql = "Select ban_id, Ban_ip, Ban_email
From ". banlist_table;
if (! ( $result = $db->sql_query ($sql)))
{
Message_die (General_error, ' Could not select Current IP Ban list ', ', __line__, __file__, $sql);
}
$banlist = $db->sql_fetchrowset ($result);
$db->sql_freeresult ($result);
$select _iplist = ';
$select _emaillist = ';
for ($i = 0; $i < count ($banlist); $i + +)
{
$ban _id = $banlist [$i] [' ban_id '];
if (!empty ($banlist [$i] [' ban_ip ']))
{
$ban _ip = str_replace (' 255 ', ' * ', decode_ip ($banlist [$i] [' ban_ip ']));
$select _iplist. = ' ' . $ban _ip. '';
$ipban _count++;
}
else if (!empty ($banlist [$i] [' Ban_email ']))
{
$ban _email = $banlist [$i] [' ban_email '];
$select _emaillist. = ' ' . $ban _email. '';
$emailban _count++;
}
}
if ($select _iplist = = ')
{
$select _iplist = ' ' . $lang [' No_banned_ip ']. '';
}
if ($select _emaillist = = ')
{
$select _emaillist = ' ' . $lang [' No_banned_email ']. '';
}
$select _iplist = ' ' . $select _iplist. '';
$select _emaillist = ' ' . $select _emaillist. '';
$template->assign_vars (Array (
' L_unban_user ' = $lang [' Unban_username '],
' L_unban_user_explain ' = $lang [' Unban_username_explain '],
' L_unban_ip ' = $lang [' Unban_ip '],
' L_unban_ip_explain ' = $lang [' Unban_ip_explain '],
' L_unban_email ' = $lang [' Unban_email '],
' L_unban_email_explain ' = $lang [' Unban_email_explain '],
' L_username ' = $lang [' USERNAME '],
' L_look_up ' = $lang [' Look_up_user '],
' L_find_username ' = $lang [' Find_username '],
' U_search_user ' and Append_sid ("SEARCH $phpEx? mode=searchuser&popup=1&menu=1"),
' S_unban_userlist_select ' = $select _userlist,
' S_unban_iplist_select ' = $select _iplist,
' S_unban_emaillist_select ' = $select _emaillist,
' S_ban_action ' = Append_sid ("Admin_user_ban. $phpEx"))
);
}
$template->pparse (' body ');
Include ('./page_footer_admin. '). $PHPEX);
?>