From 259881d1bf96df31998aaaf0c0291587d65aa458 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Sat, 7 Feb 2004 15:37:25 +0000
Subject: [PATCH] Move user ban/unban to function

git-svn-id: file:///svn/phpbb/trunk@4806 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions_user.php | 337 ++++++++++++++++++++++++++++++
 1 file changed, 337 insertions(+)

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index a1c5c0ed93..ae3a111c53 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -96,6 +96,343 @@ function user_update_name($old_name, $new_name)
 	$db->sql_query($sql);
 }
 
+function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason)
+{
+	global $db, $user, $auth;
+
+	// Delete stable bans
+	$sql = "DELETE FROM " . BANLIST_TABLE . "
+		WHERE ban_end < " . time() . "
+			AND ban_end <> 0";
+	$db->sql_query($sql);
+
+	$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
+	$ban_list_log = implode(', ', $ban_list);
+
+	$current_time = time();
+
+	if ($ban_len)
+	{
+		if ($ban_len != -1 || !$ban_len_other)
+		{
+			$ban_end = max($current_time, $current_time + ($ban_len) * 60);
+		}
+		else
+		{
+			$ban_other = explode('-', $ban_len_other);
+			$ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
+		}
+	}
+	else
+	{
+		$ban_end = 0;
+	}
+
+	$banlist = array();
+
+	switch ($mode)
+	{
+		case 'user':
+			$type = 'ban_userid';
+
+			if (in_array('*', $ban_list))
+			{
+				$banlist[] = '*';
+			}
+			else
+			{
+				$sql = 'SELECT user_id
+					FROM ' . USERS_TABLE . '
+					WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'\\1'", $ban_list), array("''"))) . ')';
+				$result = $db->sql_query($sql);
+
+				if ($row = $db->sql_fetchrow($result))
+				{
+					do
+					{
+						$banlist[] = $row['user_id'];
+					}
+					while ($row = $db->sql_fetchrow($result));
+				}
+			}
+			break;
+
+		case 'ip':
+			$type = 'ban_ip';
+
+			foreach ($ban_list as $ban_item)
+			{
+				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
+				{
+					// Don't ask about all this, just don't ask ... !
+					$ip_1_counter = $ip_range_explode[1];
+					$ip_1_end = $ip_range_explode[5];
+
+					while ($ip_1_counter <= $ip_1_end)
+					{
+						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
+						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
+
+						if($ip_2_counter == 0 && $ip_2_end == 254)
+						{
+							$ip_2_counter = 256;
+							$ip_2_fragment = 256;
+
+							$banlist[] = "'$ip_1_counter.*'";
+						}
+
+						while ($ip_2_counter <= $ip_2_end)
+						{
+							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
+							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
+
+							if ($ip_3_counter == 0 && $ip_3_end == 254)
+							{
+								$ip_3_counter = 256;
+								$ip_3_fragment = 256;
+
+								$banlist[] = "'$ip_1_counter.$ip_2_counter.*'";
+							}
+
+							while ($ip_3_counter <= $ip_3_end)
+							{
+								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
+								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
+
+								if ($ip_4_counter == 0 && $ip_4_end == 254)
+								{
+									$ip_4_counter = 256;
+									$ip_4_fragment = 256;
+
+									$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
+								}
+
+								while ($ip_4_counter <= $ip_4_end)
+								{
+									$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
+									$ip_4_counter++;
+								}
+								$ip_3_counter++;
+							}
+							$ip_2_counter++;
+						}
+						$ip_1_counter++;
+					}
+				}
+				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
+				{
+					$ip_ary = gethostbynamel(trim($ban_item));
+
+					foreach ($ip_ary as $ip)
+					{
+						if (!empty($ip))
+						{
+							$banlist[] = "'" . $ip . "'";
+						}
+					}
+				}
+				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
+				{
+					$banlist[] = "'" . trim($ban_item) . "'";
+				}
+				else if (preg_match('#^\*$#', trim($ban_item)))
+				{
+					$banlist[] = "'*'";
+				}
+			}
+			break;
+
+		case 'email':
+			$type = 'ban_email';
+
+			foreach ($ban_list as $ban_item)
+			{
+				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
+				{
+					$banlist[] = "'" . trim($ban_item) . "'";
+				}
+			}
+			break;
+	}
+
+	$sql = "SELECT $type
+		FROM " . BANLIST_TABLE . "
+		WHERE $type <> '' 
+			AND ban_exclude = $ban_exclude";
+	$result = $db->sql_query($sql);
+
+	if ($row = $db->sql_fetchrow($result))
+	{
+		$banlist_tmp = array();
+		do
+		{
+			switch ($mode)
+			{
+				case 'user':
+					$banlist_tmp[] = $row['ban_userid'];
+					break;
+
+				case 'ip':
+					$banlist_tmp[] = "'" . $row['ban_ip'] . "'";
+					break;
+
+				case 'email':
+					$banlist_tmp[] = "'" . $row['ban_email'] . "'";
+					break;
+			}
+		}
+		while ($row = $db->sql_fetchrow($result));
+
+		$banlist = array_unique(array_diff($banlist, $banlist_tmp));
+		unset($banlist_tmp);
+	}
+
+	if (sizeof($banlist))
+	{
+		$sql = '';
+		foreach ($banlist as $ban_entry)
+		{
+			switch (SQL_LAYER)
+			{
+				case 'mysql':
+				case 'mysql4':
+					$sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
+					break;
+
+				case 'mssql':
+				case 'sqlite':
+					$sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason'";
+					break;
+
+				default:
+					$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
+						VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
+					$db->sql_query($sql);
+			}
+		}
+
+		if ($sql)
+		{
+			$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
+				VALUES $sql";
+			$db->sql_query($sql);
+		}
+
+		if (!$ban_exclude)
+		{
+			$sql = '';
+			switch ($mode)
+			{
+				case 'user':
+					$sql = 'WHERE session_user_id IN (' . implode(', ', $banlist) . ')';
+					break;
+
+				case 'ip':
+					$sql = 'WHERE session_ip IN (' . implode(', ', $banlist) . ')';
+					break;
+
+				case 'email':
+					$sql = 'SELECT user_id
+						FROM ' . USERS_TABLE . '
+						WHERE user_email IN (' . implode(', ', $banlist) . ')';
+					$result = $db->sql_query($sql);
+
+					$sql_in = array();
+					if ($row = $db->sql_fetchrow($result))
+					{
+						do
+						{
+							$sql_in[] = $row['user_id'];
+						}
+						while ($row = $db->sql_fetchrow($result));
+
+						$sql = 'WHERE session_user_id IN (' . str_replace('*', '%', implode(', ', $sql_in)) . ")";
+					}
+					break;
+			}
+
+			if ($sql)
+			{
+				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
+					$sql";
+				$db->sql_query($sql);
+			}
+		}
+
+		if (!function_exists('add_log'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
+		}
+
+		// Update log
+		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
+		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
+	}
+
+	return false;
+}
+
+function user_unban($mode, $ban)
+{
+	global $db, $user, $auth;
+
+	// Delete stable bans
+	$sql = "DELETE FROM " . BANLIST_TABLE . "
+		WHERE ban_end < " . time() . "
+			AND ban_end <> 0";
+	$db->sql_query($sql);
+
+	$unban_sql = implode(', ', $ban);
+
+	if ($unban_sql)
+	{
+		$l_unban_list = '';
+		// Grab details of bans for logging information later
+		switch ($mode)
+		{
+			case 'user':
+				$sql = 'SELECT u.username AS unban_info
+					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b 
+					WHERE b.ban_id IN ($unban_sql) 
+						AND u.user_id = b.ban_userid";
+				break;
+
+			case 'email':
+				$sql = 'SELECT ban_email AS unban_info 
+					FROM ' . BANLIST_TABLE . "
+					WHERE ban_id IN ($unban_sql)";
+				break;
+
+			case 'ip':
+				$sql = 'SELECT ban_ip AS unban_info 
+					FROM ' . BANLIST_TABLE . "
+					WHERE ban_id IN ($unban_sql)";
+				break;
+		}
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
+		}
+
+		$sql = 'DELETE FROM ' . BANLIST_TABLE . "
+			WHERE ban_id IN ($unban_sql)";
+		$db->sql_query($sql);
+
+		if (!function_exists('add_log'))
+		{
+			global $phpbb_root_path, $phpEx;
+			include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
+		}
+
+		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
+	}
+
+	return false;
+
+}
 //
 // Data validation ... used primarily but not exclusively by
 // ucp modules