1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<?
$module = array("help" => "ban_help",
"admin" => "ban_admin");
include "includes/ban.inc";
function ban_help() {
?>
<P>The ban module keeps a list of bans in four categories:</P>
<UL>
<LI>E-mail bans: this type of ban specifies which email-addresses will be rejected when registering new users. Can be used to prevent users from using a free-mail account (e.g. hotmail.com).</LI>
<LI>Profanity bans: <I>under construction</I></LI>
<LI>Hostname bans: this type of ban allows you to block certain hostnames to access to your site or to register as a new user.</LI>
<LI>Username bans: this ban will block certain usernames from registration. Typical examples include <I>admin</I>, <I>anonymous</I>, <I>root</I>, <I>webmaster</I>, etc.</LI>
</UL>
<P>The ban system allows you to use a flexible wild-card ban system. This means you can block all email addresses from a certain domain name, block every username starting with "guest", etc. To do this, you can use the following wild-card characters:</P>
<UL>
<LI> % : matches any number of characters, including zero characters.</LI>
<LI> _ : matches exactly one character.</LI>
</UL>
<P><U>Examples</U>:</P>
<UL>
<LI>E-mail address bans <CODE>%@hotmail.com</CODE>, <CODE>%@altavista.%</CODE>, <CODE>%@usa.net</CODE>, etc. Used to prevent users from using free-email accounts, which might be used to cause trouble.</LI>
<LI>Username bans <CODE>root</CODE>, <CODE>webmaster</CODE>, <CODE>admin%</CODE>, etc. Used to prevent administrator impersonators.</LI>
</UL>
<?
}
function ban_admin_new($mask, $category, $reason) {
ban_add($mask, $category, $reason, &$message);
$output .= "$message\n";
print $output;
}
function ban_display($category = "") {
global $type2index;
// initialize variable:
$category = $category ? $category : 1;
// Perform query:
$result = db_query("SELECT * FROM bans WHERE type = $category ORDER BY mask");
// Generate output:
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR>\n";
$output .= " <TH COLSPAN=\"3\">\n";
$output .= " <FORM ACTION=\"admin.php?mod=ban\" METHOD=\"post\">\n";
$output .= " <SELECT NAME=\"category\">\n";
for (reset($type2index); $cur = current($type2index); next($type2index)) {
$output .= " <OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">Bans by ". key($type2index) ."</OPTION>\n";
}
$output .= " </SELECT>\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Update\">\n";
$output .= " </FORM>\n";
$output .= " </TH>\n";
$output .= " </TR>\n";
$output .= " <TR>\n";
$output .= " <TH>mask</TH>\n";
$output .= " <TH>reason</TH>\n";
$output .= " <TH>operations</TH>\n";
$output .= " </TR>\n";
while ($ban = db_fetch_object($result)) {
$output .= " <TR><TD>$ban->mask</TD><TD>$ban->reason</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=ban&op=delete&category=$category&id=$ban->id\">delete</A></TD></TR>\n";
}
$output .= " <TR><TD COLSPAN=\"3\"><SMALL>%: matches any number of characters, even zero characters.<BR>_: matches exactly one character.</SMALL></TD></TR>\n";
$output .= "</TABLE>\n";
print $output;
}
function ban_admin_add() {
global $type2index;
$output .= "<H3>Add new ban:</H3>\n";
$output .= "<FORM ACTION=\"admin.php?mod=ban\" METHOD=\"post\">\n";
$output .= "<B>Banmask:</B><BR>\n";
$output .= "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
$output .= "<B>Type:</B><BR>\n";
$output .= "<SELECT NAME=\"category\"\">\n";
for (reset($type2index); $cur = current($type2index); next($type2index)) {
$output .= "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n";
}
$output .= "</SELECT><P>\n";
$output .= "<B>Reason:</B><BR>\n";
$output .= "<TEXTAREA NAME=\"reason\" COLS=\"50\" ROWS=\"5\"></TEXTAREA><P>\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add ban\"><BR>\n";
$output .= "</FORM>\n";
print $output;
}
function ban_check($mask, $category) {
$ban = ban_match($mask, $category);
$output .= "". ($ban ? "Matched ban '<B>$ban->mask</B>' with reason: <I>$ban->reason</I>.<P>\n" : "No matching bans for '$mask'.<P>\n") ."";
print $output;
}
function ban_admin_check() {
global $type2index;
$output .= "<H3>Ban check:</H3>\n";
$output .= "<FORM ACTION=\"admin.php?mod=ban\" METHOD=\"post\">\n";
$output .= "<B>Banmask:</B><BR>\n";
$output .= "<INPUT TYPE=\"text\" NAME=\"mask\" SIZE=\"35\"><P>\n";
$output .= "<B>Type:</B><BR>\n";
$output .= "<SELECT NAME=\"category\"\">\n";
for (reset($type2index); $cur = current($type2index); next($type2index)) {
$output .= "<OPTION VALUE=\"$cur\"". ($cur == $category ? " SELECTED" : "") .">". key($type2index) ."</OPTION>\n";
}
$output .= "</SELECT><P>\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Check ban\"><BR>\n";
$output .= "</FORM>\n";
print $output;
}
function ban_admin() {
global $op, $id, $mask, $category, $reason;
print "<SMALL><A HREF=\"admin.php?mod=ban&op=add\">add ban</A> | <A HREF=\"admin.php?mod=ban&op=check\">check ban</A> | <A HREF=\"admin.php?mod=ban\">overview</A> | <A HREF=\"admin.php?mod=ban&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "Add ban":
ban_admin_new($mask, $category, $reason);
ban_display($category);
break;
case "Check ban":
ban_check($mask, $category);
break;
case "add":
ban_admin_add();
break;
case "help":
ban_help();
break;
case "check":
ban_admin_check();
break;
case "delete":
ban_delete($id);
default:
ban_display($category);
}
}
?>
|
