-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathadmin-ipbans.php
199 lines (172 loc) · 5.99 KB
/
admin-ipbans.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
<?php
require "lib/function.php";
admincheck();
// Allow linking from other pages:
// ...to searches here
if (isset($_GET['ip'])){
$_POST['searchip'] = $_GET['ip'];
}
// ...from IP Ban links
$_GET['newip'] = filter_string($_GET['newip']);
$_GET['page'] = filter_int($_GET['page']);
if (isset($_POST['ipban'])){
check_token($_POST['auth']);
// Here we go
$_POST['newip'] = filter_string($_POST['newip']);
if (!$_POST['newip']) {
errorpage("You forgot to enter an IP!");
} else if ($_POST['newip'] == $_SERVER['REMOTE_ADDR']) {
errorpage("Bad idea.");
}
$_POST['reason'] = filter_string($_POST['reason']);
$_POST['ircreason'] = filter_string($_POST['ircreason']);
$_POST['expire'] = filter_int($_POST['expire']);
if (trim($_POST['ircreason'])) {
$ircreason = " for this reason: " . xk(8) . $_POST['ircreason'] . xk(7);
} else if (trim($_POST['reason'])) {
$ircreason = " for this reason: " . xk(8) . $_POST['reason'] . xk(7);
} else {
$ircreason = "";
}
$ircmessage = xk(8) . $loguser['name'] . xk(7) ." added IP ban for ". xk(8) . $_POST['newip'] . xk(7) . $ircreason . ".";
ipban($_POST['newip'], $_POST['reason'], $ircmessage, IRC_STAFF, $_POST['expire'], $loguser['id']);
#setmessage("Added IP ban for {$_POST['newip']}.");
return header("Location: ?");
}
else if (isset($_POST['dodel']) && isset($_POST['delban'])){
check_token($_POST['auth']);
// Iterate over the sent IPs and add them to the query
if (!empty($_POST['delban'])){
$del = $sql->prepare("DELETE FROM ipbans WHERE ip = ?");
$i = 0;
foreach ($_POST['delban'] as $ban) {
$sql->execute($del, [$ban]);
++$i;
}
#setmessage("Removed IP ban for $i IP(s).");
} else {
#setmessage("No IP bans selected.");
}
return header("Location: ?");
}
if (isset($_POST['setreason']) && $_POST['setreason']) {
$reason = filter_string($_POST['setreason']);
} else {
$reason = filter_string($_POST['searchreason']);
}
$ppp = isset($_GET['ppp']) ? ((int) $_GET['ppp']) : 100;
$ppp = max(min($ppp, 500), 1);
// Query values
$outres = array();
$reasonsearch = $searchip = "1";
if ($reason) {
$outres['reason'] = $reason;
$reasonsearch = "i.reason = :reason";
}
if (isset($_POST['searchip'])) {
$outres['searchip'] = str_replace('*', '%', $_POST['searchip']);
$searchip = "i.ip LIKE :searchip";
}
$total = $sql->resultq("SELECT COUNT(*) FROM ipbans");
$bans = $sql->queryp("
SELECT i.ip, i.date, i.reason, i.perm, i.banner, i.expire, $userfields
FROM ipbans i
LEFT JOIN users u ON i.banner = u.id
WHERE {$reasonsearch} AND {$searchip}
ORDER BY i.date DESC
LIMIT ".($_GET['page'] * $ppp).",$ppp
", $outres);
$pagectrl = "<span class='fonts'>".pagelist("?reason=$reason", $total, $ppp)."</span>";
$txt = "";
while ($x = $sql->fetch($bans)) {
$txt .= "
<tr>
<td class='tdbg2 center'><input type='checkbox' name='delban[]' value=\"{$x['ip']}\"></td>
<td class='tdbg1 center'>{$x['ip']}</td>
<td class='tdbg2 center'>".printdate($x['date'])."</td>
<td class='tdbg2 center'>".($x['expire'] ? printdate($x['expire'])." (".timeunits2($x['expire']-ctime()).")" : "Never")."</td>
<td class='tdbg1'>".($x['reason'] ? htmlspecialchars($x['reason']) : "None")."</td>
<td class='tdbg2 center'>".($x['banner'] ? getuserlink($x) : "Automatic")."</td>
</tr>
";
}
pageheader("IP Bans");
print adminlinkbar();
?>
<form method='POST' action='admin-ipbans.php'>
<?= auth_tag() ?>
<table class='table'>
<tr>
<td class='tdbgh' style='width: 120px'> </td>
<td class='tdbgh'> </td>
</tr>
<tr>
<td class='tdbg1 center b'>
Search IP:
</td>
<td class='tdbg2'>
<input type='text' name='searchip' value="<?= htmlspecialchars(filter_string($_POST['searchip'])) ?>">
<span class='fonts'>use * as wildcard</span>
</td>
</tr>
<tr>
<td class='tdbg1 center b'>
Reason:
</td>
<td class='tdbg2'>
<input type='text' name='searchreason' size=72 value="<?= htmlspecialchars($reason) ?>"> or special:
<select name="setreason">
<option value=""></option>
<option value="Send e-mail for password recovery">Password recovery</option>
<option value="Send e-mail to re-request the registration code">Regcode recovery</option>
<option value="online.php ban">Online users ban</option>
<option value="Abusive/unwelcome activity">Denied request ban</option>
</select>
</td>
</tr>
<tr><td class='tdbg2' colspan='2'><input type='submit' class='submit' name='dosearch' value='Search'></td></tr>
</table>
<br>
<?= $pagectrl ?>
<table class='table'>
<tr>
<td class='tdbgh center'>#</td>
<td class='tdbgh center'>IP Address</td>
<td class='tdbgh center' style='width: 200px'>Ban date</td>
<td class='tdbgh center' style='width: 350px'>Expiration date</td>
<td class='tdbgh center'>Reason</td>
<td class='tdbgh center'>Banned by</td>
</tr>
<?= $txt ?>
<tr><td class='tdbg2' colspan='6'><input type='submit' class='submit' name='dodel' value='Delete selected'></td></tr>
</table>
<?= $pagectrl ?>
<br><br>
<table class='table' id='addban'>
<tr><td class='tdbgh center b' colspan='2'>Add IP ban</td></tr>
<tr>
<td class='tdbg1 center b' style='width: 120px'>IP Address</td>
<td class='tdbg2'><input type='text' name='newip' value="<?=htmlspecialchars($_GET['newip'])?>"></td>
</tr>
<tr>
<td class='tdbg1 center b'>Ban reason</td>
<td class='tdbg2'><input type='text' name='reason' style='width: 500px'></td>
</tr>
<tr>
<td class='tdbg1 center b'>
Message to send on IRC
<div class='fonts'>If not specified, the <i>Ban reason</i> will be used.</div>
</td>
<td class='tdbg2'><input type='text' name='ircreason' style='width: 500px'></td>
</tr>
<tr>
<td class='tdbg1 center b'>Duration</td>
<td class='tdbg2'>
<?= ban_hours('expire', 0) ?>
</td>
</tr>
<tr><td class='tdbg2' colspan='2'><input type='submit' class='submit' name='ipban' value='IP Ban'></td></tr>
</table>
</form>
<?php
pagefooter();