How to restrict visitors' ip addresses (PHPBB code)
Code:
<? Php
/*************************************** ************************************
* Admin_user_ban.php
*-------------------
* Begin: Tuesday, Jul 31,200 1
* Copyright: (C) 2001 The phpBB Group
* Email: [email] support@phpbb.com [/email]
*
* $ Id: admin_user_ban.php, v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
**************************************** ***********************************/
/*************************************** ************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* By Tom Nitzschner ([email] tom@toms-home.com [/email])
* [Url] http://bbtonuke.sourceforge.net [/url] (or [url] http://www.toms-home.com) [/url]
*
* As always, make a backup before messing with anything. All code
* Release by me is considered sample code only. It may be fully
* Functual, but you use it at your own risk, if you break it,
* You get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on [url] http://bbtonuke.sourceforge.net [/url] first,
* Then on my site. All original header code and copyright messages will be maintained
* To give credit where credit is due. If you modify this, the only requirement is
* That you also maintain all original copyright messages. All my work is released
* Under the gnu general public license. Please see the README for more information.
*
**************************************** ***********************************/
/*************************************** ************************************
*
* This program is free software; you can redistribute it and/or modify
* It under the terms of the GNU General Public License as published
* The Free Software Foundation; either version 2 of the License, or
* (At your option) any later version.
*
**************************************** ***********************************/
Define ('in _ phpbb', 1 );
If (! Empty ($ setmodules ))
{
$ Filename = basename (_ FILE __);
$ Module ['users'] ['Ban _ management'] = $ filename;
Return;
}
//
// Load default header
//
$ Phpbb_root_path = './../';
Require ($ phpbb_root_path. 'extension. inc ');
Require ('./pagestart.'. $ phpEx );
//
// Start program
//
If (isset ($ HTTP_POST_VARS ['submit '])
{
$ User_bansql = '';
$ Email_bansql = '';
$ Ip_bansql = '';
$ User_list = array ();
If (! Empty ($ HTTP_POST_VARS ['username'])
{
$ This_userdata = get_userdata ($ HTTP_POST_VARS ['username']);
If (! $ This_userdata)
{
Message_die (GENERAL_MESSAGE, $ lang ['no _ user_id_specified ']);
}
$ User_list [] = $ this_userdata ['user _ id'];
}
$ Ip_list = array ();
If (isset ($ HTTP_POST_VARS ['Ban _ ip'])
{
$ Ip_list_temp = explode (',', $ HTTP_POST_VARS ['Ban _ ip']);
For ($ I = 0; $ I <count ($ ip_list_temp); $ I ++)
{
If (preg_match ('/^ ([0-9] {1, 3 })\. ([0-9] {1, 3 })\. ([0-9] {1, 3 })\. ([0-9] {1, 3}) [] * \-[] * ([0-9] {1, 3 })\. ([0-9] {1, 3 })\. ([0-9] {1, 3 })\. ([0-9] {1, 3}) $/', trim ($ ip_list_temp [$ I]), $ ip_range_explode ))
{
//
// Don't ask about all this, just don't ask ...! Why?
//
$ Ip_counter = $ ip_range_explode [1];
$ Ip_shortend = $ ip_range_explode [5];
While ($ ip_{counter <= $ ip_{end)
{
$ Ip_2_counter = ($ ip_counter counter = $ ip_range_explode [1])? $ Ip_range_explode [2]: 0;
$ Ip_2_end = ($ ip_1_counter <$ ip_1_end )? 254: $ ip_range_explode [6];
If ($ ip_2_counter = 0 & $ ip_2_end = 254)
{
$ Ip_2_counter = 255;
$ Ip_2_fragment = 255;
$ Ip_list [] = encode_ip ("$ ip_0000counter.0000255 ");
}
While ($ ip_2_counter <= $ ip_2_end)
{
$ Ip_3_counter = ($ ip_2_counter = $ ip_range_explode [2] & $ ip_1_counter = $ ip_range_explode [1])? $ Ip_range_explode [3]: 0;
$ Ip_3_end = ($ ip_2_counter <$ ip_2_end
$ Ip_counter <$ ip_{end )? 254: $ ip_range_explode [7];
If ($ ip_3_counter = 0 & $ ip_3_end = 254)
{
$ Ip_3_counter = 255;
$ Ip_3_fragment = 255;
$ Ip_list [] = encode_ip ("$ ip_counter. $ ip_2_counter.0000255 ");
}
While ($ ip_3_counter <= $ ip_3_end)
{
$ Ip_4_counter = ($ ip_3_counter = $ ip_range_explode [3] & $ ip_2_counter = $ counter [2] & $ ip_counter counter = $ ip_range_explode [1])? $ Ip_range_explode [4]: 0;
$ Ip_4_end = ($ ip_3_counter <$ ip_3_end
$ Ip_2_counter <$ ip_2_end )? 254: $ ip_range_explode [8];
If ($ ip_4_counter = 0 & $ ip_4_end = 254)
{
$ Ip_4_counter = 255;
$ Ip_4_fragment = 255;
$ Ip_list [] = encode_ip ("$ ip_counter. $ ip_2_counter. $ ip_3_counter.255 ");
}
While ($ ip_4_counter <= $ ip_4_end)
{
$ Ip_list [] = encode_ip ("$ ip_counter. $ ip_2_counter. $ ip_3_counter. $ ip_4_counter ");
$ Ip_4_counter ++;
}
$ Ip_3_counter ++;
}
$ Ip_2_counter ++;
}
$ Ip_counter ++;
}
}
Else if (preg_match ('/^ ([\ w \-_] \.?) {2 ,}$/is ', trim ($ ip_list_temp [$ I])
{
$ Ip = gethostbynamel (trim ($ ip_list_temp [$ I]);
For ($ j = 0; $ j <count ($ ip); $ j ++)
{
If (! Empty ($ ip [$ j])
{
$ Ip_list [] = encode_ip ($ ip [$ j]);
}
}
}
Else if (preg_match ('/^ ([0-9] {1, 3 })\. ([0-9 \ *] {1, 3 })\. ([0-9 \ *] {1, 3 })\. ([0-9 \ *] {1, 3}) $/', trim ($ ip_list_temp [$ I])
{
$ Ip_list [] = encode_ip (str_replace ('*', '000000', trim ($ ip_list_temp [$ I]);
}
}
}
$ Email_list = array ();
If (isset ($ HTTP_POST_VARS ['Ban _ email '])
{
$ Email_list_temp = explode (',', $ HTTP_POST_VARS ['Ban _ email ']);
For ($ I = 0; $ I <count ($ email_list_temp); $ I ++)
{
//
// This ereg match is based on one by [email] php@unreelpro.com [/email]
// Contained in the annotated php manual at php.com (ereg
// Section)
//
If (eregi ('^ ([[: alnum:] \ *] + ([-_.] [[: alnum:] \ *] + )*\.?) | (\ *) @ ([[: Alnum:] + ([-_]? [[: Alnum:] + )*\.) {1, 3} ([[: alnum:] {2, 6}) $ ', trim ($ email_list_temp [$ I])
{
$ Email_list [] = trim ($ email_list_temp [$ I]);
}
}
}
$ SQL = "SELECT *
FROM ". BANLIST_TABLE;
If (! ($ Result = $ db-> SQL _query ($ SQL )))
{
Message_die (GENERAL_ERROR, "Couldn't obtain banlist information", "", _ LINE __, _ FILE __, $ SQL );
}
$ Current_banlist = $ db-> SQL _fetchrowset ($ result );
$ Db-> SQL _freeresult ($ result );
$ Kill_session_ SQL = '';
For ($ I = 0; $ I <count ($ user_list); $ I ++)
{
$ In_banlist = false;
For ($ j = 0; $ j <count ($ current_banlist); $ j ++)
{
If ($ user_list [$ I] ==$ current_banlist [$ j] ['Ban _ userid'])
{
$ In_banlist = true;
}
}
If (! $ In_banlist)
{
$ Kill_session_ SQL. = ($ kill_session_ SQL! = '')? 'OR': '')." session_user_id = ". $ user_list [$ I];
$ SQL = "INSERT INTO". BANLIST_TABLE. "(ban_userid)
VALUES (". $ user_list [$ I].") ";
If (! $ Db-> SQL _query ($ SQL ))
{
Message_die (GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", _ LINE __, _ FILE __, $ SQL );
}
}
}
For ($ I = 0; $ I <count ($ ip_list); $ I ++)
{
$ In_banlist = false;
For ($ j = 0; $ j <count ($ current_banlist); $ j ++)
{
If ($ ip_list [$ I] ==$ current_banlist [$ j] ['Ban _ ip'])
{
$ In_banlist = true;
}
}
If (! $ In_banlist)
{
If (preg_match ('/(ff \.) | (\. ff)/is', chunk_split ($ ip_list [$ I], 2 ,'.')))
{
$ Kill_ip_ SQL = "session_ip LIKE '". str_replace ('. ', '', preg_replace ('/(ff \.) | (\. ff)/is ',' % ', chunk_split ($ ip_list [$ I], 2 ,". "))). "'";
}
Else
{
$ Kill_ip_ SQL = "session_ip = '". $ ip_list [$ I]. "'";
}
$ Kill_session_ SQL. = ($ kill_session_ SQL! = '')? 'OR': ''). $ kill_ip_ SQL;
$ SQL = "INSERT INTO". BANLIST_TABLE. "(ban_ip)
VALUES ('". $ ip_list [$ I]."') ";
If (! $ Db-> SQL _query ($ SQL ))
{
Message_die (GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", _ LINE __, _ FILE __, $ SQL );
}
}
}
//
// Now we'll delete all entries from the session table with any of the banned
// User or IP info just entered into the ban table... this will force a session
// Initialisation resulting in an instant ban
//
If ($ kill_session_ SQL! = '')
{
$ SQL = "DELETE FROM". SESSIONS_TABLE ."
WHERE $ kill_session_ SQL ";
If (! $ Db-> SQL _query ($ SQL ))
{
Message_die (GENERAL_ERROR, "Couldn't delete banned sessions from database", "", _ LINE __, _ FILE __, $ SQL );
}
}
For ($ I = 0; $ I <count ($ email_list); $ I ++)
{
$ In_banlist = false;
For ($ j = 0; $ j <count ($ current_banlist); $ j ++)
{
If ($ email_list [$ I] = $ current_banlist [$ j] ['Ban _ email '])
{
$ In_banlist = true;
}
}
If (! $ In_banlist)
{
$ SQL = "INSERT INTO". BANLIST_TABLE. "(ban_email)
VALUES ('". str_replace ("' "," ''", $ email_list [$ I]). "')";
If (! $ Db-> SQL _query ($ SQL ))
{
Message_die (GENERAL_ERROR, "Couldn't insert ban_email info into database", "", _ LINE __, _ FILE __, $ SQL );
}
}
}
$ Where_ SQL = '';
If (isset ($ HTTP_POST_VARS ['unban _ user'])
{
$ User_list = $ HTTP_POST_VARS ['unban _ user'];
For ($ I = 0; $ I <count ($ user_list); $ I ++)
{
If ($ user_list [$ I]! =-1)
{
$ Where_ SQL. = ($ where_ SQL! = '')? ',': ''). $ User_list [$ I];
}
}
}
If (isset ($ HTTP_POST_VARS ['unban _ ip'])
{
$ Ip_list = $ HTTP_POST_VARS ['unban _ ip'];
For ($ I = 0; $ I <count ($ ip_list); $ I ++)
{
If ($ ip_list [$ I]! =-1)
{
$ Where_ SQL. = ($ where_ SQL! = '')? ',': ''). $ Ip_list [$ I];
}
}
}
If (isset ($ HTTP_POST_VARS ['unban _ email '])
{
$ Email_list = $ HTTP_POST_VARS ['unban _ email '];
For ($ I = 0; $ I <count ($ email_list); $ I ++)
{
If ($ email_list [$ I]! =-1)
{
$ Where_ SQL. = ($ where_ SQL! = '')? ',': ''). $ Email_list [$ I];
}
}
}
If ($ where_ SQL! = '')
{
$ SQL = "DELETE FROM". BANLIST_TABLE ."
WHERE ban_id IN ($ where_ SQL )";
If (! $ Db-> SQL _query ($ SQL ))
{
Message_die (GENERAL_ERROR, "Couldn't delete ban info from database", "", _ LINE __, _ FILE __, $ SQL );
}
}
$ Message = $ lang ['Ban _ update_sucessful ']. '<br/> '. sprintf ($ lang ['click _ return_banadmin'], '<a href = "'. append_sid ("admin_user_ban. $ phpEx "). '">', '</a> '). '<br/> '. sprintf ($ lang ['click _ return_admin_index '],' <a href = "'. append_sid ("index. $ phpEx? Pane = right "). '">', '</a> ');
Message_die (GENERAL_MESSAGE, $ message );
}
Else
{
$ Template-> set_filenames (array (
'Body' => 'admin/user_ban_body.tpl ')
);
$ Template-> assign_vars (array (
'L _ BAN_TITLE '=> $ lang ['Ban _ control'],
'L _ BAN_EXPLAIN '=> $ lang ['Ban _ explain'],
'L _ ban_explain_warn' => $ lang ['Ban _ explain_warn'],
'L _ ip_or_hostname' => $ lang ['IP _ hostname'],
'L _ EMAIL_ADDRESS '=> $ lang ['email _ address'],
'L _ SUBMIT '=> $ lang ['submit'],
'L _ reset' => $ lang ['reset'],
'S _ BANLIST_ACTION '=> append_sid ("admin_user_ban. $ phpEx "))
);
$ Template-> assign_vars (array (
'L _ ban_user' => $ lang ['Ban _ username'],
'L _ BAN_USER_EXPLAIN '=> $ lang ['Ban _ username_explain'],
'L _ BAN_IP '=> $ lang ['Ban _ ip'],
'L _ BAN_IP_EXPLAIN '=> $ lang ['Ban _ IP_explain'],
'L _ BAN_EMAIL '=> $ lang ['Ban _ email'],
'L _ BAN_EMAIL_EXPLAIN '=> $ lang ['Ban _ email_explain'])
);
$ Userban_count = 0;
$ Ipban_count = 0;
$ Emailban_count = 0;
$ SQL = "SELECT B. ban_id, u. user_id, u. username
FROM ". BANLIST_TABLE." B, ". USERS_TABLE." u
WHERE u. user_id = B. ban_userid
AND B. ban_userid <> 0
AND u. user_id <> ". ANONYMOUS ."
Order by u. user_id ASC ";
If (! ($ Result = $ db-> SQL _query ($ SQL )))
{
Message_die (GENERAL_ERROR, 'Could not select current user_id ban list', '', _ LINE __, _ FILE __, $ SQL );
}
$ User_list = $ db-> SQL _fetchrowset ($ result );
$ Db-> SQL _freeresult ($ result );
$ Select_userlist = '';
For ($ I = 0; $ I <count ($ user_list); $ I ++)
{
$ Select_userlist. = '<option value = "'. $ user_list [$ I] ['Ban _ id']. '"> '. $ user_list [$ I] ['username']. '</option> ';
$ Userban_count ++;
}
If ($ select_userlist = '')
{
$ Select_userlist = '<option value = "-1">'. $ lang ['no _ banned_users '].' </option> ';
}
$ Select_userlist = '<select name = "unban_user []" multiple = "multiple" size = "5">'. $ select_userlist. '</select> ';
$ SQL = "SELECT ban_id, ban_ip, ban_email
FROM ". BANLIST_TABLE;
If (! ($ Result = $ db-> SQL _query ($ SQL )))
{
Message_die (GENERAL_ERROR, 'Could not select current ip ban list', '', _ LINE __, _ FILE __, $ SQL );
}
$ Banlist = $ db-> SQL _fetchrowset ($ result );
$ Db-> SQL _freeresult ($ result );
$ Select_iplist = '';
$ Select_emaillist = '';
For ($ I = 0; $ I <count ($ banlist); $ I ++)
{
$ Ban_id = $ banlist [$ I] ['Ban _ id'];
If (! Empty ($ banlist [$ I] ['Ban _ ip'])
{
$ Ban_ip = str_replace ('20140901', '*', decode_ip ($ banlist [$ I] ['Ban _ ip']);
$ Select_iplist. = '<option value = "'. $ ban_id. '">'. $ ban_ip. '</option> ';
$ Ipban_count ++;
}
Else if (! Empty ($ banlist [$ I] ['Ban _ email '])
{
$ Ban_email = $ banlist [$ I] ['Ban _ email '];
$ Select_emaillist. = '<option value = "'. $ ban_id. '">'. $ ban_email. '</option> ';
$ Emailban_count ++;
}
}
If ($ select_iplist = '')
{
$ Select_iplist = '<option value = "-1">'. $ lang ['no _ banned_ip '].' </option> ';
}
If ($ select_emaillist = '')
{
$ Select_emaillist = '<option value = "-1">'. $ lang ['no _ banned_email '].' </option> ';
}
$ Select_iplist = '<select name = "unban_ip []" multiple = "multiple" size = "5">'. $ select_iplist. '</select> ';
$ Select_emaillist = '<select name = "unban_email []" multiple = "multiple" size = "5">'. $ select_emaillist. '</select> ';
$ Template-> assign_vars (array (
'L _ UNBAN_USER '=> $ lang ['unban _ username'],
'L _ UNBAN_USER_EXPLAIN '=> $ lang ['unban _ username_explain'],
'L _ UNBAN_IP '=> $ lang ['unban _ ip'],
'L _ UNBAN_IP_EXPLAIN '=> $ lang ['unban _ IP_explain'],
'L _ UNBAN_EMAIL '=> $ lang ['unban _ email'],
'L _ UNBAN_EMAIL_EXPLAIN '=> $ lang ['unban _ email_explain'],
'L _ username' => $ lang ['username'],
'L _ LOOK_UP '=> $ lang ['look _ up_User'],
'L _ find_username' => $ lang ['Find _ username'],
'U _ SEARCH_USER '=> append_sid ("search. $ phpEx? Mode = searchuser & popup = 1 & menu = 1 "),
'S _ UNBAN_USERLIST_SELECT '=> $ select_userlist,
'S _ UNBAN_IPLIST_SELECT '=> $ select_iplist,
'S _ UNBAN_EMAILLIST_SELECT '=> $ select_emaillist,
'S _ BAN_ACTION '=> append_sid ("admin_user_ban. $ phpEx "))
);
}
$ Template-> pparse ('body ');
Include ('./page_footer_admin.'. $ phpEx );
?>