File odules/protector/admin/center.php

  1: <?php
  2: /*
  3:  You may not change or alter any portion of this comment or credits
  4:  of supporting developers from this source code or any supporting source code
  5:  which is considered copyrighted (c) material of the original comment or credit authors.
  6: 
  7:  This program is distributed in the hope that it will be useful,
  8:  but WITHOUT ANY WARRANTY; without even the implied warranty of
  9:  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 10: */
 11: 
 12: /**
 13:  * Protector
 14:  *
 15:  * @copyright       XOOPS Project (http://xoops.org)
 16:  * @license         GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 17:  * @package         protector
 18:  * @author          trabis <lusopoemas@gmail.com>
 19:  * @version         $Id$
 20:  */
 21: 
 22: include_once __DIR__ . '/header.php';
 23: 
 24: require_once dirname(__DIR__) . '/class/gtickets.php';
 25: 
 26: $xoops->db();
 27: global $xoopsDB;
 28: $db = $xoopsDB;
 29: 
 30: // GET vars
 31: $pos = empty($_GET['pos']) ? 0 : (int)($_GET['pos']);
 32: $num = empty($_GET['num']) ? 20 : (int)($_GET['num']);
 33: 
 34: // Table Name
 35: $log_table = $db->prefix('protector_log');
 36: 
 37: // Protector object
 38: require_once dirname(__DIR__) . '/class/protector.php';
 39: $protector = Protector::getInstance($db->conn);
 40: $conf = $protector->getConf();
 41: 
 42: //
 43: // transaction stage
 44: //
 45: 
 46: if (!empty($_POST['action'])) {
 47: 
 48:     // Ticket check
 49:     if (!$xoopsGTicket->check(true, 'protector_admin')) {
 50:         $xoops->redirect(\XoopsBaseConfig::get('url') . '/', 3, $xoopsGTicket->getErrors());
 51:     }
 52: 
 53:     if ($_POST['action'] === 'update_ips') {
 54:         $error_msg = '';
 55: 
 56:         $lines = empty($_POST['bad_ips']) ? array() : explode("\n", trim($_POST['bad_ips']));
 57:         $bad_ips = array();
 58:         foreach ($lines as $line) {
 59:             @list($bad_ip, $jailed_time) = explode(':', $line, 2);
 60:             $bad_ips[trim($bad_ip)] = empty($jailed_time) ? 0x7fffffff : (int)($jailed_time);
 61:         }
 62:         if (!$protector->write_file_badips($bad_ips)) {
 63:             $error_msg .= _AM_MSG_BADIPSCANTOPEN;
 64:         }
 65: 
 66:         $group1_ips = empty($_POST['group1_ips']) ? array() : explode("\n", trim($_POST['group1_ips']));
 67:         foreach (array_keys($group1_ips) as $i) {
 68:             $group1_ips[$i] = trim($group1_ips[$i]);
 69:         }
 70:         $fp = @fopen($protector->get_filepath4group1ips(), 'w');
 71:         if ($fp) {
 72:             @flock($fp, LOCK_EX);
 73:             fwrite($fp, serialize(array_unique($group1_ips)) . "\n");
 74:             @flock($fp, LOCK_UN);
 75:             fclose($fp);
 76:         } else {
 77:             $error_msg .= _AM_MSG_GROUP1IPSCANTOPEN;
 78:         }
 79: 
 80:         $redirect_msg = $error_msg ? $error_msg : _AM_MSG_IPFILESUPDATED;
 81:         $xoops->redirect("center.php", 2, $redirect_msg);
 82:     } else {
 83:         if ($_POST['action'] === 'delete' && isset($_POST['ids']) && is_array($_POST['ids'])) {
 84:             // remove selected records
 85:             foreach ($_POST['ids'] as $lid) {
 86:                 $lid = (int)($lid);
 87:                 $db->query("DELETE FROM $log_table WHERE lid='$lid'");
 88:             }
 89:             $xoops->redirect("center.php", 2, _AM_MSG_REMOVED);
 90:         } else {
 91:             if ($_POST['action'] === 'deleteall') {
 92:                 // remove all records
 93:                 $db->query("DELETE FROM $log_table");
 94:                 $xoops->redirect("center.php", 2, _AM_MSG_REMOVED);
 95:             } else {
 96:                 if ($_POST['action'] === 'compactlog') {
 97:                     // compactize records (removing duplicated records (ip,type)
 98:                     $result = $db->query("SELECT `lid`,`ip`,`type` FROM $log_table ORDER BY lid DESC");
 99:                     $buf = array();
100:                     $ids = array();
101:                     while (list($lid, $ip, $type) = $db->fetchRow($result)) {
102:                         if (isset($buf[$ip . $type])) {
103:                             $ids[] = $lid;
104:                         } else {
105:                             $buf[$ip . $type] = true;
106:                         }
107:                     }
108:                     $db->query("DELETE FROM $log_table WHERE lid IN (" . implode(',', $ids) . ")");
109:                     $xoops->redirect("center.php", 2, _AM_MSG_REMOVED);
110:                 }
111:             }
112:         }
113:     }
114: }
115: // beggining of Output
116: $xoops->header('admin:protector/protector_center.html');
117: 
118: $admin_page = new \Xoops\Module\Admin();
119: $admin_page->renderNavigation('center.php');
120: 
121: // bad_ips
122: $bad_ips = $protector->get_bad_ips(true);
123: uksort($bad_ips, 'protector_ip_cmp');
124: $bad_ips4disp = '';
125: foreach ($bad_ips as $bad_ip => $jailed_time) {
126:     $line = $jailed_time ? $bad_ip . ':' . $jailed_time : $bad_ip;
127:     $line = str_replace(':2147483647', '', $line); // remove :0x7fffffff
128:     $bad_ips4disp .= htmlspecialchars($line, ENT_QUOTES) . "\n";
129: }
130: 
131: // group1_ips
132: $group1_ips = $protector->get_group1_ips();
133: usort($group1_ips, 'protector_ip_cmp');
134: $group1_ips4disp = htmlspecialchars(implode("\n", $group1_ips), ENT_QUOTES);
135: // edit configs about IP ban and IPs for group=1
136: 
137: $form = $xoops->getModuleForm(null, 'center');
138: $form->getPrefIp($bad_ips4disp, $group1_ips4disp);
139: $form->render();
140: 
141: // header of log listing
142: // query for listing
143: $rs = $db->query("SELECT count(lid) FROM $log_table");
144: list($numrows) = $db->fetchRow($rs);
145: $prs = $db->query("SELECT l.lid, l.uid, l.ip, l.agent, l.type, l.description, UNIX_TIMESTAMP(l.timestamp), u.uname FROM $log_table l LEFT JOIN " . $db->prefix("system_user") . " u ON l.uid=u.uid ORDER BY timestamp DESC LIMIT $pos,$num");
146: // Number selection
147: $num_options = '';
148: $num_array = array(20, 100, 500, 2000);
149: foreach ($num_array as $n) {
150:     if ($n == $num) {
151:         $num_options .= "<option value='$n' selected='selected'>$n</option>\n";
152:     } else {
153:         $num_options .= "<option value='$n'>$n</option>\n";
154:     }
155: }
156: $xoops->tpl()->assign('num_options', $num_options);
157: // Page Navigation
158: $nav = new XoopsPageNav($numrows, $num, $pos, 'pos', "num=$num");
159: $nav_html = $nav->renderNav(10);
160: $xoops->tpl()->assign('nav_html', $nav_html);
161: // body of log listing
162: $oddeven = 'odd';
163: while (list($lid, $uid, $ip, $agent, $type, $description, $timestamp, $uname) = $db->fetchRow($prs)) {
164:     $oddeven = ($oddeven === 'odd' ? 'even' : 'odd');
165: 
166:     $ip = htmlspecialchars($ip, ENT_QUOTES);
167:     $type = htmlspecialchars($type, ENT_QUOTES);
168:     $description = htmlspecialchars($description, ENT_QUOTES);
169:     $uname = htmlspecialchars(($uid ? $uname : XoopsLocale::GUESTS), ENT_QUOTES);
170: 
171:     // make agents shorter
172:     if (preg_match('/MSIE\s+([0-9.]+)/', $agent, $regs)) {
173:         $agent_short = 'IE ' . $regs[1];
174:     } else {
175:         if (stristr($agent, 'Gecko') !== false) {
176:             $agent_short = strrchr($agent, ' ');
177:         } else {
178:             $agent_short = substr($agent, 0, strpos($agent, ' '));
179:         }
180:     }
181:     $agent4disp = htmlspecialchars($agent, ENT_QUOTES);
182:     $agent_desc = $agent == $agent_short ? $agent4disp : htmlspecialchars($agent_short, ENT_QUOTES) . "<img src='../images/dotdotdot.gif' alt='$agent4disp' title='$agent4disp' />";
183: 
184:     $log_arr['lid'] = $lid;
185:     $log_arr['date'] = XoopsLocale::formatTimestamp($timestamp);
186:     $log_arr['uname'] = $uname;
187:     $log_arr['ip'] = $ip;
188:     $log_arr['agent_desc'] = $agent_desc;
189:     $log_arr['type'] = $type;
190:     $log_arr['description'] = $description;
191: 
192:     $xoops->tpl()->appendByRef('log', $log_arr);
193:     unset($table_arr);
194: }
195: 
196: $xoops->footer();
197: 
198: function protector_ip_cmp($a, $b)
199: {
200:     $as = explode('.', $a);
201:     $aval = @$as[0] * 167777216 + @$as[1] * 65536 + @$as[2] * 256 + @$as[3];
202:     $bs = explode('.', $b);
203:     $bval = @$bs[0] * 167777216 + @$bs[1] * 65536 + @$bs[2] * 256 + @$bs[3];
204: 
205:     return $aval > $bval ? 1 : -1;
206: }
207:
Namespaces

Classes

Interfaces

Exceptions

Functions
