Commit 9583c72c authored by Dries's avatar Dries
Browse files

* Implemented ban-capabilities, a first step towards an admin-friendly user
  system:
   - you can add and remove wild-carded e-mails from the banlist.
   - you can add and remove wild-carded hostnames from the banlist.
   - you can add and remove wild-carded usernames from the banlist.
   - you can add and remove wild-carded profanity from the banlist.
   - you can browse all bans according to their category: see ban.php.
parent 9b99d319
<?
include('config.inc');
include('functions.inc');
include "config.inc";
include "functions.inc";
include "database.inc";
function dbsave($dbase, $data, $id=0) {
foreach ($data as $key=>$value) {
......@@ -60,12 +61,17 @@ function newUser($user = "", $error="") {
$theme->footer();
}
function validateUser($user) {
include "ban.class.php";
### Verify username and e-mail address:
$user[userid] = trim($user[userid]);
if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
if (eregi("^((root)|(httpd)|(operator)|(admin)|(administrator)|(news)|(deamon)|(nobody)|(ftp))$", $user[userid])) $rval = "the specified username is reserved.";
### Check to see whether the username or e-mail address are banned:
if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>.";
if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
### Verify whether username and e-mail address are unique:
dbconnect();
......@@ -73,13 +79,10 @@ function validateUser($user) {
if (mysql_num_rows(mysql_query("SELECT email FROM testusers WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
return($rval);
}
function makePassword($min_length=6) {
mt_srand((double)microtime() * 1000000);
$words = array("foo","bar","guy","neo","geek","nerd","fish","hack","star","moon","hero","cola","girl","fish","java","boss");
while(strlen($password) < $min_length) {
$password .= $words[mt_rand(0, count($words))];
}
$words = array("foo","bar","guy","neo","tux","moo","sun","god","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","boss");
while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
return $password;
}
......
<?
$type = array("addresses" => 0x01,
"profanity" => 0x02,
"hostnames" => 0x03,
"usernames" => 0x04);
function ban_match($mask, $category) {
### Connect to database:
db_connect();
### Perform query:
$result = db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask");
### Return result:
return db_fetch_object($result);
}
?>
<?
// This code should go in the admin pages and is only a temporary
// placeholder untill we are going to rewrite the admin pages.
function ban_check($mask, $category) {
include "ban.class.php";
$ban = ban_match($mask, $category);
print "<H3>Status:</H3>\n";
print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") ."";
}
function ban_add($mask, $category, $reason) {
### Connect to database and perform query:
include "database.inc";
db_connect();
print "<H3>Status:</H3>\n";
if (empty($mask)) {
print "Failed: empty banmasks are not allowed.<P>\n";
}
else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) {
print "Failed: ban is already matched by '$ban->mask'.<P>\n";
}
else {
$result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
print "Added new ban with mask `$mask'.<P>\n";
}
}
function ban_delete($id) {
### Connect to database and perform query:
include "database.inc";
db_connect();
$result = db_query("DELETE FROM bans WHERE id = $id");
}
function ban_display($category = "") {
global $PHP_SELF;
include "ban.class.php";
### initialize variable:
$category = $category ? $category : 1;
### Connect to database and perform query:
include "database.inc";
db_connect();
$result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
### Generate output:
print "<H3>Active bans:</H3>\n";
print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
print " <TR>\n";
print " <TH COLSPAN=\"2\" >Active bans</TH>\n";
print " </TH>\n";
print " <TH>\n";
print " <FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print " <SELECT NAME=\"category\">\n";
for (reset($type); $cur = current($type); next($type)) {
print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print " </SELECT>\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Display\">\n";
print " </FORM>\n";
print " </TH>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH>Mask</TH>\n";
print " <TH>Reason</TH>\n";
print " <TH>Operations</TH>\n";
print " </TR>\n";
while ($ban = db_fetch_object($result)) {
print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n";
}
print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n";
print "</TABLE>\n";
print "<BR><HR>\n";
print "<H3>Add new ban:</H3>\n";
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print "<B>Banmask:</B><BR>\n";
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
print "<B>Type:</B><BR>\n";
print "<SELECT NAME=\"category\"\">\n";
for (reset($type); $cur = current($type); next($type)) {
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print "</SELECT><P>\n";
print "<B>Reason:</B><BR>\n";
print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n";
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n";
print "</FORM>\n";
print "<BR><HR>\n";
print "<H3>Ban check:</H3>\n";
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print "<B>Banmask:</B><BR>\n";
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
print "<B>Type:</B><BR>\n";
print "<SELECT NAME=\"category\"\">\n";
for (reset($type); $cur = current($type); next($type)) {
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print "</SELECT><P>\n";
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n";
print "</FORM>\n";
}
include "admin.inc";
admin_header();
switch ($op) {
case "Add ban":
ban_add($mask, $category, $reason);
ban_display($category);
break;
case "Check ban":
ban_check($mask, $category);
ban_display($category);
break;
case "delete":
ban_delete($id);
displayBans($category);
break;
default:
ban_display($category);
}
admin_footer();
?>
......@@ -74,4 +74,12 @@
# to '0'
$system = 0;
/*
class config {
var $path = "/home/buytaert/public_html/projects/drop";
}
if (!$config) $config = new config();
*/
?>
\ No newline at end of file
<?
include("user.class.php");
session_start();
include "config.inc";
......
......@@ -47,6 +47,16 @@ CREATE TABLE blocks (
PRIMARY KEY (id)
);
CREATE TABLE bans (
id tinyint(4) DEFAULT '0' NOT NULL auto_increment,
mask varchar(255) NOT NULL,
type tinyint(2) DEFAULT '' NOT NULL,
reason text DEFAULT '' NOT NULL,
timestamp int(11),
UNIQUE mask (mask),
PRIMARY KEY (id)
);
#
# Dumping data for table 'blocks'
#
......@@ -63,7 +73,6 @@ CREATE TABLE channel (
url varchar(255) DEFAULT '' NOT NULL,
contact varchar(255) DEFAULT '',
timestamp int(11),
UNIQUE site (site),
UNIQUE file (file),
UNIQUE url (url),
PRIMARY KEY (id)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment