makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Some refactoring/fixing of user_ban()

Browse source 
git-svn-id: file:///svn/phpbb/trunk@5276 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Bart van Bragt 2005-10-23 13:17:43 +00:00
parent 9209c975af
commit 042aaba879
1 changed files with 154 additions and 127 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

129
phpBB/includes/functions_user.php
View file

@ -296,8 +296,17 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
return false;
}
/**
* Ban User
* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
*
* @param string $mode Type of ban. One of the following: user, ip, email
* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
* @param int $ban_len Ban length in minutes
* @param string $ban_len_other Ban length as a date (Y-m-d)
* @param boolean $ban_exclude Exclude these entities from banning?
* @param string $ban_reason String describing the reason for this ban
* @return boolean
*/
function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason)
{
@ -314,6 +323,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$current_time = time();
// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
if ($ban_len)
{
if ($ban_len != -1 || !$ban_len_other)
@ -340,13 +350,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (in_array('*', $ban_list))
{
// Ban all users (it's a good thing that you can exclude people)
$banlist[] = '*';
}
else
{
// Select the relevant user_ids. The array_diff thingy is there to add quotes around usernames and remove empty elements.
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'\\1'", $ban_list), array("''"))) . ')';
WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'" . $db->sql_escape("\\1") . "'", $ban_list), array("''"))) . ')';
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
@ -357,6 +369,10 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
}
while ($row = $db->sql_fetchrow($result));
}
else
{
trigger_error($user->lang['NO_USERS']);
}
}
break;
@ -367,6 +383,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
{
if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
{
// This is an IP range
// Don't ask about all this, just don't ask ... !
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];
@ -381,7 +398,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ip_2_counter = 256;
$ip_2_fragment = 256;
$banlist[] = "'$ip_1_counter.*'";
$banlist[] = "$ip_1_counter.*";
}
while ($ip_2_counter <= $ip_2_end)
@ -394,7 +411,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ip_3_counter = 256;
$ip_3_fragment = 256;
$banlist[] = "'$ip_1_counter.$ip_2_counter.*'";
$banlist[] = "$ip_1_counter.$ip_2_counter.*";
}
while ($ip_3_counter <= $ip_3_end)
@ -407,12 +424,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$ip_4_counter = 256;
$ip_4_fragment = 256;
$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
$banlist[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
}
while ($ip_4_counter <= $ip_4_end)
{
$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
$banlist[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
$ip_4_counter++;
}
$ip_3_counter++;
@ -424,23 +441,30 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
}
else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
{
// hostname
$ip_ary = gethostbynamel(trim($ban_item));
foreach ($ip_ary as $ip)
{
if (!empty($ip))
{
$banlist[] = "'" . $ip . "'";
$banlist[] = $ip;
}
}
}
else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
{
$banlist[] = "'" . trim($ban_item) . "'";
// Normal IP address
$banlist[] = trim($ban_item);
}
else if (preg_match('#^\*$#', trim($ban_item)))
{
$banlist[] = "'*'";
// Ban all IPs
$banlist[] = "*";
}
else
{
trigger_error('NO_IPS_DEFINED');
}
}
break;
@ -452,12 +476,19 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
{
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
{
$banlist[] = "'" . trim($ban_item) . "'";
$banlist[] = trim($ban_item);
}
}
if (sizeof($ban_list) == 0)
{
// TODO: translate this
trigger_error('No valid email addresses found');
}
break;
}
// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
$sql = "SELECT $type
FROM " . BANLIST_TABLE . "
WHERE $type <> ''
@ -476,11 +507,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
break;
case 'ip':
$banlist_tmp[] = "'" . $row['ban_ip'] . "'";
$banlist_tmp[] = $row['ban_ip'];
break;
case 'email':
$banlist_tmp[] = "'" . $row['ban_email'] . "'";
$banlist_tmp[] = $row['ban_email'];
break;
}
}
@ -490,57 +521,56 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
unset($banlist_tmp);
}
// We have some entities to ban
if (sizeof($banlist))
{
$sql = '';
$sql_ary = array();
foreach ($banlist as $ban_entry)
{
switch (SQL_LAYER)
{
case 'mysql':
$sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "')";
break;
case 'mysql4':
case 'mysqli':
case 'mssql':
case 'mssql_odbc':
case 'sqlite':
$sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "'";
break;
default:
$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '" . $db->sql_escape($ban_reason) . "')";
$db->sql_query($sql);
$sql = '';
}
$sql_ary[] = array(
$type => $ban_entry,
'ban_start' => $current_time,
'ban_end' => $ban_end,
'ban_exclude' => $ban_exclude,
'ban_reason' => $ban_reason);
}
$sql = $db->sql_build_array('MULTI_INSERT', $sql_ary);
if ($sql)
{
$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
VALUES $sql";
$sql = 'INSERT INTO ' . BANLIST_TABLE . $sql;
$db->sql_query($sql);
}
// If we are banning we want to logout anyone matching the ban
if (!$ban_exclude)
{
$sql = '';
switch ($mode)
{
case 'user':
$sql = 'WHERE session_user_id IN (' . implode(', ', $banlist) . ')';
$sql_where = 'WHERE session_user_id IN (' . implode(', ', $banlist) . ')';
break;
case 'ip':
$sql = 'WHERE session_ip IN (' . implode(', ', $banlist) . ')';
$banlist_sql = array();
foreach($banlist as $ban_entry)
{
$banlist_sql[] = "'" . $db->sql_escape($ban_entry) . "'";
}
$sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_sql) . ')';
break;
case 'email':
$banlist_sql = array();
foreach($banlist as $ban_entry)
{
$banlist_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'";
}
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_email IN (' . implode(', ', $banlist) . ')';
WHERE user_email IN (' . implode(', ', $banlist_sql) . ')';
$result = $db->sql_query($sql);
$sql_in = array();
@ -553,19 +583,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
}
while ($row = $db->sql_fetchrow($result));
$sql = 'WHERE session_user_id IN (' . str_replace('*', '%', implode(', ', $sql_in)) . ")";
}
else
{
trigger_error('NO_EMAIL_TO_BAN');
$sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")";
}
break;
}
if ($sql)
if (isset($sql_where))
{
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
$sql";
$sql_where";
$db->sql_query($sql);
}
}
@ -579,8 +605,10 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
// Update log
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
return true;
}
// There was nothing to ban/exclude
return false;
}
@ -601,8 +629,6 @@ function user_unban($mode, $ban)
if ($unban_sql)
{
$l_unban_list = '';
// Grab details of bans for logging information later
switch ($mode)
{
@ -627,15 +653,16 @@ function user_unban($mode, $ban)
}
$result = $db->sql_query($sql);
$sql = 'DELETE FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
$db->sql_query($sql);
$l_unban_list = '';
while ($row = $db->sql_fetchrow($result))
{
$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
}
$sql = 'DELETE FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
$db->sql_query($sql);
if (!function_exists('add_log'))
{
global $phpbb_root_path, $phpEx;