1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10 11require_once('tiki-setup.php'); 12include_once('lib/ban/banlib.php'); 13$access->check_feature('feature_banning'); 14$access->check_permission('tiki_p_admin_banning'); 15 16$auto_query_args = [ 'banId' ]; 17 18if (isset($_REQUEST['del'])) { 19 if (!isset($_REQUEST['delsec'])) { 20 Feedback::error(tra('No rule selected for deletion. No deletions were performed.')); 21 } elseif($access->checkCsrfForm(tr('Delete selected banning rules?'))) { 22 $items = array_keys($_POST['delsec']); 23 $resultRowsDeleted = 0; 24 foreach ($items as $sec) { 25 $result = $banlib->remove_rule($sec); 26 $resultRowsDeleted += $result->numRows(); 27 } 28 unset($_POST['banId']); 29 if ($resultRowsDeleted) { 30 $msg = $resultRowsDeleted === 1 ? tra('The selected banning rule has been deleted') 31 : tr('%0 banning rules have been deleted', $resultRowsDeleted); 32 Feedback::success($msg); 33 } else { 34 Feedback::error(tr('No actions were deleted from the log')); 35 } 36 } 37} 38 39if (isset($_POST["import"]) && isset($_FILES["fileCSV"]) && $access->checkCsrf()) { 40 // import banning rules // 41 $number_imported = $banlib->importCSV($_FILES["fileCSV"]["tmp_name"], isset($_REQUEST['import_as_new'])); 42 if ($number_imported > 0) { 43 $smarty->assign('updated', "y"); 44 $smarty->assign('number_imported', $number_imported); 45 } 46 unset($_POST['banId']); 47} 48 49if (isset($_POST['save']) && $access->checkCsrf()) { 50 if ($_POST['mode'] === 'user' && empty($_POST['userreg'])) { 51 Feedback::error(tra("Not saved:") . ' ' . tra("Username pattern empty")); 52 } elseif ($_POST['mode'] === 'ip' 53 && $_POST['ip1'] == 255 54 && $_POST['ip2'] == 255 55 && $_POST['ip3'] == 255 56 && $_POST['ip4'] == 255) 57 { 58 Feedback::error(tra("Not saved:") . ' ' . tra("Default IP pattern still set")); 59 } else { 60 $_POST['use_dates'] = isset($_POST['use_dates']) ? 'y' : 'n'; 61 $_POST['date_from'] = $tikilib->make_time( 62 0, 63 0, 64 0, 65 $_POST['date_fromMonth'], 66 $_POST['date_fromDay'], 67 $_POST['date_fromYear'] 68 ); 69 $_POST['date_to'] = $tikilib->make_time( 70 0, 71 0, 72 0, 73 $_POST['date_toMonth'], 74 $_POST['date_toDay'], 75 $_POST['date_toYear'] 76 ); 77 $sections = isset($_POST['section']) ? array_keys($_POST['section']) : []; 78 $replaced = []; 79 $resultRows = 0; 80 // Handle case when many IPs are banned 81 if ($_POST['mode'] == 'mass_ban_ip') { 82 foreach ($_POST['multi_banned_ip'] as $ip => $value) { 83 list($ip1,$ip2,$ip3,$ip4) = explode('.', $ip); 84 $result = $banlib->replace_rule( 85 $_POST['banId'], 86 'ip', 87 $_POST['title'], 88 $ip1, 89 $ip2, 90 $ip3, 91 $ip4, 92 $_POST['userreg'], 93 $_POST['date_from'], 94 $_POST['date_to'], 95 $_POST['use_dates'], 96 $_POST['message'], 97 $sections 98 ); 99 $resultRows += $result->numRows(); 100 $replaced[] = $_POST['title']; 101 } 102 } else { 103 $result = $banlib->replace_rule( 104 $_POST['banId'], 105 $_POST['mode'], 106 $_POST['title'], 107 $_POST['ip1'], 108 $_POST['ip2'], 109 $_POST['ip3'], 110 $_POST['ip4'], 111 $_POST['userreg'], 112 $_POST['date_from'], 113 $_POST['date_to'], 114 $_POST['use_dates'], 115 $_POST['message'], 116 $sections 117 ); 118 $resultRows += $result->numRows(); 119 $replaced[] = $_POST['title']; 120 } 121 $info['sections'] = []; 122 $info['title'] = ''; 123 $info['mode'] = 'user'; 124 $info['ip1'] = 255; 125 $info['ip2'] = 255; 126 $info['ip3'] = 255; 127 $info['ip4'] = 255; 128 $info['use_dates'] = 'n'; 129 $info['date_from'] = $tikilib->now; 130 $info['date_to'] = $tikilib->now + 7 * 24 * 3600; 131 $info['message'] = ''; 132 $smarty->assign_by_ref('info', $info); 133 unset($_REQUEST['banId']); 134 135 $replacedCount = count($replaced); 136 if ($resultRows > 0 && $resultRows === $replacedCount) { 137 $msg = $resultRows === 1 ? tra('The following banning rule has been saved or replaced:') 138 : tr('The following %0 banning rules have been saved or replaced:', $resultRows); 139 $feedback = [ 140 'tpl' => 'action', 141 'mes' => $msg, 142 'items' => $replaced, 143 ]; 144 Feedback::success($feedback); 145 } elseif ($replaced > 0 && $resultRows < $replacedCount) { 146 if (!$resultRows) { 147 $msg = tra('No changes were made to the following selected banning rules:'); 148 } else { 149 $msg = tr('Only %0 of the selected banning rules shown below were added or changed', $resultRows); 150 } 151 if (!empty($msg)) { 152 $feedback = [ 153 'tpl' => 'action', 154 'mes' => $msg, 155 'items' => $replaced, 156 ]; 157 Feedback::warning($feedback); 158 } 159 } elseif ($replacedCount === 0) { 160 Feedback::error(tr('No banning rules were selected')); 161 } 162 } 163} 164 165if (! empty($_REQUEST['export'])) { 166 $maxRecords = -1; 167} elseif (isset($_REQUEST['max'])) { 168 $maxRecords = $_REQUEST['max']; 169} else { 170 $maxRecords = $prefs['maxRecords']; 171} 172 173if (! empty($_REQUEST['banId'])) { 174 $info = $banlib->get_rule($_REQUEST['banId']); 175} else { 176 $_REQUEST['banId'] = 0; 177 $info['sections'] = []; 178 $info['title'] = ''; 179 $info['mode'] = 'user'; 180 $info['user'] = ''; 181 $info['ip1'] = 255; 182 $info['ip2'] = 255; 183 $info['ip3'] = 255; 184 $info['ip4'] = 255; 185 $info['use_dates'] = 'n'; 186 $info['date_from'] = $tikilib->now; 187 $info['date_to'] = $tikilib->now + 7 * 24 * 3600 * 100; 188 $info['message'] = ''; 189} 190 191// Handle case when coming from tiki-list_comments with a list of IPs to ban 192if (! empty($_REQUEST['mass_ban_ip'])) { 193 $commentslib = TikiLib::lib('comments'); 194 $smarty->assign('mass_ban_ip', $_REQUEST['mass_ban_ip']); 195 $info['mode'] = 'mass_ban_ip'; 196 $info['title'] = tr('Multiple IP Banning'); 197 $info['message'] = tr('Access from your localization was forbidden due to excessive spamming.'); 198 $info['date_to'] = $tikilib->now + 365 * 24 * 3600; 199 $banId_list = explode('|', $_REQUEST['mass_ban_ip']); 200 // Handle case when coming from tiki-list_comments with a list of IPs to ban and also delete the related comments 201 foreach ($banId_list as $id) { 202 $ban_comment = $commentslib->get_comment($id); 203 $ban_comments_list[$ban_comment['user_ip']][$id]['userName'] = $ban_comment['userName']; 204 $ban_comments_list[$ban_comment['user_ip']][$id]['title'] = $ban_comment['title']; 205 } 206 $smarty->assign_by_ref('ban_comments_list', $ban_comments_list); 207} 208 209// Handle case when coming from tiki-admin_actionlog with a list of IPs to ban 210if (! empty($_REQUEST['mass_ban_ip_actionlog'])) { 211 $logslib = TikiLib::lib('logs'); 212 $smarty->assign('mass_ban_ip', $_REQUEST['mass_ban_ip_actionlog']); 213 $info['mode'] = 'mass_ban_ip'; 214 $info['title'] = tr('Multiple IP Banning'); 215 $info['message'] = tr('Access from your localization was forbidden due to excessive spamming.'); 216 $info['date_to'] = $tikilib->now + 365 * 24 * 3600; 217 $banId_list = explode('|', $_REQUEST['mass_ban_ip_actionlog']); 218 foreach ($banId_list as $id) { 219 $ban_actions = $logslib->get_info_action($id); 220 $ban_comments_list[$ban_actions['ip']][$id]['userName'] = $ban_actions['user']; 221 } 222 $smarty->assign_by_ref('ban_comments_list', $ban_comments_list); 223} 224 225// Handle case when coming from tiki-adminusers with a list of IPs to ban 226if (! empty($_REQUEST['mass_ban_ip_users'])) { 227 $logslib = TikiLib::lib('logs'); 228 $smarty->assign('mass_ban_ip', $_REQUEST['mass_ban_ip_users']); 229 $info['mode'] = 'mass_ban_ip'; 230 $info['title'] = tr('Multiple IP Banning'); 231 $info['message'] = tr('Access from your localization was forbidden due to excessive spamming.'); 232 $info['date_to'] = $tikilib->now + 365 * 24 * 3600; 233 $banUsers_list = explode('|', $_REQUEST['mass_ban_ip_users']); 234 foreach ($banUsers_list as $banUser) { 235 $ban_actions = $logslib->get_user_registration_action($banUser); 236 $ban_comments_list[$ban_actions['ip']][$banUser]['userName'] = $banUser; 237 } 238 $smarty->assign_by_ref('ban_comments_list', $ban_comments_list); 239} 240 241$smarty->assign('banId', $_REQUEST['banId']); 242$smarty->assign_by_ref('info', $info); 243 244if (! isset($_REQUEST["sort_mode"])) { 245 $sort_mode = 'created_desc'; 246} else { 247 $sort_mode = $_REQUEST["sort_mode"]; 248} 249if (! isset($_REQUEST["offset"])) { 250 $offset = 0; 251} else { 252 $offset = $_REQUEST["offset"]; 253} 254$smarty->assign_by_ref('offset', $offset); 255if (isset($_REQUEST["find"])) { 256 $find = $_REQUEST["find"]; 257} else { 258 $find = ''; 259} 260$smarty->assign('find', $find); 261$smarty->assign_by_ref('sort_mode', $sort_mode); 262$items = $banlib->list_rules($offset, $maxRecords, $sort_mode, $find); 263 264if (isset($_REQUEST['export']) || isset($_REQUEST['csv'])) { 265 // export banning rules // 266 $csv = $banlib->export_rules($items['data']); 267 268 header("Content-type: text/comma-separated-values; charset:UTF-8"); 269 header('Content-Disposition: attachment; filename="tiki-admin_banning.csv"'); 270 if (function_exists('mb_strlen')) { 271 header('Content-Length: ' . mb_strlen($csv, '8bit')); 272 } else { 273 header('Content-Length: ' . strlen($csv)); 274 } 275 echo $csv; 276 die(); 277} 278 279$smarty->assign('cant', $items['cant']); 280$smarty->assign_by_ref('cant_pages', $items["cant"]); 281$smarty->assign_by_ref('items', $items["data"]); 282$smarty->assign('sections', $sections_enabled); 283// disallow robots to index page: 284$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW'); 285$smarty->assign('mid', 'tiki-admin_banning.tpl'); 286$smarty->display("tiki.tpl"); 287