Файл: panel/includes/ipban.php
Строк: 451
<?php
/**
* @package JohnCMS
* @link http://johncms.com
* @copyright Copyright (C) 2008-2011 JohnCMS Community
* @license LICENSE.txt (see attached file)
* @version VERSION.txt (see attached file)
* @author http://johncms.com/about
*/
defined('_IN_JOHNADM') or die('Error: restricted access');
// Проверяем права доступа
if ($rights < 9) {
header('Location: http://johncms.com/?err');
exit;
}
switch ($mod) {
case 'new':
/*
-----------------------------------------------------------------
Баним IP адрес
-----------------------------------------------------------------
*/
echo '<div class="phdr"><a href="index.php?act=ipban"><b>' . $lng['ip_ban'] . '</b></a> | ' . $lng['ban_do'] . '</div>';
if (isset($_POST['submit'])) {
$error = '';
$get_ip = isset($_POST['ip']) ? trim($_POST['ip']) : '';
$ban_term = isset($_POST['term']) ? intval($_POST['term']) : 1;
$ban_url = isset($_POST['url']) ? htmlentities(trim($_POST['url']), ENT_QUOTES, 'UTF-8') : '';
$reason = isset($_POST['reason']) ? htmlentities(trim($_POST['reason']), ENT_QUOTES, 'UTF-8') : '';
if (empty($get_ip)) {
echo functions::display_error($lng['error_address'], '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>');
require_once('../incfiles/end.php');
exit;
}
$ip1 = 0;
$ip2 = 0;
$ipt1 = array();
$ipt2 = array();
if (strstr($get_ip, '-')) {
// Обрабатываем диапазон адресов
$mode = 1;
$array = explode('-', $get_ip);
$get_ip = trim($array[0]);
if (!core::ip_valid($get_ip))
$error[] = $lng['error_firstip'];
else
$ip1 = ip2long($get_ip);
$get_ip = trim($array[1]);
if (!core::ip_valid($get_ip))
$error[] = $lng['error_secondip'];
else
$ip2 = ip2long($get_ip);
} elseif (strstr($get_ip, '*')) {
// Обрабатываем адреса с маской
$mode = 2;
$array = explode('.', $get_ip);
for ($i = 0; $i < 4; $i++) {
if (!isset($array[$i]) || $array[$i] == '*') {
$ipt1[$i] = '0';
$ipt2[$i] = '255';
} elseif (is_numeric($array[$i]) && $array[$i] >= 0 && $array[$i] <= 255) {
$ipt1[$i] = $array[$i];
$ipt2[$i] = $array[$i];
} else {
$error = $lng['error_address'];
}
$ip1 = ip2long($ipt1[0] . '.' . $ipt1[1] . '.' . $ipt1[2] . '.' . $ipt1[3]);
$ip2 = ip2long($ipt2[0] . '.' . $ipt2[1] . '.' . $ipt2[2] . '.' . $ipt2[3]);
}
} else {
// Обрабатываем одиночный адрес
$mode = 3;
if (!core::ip_valid($get_ip)) {
$error = $lng['error_address'];
} else {
$ip1 = ip2long($get_ip);
$ip2 = $ip1;
}
}
if (!$error) {
// Проверка на конфликты адресов
$req = mysql_query("SELECT * FROM `cms_ban_ip` WHERE ('$ip1' BETWEEN `ip1` AND `ip2`) OR ('$ip2' BETWEEN `ip1` AND `ip2`) OR (`ip1` >= '$ip1' AND `ip2` <= '$ip2')");
$total = @mysql_num_rows($req);
if ($total > 0) {
echo functions::display_error($lng['ip_ban_conflict_address']);
$i = 0;
while ($res = mysql_fetch_array($req)) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$get_ip = $res['ip1'] == $res['ip2'] ? long2ip($res['ip1']) : long2ip($res['ip1']) . ' - ' . long2ip($res['ip2']);
echo '<a href="index.php?act=ipban&mod=detail&id=' . $res['id'] . '">' . $get_ip . '</a> ';
switch ($res['ban_type']) {
case 2:
echo $lng['redirect'];
break;
case 3:
echo $lng['registration'];
break;
default:
echo '<b>' . $lng['blocking'] . '</b>';
}
echo '</div>';
++$i;
}
echo '<div class="phdr">' . $lng['total'] . ': ' . $total . '</div>';
echo '<p><a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
require_once('../incfiles/end.php');
exit;
}
}
// Проверяем, не попадает ли IP администратора в диапазон
if ((core::$ip >= $ip1 && core::$ip <= $ip2) || (core::$ip_via_proxy >= $ip1 && core::$ip_via_proxy <= $ip2))
$error = $lng['ip_ban_conflict_admin'];
if (!$error) {
// Окно подтверждения
echo '<form action="index.php?act=ipban&mod=insert" method="post">';
switch ($mode) {
case 1:
echo '<div class="menu"><p><h3>' . $lng['ip_ban_type1'] . '</h3> ' . long2ip($ip1) . ' - ' . long2ip($ip2) . '</p>';
break;
case 2:
echo '<div class="menu"><p><h3>' . $lng['ip_ban_type2'] . '</h3>' . long2ip($ip1) . ' - ' . long2ip($ip2) . '</p>';
break;
default:
echo '<div class="menu"><p><h3>' . $lng['ip_ban_type3'] . '</h3> ' . long2ip($ip1) . '</p>';
}
echo '<p><h3>' . $lng['ban_type'] . ':</h3> ';
switch ($ban_term) {
case 2:
echo $lng['redirect'] . '</p><p><h3>' . $lng['redirect_url'] . ':</h3> ' . (empty($ban_url) ? $lng['default'] : $ban_url);
break;
case 3:
echo $lng['registration'];
break;
default:
echo $lng['blocking'];
}
echo '</p><p><h3>' . $lng['reason'] . ':</h3> ' . (empty($reason) ? $lng['not_specified'] : $reason) . '</p>' .
'<input type="hidden" value="' . $ip1 . '" name="ip1" />' .
'<input type="hidden" value="' . $ip2 . '" name="ip2" />' .
'<input type="hidden" value="' . $ban_term . '" name="term" />' .
'<input type="hidden" value="' . $ban_url . '" name="url" />' .
'<input type="hidden" value="' . $reason . '" name="reason" />' .
'<p><input type="submit" name="submit" value=" ' . $lng['ban_do'] . ' "/></p>' .
'</div><div class="phdr"><small>' . $lng['check_confirmation'] . '</small></div>' .
'</form>' .
'<p><a href="index.php?act=ipban">' . $lng['cancel'] . '</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
} else {
echo functions::display_error($error, '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>');
}
} else {
// Форма ввода IP адреса для Бана
echo '<form action="index.php?act=ipban&mod=new" method="post">' .
'<div class="menu"><p><h3>' . $lng['ip_address'] . ':</h3>' .
' <input type="text" name="ip"/></p>' .
'<p><h3>' . $lng['ban_type'] . ':</h3>' .
'<input name="term" type="radio" value="1" checked="checked" />' . $lng['blocking'] . '<br />' .
'<input name="term" type="radio" value="3" />' . $lng['registration'] . '<br />' .
'<input name="term" type="radio" value="2" />' . $lng['redirect'] . '<br /></p>' .
'<p><h3>' . $lng['redirect_url'] . '</h3>' .
' <input type="text" name="url"/><br />' .
'<small> ' . $lng['not_mandatory_field'] . '<br /> ' . $lng['url_help'] . '</small></p>' .
'<p><h3>' . $lng['reason'] . '</h3>' .
' <textarea rows="' . core::$user_set['field_h'] . '" name="reason"></textarea>' .
'<br /><small> ' . $lng['not_mandatory_field'] . '</small></p>' .
'<p><input type="submit" name="submit" value=" ' . $lng['ban_do'] . ' "/></p></div>' .
'<div class="phdr"><small>' . $lng['ip_ban_help'] . '</small></div>' .
'</form>' .
'<p><a href="index.php?act=ipban">' . $lng['cancel'] . '</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
}
break;
case 'insert':
/*
-----------------------------------------------------------------
Проверяем адрес и вставляем в базу
-----------------------------------------------------------------
*/
$ip1 = isset($_POST['ip1']) ? intval($_POST['ip1']) : '';
$ip2 = isset($_POST['ip2']) ? intval($_POST['ip2']) : '';
$ban_term = isset($_POST['term']) ? intval($_POST['term']) : 1;
$ban_url = isset($_POST['url']) ? functions::check($_POST['url']) : '';
$reason = isset($_POST['reason']) ? functions::check($_POST['reason']) : '';
if (!$ip1 || !$ip2) {
echo functions::display_error($lng['error_address'], '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>');
require_once('../incfiles/end.php');
exit;
}
mysql_query("INSERT INTO `cms_ban_ip` SET
`ip1` = '$ip1',
`ip2` = '$ip2',
`ban_type` = '$ban_term',
`link` = '$ban_url',
`who` = '$login',
`reason` = '$reason',
`date` = '" . time() . "'");
header('Location: index.php?act=ipban');
break;
case 'clear':
/*
-----------------------------------------------------------------
Очистка таблицы банов по IP
-----------------------------------------------------------------
*/
if (isset($_GET['yes'])) {
mysql_query("TRUNCATE TABLE `cms_ban_ip`");
header('Location: index.php?act=ipban');
} else {
echo '<div class="rmenu"><p>' . $lng['ip_ban_clean_warning'] . '</p>' .
'<p><a href="index.php?act=ipban&mod=clear&yes=yes">' . $lng['do'] . '</a> | ' .
'<a href="index.php?act=ipban">' . $lng['cancel'] . '</a></p></div>';
}
break;
case 'detail':
/*
-----------------------------------------------------------------
Вывод подробностей заблокированного адреса
-----------------------------------------------------------------
*/
echo '<div class="phdr"><a href="index.php?act=ipban"><b>' . $lng['ip_ban'] . '</b></a> | ' . $lng['ban_details'] . '</div>';
if ($id) {
// Поиск адреса по ссылке (ID)
$req = mysql_query("SELECT * FROM `cms_ban_ip` WHERE `id` = '$id'");
$get_ip = '';
} elseif (isset($_POST['ip'])) {
// Поиск адреса по запросу из формы
$get_ip = ip2long($_POST['ip']);
if (!$get_ip) {
echo functions::display_error($lng['error_address'], '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>');
require_once('../incfiles/end.php');
exit;
}
$req = mysql_query("SELECT * FROM `cms_ban_ip` WHERE '$get_ip' BETWEEN `ip1` AND `ip2` LIMIT 1");
} else {
echo functions::display_error($lng['error_address'], '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>');
require_once('../incfiles/end.php');
exit;
}
if (!mysql_num_rows($req)) {
echo '<div class="menu"><p>' . $lng['ip_search_notfound'] . '</p></div>';
echo '<div class="phdr"><a href="index.php?act=ipban">' . $lng['back'] . '</a></div>';
require_once('../incfiles/end.php');
exit;
} else {
$res = mysql_fetch_array($req);
$get_ip = $res['ip1'] == $res['ip2'] ? '<b>' . long2ip($res['ip1']) . '</b>' : '[<b>' . long2ip($res['ip1']) . '</b>] - [<b>' . long2ip($res['ip2']) . '</b>]';
echo '<div class="rmenu"><p>' . $get_ip . '</p></div>';
echo '<div class="menu"><p><h3>' . $lng['ban_type'] . '</h3> ';
switch ($res['ban_type']) {
case 2:
echo $lng['redirect'];
break;
case 3:
echo $lng['registration'];
break;
default:
echo $lng['blocking'];
}
if ($res['ban_type'] == 2)
echo '<br /> ' . $res['link'];
echo '</p><p><h3>' . $lng['reason'] . '</h3> ' . (empty($res['reason']) ? $lng['not_specified'] : $res['reason']) . '</p></div>';
echo '<div class="menu">' . $lng['ban_who'] . ': <b>' . $res['who'] . '</b><br />';
echo $lng['date'] . ': <b>' . date('d.m.Y', $res['date']) . '</b><br />';
echo $lng['time'] . ': <b>' . date('H:i:s', $res['date']) . '</b></div>';
echo '<div class="phdr"><a href="index.php?act=ipban&mod=del&id=' . $res['id'] . '">' . $lng['ip_ban_del'] . '</a></div>';
echo '<p><a href="index.php?act=ipban">В список</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
}
break;
case 'del':
/*
-----------------------------------------------------------------
Удаление выбранного IP из базы
-----------------------------------------------------------------
*/
if ($id) {
if (isset($_GET['yes'])) {
mysql_query("DELETE FROM `cms_ban_ip` WHERE `id`='$id'");
mysql_query("OPTIMIZE TABLE `cms_ban_ip`");
echo '<p>' . $lng['ban_del_confirmation'] . '</p>';
echo '<p><a href="index.php?act=ipban">' . $lng['continue'] . '</a></p>';
} else {
echo '<p>' . $lng['ban_del_question'] . '</p>' .
'<p><a href="index.php?act=ipban&mod=del&id=' . $id . '&yes=yes">' . $lng['delete'] . '</a> | ' .
'<a href="index.php?act=ipban&mod=detail&id=' . $id . '">' . $lng['cancel'] . '</a></p>';
}
}
break;
case 'search':
/*
-----------------------------------------------------------------
Форма поиска забаненного IP
-----------------------------------------------------------------
*/
echo '<div class="phdr"><a href="index.php?act=ipban"><b>' . $lng['ip_ban'] . '</b></a> | ' . $lng['search'] . '</div>' .
'<form action="index.php?act=ipban&mod=detail" method="post"><div class="menu"><p>' .
'<h3>' . $lng['ip_address'] . ':</h3>' .
'<input type="text" name="ip"/>' .
'</p><p><input type="submit" name="submit" value="' . $lng['search'] . '"/>' .
'</p></div><div class="phdr"><small>' . $lng['ip_ban_search_help'] . '</small></div>' .
'</form>' .
'<p><a href="index.php?act=ipban">' . $lng['back'] . '</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
break;
default:
/*
-----------------------------------------------------------------
Вывод общего списка забаненных IP
-----------------------------------------------------------------
*/
echo '<div class="phdr"><a href="index.php"><b>' . $lng['admin_panel'] . '</b></a> | ' . $lng['ip_ban'] . '</div>';
$req = mysql_query("SELECT COUNT(*) FROM `cms_ban_ip`");
$total = mysql_result($req, 0);
if ($total > 0) {
$start = isset($_GET['page']) ? $page * $kmess - $kmess : $start;
$req = mysql_query("SELECT * FROM `cms_ban_ip` ORDER BY `id` ASC LIMIT $start,$kmess");
$i = 0;
while (($res = mysql_fetch_array($req)) !== false) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$get_ip = $res['ip1'] == $res['ip2'] ? long2ip($res['ip1']) : long2ip($res['ip1']) . ' - ' . long2ip($res['ip2']);
echo '<a href="index.php?act=ipban&mod=detail&id=' . $res['id'] . '">' . $get_ip . '</a> ';
switch ($res['ban_type']) {
case 2:
echo $lng['redirect'];
break;
case 3:
echo $lng['registration'];
break;
default:
echo '<b>' . $lng['blocking'] . '</b>';
}
echo '</div>';
++$i;
}
} else {
echo '<div class="menu"><p>' . $lng['list_empty'] . '</p></div>';
}
echo '<div class="rmenu"><form action="index.php?act=ipban&mod=new" method="post"><input type="submit" name="" value="' . $lng['ip_ban_new'] . '" /></form></div>';
echo '<div class="phdr">' . $lng['total'] . ': ' . $total . '</div>';
if ($total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination('index.php?act=ipban&', $start, $total, $kmess) . '</div>';
echo '<p><form action="index.php?act=ipban" method="post"><input type="text" name="page" size="2"/><input type="submit" value="' . $lng['to_page'] . ' >>"/></form></p>';
}
echo '<p>';
if ($total > 0)
echo '<a href="index.php?act=ipban&mod=search">' . $lng['search'] . '</a><br /><a href="index.php?act=ipban&mod=clear">' . $lng['ip_ban_clean'] . '</a><br />';
echo '<a href="index.php">' . $lng['admin_panel'] . '</a></p>';
}
?>