<?php
/***********************************************************************
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org)
This file is part of PunBB.
PunBB is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
PunBB is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
// Tell header.php to use the admin template
define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
// Add/edit a ban (stage 1)
if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
{
if (isset($_GET['add_ban']) || isset($_POST['add_ban']))
{
// If the id of the user to ban was provided through GET (a link from profile.php)
if (isset($_GET['add_ban']))
{
$add_ban = intval($_GET['add_ban']);
if ($add_ban < 1)
message($lang_common['Bad request']);
$user_id = $add_ban;
$result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($group_id, $ban_user, $ban_email) = $db->fetch_row($result);
else
message('No user by that ID registered.');
}
else // Otherwise the username is in POST
{
$ban_user = trim($_POST['new_ban_user']);
if ($ban_user != '')
{
$result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result);
else
message('No user by that username registered. If you want to add a ban not tied to a specific username just leave the username blank.');
}
}
// Make sure we're not banning an admin
if (isset($group_id) && $group_id == PUN_ADMIN)
message('The user '.pun_htmlspecialchars($ban_user).' is an administrator and can\'t be banned. If you want to ban an administrator, you must first demote him/her to moderator or user.');
// If we have a $user_id, we can try to find the last known IP of that user
if (isset($user_id))
{
$result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$ban_ip = ($db->num_rows($result)) ? $db->result($result) : '';
}
$mode = 'add';
}
else // We are editing a ban
{
$ban_id = intval($_GET['edit_ban']);
if ($ban_id < 1)
message($lang_common['Bad request']);
$result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result);
else
message($lang_common['Bad request']);
$ban_expire = ($ban_expire != '') ? date('Y-m-d', $ban_expire) : '';
$mode = 'edit';
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans';
$focus_element = array('bans2', 'ban_user');
require PUN_ROOT.'header.php';
?>
<div class="blockform">
<h2> </h2>
<div class="box">
<form id="bans2" method="post" action="admin_bans.php">
<div class="inform">
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<?php if ($mode == 'edit'): ?> <input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />
<?php endif; ?>
<span>
<?php if ($ban_user != '' && isset($user_id)) echo ' Click <a href="admin_users.php?ip_stats='.$user_id.'">here</a> to see IP statistics for this user.' ?>
</span><fieldset>
<legend></legend>
</fieldset>
</div>
</form>
</div>
</div>
<div class="clearer"></div>
</div>
<?php
//require PUN_ROOT.'footer.php';
}
// Add/edit a ban (stage 2)
else if (isset($_POST['add_edit_ban']))
{
confirm_referrer('admin_bans.php');
$ban_user = trim($_POST['ban_user']);
$ban_ip = trim($_POST['ban_ip']);
$ban_email = strtolower(trim($_POST['ban_email']));
$ban_message = trim($_POST['ban_message']);
$ban_expire = trim($_POST['ban_expire']);
if ($ban_user == '' && $ban_ip == '' && $ban_email == '')
message('You must enter either a username, an IP address or an e-mail address (at least).');
// Validate IP/IP range (it's overkill, I know)
if ($ban_ip != '')
{
$ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip);
$addresses = explode(' ', $ban_ip);
$addresses = array_map('trim', $addresses);
for ($i = 0; $i < count($addresses); ++$i)
{
$octets = explode('.', $addresses[$i]);
for ($c = 0; $c < count($octets); ++$c)
{
$octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c];
if ($c > 3 || preg_match('/[^0-9]/', $octets[$c]) || intval($octets[$c]) > 255)
message('You entered an invalid IP/IP-range.');
}
$cur_address = implode('.', $octets);
$addresses[$i] = $cur_address;
}
$ban_ip = implode(' ', $addresses);
}
require PUN_ROOT.'include/email.php';
if ($ban_email != '' && !is_valid_email($ban_email))
{
if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))
message('The e-mail address (e.g. user@domain.com) or partial e-mail address domain (e.g. domain.com) you entered is invalid.');
}
if ($ban_expire != '' && $ban_expire != 'Never')
{
$ban_expire = strtotime($ban_expire);
if ($ban_expire == -1 || $ban_expire <= time())
message('You entered an invalid expire date. The format should be YYYY-MM-DD and the date must be at least one day in the future.');
}
else
$ban_expire = 'NULL';
$ban_user = ($ban_user != '') ? '\''.$db->escape($ban_user).'\'' : 'NULL';
$ban_ip = ($ban_ip != '') ? '\''.$db->escape($ban_ip).'\'' : 'NULL';
$ban_email = ($ban_email != '') ? '\''.$db->escape($ban_email).'\'' : 'NULL';
$ban_message = ($ban_message != '') ? '\''.$db->escape($ban_message).'\'' : 'NULL';
if ($_POST['mode'] == 'add')
$db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());
else
$db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.$_POST['ban_id']) or error('Unable to update ban', __FILE__, __LINE__, $db->error());
// Regenerate the bans cache
require_once PUN_ROOT.'include/cache.php';
generate_bans_cache();
redirect('admin_bans.php', 'Ban '.(($_POST['mode'] == 'edit') ? 'edited' : 'added').'. Redirecting …');
}
// Remove a ban
else if (isset($_GET['del_ban']))
{
confirm_referrer('admin_bans.php');
$ban_id = intval($_GET['del_ban']);
if ($ban_id < 1)
message($lang_common['Bad request']);
$db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());
// Regenerate the bans cache
require_once PUN_ROOT.'include/cache.php';
generate_bans_cache();
redirect('admin_bans.php', 'Ban removed. Redirecting …');
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans';
$focus_element = array('bans', 'new_ban_user');
require PUN_ROOT.'header.php';
?>
<div class="blockform">
<h2> </h2>
<div class="box">
<div class="fakeform">
<?php
$result = $db->query('SELECT id, username, ip, email, message, expire FROM '.$db->prefix.'bans ORDER BY id') or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
while ($cur_ban = $db->fetch_assoc($result))
{
$expire = format_time($cur_ban['expire'], true);
?>
<div class="inform">
<fieldset>
<legend>Ban expires: <?php echo $expire ?></legend>
<div class="infldset">
<table cellspacing="0">
<?php if ($cur_ban['username'] != ''): ?>
<tr>
<th>Username</th>
<td><?php echo pun_htmlspecialchars($cur_ban['username']) ?></td>
</tr>
<?php endif; ?><?php if ($cur_ban['email'] != ''): ?> <tr>
<th>E-mail</th>
<td><?php echo $cur_ban['email'] ?></td>
</tr>
<?php endif; ?><?php if ($cur_ban['ip'] != ''): ?> <tr>
<th>IP/IP-ranges</th>
<td><?php echo $cur_ban['ip'] ?></td>
</tr>
<?php endif; ?><?php if ($cur_ban['message'] != ''): ?> <tr>
<th>Reason</th>
<td><?php echo pun_htmlspecialchars($cur_ban['message']) ?></td>
</tr>
<?php endif; ?> </table>
</div>
</fieldset>
</div>
<?php
}
}
else
echo "\t\t\t\t".'<p>No bans in list.</p>'."\n";
?>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
<?php
require PUN_ROOT.'footer.php';
*removed by Rickard*
^ 1337 php and mySQL sig
Like annoying people with visual basic?
http://www.annoyingvb.com <-- the home for virus/spammers/trojans. ect source code!
they majority of ppl dont use a proxy so theres usualy no problem
i was messin bout