Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialAdmin.php
changeset 358 b25d34fbc7ab
parent 357 1d0152181585
child 365 cc6bf4d63684
equal deleted inserted replaced
357:1d0152181585 358:b25d34fbc7ab 
  1967   }
 
  1967   }
 
  1968   
  1968   
  1969   if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
 
  1969   if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
 
  1970   {
 
  1970   {
 
  1971     $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . '');
 
  1971     $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . '');
 
  1972     if(!$e) $db->_die('The ban list entry was not deleted.');
 
  1972     if ( !$e )
 
       
  1973       $db->_die('The ban list entry was not deleted.');
 
  1973   }
 
  1974   }
 
  1974   if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
 
  1975   if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
 
  1975   {
 
  1976   {
 
  1976     $type = intval($_POST['type']);
 
  1977     $type = intval($_POST['type']);
 
  1977     $value = trim($_POST['value']);
 
  1978     $value = trim($_POST['value']);
 
  1979     {
 
  1980     {
 
  1980       echo '<div class="error-box">Hacking attempt.</div>';
 
  1981       echo '<div class="error-box">Hacking attempt.</div>';
 
  1981     }
 
  1982     }
 
  1982     else if ( empty($value) )
 
  1983     else if ( empty($value) )
 
  1983     {
 
  1984     {
 
  1984       echo '<div class="error-box">Please enter something to ban.</div>';
 
  1985       echo '<div class="error-box">' . $lang->get('acpbc_err_empty') . '</div>';
 
  1985     }
 
  1986     }
 
  1986     else
 
  1987     else
 
  1987     {
 
  1988     {
 
  1988       $entries = array();
 
  1989       $entries = array();
 
  1989       $input = explode(',', $_POST['value']);
 
  1990       $input = explode(',', $_POST['value']);
 
  1991       foreach ( $input as $entry )
 
  1992       foreach ( $input as $entry )
 
  1992       {
 
  1993       {
 
  1993         $entry = trim($entry);
 
  1994         $entry = trim($entry);
 
  1994         if ( empty($entry) )
 
  1995         if ( empty($entry) )
 
  1995         {
 
  1996         {
 
  1996           echo '<div class="error-box">Malformed entry.</div>';
 
  1997           echo '<div class="error-box">' . $lang->get('acpbc_err_invalid_ip_range') . '</div>';
 
  1997           $error = true;
 
  1998           $error = true;
 
  1998           break;
 
  1999           break;
 
  1999         }
 
  2000         }
 
  2000         if ( $type == BAN_IP )
 
  2001         if ( $type == BAN_IP )
 
  2001         {
 
  2002         {
 
  2031       }
 
  2032       }
 
  2032     }
 
  2033     }
 
  2033   }
 
  2034   }
 
  2034   else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
 
  2035   else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
 
  2035   {
 
  2036   {
 
  2036     echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
 
  2037     echo '<div class="error-box">' . $lang->get('acpbc_err_demo', array('ban_target' => htmlspecialchars($_POST['value']))) . '</div>';
 
  2037   }
 
  2038   }
 
  2038   $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
 
  2039   $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
 
  2039   if(!$q) $db->_die('The banlist data could not be selected.');
 
  2040   if ( !$q )
 
       
  2041     $db->_die('The banlist data could not be selected.');
 
  2040   echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;">
 
  2042   echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;">
 
  2041           <table border="0" cellspacing="1" cellpadding="4">';
 
  2043           <table border="0" cellspacing="1" cellpadding="4">';
 
  2042   echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
 
  2044   echo '<tr>
 
  2043   if($db->numrows() < 1) echo '<td class="row1" colspan="4">No ban rules yet.</td>';
 
  2045           <th>' . $lang->get('acpbc_col_type') . '</th>
 
       
  2046           <th>' . $lang->get('acpbc_col_value') . '</th>
 
       
  2047           <th>' . $lang->get('acpbc_col_regex') . '</th>
 
       
  2048           <th></th>
 
       
  2049         </tr>';
 
       
  2050   if ( $db->numrows() < 1 )
 
       
  2051   {
 
       
  2052     echo '<td class="row1" colspan="4">' . $lang->get('acpbc_msg_no_rules') . '</td>';
 
       
  2053   }
 
  2044   $cls = 'row2';
 
  2054   $cls = 'row2';
 
  2045   while($r = $db->fetchrow())
 
  2055   while ( $r = $db->fetchrow() )
 
  2046   {
 
  2056   {
 
  2047     $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
 
  2057     $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
 
  2048     if($r['ban_type']==BAN_IP) $t = 'IP address';
 
  2058     if ( $r['ban_type'] == BAN_IP )
 
  2049     elseif($r['ban_type']==BAN_USER) $t = 'Username';
 
  2059       $t = $lang->get('acpbc_ban_type_ip');
 
  2050     elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
 
  2060     else if ( $r['ban_type'] == BAN_USER )
 
  2051     if($r['is_regex']) $g = 'Yes'; else $g = 'No';
 
  2061       $t = $lang->get('acpbc_ban_type_username');
 
  2052     echo '<tr><td class="'.$cls.'">'.$t.'</td><td class="'.$cls.'">'.$r['ban_value'].'</td><td class="'.$cls.'">'.$g.'</td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&amp;action=delete&amp;id='.$r['ban_id']).'">Delete</a></td></tr>';
 
  2062     else if ( $r['ban_type'] == BAN_EMAIL )
 
       
  2063       $t = $lang->get('acpbc_ban_type_email');
 
       
  2064     $g = ( $r['is_regex'] ) ? '<b>' . $lang->get('acpbc_ban_regex_yes') . '</b>' : $lang->get('acpbc_ban_regex_no');
 
       
  2065     echo '<tr>
 
       
  2066             <td class="'.$cls.'">'.$t.'</td>
 
       
  2067             <td class="'.$cls.'">'.htmlspecialchars($r['ban_value']).'</td>
 
       
  2068             <td class="'.$cls.'">'.$g.'</td>
 
       
  2069             <td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&amp;action=delete&amp;id='.$r['ban_id']).'">' . $lang->get('acpbc_btn_delete') . '</a></td>
 
       
  2070           </tr>';
 
  2053   }
 
  2071   }
 
  2054   $db->free_result();
 
  2072   $db->free_result();
 
  2055   echo '</table></div>';
 
  2073   echo '</table></div>';
 
  2056   echo '<h3>Create new ban rule</h3>';
 
  2074   echo '<h3>' . $lang->get('acpbc_heading_create_new') . '</h3>';
 
  2057   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
 
  2075   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
 
  2058   ?>
 
  2076   ?>
 
  2059   Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
 
  2077   
  2060   Rule: <input type="text" name="value" size="30" /><br />
 
  2078   <?php echo $lang->get('acpbc_field_type'); ?>
 
  2061   <small>You can ban multiple IP addresses, users, or e-mail addresses by separating entries with a single comma (User1,User2). Do not put a space after the comma. For IP addresses, you may specify ranges like 172|192.168.4-30|90-167.1-90, which will turn into 172 and 192 . 168 . 4-30 and 90-167 . 1 - 90, which matches 18,899 IP addresses.</small><br />
 
  2079     <select name="type">
 
  2062   Reason to show to the banned user: <textarea name="reason" rows="7" cols="40"></textarea><br />
 
  2080       <option value="<?php echo BAN_IP; ?>"><?php echo $lang->get('acpbc_ban_type_ip'); ?></option>
 
  2063   <input type="checkbox" name="regex" id="regex" />  <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
 
  2081       <option value="<?php echo BAN_USER; ?>"><?php echo $lang->get('acpbc_ban_type_username'); ?></option>
 
  2064   <input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
 
  2082       <option value="<?php echo BAN_EMAIL; ?>"><?php echo $lang->get('acpbc_ban_type_email'); ?></option>
 
       
  2083     </select>
 
       
  2084     <br />
 
       
  2085     
       
  2086   <?php echo $lang->get('acpbc_field_rule'); ?>
 
       
  2087     <input type="text" name="value" size="30" /><br />
 
       
  2088     <small><?php echo $lang->get('acpbc_field_rule_hint'); ?></small><br />
 
       
  2089     
       
  2090   <?php echo $lang->get('acpbc_field_reason'); ?>
 
       
  2091     <textarea name="reason" rows="7" cols="40"></textarea><br />
 
       
  2092     
       
  2093   <label><input type="checkbox" name="regex" id="regex" /> <?php echo $lang->get('acpbc_field_regex'); ?></label>
 
       
  2094     <?php echo $lang->get('acpbc_field_regex_hint'); ?><br />
 
       
  2095     
       
  2096   <input type="submit" style="font-weight: bold;" name="create" value="<?php echo $lang->get('acpbc_btn_create'); ?>" />
 
  2065   <?php
 
  2097   <?php
 
  2066   echo '</form>';
 
  2098   echo '</form>';
 
  2067 }
 
  2099 }
 
  2068 
  2100 
  2069 function page_Admin_AdminLogout()
 
  2101 function page_Admin_AdminLogout()
 
  2077     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
 
  2109     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
 
  2078     return;
 
  2110     return;
 
  2079   }
 
  2111   }
 
  2080   
  2112   
  2081   $session->logout(USER_LEVEL_ADMIN);
 
  2113   $session->logout(USER_LEVEL_ADMIN);
 
  2082   echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
 
  2114   echo '<h3>' . $lang->get('acplo_heading_main') . '</h3>
 
       
  2115          <p>' . $lang->get('acplo_msg_logout_complete', array('mainpage_link' => makeUrl(getConfig('main_page')))) . '</p>';
 
  2083 }
 
  2116 }
 
  2084 
  2117 
  2085 function page_Special_Administration()
 
  2118 function page_Special_Administration()
 
  2086 {
 
  2119 {
 
  2087   global $db, $session, $paths, $template, $plugins; // Common objects
 
  2120   global $db, $session, $paths, $template, $plugins; // Common objects
Enano CMS (1.1.x)