2011-03-28 14:21:28 +00:00
< ?
2013-04-24 08:00:23 +00:00
if ( ! check_perms ( 'admin_manage_ipbans' )) {
error ( 403 );
}
2011-03-28 14:21:28 +00:00
if ( isset ( $_POST [ 'submit' ])) {
authorize ();
2013-02-07 08:00:47 +00:00
$IPA = substr ( $_POST [ 'start' ], 0 , strcspn ( $_POST [ 'start' ], '.' ));
2011-03-28 14:21:28 +00:00
if ( $_POST [ 'submit' ] == 'Delete' ) { //Delete
2013-04-24 08:00:23 +00:00
if ( ! is_number ( $_POST [ 'id' ]) || $_POST [ 'id' ] == '' ) {
error ( 0 );
}
2011-03-28 14:21:28 +00:00
$DB -> query ( 'DELETE FROM ip_bans WHERE ID=' . $_POST [ 'id' ]);
2013-02-07 08:00:47 +00:00
$Cache -> delete_value ( 'ip_bans_' . $IPA );
2011-03-28 14:21:28 +00:00
} else { //Edit & Create, Shared Validation
2012-09-23 08:00:25 +00:00
$Val -> SetFields ( 'start' , '1' , 'regex' , 'You must include the starting IP address.' , array ( 'regex' => '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i' ));
$Val -> SetFields ( 'end' , '1' , 'regex' , 'You must include the ending IP address.' , array ( 'regex' => '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i' ));
$Val -> SetFields ( 'notes' , '1' , 'string' , 'You must include the reason for the ban.' );
2011-03-28 14:21:28 +00:00
$Err = $Val -> ValidateForm ( $_POST ); // Validate the form
2013-04-24 08:00:23 +00:00
if ( $Err ) {
error ( $Err );
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
$Notes = db_string ( $_POST [ 'notes' ]);
2012-10-11 08:00:15 +00:00
$Start = Tools :: ip_to_unsigned ( $_POST [ 'start' ]); //Sanitized by Validation regex
$End = Tools :: ip_to_unsigned ( $_POST [ 'end' ]); //See above
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
if ( $_POST [ 'submit' ] == 'Edit' ) { //Edit
if ( empty ( $_POST [ 'id' ]) || ! is_number ( $_POST [ 'id' ])) {
2011-03-28 14:21:28 +00:00
error ( 404 );
}
$DB -> query ( " UPDATE ip_bans SET
FromIP = $Start ,
ToIP = '$End' ,
Reason = '$Notes'
WHERE ID = '".$_POST[' id ']."' " );
} else { //Create
$DB -> query ( " INSERT INTO ip_bans
( FromIP , ToIP , Reason ) VALUES
( '$Start' , '$End' , '$Notes' ) " );
}
2013-02-07 08:00:47 +00:00
$Cache -> delete_value ( 'ip_bans_' . $IPA );
2011-03-28 14:21:28 +00:00
}
}
define ( 'BANS_PER_PAGE' , '20' );
2012-10-11 08:00:15 +00:00
list ( $Page , $Limit ) = Format :: page_limit ( BANS_PER_PAGE );
2011-03-28 14:21:28 +00:00
$sql = " SELECT SQL_CALC_FOUND_ROWS ID, FromIP, ToIP, Reason FROM ip_bans AS i " ;
2013-04-24 08:00:23 +00:00
if ( ! empty ( $_REQUEST [ 'notes' ])) {
2011-03-28 14:21:28 +00:00
$sql .= " WHERE Reason LIKE '% " . db_string ( $_REQUEST [ 'notes' ]) . " %' " ;
}
2013-04-24 08:00:23 +00:00
if ( ! empty ( $_REQUEST [ 'ip' ]) && preg_match ( '/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/' , $_REQUEST [ 'ip' ])) {
2011-03-28 14:21:28 +00:00
if ( ! empty ( $_REQUEST [ 'notes' ])) {
2012-10-11 08:00:15 +00:00
$sql .= " AND ' " . Tools :: ip_to_unsigned ( $_REQUEST [ 'ip' ]) . " ' BETWEEN FromIP AND ToIP " ;
2011-03-28 14:21:28 +00:00
} else {
2012-10-11 08:00:15 +00:00
$sql .= " WHERE ' " . Tools :: ip_to_unsigned ( $_REQUEST [ 'ip' ]) . " ' BETWEEN FromIP AND ToIP " ;
2011-03-28 14:21:28 +00:00
}
}
$sql .= " ORDER BY FromIP ASC " ;
$sql .= " LIMIT " . $Limit ;
$Bans = $DB -> query ( $sql );
$DB -> query ( 'SELECT FOUND_ROWS()' );
list ( $Results ) = $DB -> next_record ();
2012-10-11 08:00:15 +00:00
$PageLinks = Format :: get_pages ( $Page , $Results , BANS_PER_PAGE , 11 );
2011-03-28 14:21:28 +00:00
2013-03-23 08:00:43 +00:00
View :: show_header ( 'IP Address Bans' );
2012-06-17 08:00:18 +00:00
$DB -> set_query_id ( $Bans );
2011-03-28 14:21:28 +00:00
?>
2012-08-19 08:00:19 +00:00
< div class = " header " >
2013-03-23 08:00:43 +00:00
< h2 > IP Address Bans </ h2 >
2012-08-19 08:00:19 +00:00
</ div >
2011-03-28 14:21:28 +00:00
< div >
2012-09-15 08:00:25 +00:00
< form class = " search_form " name = " bans " action = " " method = " get " >
2012-09-01 08:00:24 +00:00
< table cellpadding = " 6 " cellspacing = " 1 " border = " 0 " class = " layout border " width = " 100% " >
2011-03-28 14:21:28 +00:00
< tr >
2013-03-23 08:00:43 +00:00
< td class = " label " >< label for = " ip " > IP address :</ label ></ td >
2011-03-28 14:21:28 +00:00
< td >
< input type = " hidden " name = " action " value = " ip_ban " />
< input type = " text " id = " ip " name = " ip " size = " 20 " value = " <?=(!empty( $_GET['ip'] ) ? display_str( $_GET['ip'] ) : '')?> " />
</ td >
< td class = " label " >< label for = " notes " > Notes :</ label ></ td >
< td >
< input type = " hidden " name = " action " value = " ip_ban " />
< input type = " text " id = " notes " name = " notes " size = " 60 " value = " <?=(!empty( $_GET['notes'] ) ? display_str( $_GET['notes'] ) : '')?> " />
</ td >
< td >
< input type = " submit " value = " Search " />
</ td >
</ tr >
2013-02-22 08:00:24 +00:00
</ table >
2011-03-28 14:21:28 +00:00
</ form >
</ div >
2012-09-23 08:00:25 +00:00
< br />
2011-03-28 14:21:28 +00:00
< h3 > Manage </ h3 >
2013-03-23 08:00:43 +00:00
< div class = " linkbox " >
2011-03-28 14:21:28 +00:00
< ? = $PageLinks ?>
2013-03-23 08:00:43 +00:00
</ div >
2011-03-28 14:21:28 +00:00
< table width = " 100% " >
< tr class = " colhead " >
2012-09-23 08:00:25 +00:00
< td colspan = " 2 " >
2013-03-23 08:00:43 +00:00
< span title = " The IP addresses specified are *inclusive*. The left box is the beginning of the IP address range, and the right box is the end of the IP address range. " > Range </ span >
2012-09-23 08:00:25 +00:00
</ td >
2011-03-28 14:21:28 +00:00
< td > Notes </ td >
< td > Submit </ td >
</ tr >
< tr class = " rowa " >
2012-09-15 08:00:25 +00:00
< form class = " create_form " name = " ban " action = " " method = " post " >
2011-03-28 14:21:28 +00:00
< input type = " hidden " name = " action " value = " ip_ban " />
< input type = " hidden " name = " auth " value = " <?= $LoggedUser['AuthKey'] ?> " />
< td colspan = " 2 " >
< input type = " text " size = " 12 " name = " start " />
< input type = " text " size = " 12 " name = " end " />
</ td >
< td >
< input type = " text " size = " 72 " name = " notes " />
</ td >
< td >
< input type = " submit " name = " submit " value = " Create " />
</ td >
</ form >
</ tr >
< ?
$Row = 'a' ;
2013-03-23 08:00:43 +00:00
while ( list ( $ID , $Start , $End , $Reason ) = $DB -> next_record ()) {
2011-03-28 14:21:28 +00:00
$Row = ( $Row === 'a' ? 'b' : 'a' );
$Start = long2ip ( $Start );
$End = long2ip ( $End );
?>
< tr class = " row<?= $Row ?> " >
2012-09-15 08:00:25 +00:00
< form class = " manage_form " name = " ban " action = " " method = " post " >
2011-03-28 14:21:28 +00:00
< input type = " hidden " name = " id " value = " <?= $ID ?> " />
< input type = " hidden " name = " action " value = " ip_ban " />
< input type = " hidden " name = " auth " value = " <?= $LoggedUser['AuthKey'] ?> " />
< td colspan = " 2 " >
< input type = " text " size = " 12 " name = " start " value = " <?= $Start ?> " />
< input type = " text " size = " 12 " name = " end " value = " <?= $End ?> " />
</ td >
< td >
< input type = " text " size = " 72 " name = " notes " value = " <?= $Reason ?> " />
</ td >
< td >
< input type = " submit " name = " submit " value = " Edit " />
< input type = " submit " name = " submit " value = " Delete " />
</ td >
</ form >
</ tr >
< ?
}
?>
</ table >
2013-03-23 08:00:43 +00:00
< div class = " linkbox " >
2011-03-28 14:21:28 +00:00
< ? = $PageLinks ?>
2013-03-23 08:00:43 +00:00
</ div >
2012-10-11 08:00:15 +00:00
< ? View :: show_footer (); ?>