0) { echo << {$lang_banning_php['user_name']} {$lang_banning_php['ip_address']} {$lang_banning_php['expiry']} EOHEAD; $row_counter = 0; while ($row = mysql_fetch_array($result)) { if ($row['user_id']) { $username = get_username($row['user_id']); } else { $username = ''; } if ($row['expiry']) { $expiry = $row['expiry']; } else { $expiry = ''; } echo << EOROW; $row_counter++; } } mysql_free_result($result); } if (count($HTTP_POST_VARS) > 0) { if (isset($HTTP_POST_VARS['add_ban'])) { if ($HTTP_POST_VARS['add_ban_user_name']) { if (!($ban_uid = get_userid($HTTP_POST_VARS['add_ban_user_name']))) { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_user']. ' '. $HTTP_POST_VARS['add_ban_user_name'], __FILE__, __LINE__); } // check that admin doesn't ban himself if ($HTTP_POST_VARS['add_ban_user_name'] == USER_NAME) { cpg_die(ERROR, $lang_banning_php['error_admin_ban'], __FILE__, __LINE__); } } else { $ban_uid = 'NULL'; } if ($HTTP_POST_VARS['add_ban_ip_addr']) { $ban_ip_addr = "'" . addslashes($HTTP_POST_VARS['add_ban_ip_addr']) . "'"; //check admin ip address if ($HTTP_POST_VARS['add_ban_ip_addr'] == $REMOTE_ADDR || $HTTP_POST_VARS['add_ban_ip_addr'] == $_SERVER["REMOTE_ADDR"] || ($HTTP_POST_VARS['add_ban_ip_addr'] == $_ENV["REMOTE_ADDR"] && $_ENV["REMOTE_ADDR"])) { cpg_die(ERROR, $lang_banning_php['error_admin_ban'], __FILE__, __LINE__); } //check server ip adress if ($HTTP_POST_VARS['add_ban_ip_addr'] == $SERVER_ADDR || $HTTP_POST_VARS['add_ban_ip_addr'] == $_SERVER["SERVER_ADDR"] || $HTTP_POST_VARS['add_ban_ip_addr'] == $_ENV["SERVER_ADDR"]) { cpg_die(ERROR, $lang_banning_php['error_server_ban'], __FILE__, __LINE__); } //check illegal ip addresses $ip_to_check = 'ip'.$HTTP_POST_VARS['add_ban_ip_addr']; $ip_is_illegal = 0; $illegal_ip = array('192.168.','10.','172.16.','172.17.','172.18.','172.19.','172.20.','172.21.','172.22.','172.23.','172.24.','172.25.','172.26.','172.27.','172.28.','172.29.','172.30.','172.31.','169.254.','127.', '192.0.','1.0.0.0','204.152.64.','204.152.65.'); foreach ($illegal_ip as $not_allowed_ip) { if (strpos($ip_to_check,$not_allowed_ip) == 2){$ip_is_illegal++;} } //higher than 224 in first byte for ($i = 224; $i <= 255; $i++) { if (strpos($ip_to_check,$i.'.') == 2){$ip_is_illegal++;} } if ($ip_is_illegal != 0) { cpg_die(ERROR, $lang_banning_php['error_ip_forbidden'], __FILE__, __LINE__); } } else { $ban_ip_addr = 'NULL'; } $ban_expires = $HTTP_POST_VARS['add_ban_expires']; if ($ban_expires == '') { $ban_expires = 'NULL'; } else { $ban_expires = "'".$ban_expires.' 00:00:00'."'"; } if ($ban_expires == '\' 00:00:00\'') { $ban_expires = 'NULL'; } if ($ban_expires < 0) { $ban_expires = 'NULL';} // check if anything has been submit at all if (!$HTTP_POST_VARS['add_ban_user_name'] && !$HTTP_POST_VARS['add_ban_ip_addr']) { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__); } if ($ban_uid || $ban_ip_addr) { db_query("INSERT INTO {$CONFIG['TABLE_BANNED']} (user_id, ip_addr, expiry) VALUES ($ban_uid, $ban_ip_addr, $ban_expires)"); } else { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__); } } elseif (isset($HTTP_POST_VARS['delete_ban'])) { if (isset($HTTP_POST_VARS['ban_id'])) { $ban_id = (int)$HTTP_POST_VARS['ban_id']; if ($ban_id) { db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE ban_id=$ban_id"); } else { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_ban_id'], __FILE__, __LINE__); } } } elseif (isset($HTTP_POST_VARS['edit_ban'])) { if (isset($HTTP_POST_VARS['ban_id'])) { $ban_id = (int)$HTTP_POST_VARS['ban_id']; if ($ban_id) { if ($HTTP_POST_VARS['edit_ban_user_name']) { if (!($ban_uid = get_userid($HTTP_POST_VARS['edit_ban_user_name']))) { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_user'] . ' ' . $HTTP_POST_VARS['edit_ban_user_name'], __FILE__, __LINE__); } } else { $ban_uid = 'NULL'; } if (isset($HTTP_POST_VARS['edit_ban_ip_addr'])) { $ban_ip_addr = "'" . addslashes($HTTP_POST_VARS['edit_ban_ip_addr']) . "'"; } else { $ban_ip_addr = 'NULL'; } $ban_expires = $HTTP_POST_VARS['edit_ban_expires']; if ($ban_expires == '') { $ban_expires = 'NULL'; } else { $ban_expires = "'".$ban_expires."'"; } if ((int)$ban_expires < 0) $ban_expires = 'NULL'; if ($ban_uid || $ban_ip_addr) { db_query("UPDATE {$CONFIG['TABLE_BANNED']} SET user_id=$ban_uid, ip_addr=$ban_ip_addr, expiry=$ban_expires where ban_id=$ban_id"); } else { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_specify'], __FILE__, __LINE__); } } else { cpg_die(CRITICAL_ERROR, $lang_banning_php['error_ban_id'], __FILE__, __LINE__); } } } } pageheader($lang_banning_php['title']); $signature = 'Coppermine Photo Gallery ' . COPPERMINE_VERSION; starttable('100%', "{$lang_banning_php['title']} - $signature", 4); create_banlist(); endtable(); $calendar_link_new = 'calendar.php?action=banning&month='.ltrim(strftime('%m'),'0').'&year='.strftime('%Y'); print << var calendarWindow = null; var calendarFormat = 'y-m-d'; function getCalendar(in_dateField) { if (calendarWindow && !calendarWindow.closed) { alert('Calendar window already open. Attempting focus...'); try { calendarWindow.focus(); } catch(e) {} return false; } var cal_width = 300; var cal_height = 200; // IE needs less space to make this thing if ((document.all) && (navigator.userAgent.indexOf("Konqueror") == -1)) { cal_width = 290; } calendarTarget = in_dateField; calendarWindow = window.open('{$calendar_link_new}', 'dateSelectorPopup','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=1,dependent=no,width='+cal_width+',height='+cal_height); return false; } function killCalendar() { if (calendarWindow && !calendarWindow.closed) { calendarWindow.close(); } } EOT; print "
\n"; starttable('100%', $lang_banning_php['add_new'], 4); echo << {$lang_banning_php['user_name']} {$lang_banning_php['ip_address']} {$lang_banning_php['expiry']} EOT; endtable(); print "\n"; pagefooter(); ob_end_flush(); ?>