';
$post_user_name = ''; // Clear the record
}
if ($post_ip != '') { // Only perform the IP address check if an IP address has been submit --- start
if ($post_ip == $REMOTE_ADDR || $post_ip == $superCage->server->getRaw("REMOTE_ADDR") || ($superCage->env->getRaw("REMOTE_ADDR") && $post_ip == $superCage->post->getRaw("REMOTE_ADDR"))) {
// Someone tried to ban himself by IP address.
$action_output .= '
';
$post_ip = ''; // Clear the record
}
if ($post_ip == $SERVER_ADDR || $post_ip == $superCage->server->getRaw("SERVER_ADDR") || $post_ip == $superCage->env->getRaw("SERVER_ADDR")) {
// Someone tried to ban the server's IP address.
$action_output .= '
';
$post_ip = ''; // Clear the record
}
} // Only perform the IP address check if an IP address has been submit --- end
// Plausibility control - make sure that some fool doesn't ban himself --- end
if ($superCage->post->getInt('select_'.$posted_ban_id) == 1 || ($post_user_name == '' && $post_email == '' && $post_ip == '')) { // Delete the record --- start
// Load the record set that we're going to delete into memory
unset($delete_ban_record_array);
$delete_ban_record_array = array();
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE ban_id = '$posted_ban_id' LIMIT 1");
if (mysql_num_rows($result)) {
// Delete the actual ban record
cpg_db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE ban_id = $posted_ban_id");
$action_output .= '
';
}
mysql_free_result($result);
} // Delete the record --- end
// Write the changes into the database --- start
// Determine wether there has actually been a change --- start
$change = 0;
if ($ban_database[$posted_ban_id]['user_name'] != $post_user_name) {
$change++;
}
if ($ban_database[$posted_ban_id]['email'] != $post_email) {
$change++;
}
if ($ban_database[$posted_ban_id]['ip_addr'] != $post_ip) {
$change++;
}
if ($ban_database[$posted_ban_id]['expiry'] != '' && $post_date != '') {
if (date('Y-m-d H:i:s', $ban_database[$posted_ban_id]['expiry']) != $post_date) {
$change++;
}
}
if ($ban_database[$posted_ban_id]['expiry'] == '' && $post_date != '') {
$change++;
}
if ($ban_database[$posted_ban_id]['expiry'] != '' && $post_date == '') {
$change++;
}
if ($post_user_name == '' && $post_email == '' && $post_ip == '') {
$change = 0; // Don't write back records that have been deleted by emptying all relevant input fields - we have taken care of them already and emptied them before.
}
if ($change != 0) {
// There has been an actual change of the database record - let's write it back --- start
// Look up if the given user name matches a user id --- start
$post_user_id = get_userid($post_user_name);
if ($post_user_id == 0) {
$post_user_id = 'NULL';
}
// Look up if the given user name matches a user id --- end
if ($post_ip == '') {// NULL the if address if empty
$post_ip = 'NULL';
} else {
$post_ip = "'" . $post_ip . "'"; // Wrap the IP address into single quotes if populated
}
cpg_db_query("UPDATE {$CONFIG['TABLE_BANNED']} SET user_id={$post_user_id}, user_name='{$post_user_name}', email='{$post_email}', ip_addr={$post_ip}, expiry={$post_timestamp} WHERE ban_id='{$posted_ban_id}' LIMIT 1");
$action_output .= '
';
// There has been an actual change of the database record - let's write it back --- end
}
// Determine whether there has actually been a change --- end
// Write the changes into the database --- end
} // end foreach loop
// Now let's take care of new ban records
// Sanitize the new record data --- start
$post_user_name = $superCage->post->getEscaped('add_user_name');
$post_temp_array = $superCage->post->getMatched('add_email', '/^([a-zA-Z0-9]((\.|\-|\_){0,1}[a-zA-Z0-9]){0,})@([a-zA-Z]((\.|\-){0,1}[a-zA-Z0-9]){0,})\.([a-zA-Z]{2,4})$/');
$post_email = $post_temp_array[0];
$post_temp_array = $superCage->post->getMatched('add_ip', '/^\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b$/');
$post_ip = $post_temp_array[0];
$post_temp_array = $superCage->post->getMatched('add_expires', '/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/');
list($year, $month, $day) = explode('-', $post_temp_array[0]);
if (checkdate($month, $day, $year)) {
$post_date = $post_temp_array[0];
$post_date .= ' 00:00:00';
$post_timestamp = "'" . $post_date . "'";
} else {
unset($post_date);
$post_timestamp = 'NULL';
}
$post_delete_comment = $superCage->post->getInt('delete_comment');
$post_comment_id = $superCage->post->getInt('comment_id');
unset($post_temp_array);
// Sanitize the new record data --- end
// Plausibility control - make sure that some fool doesn't ban himself --- start
if ($post_user_name == USER_NAME) {
// Someone tried to ban himself by username.
$action_output .= '
';
$post_user_name = ''; // Clear the record
}
if ($post_ip != '') { // Only perform the IP address check if an IP address has been submit --- start
if ($post_ip == $REMOTE_ADDR || $post_ip == $superCage->server->getRaw("REMOTE_ADDR") || ($superCage->env->getRaw("REMOTE_ADDR") && $post_ip == $superCage->post->getRaw("REMOTE_ADDR"))) {
// Someone tried to ban himself by IP address.
$action_output .= '
';
$post_ip = ''; // Clear the record
}
if ($post_ip == $SERVER_ADDR || $post_ip == $superCage->server->getRaw("SERVER_ADDR") || $post_ip == $superCage->env->getRaw("SERVER_ADDR")) {
// Someone tried to ban the server's IP address.
$action_output .= '
';
$post_ip = ''; // Clear the record
}
} // Only perform the IP address check if an IP address has been submit --- end
// Plausibility control - make sure that some fool doesn't ban himself --- end
// Double record control - make sure that the record doesn't already exist in the database --- start
if ($post_user_name != '') {
if (mysql_num_rows(cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$post_user_name}' AND brute_force = 0 LIMIT 1"))) {
$action_output .= '
';
$post_ip = '';
}
}
// Double record control - make sure that the record doesn't already exist in the database --- end
// Write the new record into the database --- start
// Determine wether form data for a new ban has been submit --- start
if ($post_user_name != '' || $post_email != '' || $post_ip != '') {
// Form fields for a new database record have been submit - let's create a new record --- start
// Look up if the given user name matches a user id --- start
$post_user_id = get_userid($post_user_name);
if ($post_user_id == 0) {
$post_user_id = 'NULL';
}
// Look up if the given user name matches a user id --- end
if ($post_ip == '') {// NULL the if address if empty
$post_ip = 'NULL';
} else {
$post_ip = "'" . $post_ip . "'"; // Wrap the IP address into single quotes if populated
}
cpg_db_query("INSERT INTO {$CONFIG['TABLE_BANNED']} (user_id, user_name, email, ip_addr, expiry) VALUES ({$post_user_id}, '{$post_user_name}', '{$post_email}', {$post_ip}, {$post_timestamp})");
$action_output .= '
';
}
} //no need for an "else" - we don't delete a comment if else, i.e. if "none" has been selected
}
// Form fields for a new database record have been submit - let's create a new record --- end
}
// Determine wether form data for a new ban has been submit --- end
// Write the new record into the database --- end
}
// Processing of form data --- end
// Initialisze vars
$see_all_comments = '';
$checked_single = 'disabled="disabled"';
$checked_all = 'checked="checked"';
$checked_none = '';
$new_ban_user_id = '';
//check if there is a ban_user parameter in the URL that we have to ban
if ($superCage->get->keyExists('ban_user') && $superCage->get->getInt('ban_user') != "") {
$new_ban_user_id = $superCage->get->getInt('ban_user');
$sql = "SELECT user_name FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$new_ban_user_id' LIMIT 1";
$result = cpg_db_query($sql);
if (!mysql_num_rows($result)) {
$comm_info['msg_author'] = '';
} else {
$user_data = mysql_fetch_assoc($result);
$comm_info['msg_author'] = $user_data['user_name'];
unset($user_data);
}
mysql_free_result($result);
} else {
$comm_info = array(
'msg_id' => 0,
'msg_author' => '',
'msg_ip' => '',
);
}
//check if there is a delete_comment_id parameter in the URL that we have to ban
if ($superCage->get->keyExists('delete_comment_id') && $superCage->get->getInt('delete_comment_id') != "") {
//get info on user
$comm_id = $superCage->get->getInt('delete_comment_id');
//check if there is a comment who's creator we have to ban
$comm_info = mysql_fetch_assoc(cpg_db_query("SELECT msg_author, msg_hdr_ip, msg_raw_ip FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id = $comm_id"));
$comm_info['msg_ip'] = ($comm_info['msg_hdr_ip'] == '') ? $comm_info['msg_hdr_ip'] : $comm_info['msg_raw_ip'];
$checked_single = 'checked="checked"';
$checked_none = '';
if (!$new_ban_user_id) { // comment has been made by a guest, so there is no point in populating the username field
$comm_info['msg_author'] = '';
$checked_all = 'disabled="disabled"';
$see_all_comments = '';
} else { // coment has been made by a registered user
$checked_all = '';
$see_all_comments = '(' . $lang_banning_php['view'] . ')';
}
}
pageheader($lang_banning_php['title'], '');
if ($CONFIG['bridge_enable'] != 0) {
starttable('100%', cpg_fetch_icon('warning', 2) . $lang_common['information'] . $help_array['bridge'], 1);
print <<< EOT