From 962e15a0e5197e38aa48f07c74ae54adac69fefd Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Sun, 8 Feb 2004 00:26:44 +0000
Subject: [PATCH] Updated for user_ban/unban function

git-svn-id: file:///svn/phpbb/trunk@4808 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/adm/admin_ban.php | 424 ++++++----------------------------------
 1 file changed, 56 insertions(+), 368 deletions(-)

diff --git a/phpBB/adm/admin_ban.php b/phpBB/adm/admin_ban.php
index a5889e7664..27b8cde70f 100644
--- a/phpBB/adm/admin_ban.php
+++ b/phpBB/adm/admin_ban.php
@@ -1,23 +1,15 @@
 <?php
-/***************************************************************************
- *                              admin_ban.php
- *                            -------------------
- *   begin                : Tuesday, Jul 31, 2001
- *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
- *
- *   $Id$
- *
- ***************************************************************************/
-
-/***************************************************************************
- *
- *   This program is free software; you can redistribute it and/or modify
- *   it under the terms of the GNU General Public License as published by
- *   the Free Software Foundation; either version 2 of the License, or
- *   (at your option) any later version.
- *
- ***************************************************************************/
+// -------------------------------------------------------------
+//
+// $Id$
+//
+// FILENAME  : admin_ban.php
+// STARTED   : Tue Jul 31, 2001
+// COPYRIGHT : © 2001,2003 phpBB Group
+// WWW       : http://www.phpbb.com/
+// LICENCE   : GPL vs2.0 [ see /docs/COPYING ] 
+// 
+// -------------------------------------------------------------
 
 if (!empty($setmodules))
 {
@@ -46,327 +38,33 @@ if (!$auth->acl_get('a_ban'))
 	trigger_error($user->lang['NO_ADMIN']);
 }
 
-
 // Mode setting
-$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : '';
-
+$mode		= request_var('mode', '');
+$bansubmit	= (isset($_POST['bansubmit'])) ? true : false;
+$unbansubmit= (isset($_POST['unbansubmit'])) ? true : false;
 
+// Set some vars
 $current_time = time();
 
-
 // Start program
-if (isset($_REQUEST['bansubmit']))
+if ($bansubmit)
 {
 	// Grab the list of entries
-	$ban = (!empty($_REQUEST['ban'])) ? $_REQUEST['ban'] : '';
-	$ban_list = array_unique(explode("\n", $ban));
-	$ban_list_log = implode(', ', $ban_list);
+	$ban			= request_var('ban', '');
+	$ban_len		= request_var('banlength', 0);
+	$ban_len_other	= request_var('banlengthother', '');
+	$ban_exclude	= request_var('banexclude', 0);
+	$ban_reason		= request_var('banreason', '');
 
-
-	$ban_exclude = (!empty($_POST['banexclude'])) ? 1 : 0;
-	$ban_reason = (isset($_POST['banreason'])) ? $_POST['banreason'] : '';
-
-
-	if (!empty($_POST['banlength']))
-	{
-		if ($_POST['banlength'] != -1 || empty($_POST['banlengthother']))
-		{
-			$ban_end = max($current_time, $current_time + (intval($_POST['banlength']) * 60));
-		}
-		else
-		{
-			$ban_other = explode('-', $_POST['banlengthother']);
-			$ban_end = max($current_time, gmmktime(0, 0, 0, $ban_other[1], $ban_other[2], $ban_other[0]));
-		}
-	}
-	else
-	{
-		$ban_end = 0;
-	}
-
-
-	$banlist = array();
-
-	switch ($mode)
-	{
-		case 'user':
-			$type = 'ban_userid';
-
-			if (in_array('*', $ban_list))
-			{
-				$banlist[] = '*';
-			}
-			else
-			{
-				$sql = 'SELECT user_id
-					FROM ' . USERS_TABLE . '
-					WHERE username IN (' . implode(', ', array_diff(preg_replace('#^[\s]*(.*?)[\s]*$#', "'\\1'", $ban_list), array("''"))) . ')';
-				$result = $db->sql_query($sql);
-
-				if ($row = $db->sql_fetchrow($result))
-				{
-					do
-					{
-						$banlist[] = $row['user_id'];
-					}
-					while ($row = $db->sql_fetchrow($result));
-				}
-			}
-			break;
-
-		case 'ip':
-			$type = 'ban_ip';
-
-			foreach ($ban_list as $ban_item)
-			{
-				if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
-				{
-					// Don't ask about all this, just don't ask ... !
-					$ip_1_counter = $ip_range_explode[1];
-					$ip_1_end = $ip_range_explode[5];
-
-					while ($ip_1_counter <= $ip_1_end)
-					{
-						$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
-						$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
-
-						if($ip_2_counter == 0 && $ip_2_end == 254)
-						{
-							$ip_2_counter = 256;
-							$ip_2_fragment = 256;
-
-							$banlist[] = "'$ip_1_counter.*'";
-						}
-
-						while ($ip_2_counter <= $ip_2_end)
-						{
-							$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
-							$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
-
-							if ($ip_3_counter == 0 && $ip_3_end == 254)
-							{
-								$ip_3_counter = 256;
-								$ip_3_fragment = 256;
-
-								$banlist[] = "'$ip_1_counter.$ip_2_counter.*'";
-							}
-
-							while ($ip_3_counter <= $ip_3_end)
-							{
-								$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
-								$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
-
-								if ($ip_4_counter == 0 && $ip_4_end == 254)
-								{
-									$ip_4_counter = 256;
-									$ip_4_fragment = 256;
-
-									$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
-								}
-
-								while ($ip_4_counter <= $ip_4_end)
-								{
-									$banlist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
-									$ip_4_counter++;
-								}
-								$ip_3_counter++;
-							}
-							$ip_2_counter++;
-						}
-						$ip_1_counter++;
-					}
-				}
-				else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
-				{
-					$ip_ary = gethostbynamel(trim($ban_item));
-
-					foreach ($ip_ary as $ip)
-					{
-						if (!empty($ip))
-						{
-							$banlist[] = "'" . $ip . "'";
-						}
-					}
-				}
-				else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
-				{
-					$banlist[] = "'" . trim($ban_item) . "'";
-				}
-				else if (preg_match('#^\*$#', trim($ban_item)))
-				{
-					$banlist[] = "'*'";
-				}
-			}
-			break;
-
-		case 'email':
-			$type = 'ban_email';
-
-			foreach ($ban_list as $ban_item)
-			{
-				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
-				{
-					$banlist[] = "'" . trim($ban_item) . "'";
-				}
-			}
-			break;
-	}
-
-	$sql = "SELECT $type
-		FROM " . BANLIST_TABLE . "
-		WHERE $type <> '' 
-			AND ban_exclude = $ban_exclude";
-	$result = $db->sql_query($sql);
-
-	if ($row = $db->sql_fetchrow($result))
-	{
-		$banlist_tmp = array();
-		do
-		{
-			switch ($mode)
-			{
-				case 'user':
-					$banlist_tmp[] = $row['ban_userid'];
-					break;
-
-				case 'ip':
-					$banlist_tmp[] = "'" . $row['ban_ip'] . "'";
-					break;
-
-				case 'email':
-					$banlist_tmp[] = "'" . $row['ban_email'] . "'";
-					break;
-			}
-		}
-		while ($row = $db->sql_fetchrow($result));
-
-		$banlist = array_unique(array_diff($banlist, $banlist_tmp));
-		unset($banlist_tmp);
-	}
-
-	if (sizeof($banlist))
-	{
-		$sql = '';
-		foreach ($banlist as $ban_entry)
-		{
-			switch (SQL_LAYER)
-			{
-				case 'mysql':
-				case 'mysql4':
-					$sql .= (($sql != '') ? ', ' : '') . "($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
-					break;
-
-				case 'mssql':
-				case 'sqlite':
-					$sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT $ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason'";
-					break;
-
-				default:
-					$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
-						VALUES ($ban_entry, $current_time, $ban_end, $ban_exclude, '$ban_reason')";
-					$db->sql_query($sql);
-					$sql = '';
-			}
-		}
-
-		if ($sql != '')
-		{
-			$sql = 'INSERT INTO ' . BANLIST_TABLE . " ($type, ban_start, ban_end, ban_exclude, ban_reason)
-				VALUES $sql";
-			$db->sql_query($sql);
-		}
-
-		if (!$ban_exclude)
-		{
-			$sql = '';
-			switch ($mode)
-			{
-				case 'user':
-					$sql = "WHERE session_user_id IN (" . implode(', ', $banlist) . ")";
-					break;
-
-				case 'ip':
-					$sql = "WHERE session_ip IN (" . implode(', ', $banlist) . ")";
-					break;
-
-				case 'email':
-					$sql = "SELECT user_id
-						FROM " . USERS_TABLE . "
-						WHERE user_email IN (" . implode(', ', $banlist) . ")";
-					$result = $db->sql_query($sql);
-
-					$sql = '';
-					if ($row = $db->sql_fetchrow($result))
-					{
-						do
-						{
-							$sql .= (($sql != '') ? ', ' : '') . $row['user_id'];
-						}
-						while ($row = $db->sql_fetchrow($result));
-
-						$sql = "WHERE session_user_id IN (" . str_replace('*', '%', $sql) . ")";
-					}
-					break;
-			}
-
-			if ($sql != '')
-			{
-				$sql = "DELETE FROM " . SESSIONS_TABLE . "
-					$sql";
-				$db->sql_query($sql);
-			}
-		}
-
-		// Update log
-		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
-		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
-	}
+	user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason);
 
 	trigger_error($user->lang['BAN_UPDATE_SUCESSFUL']);
-
 }
-else if (isset($_POST['unbansubmit']))
+else if ($unbansubmit)
 {
-	$unban_sql = implode(', ', array_map('intval', $_POST['unban']));
+	$ban = request_var('unban', '');
 
-	if ($unban_sql != '')
-	{
-		$l_unban_list = '';
-		// Grab details of bans for logging information later
-		switch ($mode)
-		{
-			case 'user':
-				$sql = "SELECT u.username AS unban_info
-					FROM " . USERS_TABLE . " u, " . BANLIST_TABLE . " b 
-					WHERE b.ban_id IN ($unban_sql) 
-						AND u.user_id = b.ban_userid";
-				break;
-
-			case 'email':
-				$sql = "SELECT ban_email AS unban_info 
-					FROM " . BANLIST_TABLE . "
-					WHERE ban_id IN ($unban_sql)";
-				break;
-
-			case 'ip':
-				$sql = "SELECT ban_ip AS unban_info 
-					FROM " . BANLIST_TABLE . "
-					WHERE ban_id IN ($unban_sql)";
-				break;
-		}
-		$result = $db->sql_query($sql);
-
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
-		}
-
-		$sql = "DELETE FROM " . BANLIST_TABLE . "
-			WHERE ban_id IN ($unban_sql)";
-		$db->sql_query($sql);
-
-		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
-	}
+	user_unban($mode, $ban);
 
 	trigger_error($user->lang['BAN_UPDATE_SUCESSFUL']);
 }
@@ -375,13 +73,6 @@ else if (isset($_POST['unbansubmit']))
 // Output relevant entry page
 //
 
-//
-// Remove timed out bans
-//
-$sql = "DELETE FROM " . BANLIST_TABLE . "
-	WHERE ban_end < " . time() . "
-		AND ban_end <> 0";
-$db->sql_query($sql);
 
 //
 // Ban length options
@@ -427,18 +118,17 @@ switch ($mode)
 		$l_ban_exclude_explain = $user->lang['BAN_USER_EXCLUDE_EXPLAIN'];
 		$l_unban_title = $user->lang['UNBAN_USERNAME'];
 		$l_unban_explain = $user->lang['UNBAN_USERNAME_EXPLAIN'];
-		$l_ban_cell = $user->lang['USERNAME'];
+		$l_ban_cell = $user->lang['USERNAME'] . ': <br /><span class="gensmall">[ <a href="' . "../memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=banning&amp;field=ban\" onclick=\"window.open('../memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=banning&amp;field=ban', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;\">" . $user->lang['FIND_USERNAME'] .'</a> ]</span>';
 		$l_no_ban_cell = $user->lang['NO_BANNED_USERS'];
-		$s_submit_extra = '<input type="submit" name="usersubmit" value="' . $user->lang['LOOK_UP_USER'] . '" class="btnlite" onclick="window.open(\'../memberlist.' . $phpEx . $SID . '&amp;mode=searchuser&amp;field=ban\', \'_phpbbsearch\', \'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740\');return false;" />';
 
-		$sql = "SELECT b.*, u.user_id, u.username
-			FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
-			WHERE (b.ban_end >= " . time() . "
+		$sql = 'SELECT b.*, u.user_id, u.username
+			FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u
+			WHERE (b.ban_end >= ' . time() . '
 					OR b.ban_end = 0)
 				AND u.user_id = b.ban_userid
 				AND b.ban_userid <> 0
-				AND u.user_id <> " . ANONYMOUS . "
-			ORDER BY u.user_id ASC";
+				AND u.user_id <> ' . ANONYMOUS . '
+			ORDER BY u.user_id ASC';
 		break;
 
 	case 'ip':
@@ -449,13 +139,12 @@ switch ($mode)
 		$l_ban_exclude_explain = $user->lang['BAN_IP_EXCLUDE_EXPLAIN'];
 		$l_unban_title = $user->lang['UNBAN_IP'];
 		$l_unban_explain = $user->lang['UNBAN_IP_EXPLAIN'];
-		$l_ban_cell = $user->lang['IP_HOSTNAME'];
+		$l_ban_cell = $user->lang['IP_HOSTNAME'] . ':';
 		$l_no_ban_cell = $user->lang['NO_BANNED_IP'];
-		$s_submit_extra = '';
 
-		$sql = "SELECT *
-			FROM " . BANLIST_TABLE . "
-			WHERE (ban_end >= " . time() . "
+		$sql = 'SELECT *
+			FROM ' . BANLIST_TABLE . '
+			WHERE (ban_end >= ' . time() . "
 					OR ban_end = 0)
 				AND ban_ip <> ''";
 		break;
@@ -468,13 +157,12 @@ switch ($mode)
 		$l_ban_exclude_explain = $user->lang['BAN_EMAIL_EXCLUDE_EXPLAIN'];
 		$l_unban_title = $user->lang['UNBAN_EMAIL'];
 		$l_unban_explain = $user->lang['UNBAN_EMAIL_EXPLAIN'];
-		$l_ban_cell = $user->lang['EMAIL_ADDRESS'];
+		$l_ban_cell = $user->lang['EMAIL_ADDRESS'] . ':';
 		$l_no_ban_cell = $user->lang['NO_BANNED_EMAIL'];
-		$s_submit_extra = '';
 
-		$sql = "SELECT *
-			FROM " . BANLIST_TABLE . "
-			WHERE (ban_end >= " . time() . "
+		$sql = 'SELECT *
+			FROM ' . BANLIST_TABLE . '
+			WHERE (ban_end >= ' . time() . "
 					OR ban_end = 0)
 				AND ban_email <> ''";
 		break;
@@ -542,28 +230,28 @@ function display_details(option)
 //-->
 </script>
 
-<form method="post" action="<?php echo "admin_ban.$phpEx$SID&amp;mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
+<form name="banning" method="post" action="<?php echo "admin_ban.$phpEx$SID&amp;mode=$mode"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
 	<tr>
 		<th colspan="2"><?php echo $l_ban_title; ?></th>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $l_ban_cell; ?>: </td>
-		<td class="row1"><textarea cols="40" rows="3" name="ban"></textarea></td>
+		<td class="row1" width="45%"><?php echo $l_ban_cell; ?></td>
+		<td class="row2"><textarea cols="40" rows="3" name="ban"></textarea></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
-		<td class="row1"><select name="banlength"><?php echo $ban_end_options; ?></select>&nbsp; <input class="post" type="text" name="banlengthother" maxlength="10" size="10" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
+		<td class="row2"><select name="banlength"><?php echo $ban_end_options; ?></select>&nbsp; <input class="post" type="text" name="banlengthother" maxlength="10" size="10" /></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_EXCLUDE']; ?>: <br /><span class="gensmall"><?php echo $l_ban_exclude_explain;;?></span></td>
-		<td class="row1"><input type="radio" name="banexclude" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="banexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_EXCLUDE']; ?>: <br /><span class="gensmall"><?php echo $l_ban_exclude_explain;;?></span></td>
+		<td class="row2"><input type="radio" name="banexclude" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="banexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
-		<td class="row1"><input class="post" type="text" name="banreason" maxlength="255" size="40" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
+		<td class="row2"><input class="post" type="text" name="banreason" maxlength="255" size="40" /></td>
 	</tr>
 	<tr>
-		<td class="cat" colspan="2" align="center"> <input type="submit" name="bansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" />&nbsp; <?php echo $s_submit_extra; ?></td>
+		<td class="cat" colspan="2" align="center"> <input type="submit" name="bansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" />&nbsp;</td>
 	</tr>
 </table>
 
@@ -582,16 +270,16 @@ function display_details(option)
 
 ?>
 	<tr>
-		<td class="row2" width="45%"><?php echo $l_ban_cell; ?>: <br /></td>
-		<td class="row1"> <select name="unban[]" multiple="multiple" size="5" onchange="display_details(this.options[this.selectedIndex].value)"><?php echo $banned_options; ?></select></td>
+		<td class="row1" width="45%"><?php echo $l_ban_cell; ?>: <br /></td>
+		<td class="row2"> <select name="unban[]" multiple="multiple" size="5" onchange="display_details(this.options[this.selectedIndex].value)"><?php echo $banned_options; ?></select></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
-		<td class="row1"><input class="row1" style="border:0px" type="text" name="unbanreason" size="40" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_REASON']; ?>:</td>
+		<td class="row2"><input class="row1" style="border:0px" type="text" name="unbanreason" size="40" /></td>
 	</tr>
 	<tr>
-		<td class="row2" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
-		<td class="row1"><input class="row1" style="border:0px" type="text" name="unbanlength" size="40" /></td>
+		<td class="row1" width="45%"><?php echo $user->lang['BAN_LENGTH']; ?>:</td>
+		<td class="row2"><input class="row1" style="border:0px" type="text" name="unbanlength" size="40" /></td>
 	</tr>
 	<tr>
 		<td class="cat" colspan="2" align="center"><input type="submit" name="unbansubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /></td>
@@ -604,7 +292,7 @@ function display_details(option)
 
 ?>
 	<tr>
-		<td class="row1" colspan="2" align="center"><?php echo $l_no_ban_cell;  ?></td>
+		<td class="row2" colspan="2" align="center"><?php echo $l_no_ban_cell;  ?></td>
 	</tr>
 <?php