Gazelle/sections/tools/managers/bans.php

164 lines
4.9 KiB
PHP
Raw Normal View History

2013-05-28 08:01:02 +00:00
<?php
2013-04-24 08:00:23 +00:00
if (!check_perms('admin_manage_ipbans')) {
error(403);
}
2011-03-28 14:21:28 +00:00
if (isset($_POST['submit'])) {
authorize();
2013-02-07 08:00:47 +00:00
$IPA = substr($_POST['start'], 0, strcspn($_POST['start'], '.'));
2011-03-28 14:21:28 +00:00
if ($_POST['submit'] == 'Delete') { //Delete
2013-04-24 08:00:23 +00:00
if (!is_number($_POST['id']) || $_POST['id'] == '') {
error(0);
}
2011-03-28 14:21:28 +00:00
$DB->query('DELETE FROM ip_bans WHERE ID='.$_POST['id']);
2013-02-07 08:00:47 +00:00
$Cache->delete_value('ip_bans_'.$IPA);
2011-03-28 14:21:28 +00:00
} else { //Edit & Create, Shared Validation
2012-09-23 08:00:25 +00:00
$Val->SetFields('start', '1','regex','You must include the starting IP address.',array('regex'=>'/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i'));
$Val->SetFields('end', '1','regex','You must include the ending IP address.',array('regex'=>'/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i'));
$Val->SetFields('notes', '1','string','You must include the reason for the ban.');
2011-03-28 14:21:28 +00:00
$Err=$Val->ValidateForm($_POST); // Validate the form
2013-04-24 08:00:23 +00:00
if ($Err) {
error($Err);
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
$Notes = db_string($_POST['notes']);
2012-10-11 08:00:15 +00:00
$Start = Tools::ip_to_unsigned($_POST['start']); //Sanitized by Validation regex
$End = Tools::ip_to_unsigned($_POST['end']); //See above
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
if ($_POST['submit'] == 'Edit') { //Edit
if (empty($_POST['id']) || !is_number($_POST['id'])) {
2011-03-28 14:21:28 +00:00
error(404);
}
$DB->query("UPDATE ip_bans SET
FromIP=$Start,
ToIP='$End',
Reason='$Notes'
WHERE ID='".$_POST['id']."'");
} else { //Create
$DB->query("INSERT INTO ip_bans
(FromIP, ToIP, Reason) VALUES
('$Start','$End', '$Notes')");
}
2013-02-07 08:00:47 +00:00
$Cache->delete_value('ip_bans_'.$IPA);
2011-03-28 14:21:28 +00:00
}
}
define('BANS_PER_PAGE', '20');
2013-05-28 08:01:02 +00:00
list($Page, $Limit) = Format::page_limit(BANS_PER_PAGE);
2011-03-28 14:21:28 +00:00
$sql = "SELECT SQL_CALC_FOUND_ROWS ID, FromIP, ToIP, Reason FROM ip_bans AS i ";
2013-04-24 08:00:23 +00:00
if (!empty($_REQUEST['notes'])) {
2011-03-28 14:21:28 +00:00
$sql .= "WHERE Reason LIKE '%".db_string($_REQUEST['notes'])."%' ";
}
2013-04-24 08:00:23 +00:00
if (!empty($_REQUEST['ip']) && preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $_REQUEST['ip'])) {
2011-03-28 14:21:28 +00:00
if (!empty($_REQUEST['notes'])) {
2012-10-11 08:00:15 +00:00
$sql .= "AND '".Tools::ip_to_unsigned($_REQUEST['ip'])."' BETWEEN FromIP AND ToIP ";
2011-03-28 14:21:28 +00:00
} else {
2012-10-11 08:00:15 +00:00
$sql .= "WHERE '".Tools::ip_to_unsigned($_REQUEST['ip'])."' BETWEEN FromIP AND ToIP ";
2011-03-28 14:21:28 +00:00
}
}
$sql .= "ORDER BY FromIP ASC";
$sql .= " LIMIT ".$Limit;
$Bans = $DB->query($sql);
$DB->query('SELECT FOUND_ROWS()');
list($Results) = $DB->next_record();
2012-10-11 08:00:15 +00:00
$PageLinks=Format::get_pages($Page,$Results,BANS_PER_PAGE,11);
2011-03-28 14:21:28 +00:00
2013-03-23 08:00:43 +00:00
View::show_header('IP Address Bans');
2012-06-17 08:00:18 +00:00
$DB->set_query_id($Bans);
2011-03-28 14:21:28 +00:00
?>
2012-08-19 08:00:19 +00:00
<div class="header">
2013-03-23 08:00:43 +00:00
<h2>IP Address Bans</h2>
2012-08-19 08:00:19 +00:00
</div>
2011-03-28 14:21:28 +00:00
<div>
2012-09-15 08:00:25 +00:00
<form class="search_form" name="bans" action="" method="get">
2012-09-01 08:00:24 +00:00
<table cellpadding="6" cellspacing="1" border="0" class="layout border" width="100%">
2011-03-28 14:21:28 +00:00
<tr>
2013-03-23 08:00:43 +00:00
<td class="label"><label for="ip">IP address:</label></td>
2011-03-28 14:21:28 +00:00
<td>
<input type="hidden" name="action" value="ip_ban" />
<input type="text" id="ip" name="ip" size="20" value="<?=(!empty($_GET['ip']) ? display_str($_GET['ip']) : '')?>" />
</td>
<td class="label"><label for="notes">Notes:</label></td>
<td>
<input type="hidden" name="action" value="ip_ban" />
<input type="text" id="notes" name="notes" size="60" value="<?=(!empty($_GET['notes']) ? display_str($_GET['notes']) : '')?>" />
</td>
<td>
<input type="submit" value="Search" />
</td>
</tr>
2013-02-22 08:00:24 +00:00
</table>
2011-03-28 14:21:28 +00:00
</form>
</div>
2012-09-23 08:00:25 +00:00
<br />
2011-03-28 14:21:28 +00:00
<h3>Manage</h3>
2013-03-23 08:00:43 +00:00
<div class="linkbox">
2011-03-28 14:21:28 +00:00
<?=$PageLinks?>
2013-03-23 08:00:43 +00:00
</div>
2011-03-28 14:21:28 +00:00
<table width="100%">
<tr class="colhead">
2012-09-23 08:00:25 +00:00
<td colspan="2">
2013-03-23 08:00:43 +00:00
<span title="The IP addresses specified are &#42;inclusive&#42;. The left box is the beginning of the IP address range, and the right box is the end of the IP address range.">Range</span>
2012-09-23 08:00:25 +00:00
</td>
2011-03-28 14:21:28 +00:00
<td>Notes</td>
<td>Submit</td>
</tr>
<tr class="rowa">
2012-09-15 08:00:25 +00:00
<form class="create_form" name="ban" action="" method="post">
2011-03-28 14:21:28 +00:00
<input type="hidden" name="action" value="ip_ban" />
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<td colspan="2">
<input type="text" size="12" name="start" />
<input type="text" size="12" name="end" />
</td>
<td>
<input type="text" size="72" name="notes" />
</td>
<td>
<input type="submit" name="submit" value="Create" />
</td>
</form>
</tr>
<?
$Row = 'a';
2013-05-02 08:00:23 +00:00
while (list($ID, $Start, $End, $Reason) = $DB->next_record()) {
2011-03-28 14:21:28 +00:00
$Row = ($Row === 'a' ? 'b' : 'a');
$Start=long2ip($Start);
$End=long2ip($End);
?>
<tr class="row<?=$Row?>">
2012-09-15 08:00:25 +00:00
<form class="manage_form" name="ban" action="" method="post">
2011-03-28 14:21:28 +00:00
<input type="hidden" name="id" value="<?=$ID?>" />
<input type="hidden" name="action" value="ip_ban" />
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<td colspan="2">
<input type="text" size="12" name="start" value="<?=$Start?>" />
<input type="text" size="12" name="end" value="<?=$End?>" />
</td>
<td>
<input type="text" size="72" name="notes" value="<?=$Reason?>" />
</td>
<td>
<input type="submit" name="submit" value="Edit" />
<input type="submit" name="submit" value="Delete" />
</td>
</form>
</tr>
<?
}
?>
</table>
2013-03-23 08:00:43 +00:00
<div class="linkbox">
2011-03-28 14:21:28 +00:00
<?=$PageLinks?>
2013-03-23 08:00:43 +00:00
</div>
2012-10-11 08:00:15 +00:00
<? View::show_footer(); ?>