如何限制访问者的ip(PHPBB的代码)
程序员文章站
2022-10-05 21:28:45
如何限制访问者的ip(phpbb的代码)
code:
...
如何限制访问者的ip(phpbb的代码) code: <?php
/***************************************************************************
* admin_user_ban.php
* -------------------
* begin : tuesday, jul 31, 2001
* copyright : (c) 2001 the phpbb group
* email : [email]support@phpbb.com[/email]
*
* $id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx exp $
*
*
***************************************************************************/
/***************************************************************************
* this file is part of the phpbb2 port to nuke 6.0 (c) copyright 2002
* by tom nitzschner ([email]tom@toms-home.com[/email])
* [url]http://bbtonuke.sourceforge.net[/url] (or [url]http://www.toms-home.com)[/url]
*
* as always, make a backup before messing with anything. all code
* release by me is considered sample code only. it may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. no waranty is given or implied.
*
* please post all questions/request about this port on [url]http://bbtonuke.sourceforge.net[/url] first,
* then on my site. all original header code and copyright messages will be maintained
* to give credit where credit is due. if you modify this, the only requirement is
* that you also maintain all original copyright messages. all my work is released
* under the gnu general public license. please see the readme for more information.
*
***************************************************************************/
/***************************************************************************
*
* this program is free software; you can redistribute it and/or modify
* it under the terms of the gnu general public license as published by
* the free software foundation; either version 2 of the license, or
* (at your option) any later version.
*
***************************************************************************/
define('in_phpbb', 1);
if ( !empty($setmodules) )
{
$filename = basename(__file__);
$module['users']['ban_management'] = $filename;
return;
}
//
// load default header
//
$phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
require('./pagestart.' . $phpex);
//
// start program
//
if ( isset($http_post_vars['submit']) )
{
$user_bansql = '';
$email_bansql = '';
$ip_bansql = '';
$user_list = array();
if ( !empty($http_post_vars['username']) )
{
$this_userdata = get_userdata($http_post_vars['username']);
if( !$this_userdata )
{
message_die(general_message, $lang['no_user_id_specified'] );
}
$user_list[] = $this_userdata['user_id'];
}
$ip_list = array();
if ( isset($http_post_vars['ban_ip']) )
{
$ip_list_temp = explode(',', $http_post_vars['ban_ip']);
for($i = 0; $i < count($ip_list_temp); $i++)
{
if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
{
//
// don't ask about all this, just don't ask ... !为什么
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];
while ( $ip_1_counter <= $ip_1_end )
{
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];
if ( $ip_2_counter == 0 && $ip_2_end == 254 )
{
$ip_2_counter = 255;
$ip_2_fragment = 255;
$ip_list[] = encode_ip("$ip_1_counter.255.255.255");
}
while ( $ip_2_counter <= $ip_2_end )
{
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
$ip_3_end = ( $ip_2_counter < $ip_2_end
$ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];
if ( $ip_3_counter == 0 && $ip_3_end == 254 )
{
$ip_3_counter = 255;
$ip_3_fragment = 255;
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
}
while ( $ip_3_counter <= $ip_3_end )
{
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
$ip_4_end = ( $ip_3_counter < $ip_3_end
$ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];
if ( $ip_4_counter == 0 && $ip_4_end == 254 )
{
$ip_4_counter = 255;
$ip_4_fragment = 255;
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
}
while ( $ip_4_counter <= $ip_4_end )
{
$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
$ip_4_counter++;
}
$ip_3_counter++;
}
$ip_2_counter++;
}
$ip_1_counter++;
}
}
else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
{
$ip = gethostbynamel(trim($ip_list_temp[$i]));
for($j = 0; $j < count($ip); $j++)
{
if ( !empty($ip[$j]) )
{
$ip_list[] = encode_ip($ip[$j]);
}
}
}
else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
{
$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
}
}
}
$email_list = array();
if ( isset($http_post_vars['ban_email']) )
{
$email_list_temp = explode(',', $http_post_vars['ban_email']);
for($i = 0; $i < count($email_list_temp); $i++)
{
//
// this ereg match is based on one by [email]php@unreelpro.com[/email]
// contained in the annotated php manual at php.com (ereg
// section)
//
if ( eregi('^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$', trim($email_list_temp[$i])) )
{
$email_list[] = trim($email_list_temp[$i]);
}
}
}
$sql = "select *
from " . banlist_table;
if ( !($result = $db->sql_query($sql)) )
{
message_die(general_error, "couldn't obtain banlist information", "", __line__, __file__, $sql);
}
$current_banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$kill_session_sql = '';
for($i = 0; $i < count($user_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
{
$in_banlist = true;
}
}
if ( !$in_banlist )
{
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' or ' : '' ) . "session_user_id = " . $user_list[$i];
$sql = "insert into " . banlist_table . " (ban_userid)
values (" . $user_list[$i] . ")";
if ( !$db->sql_query($sql) )
{
message_die(general_error, "couldn't insert ban_userid info into database", "", __line__, __file__, $sql);
}
}
}
for($i = 0; $i < count($ip_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
{
$in_banlist = true;
}
}
if ( !$in_banlist )
{
if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
{
$kill_ip_sql = "session_ip like '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
}
else
{
$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
}
$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' or ' : '' ) . $kill_ip_sql;
$sql = "insert into " . banlist_table . " (ban_ip)
values ('" . $ip_list[$i] . "')";
if ( !$db->sql_query($sql) )
{
message_die(general_error, "couldn't insert ban_ip info into database", "", __line__, __file__, $sql);
}
}
}
//
// now we'll delete all entries from the session table with any of the banned
// user or ip info just entered into the ban table ... this will force a session
// initialisation resulting in an instant ban
//
if ( $kill_session_sql != '' )
{
$sql = "delete from " . sessions_table . "
where $kill_session_sql";
if ( !$db->sql_query($sql) )
{
message_die(general_error, "couldn't delete banned sessions from database", "", __line__, __file__, $sql);
}
}
for($i = 0; $i < count($email_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
{
$in_banlist = true;
}
}
if ( !$in_banlist )
{
$sql = "insert into " . banlist_table . " (ban_email)
values ('" . str_replace("'", "''", $email_list[$i]) . "')";
if ( !$db->sql_query($sql) )
{
message_die(general_error, "couldn't insert ban_email info into database", "", __line__, __file__, $sql);
}
}
}
$where_sql = '';
if ( isset($http_post_vars['unban_user']) )
{
$user_list = $http_post_vars['unban_user'];
for($i = 0; $i < count($user_list); $i++)
{
if ( $user_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
}
}
}
if ( isset($http_post_vars['unban_ip']) )
{
$ip_list = $http_post_vars['unban_ip'];
for($i = 0; $i < count($ip_list); $i++)
{
if ( $ip_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
}
}
}
if ( isset($http_post_vars['unban_email']) )
{
$email_list = $http_post_vars['unban_email'];
for($i = 0; $i < count($email_list); $i++)
{
if ( $email_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
}
}
}
if ( $where_sql != '' )
{
$sql = "delete from " . banlist_table . "
where ban_id in ($where_sql)";
if ( !$db->sql_query($sql) )
{
message_die(general_error, "couldn't delete ban info from database", "", __line__, __file__, $sql);
}
}
$message = $lang['ban_update_sucessful'] . '<br /><br />' . sprintf($lang['click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpex") . '">', '</a>') . '<br /><br />' . sprintf($lang['click_return_admin_index'], '<a href="' . append_sid("index.$phpex?pane=right") . '">', '</a>');
message_die(general_message, $message);
}
else
{
$template->set_filenames(array(
'body' => 'admin/user_ban_body.tpl')
);
$template->assign_vars(array(
'l_ban_title' => $lang['ban_control'],
'l_ban_explain' => $lang['ban_explain'],
'l_ban_explain_warn' => $lang['ban_explain_warn'],
'l_ip_or_hostname' => $lang['ip_hostname'],
'l_email_address' => $lang['email_address'],
'l_submit' => $lang['submit'],
'l_reset' => $lang['reset'],
's_banlist_action' => append_sid("admin_user_ban.$phpex"))
);
$template->assign_vars(array(
'l_ban_user' => $lang['ban_username'],
'l_ban_user_explain' => $lang['ban_username_explain'],
'l_ban_ip' => $lang['ban_ip'],
'l_ban_ip_explain' => $lang['ban_ip_explain'],
'l_ban_email' => $lang['ban_email'],
'l_ban_email_explain' => $lang['ban_email_explain'])
);
$userban_count = 0;
$ipban_count = 0;
$emailban_count = 0;
$sql = "select b.ban_id, u.user_id, u.username
from " . banlist_table . " b, " . users_table . " u
where u.user_id = b.ban_userid
and b.ban_userid <> 0
and u.user_id <> " . anonymous . "
order by u.user_id asc";
if ( !($result = $db->sql_query($sql)) )
{
message_die(general_error, 'could not select current user_id ban list', '', __line__, __file__, $sql);
}
$user_list = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$select_userlist = '';
for($i = 0; $i < count($user_list); $i++)
{
$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
$userban_count++;
}
if( $select_userlist == '' )
{
$select_userlist = '<option value="-1">' . $lang['no_banned_users'] . '</option>';
}
$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';
$sql = "select ban_id, ban_ip, ban_email
from " . banlist_table;
if ( !($result = $db->sql_query($sql)) )
{
message_die(general_error, 'could not select current ip ban list', '', __line__, __file__, $sql);
}
$banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$select_iplist = '';
$select_emaillist = '';
for($i = 0; $i < count($banlist); $i++)
{
$ban_id = $banlist[$i]['ban_id'];
if ( !empty($banlist[$i]['ban_ip']) )
{
$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
$ipban_count++;
}
else if ( !empty($banlist[$i]['ban_email']) )
{
$ban_email = $banlist[$i]['ban_email'];
$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
$emailban_count++;
}
}
if ( $select_iplist == '' )
{
$select_iplist = '<option value="-1">' . $lang['no_banned_ip'] . '</option>';
}
if ( $select_emaillist == '' )
{
$select_emaillist = '<option value="-1">' . $lang['no_banned_email'] . '</option>';
}
$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';
$template->assign_vars(array(
'l_unban_user' => $lang['unban_username'],
'l_unban_user_explain' => $lang['unban_username_explain'],
'l_unban_ip' => $lang['unban_ip'],
'l_unban_ip_explain' => $lang['unban_ip_explain'],
'l_unban_email' => $lang['unban_email'],
'l_unban_email_explain' => $lang['unban_email_explain'],
'l_username' => $lang['username'],
'l_look_up' => $lang['look_up_user'],
'l_find_username' => $lang['find_username'],
'u_search_user' => append_sid("search.$phpex?mode=searchuser&popup=1&menu=1"),
's_unban_userlist_select' => $select_userlist,
's_unban_iplist_select' => $select_iplist,
's_unban_emaillist_select' => $select_emaillist,
's_ban_action' => append_sid("admin_user_ban.$phpex"))
);
}
$template->pparse('body');
include('./page_footer_admin.'.$phpex);
?>