Commit 9583c72c authored by Dries's avatar Dries
Browse files

* Implemented ban-capabilities, a first step towards an admin-friendly user
  system:
   - you can add and remove wild-carded e-mails from the banlist.
   - you can add and remove wild-carded hostnames from the banlist.
   - you can add and remove wild-carded usernames from the banlist.
   - you can add and remove wild-carded profanity from the banlist.
   - you can browse all bans according to their category: see ban.php.
parent 9b99d319
<? <?
include('config.inc'); include "config.inc";
include('functions.inc'); include "functions.inc";
include "database.inc";
function dbsave($dbase, $data, $id=0) { function dbsave($dbase, $data, $id=0) {
foreach ($data as $key=>$value) { foreach ($data as $key=>$value) {
...@@ -60,12 +61,17 @@ function newUser($user = "", $error="") { ...@@ -60,12 +61,17 @@ function newUser($user = "", $error="") {
$theme->footer(); $theme->footer();
} }
function validateUser($user) { function validateUser($user) {
include "ban.class.php";
### Verify username and e-mail address: ### Verify username and e-mail address:
$user[userid] = trim($user[userid]); $user[userid] = trim($user[userid]);
if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>"; if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>"; if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters."; if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
if (eregi("^((root)|(httpd)|(operator)|(admin)|(administrator)|(news)|(deamon)|(nobody)|(ftp))$", $user[userid])) $rval = "the specified username is reserved.";
### Check to see whether the username or e-mail address are banned:
if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>.";
if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
### Verify whether username and e-mail address are unique: ### Verify whether username and e-mail address are unique:
dbconnect(); dbconnect();
...@@ -73,13 +79,10 @@ function validateUser($user) { ...@@ -73,13 +79,10 @@ function validateUser($user) {
if (mysql_num_rows(mysql_query("SELECT email FROM testusers WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered."; if (mysql_num_rows(mysql_query("SELECT email FROM testusers WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
return($rval); return($rval);
} }
function makePassword($min_length=6) { function makePassword($min_length=6) {
mt_srand((double)microtime() * 1000000); mt_srand((double)microtime() * 1000000);
$words = array("foo","bar","guy","neo","geek","nerd","fish","hack","star","moon","hero","cola","girl","fish","java","boss"); $words = array("foo","bar","guy","neo","tux","moo","sun","god","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","boss");
while(strlen($password) < $min_length) { while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
$password .= $words[mt_rand(0, count($words))];
}
return $password; return $password;
} }
......
<?
$type = array("addresses" => 0x01,
"profanity" => 0x02,
"hostnames" => 0x03,
"usernames" => 0x04);
function ban_match($mask, $category) {
### Connect to database:
db_connect();
### Perform query:
$result = db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask");
### Return result:
return db_fetch_object($result);
}
?>
<?
// This code should go in the admin pages and is only a temporary
// placeholder untill we are going to rewrite the admin pages.
function ban_check($mask, $category) {
include "ban.class.php";
$ban = ban_match($mask, $category);
print "<H3>Status:</H3>\n";
print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") ."";
}
function ban_add($mask, $category, $reason) {
### Connect to database and perform query:
include "database.inc";
db_connect();
print "<H3>Status:</H3>\n";
if (empty($mask)) {
print "Failed: empty banmasks are not allowed.<P>\n";
}
else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) {
print "Failed: ban is already matched by '$ban->mask'.<P>\n";
}
else {
$result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
print "Added new ban with mask `$mask'.<P>\n";
}
}
function ban_delete($id) {
### Connect to database and perform query:
include "database.inc";
db_connect();
$result = db_query("DELETE FROM bans WHERE id = $id");
}
function ban_display($category = "") {
global $PHP_SELF;
include "ban.class.php";
### initialize variable:
$category = $category ? $category : 1;
### Connect to database and perform query:
include "database.inc";
db_connect();
$result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
### Generate output:
print "<H3>Active bans:</H3>\n";
print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
print " <TR>\n";
print " <TH COLSPAN=\"2\" >Active bans</TH>\n";
print " </TH>\n";
print " <TH>\n";
print " <FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print " <SELECT NAME=\"category\">\n";
for (reset($type); $cur = current($type); next($type)) {
print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print " </SELECT>\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Display\">\n";
print " </FORM>\n";
print " </TH>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH>Mask</TH>\n";
print " <TH>Reason</TH>\n";
print " <TH>Operations</TH>\n";
print " </TR>\n";
while ($ban = db_fetch_object($result)) {
print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n";
}
print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n";
print "</TABLE>\n";
print "<BR><HR>\n";
print "<H3>Add new ban:</H3>\n";
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print "<B>Banmask:</B><BR>\n";
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
print "<B>Type:</B><BR>\n";
print "<SELECT NAME=\"category\"\">\n";
for (reset($type); $cur = current($type); next($type)) {
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print "</SELECT><P>\n";
print "<B>Reason:</B><BR>\n";
print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n";
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n";
print "</FORM>\n";
print "<BR><HR>\n";
print "<H3>Ban check:</H3>\n";
print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
print "<B>Banmask:</B><BR>\n";
print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
print "<B>Type:</B><BR>\n";
print "<SELECT NAME=\"category\"\">\n";
for (reset($type); $cur = current($type); next($type)) {
print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
}
print "</SELECT><P>\n";
print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n";
print "</FORM>\n";
}
include "admin.inc";
admin_header();
switch ($op) {
case "Add ban":
ban_add($mask, $category, $reason);
ban_display($category);
break;
case "Check ban":
ban_check($mask, $category);
ban_display($category);
break;
case "delete":
ban_delete($id);
displayBans($category);
break;
default:
ban_display($category);
}
admin_footer();
?>
...@@ -74,4 +74,12 @@ ...@@ -74,4 +74,12 @@
# to '0' # to '0'
$system = 0; $system = 0;
/*
class config {
var $path = "/home/buytaert/public_html/projects/drop";
}
if (!$config) $config = new config();
*/
?> ?>
\ No newline at end of file
<? <?
include("user.class.php"); include("user.class.php");
session_start(); session_start();
include "config.inc"; include "config.inc";
......
...@@ -47,6 +47,16 @@ CREATE TABLE blocks ( ...@@ -47,6 +47,16 @@ CREATE TABLE blocks (
PRIMARY KEY (id) PRIMARY KEY (id)
); );
CREATE TABLE bans (
id tinyint(4) DEFAULT '0' NOT NULL auto_increment,
mask varchar(255) NOT NULL,
type tinyint(2) DEFAULT '' NOT NULL,
reason text DEFAULT '' NOT NULL,
timestamp int(11),
UNIQUE mask (mask),
PRIMARY KEY (id)
);
# #
# Dumping data for table 'blocks' # Dumping data for table 'blocks'
# #
...@@ -63,7 +73,6 @@ CREATE TABLE channel ( ...@@ -63,7 +73,6 @@ CREATE TABLE channel (
url varchar(255) DEFAULT '' NOT NULL, url varchar(255) DEFAULT '' NOT NULL,
contact varchar(255) DEFAULT '', contact varchar(255) DEFAULT '',
timestamp int(11), timestamp int(11),
UNIQUE site (site),
UNIQUE file (file), UNIQUE file (file),
UNIQUE url (url), UNIQUE url (url),
PRIMARY KEY (id) PRIMARY KEY (id)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment