* Implemented ban-capabilities, a first step towards an admin-friendly user
system: - you can add and remove wild-carded e-mails from the banlist. - you can add and remove wild-carded hostnames from the banlist. - you can add and remove wild-carded usernames from the banlist. - you can add and remove wild-carded profanity from the banlist. - you can browse all bans according to their category: see ban.php.3-00
Dries Buytaert
parent
9b99d319bd
commit
9583c72c67
19
account.php
19
account.php
|
|
@ -1,6 +1,7 @@
|
|||
<?
|
||||
include('config.inc');
|
||||
include('functions.inc');
|
||||
include "config.inc";
|
||||
include "functions.inc";
|
||||
include "database.inc";
|
||||
|
||||
function dbsave($dbase, $data, $id=0) {
|
||||
foreach ($data as $key=>$value) {
|
||||
|
|
@ -60,12 +61,17 @@ function newUser($user = "", $error="") {
|
|||
$theme->footer();
|
||||
}
|
||||
function validateUser($user) {
|
||||
include "ban.class.php";
|
||||
|
||||
### Verify username and e-mail address:
|
||||
$user[userid] = trim($user[userid]);
|
||||
if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
|
||||
if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
|
||||
if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
|
||||
if (eregi("^((root)|(httpd)|(operator)|(admin)|(administrator)|(news)|(deamon)|(nobody)|(ftp))$", $user[userid])) $rval = "the specified username is reserved.";
|
||||
|
||||
### Check to see whether the username or e-mail address are banned:
|
||||
if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>.";
|
||||
if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
|
||||
|
||||
### Verify whether username and e-mail address are unique:
|
||||
dbconnect();
|
||||
|
|
@ -73,13 +79,10 @@ function validateUser($user) {
|
|||
if (mysql_num_rows(mysql_query("SELECT email FROM testusers WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
|
||||
return($rval);
|
||||
}
|
||||
|
||||
function makePassword($min_length=6) {
|
||||
mt_srand((double)microtime() * 1000000);
|
||||
$words = array("foo","bar","guy","neo","geek","nerd","fish","hack","star","moon","hero","cola","girl","fish","java","boss");
|
||||
while(strlen($password) < $min_length) {
|
||||
$password .= $words[mt_rand(0, count($words))];
|
||||
}
|
||||
$words = array("foo","bar","guy","neo","tux","moo","sun","god","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","boss");
|
||||
while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
|
||||
return $password;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
<?
|
||||
|
||||
$type = array("addresses" => 0x01,
|
||||
"profanity" => 0x02,
|
||||
"hostnames" => 0x03,
|
||||
"usernames" => 0x04);
|
||||
|
||||
function ban_match($mask, $category) {
|
||||
### Connect to database:
|
||||
db_connect();
|
||||
|
||||
### Perform query:
|
||||
$result = db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask");
|
||||
|
||||
### Return result:
|
||||
return db_fetch_object($result);
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -0,0 +1,136 @@
|
|||
<?
|
||||
// This code should go in the admin pages and is only a temporary
|
||||
// placeholder untill we are going to rewrite the admin pages.
|
||||
|
||||
function ban_check($mask, $category) {
|
||||
include "ban.class.php";
|
||||
|
||||
$ban = ban_match($mask, $category);
|
||||
|
||||
print "<H3>Status:</H3>\n";
|
||||
print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") ."";
|
||||
}
|
||||
|
||||
function ban_add($mask, $category, $reason) {
|
||||
### Connect to database and perform query:
|
||||
include "database.inc";
|
||||
db_connect();
|
||||
|
||||
print "<H3>Status:</H3>\n";
|
||||
if (empty($mask)) {
|
||||
print "Failed: empty banmasks are not allowed.<P>\n";
|
||||
}
|
||||
else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) {
|
||||
print "Failed: ban is already matched by '$ban->mask'.<P>\n";
|
||||
}
|
||||
else {
|
||||
$result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
|
||||
print "Added new ban with mask `$mask'.<P>\n";
|
||||
}
|
||||
}
|
||||
|
||||
function ban_delete($id) {
|
||||
### Connect to database and perform query:
|
||||
include "database.inc";
|
||||
db_connect();
|
||||
$result = db_query("DELETE FROM bans WHERE id = $id");
|
||||
}
|
||||
|
||||
function ban_display($category = "") {
|
||||
global $PHP_SELF;
|
||||
|
||||
include "ban.class.php";
|
||||
|
||||
### initialize variable:
|
||||
$category = $category ? $category : 1;
|
||||
|
||||
### Connect to database and perform query:
|
||||
include "database.inc";
|
||||
db_connect();
|
||||
$result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
|
||||
|
||||
### Generate output:
|
||||
print "<H3>Active bans:</H3>\n";
|
||||
print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
|
||||
print " <TR>\n";
|
||||
print " <TH COLSPAN=\"2\" >Active bans</TH>\n";
|
||||
print " </TH>\n";
|
||||
print " <TH>\n";
|
||||
print " <FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
|
||||
print " <SELECT NAME=\"category\">\n";
|
||||
for (reset($type); $cur = current($type); next($type)) {
|
||||
print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
|
||||
}
|
||||
print " </SELECT>\n";
|
||||
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Display\">\n";
|
||||
print " </FORM>\n";
|
||||
print " </TH>\n";
|
||||
print " </TR>\n";
|
||||
print " <TR>\n";
|
||||
print " <TH>Mask</TH>\n";
|
||||
print " <TH>Reason</TH>\n";
|
||||
print " <TH>Operations</TH>\n";
|
||||
print " </TR>\n";
|
||||
|
||||
while ($ban = db_fetch_object($result)) {
|
||||
print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n";
|
||||
}
|
||||
|
||||
print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n";
|
||||
print "</TABLE>\n";
|
||||
print "<BR><HR>\n";
|
||||
|
||||
print "<H3>Add new ban:</H3>\n";
|
||||
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
|
||||
print "<B>Banmask:</B><BR>\n";
|
||||
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
|
||||
print "<B>Type:</B><BR>\n";
|
||||
print "<SELECT NAME=\"category\"\">\n";
|
||||
for (reset($type); $cur = current($type); next($type)) {
|
||||
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
|
||||
}
|
||||
print "</SELECT><P>\n";
|
||||
print "<B>Reason:</B><BR>\n";
|
||||
print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n";
|
||||
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n";
|
||||
print "</FORM>\n";
|
||||
print "<BR><HR>\n";
|
||||
|
||||
print "<H3>Ban check:</H3>\n";
|
||||
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
|
||||
print "<B>Banmask:</B><BR>\n";
|
||||
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
|
||||
print "<B>Type:</B><BR>\n";
|
||||
print "<SELECT NAME=\"category\"\">\n";
|
||||
for (reset($type); $cur = current($type); next($type)) {
|
||||
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
|
||||
}
|
||||
print "</SELECT><P>\n";
|
||||
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n";
|
||||
print "</FORM>\n";
|
||||
}
|
||||
|
||||
include "admin.inc";
|
||||
|
||||
admin_header();
|
||||
|
||||
switch ($op) {
|
||||
case "Add ban":
|
||||
ban_add($mask, $category, $reason);
|
||||
ban_display($category);
|
||||
break;
|
||||
case "Check ban":
|
||||
ban_check($mask, $category);
|
||||
ban_display($category);
|
||||
break;
|
||||
case "delete":
|
||||
ban_delete($id);
|
||||
displayBans($category);
|
||||
break;
|
||||
default:
|
||||
ban_display($category);
|
||||
}
|
||||
|
||||
admin_footer();
|
||||
|
||||
?>
|
||||
|
|
@ -74,4 +74,12 @@ $cfg_theme = "default";
|
|||
# to '0'
|
||||
$system = 0;
|
||||
|
||||
/*
|
||||
class config {
|
||||
var $path = "/home/buytaert/public_html/projects/drop";
|
||||
}
|
||||
|
||||
if (!$config) $config = new config();
|
||||
*/
|
||||
|
||||
?>
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
<?
|
||||
include("user.class.php");
|
||||
|
||||
session_start();
|
||||
|
||||
include "config.inc";
|
||||
|
|
|
|||
11
mysql.tables
11
mysql.tables
|
|
@ -47,6 +47,16 @@ CREATE TABLE blocks (
|
|||
PRIMARY KEY (id)
|
||||
);
|
||||
|
||||
CREATE TABLE bans (
|
||||
id tinyint(4) DEFAULT '0' NOT NULL auto_increment,
|
||||
mask varchar(255) NOT NULL,
|
||||
type tinyint(2) DEFAULT '' NOT NULL,
|
||||
reason text DEFAULT '' NOT NULL,
|
||||
timestamp int(11),
|
||||
UNIQUE mask (mask),
|
||||
PRIMARY KEY (id)
|
||||
);
|
||||
|
||||
#
|
||||
# Dumping data for table 'blocks'
|
||||
#
|
||||
|
|
@ -63,7 +73,6 @@ CREATE TABLE channel (
|
|||
url varchar(255) DEFAULT '' NOT NULL,
|
||||
contact varchar(255) DEFAULT '',
|
||||
timestamp int(11),
|
||||
UNIQUE site (site),
|
||||
UNIQUE file (file),
|
||||
UNIQUE url (url),
|
||||
PRIMARY KEY (id)
|
||||
|
|
|
|||
Loading…
Reference in New Issue