diff options
| -rw-r--r-- | account.php | 19 | ||||
| -rw-r--r-- | ban.class.php | 19 | ||||
| -rw-r--r-- | ban.php | 136 | ||||
| -rw-r--r-- | config.inc | 8 | ||||
| -rw-r--r-- | functions.inc | 1 | ||||
| -rw-r--r-- | mysql.tables | 11 |
6 files changed, 185 insertions, 9 deletions
diff --git a/account.php b/account.php index 6d2d4a259..c94b2d463 100644 --- a/account.php +++ b/account.php @@ -1,6 +1,7 @@ <? -include('config.inc'); -include('functions.inc'); +include "config.inc"; +include "functions.inc"; +include "database.inc"; function dbsave($dbase, $data, $id=0) { foreach ($data as $key=>$value) { @@ -60,12 +61,17 @@ function newUser($user = "", $error="") { $theme->footer(); } function validateUser($user) { + include "ban.class.php"; + ### Verify username and e-mail address: $user[userid] = trim($user[userid]); if (empty($user[email]) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $user[email]))) $rval = "the specified e-mail address is not valid.<BR>"; if (empty($user[userid]) || (ereg("[^a-zA-Z0-9_-]", $user[userid]))) $rval = "the specified username '$new[userid]' is not valid.<BR>"; if (strlen($user[userid]) > 15) $rval = "the specified username is too long: it must be less than 15 characters."; - if (eregi("^((root)|(httpd)|(operator)|(admin)|(administrator)|(news)|(deamon)|(nobody)|(ftp))$", $user[userid])) $rval = "the specified username is reserved."; + + ### Check to see whether the username or e-mail address are banned: + if ($ban = ban_match($user[userid], $type[usernames])) $rval = "the specified username is banned for the following reason: <I>$ban->reason</I>."; + if ($ban = ban_match($user[email], $type[addresses])) $rval = "the specified e-mail address is banned for the following reason: <I>$ban->reason</I>."; ### Verify whether username and e-mail address are unique: dbconnect(); @@ -73,13 +79,10 @@ function validateUser($user) { if (mysql_num_rows(mysql_query("SELECT email FROM testusers WHERE LOWER(email)=LOWER('$user[email]')")) > 0) $rval = "the specified e-mail address is already registered."; return($rval); } - function makePassword($min_length=6) { mt_srand((double)microtime() * 1000000); - $words = array("foo","bar","guy","neo","geek","nerd","fish","hack","star","moon","hero","cola","girl","fish","java","boss"); - while(strlen($password) < $min_length) { - $password .= $words[mt_rand(0, count($words))]; - } + $words = array("foo","bar","guy","neo","tux","moo","sun","god","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","boss"); + while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))]; return $password; } diff --git a/ban.class.php b/ban.class.php new file mode 100644 index 000000000..93a7eaf24 --- /dev/null +++ b/ban.class.php @@ -0,0 +1,19 @@ +<? + +$type = array("addresses" => 0x01, + "profanity" => 0x02, + "hostnames" => 0x03, + "usernames" => 0x04); + +function ban_match($mask, $category) { + ### Connect to database: + db_connect(); + + ### Perform query: + $result = db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"); + + ### Return result: + return db_fetch_object($result); +} + +?> diff --git a/ban.php b/ban.php new file mode 100644 index 000000000..62260f91f --- /dev/null +++ b/ban.php @@ -0,0 +1,136 @@ +<? +// This code should go in the admin pages and is only a temporary +// placeholder untill we are going to rewrite the admin pages. + +function ban_check($mask, $category) { + include "ban.class.php"; + + $ban = ban_match($mask, $category); + + print "<H3>Status:</H3>\n"; + print "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") .""; +} + +function ban_add($mask, $category, $reason) { + ### Connect to database and perform query: + include "database.inc"; + db_connect(); + + print "<H3>Status:</H3>\n"; + if (empty($mask)) { + print "Failed: empty banmasks are not allowed.<P>\n"; + } + else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) { + print "Failed: ban is already matched by '$ban->mask'.<P>\n"; + } + else { + $result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')"); + print "Added new ban with mask `$mask'.<P>\n"; + } +} + +function ban_delete($id) { + ### Connect to database and perform query: + include "database.inc"; + db_connect(); + $result = db_query("DELETE FROM bans WHERE id = $id"); +} + +function ban_display($category = "") { + global $PHP_SELF; + + include "ban.class.php"; + + ### initialize variable: + $category = $category ? $category : 1; + + ### Connect to database and perform query: + include "database.inc"; + db_connect(); + $result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask"); + + ### Generate output: + print "<H3>Active bans:</H3>\n"; + print "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; + print " <TR>\n"; + print " <TH COLSPAN=\"2\" >Active bans</TH>\n"; + print " </TH>\n"; + print " <TH>\n"; + print " <FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n"; + print " <SELECT NAME=\"category\">\n"; + for (reset($type); $cur = current($type); next($type)) { + print " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n"; + } + print " </SELECT>\n"; + print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Display\">\n"; + print " </FORM>\n"; + print " </TH>\n"; + print " </TR>\n"; + print " <TR>\n"; + print " <TH>Mask</TH>\n"; + print " <TH>Reason</TH>\n"; + print " <TH>Operations</TH>\n"; + print " </TR>\n"; + + while ($ban = db_fetch_object($result)) { + print " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"$PHP_SELF?op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n"; + } + + print " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n"; + print "</TABLE>\n"; + print "<BR><HR>\n"; + + print "<H3>Add new ban:</H3>\n"; + print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n"; + print "<B>Banmask:</B><BR>\n"; + print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; + print "<B>Type:</B><BR>\n"; + print "<SELECT NAME=\"category\"\">\n"; + for (reset($type); $cur = current($type); next($type)) { + print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n"; + } + print "</SELECT><P>\n"; + print "<B>Reason:</B><BR>\n"; + print "<TEXTAREA NAME=\"reason\" COLS=\"35\" ROWS=\"5\"></TEXTAREA><P>\n"; + print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n"; + print "</FORM>\n"; + print "<BR><HR>\n"; + + print "<H3>Ban check:</H3>\n"; + print "<FORM ACTION=\"$PHP_SELF\" METHOD=\"post\">\n"; + print "<B>Banmask:</B><BR>\n"; + print "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n"; + print "<B>Type:</B><BR>\n"; + print "<SELECT NAME=\"category\"\">\n"; + for (reset($type); $cur = current($type); next($type)) { + print "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type) ."</OPTION>\n"; + } + print "</SELECT><P>\n"; + print "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n"; + print "</FORM>\n"; +} + +include "admin.inc"; + +admin_header(); + +switch ($op) { + case "Add ban": + ban_add($mask, $category, $reason); + ban_display($category); + break; + case "Check ban": + ban_check($mask, $category); + ban_display($category); + break; + case "delete": + ban_delete($id); + displayBans($category); + break; + default: + ban_display($category); +} + +admin_footer(); + +?> diff --git a/config.inc b/config.inc index 1c7b766fa..6eef82be2 100644 --- a/config.inc +++ b/config.inc @@ -74,4 +74,12 @@ $cfg_theme = "default"; # to '0' $system = 0; +/* +class config { + var $path = "/home/buytaert/public_html/projects/drop"; +} + +if (!$config) $config = new config(); +*/ + ?>
\ No newline at end of file diff --git a/functions.inc b/functions.inc index 423067bac..beb8eae3f 100644 --- a/functions.inc +++ b/functions.inc @@ -1,5 +1,6 @@ <? include("user.class.php"); + session_start(); include "config.inc"; diff --git a/mysql.tables b/mysql.tables index b8a1d0932..e910a7200 100644 --- a/mysql.tables +++ b/mysql.tables @@ -47,6 +47,16 @@ CREATE TABLE blocks ( PRIMARY KEY (id) ); +CREATE TABLE bans ( + id tinyint(4) DEFAULT '0' NOT NULL auto_increment, + mask varchar(255) NOT NULL, + type tinyint(2) DEFAULT '' NOT NULL, + reason text DEFAULT '' NOT NULL, + timestamp int(11), + UNIQUE mask (mask), + PRIMARY KEY (id) +); + # # Dumping data for table 'blocks' # @@ -63,7 +73,6 @@ CREATE TABLE channel ( url varchar(255) DEFAULT '' NOT NULL, contact varchar(255) DEFAULT '', timestamp int(11), - UNIQUE site (site), UNIQUE file (file), UNIQUE url (url), PRIMARY KEY (id) |