* Implemented ban-capabilities, a first step towards an admin-friendly user

  system:
   - you can add and remove wild-carded e-mails from the banlist.
   - you can add and remove wild-carded hostnames from the banlist.
   - you can add and remove wild-carded usernames from the banlist.
   - you can add and remove wild-carded profanity from the banlist.
   - you can browse all bans according to their category: see ban.php.

6 files changed, 185 insertions, 9 deletions

diff --git a/account.php b/account.php
index 6d2d4a259..c94b2d463 100644
--- a/account.php
+++ b/account.php
@@ -1,6 +1,7 @@
 <?
-include('config.inc');
-include('functions.inc');
+include "config.inc";
+include "functions.inc";
+include "database.inc";
 
 function dbsave($dbase, $data, $id=0) {
   foreach ($data as $key=>$value) {
@@ -60,12 +61,17 @@ function newUser($user = "", $error="") {
   $theme->footer();
 }
 function validateUser($user) {
+  include "ban.class.php";
+
   ### Verify username and e-mail address:
   $user[userid] = trim($user[userid]);
   if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>";
   if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>";
   if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters.";
-  if (eregi("^((root)|(httpd)|(operator)|(admin)|(administrator)|(news)|(deamon)|(nobody)|(ftp))$", $user[userid])) $rval = "the specified username is reserved.";
+
+  ### Check to see whether the username or e-mail address are banned:
+  if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned  for the following reason: <I>$ban->reason</I>.";
+  if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>.";
 
   ### Verify whether username and e-mail address are unique:
   dbconnect();
@@ -73,13 +79,10 @@ function validateUser($user) {
   if (mysql_num_rows(mysql_query("SELECT email FROM testusers WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered.";
   return($rval);
 }
-
 function makePassword($min_length=6) {
   mt_srand((double)microtime() * 1000000);
-  $words = array("foo","bar","guy","neo","geek","nerd","fish","hack","star","moon","hero","cola","girl","fish","java","boss");
-  while(strlen($password) < $min_length) {
-    $password .= $words[mt_rand(0, count($words))];
-  }
+  $words = array("foo","bar","guy","neo","tux","moo","sun","god","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","boss");
+  while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
   return $password;
 }
 
diff --git a/ban.class.php b/ban.class.php
new file mode 100644
index 000000000..93a7eaf24
--- /dev/null
+++ b/ban.class.php
@@ -0,0 +1,19 @@
+<?
+
+$type = array("addresses" => 0x01,
+              "profanity" => 0x02,
+              "hostnames" => 0x03,
+              "usernames" => 0x04);
+
+function ban_match($mask, $category) {
+  ### Connect to database:
+  db_connect();
+
+  ### Perform query:
+  $result = db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask");
+  
+  ### Return result:
+  return db_fetch_object($result);
+}
+
+?>
diff --git a/ban.php b/ban.php
new file mode 100644
index 000000000..62260f91f
--- /dev/null
+++ b/ban.php
@@ -0,0 +1,136 @@
+<?
+// This code should go in the admin pages and is only a temporary
+// placeholder untill we are going to rewrite the admin pages.
+
+function ban_check($mask, $category) {
+  include "ban.class.php";
+
+  $ban = ban_match($mask, $category);
+
+  print "<H3>Status:</H3>\n";
+  print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") ."";
+}
+
+function ban_add($mask, $category, $reason) {
+  ### Connect to database and perform query:
+  include "database.inc";
+  db_connect();
+
+  print "<H3>Status:</H3>\n";
+  if (empty($mask)) {
+    print "Failed: empty banmasks are not allowed.<P>\n";
+  }
+  else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) {
+    print "Failed: ban is already matched by '$ban->mask'.<P>\n";
+  }
+  else {
+    $result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')");
+    print "Added new ban with mask `$mask'.<P>\n";
+  }
+}
+
+function ban_delete($id) {
+  ### Connect to database and perform query:
+  include "database.inc";
+  db_connect();
+  $result = db_query("DELETE FROM bans WHERE id = $id");
+}
+
+function ban_display($category = "") {
+  global $PHP_SELF;
+
+  include "ban.class.php";
+
+  ### initialize variable: 
+  $category = $category ? $category : 1;
+
+  ### Connect to database and perform query:
+  include "database.inc";
+  db_connect();
+  $result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
+ 
+  ### Generate output:
+  print "<H3>Active bans:</H3>\n";
+  print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
+  print " <TR>\n";
+  print "  <TH COLSPAN=\"2\" >Active bans</TH>\n";
+  print "  </TH>\n";
+  print "  <TH>\n";
+  print "   <FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
+  print "    <SELECT NAME=\"category\">\n";
+  for (reset($type); $cur = current($type); next($type)) {
+    print "     <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
+  }
+  print "    </SELECT>\n";
+  print "    <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Display\">\n";
+  print "   </FORM>\n";
+  print "  </TH>\n";
+  print " </TR>\n";
+  print " <TR>\n";
+  print "  <TH>Mask</TH>\n";
+  print "  <TH>Reason</TH>\n";
+  print "  <TH>Operations</TH>\n";
+  print " </TR>\n";
+
+  while ($ban = db_fetch_object($result)) {
+    print "  <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n";
+  }
+  
+  print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n";
+  print "</TABLE>\n";
+  print "<BR><HR>\n";
+
+  print "<H3>Add new ban:</H3>\n";
+  print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
+  print "<B>Banmask:</B><BR>\n";
+  print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
+  print "<B>Type:</B><BR>\n";
+  print "<SELECT NAME=\"category\"\">\n";
+  for (reset($type); $cur = current($type); next($type)) {
+    print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
+  }
+  print "</SELECT><P>\n";
+  print "<B>Reason:</B><BR>\n";
+  print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n";
+  print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n";
+  print "</FORM>\n";
+  print "<BR><HR>\n";
+
+  print "<H3>Ban check:</H3>\n";
+  print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n";
+  print "<B>Banmask:</B><BR>\n";
+  print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
+  print "<B>Type:</B><BR>\n";
+  print "<SELECT NAME=\"category\"\">\n";
+  for (reset($type); $cur = current($type); next($type)) {
+    print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n";
+  }
+  print "</SELECT><P>\n";
+  print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n";
+  print "</FORM>\n";
+}
+
+include "admin.inc";
+
+admin_header();
+
+switch ($op) {
+  case "Add ban":
+    ban_add($mask, $category, $reason);
+    ban_display($category);
+    break;
+  case "Check ban":
+    ban_check($mask, $category);
+    ban_display($category);
+    break;
+  case "delete":
+    ban_delete($id);
+    displayBans($category);
+    break;
+  default:
+    ban_display($category);
+}
+
+admin_footer();
+
+?>
diff --git a/config.inc b/config.inc
index 1c7b766fa..6eef82be2 100644
--- a/config.inc
+++ b/config.inc
@@ -74,4 +74,12 @@ $cfg_theme = "default";
 #   to '0'
 $system = 0;
 
+/*
+class config {
+  var $path = "/home/buytaert/public_html/projects/drop";
+}
+
+if (!$config) $config = new config();
+*/
+
 ?>
\ No newline at end of file
diff --git a/functions.inc b/functions.inc
index 423067bac..beb8eae3f 100644
--- a/functions.inc
+++ b/functions.inc
@@ -1,5 +1,6 @@
 <?
 include("user.class.php");
+
 session_start();
 
 include "config.inc";
diff --git a/mysql.tables b/mysql.tables
index b8a1d0932..e910a7200 100644
--- a/mysql.tables
+++ b/mysql.tables
@@ -47,6 +47,16 @@ CREATE TABLE blocks (
   PRIMARY KEY (id)
 );
 
+CREATE TABLE bans (
+  id tinyint(4) DEFAULT '0' NOT NULL auto_increment,
+  mask varchar(255) NOT NULL,
+  type tinyint(2) DEFAULT '' NOT NULL,
+  reason text DEFAULT '' NOT NULL,
+  timestamp int(11),
+  UNIQUE mask (mask),
+  PRIMARY KEY (id)
+);
+
 #
 # Dumping data for table 'blocks'
 #
@@ -63,7 +73,6 @@ CREATE TABLE channel (
   url varchar(255) DEFAULT '' NOT NULL,
   contact varchar(255) DEFAULT '',
   timestamp int(11),
-  UNIQUE site (site),
   UNIQUE file (file),
   UNIQUE url (url),
   PRIMARY KEY (id)