Location: PHPKode > projects > Cadence Guestbook Host > cadence/sources/admin/users.php
<?php

/************************************
 * Cadence
 * Remotely Hosted Guestbook Script.
 * (c) 2006, Dennis Pedrie
 * www.CadenceBook.com
 * users.php
 ***********************************
 * Cadence Guestbook is licensed under
 * a Creative Commons License.
 * More information is available by visiting
 * http://creativecommons.org/licenses/by/3.0/
 * or the LICENSE file in the Cadence Root Folder
 ***********************************/

if(!defined('IN_CADENCE')) {
	trigger_error("You may not access this file directly",E_USER_ERROR);
}
 
$do = $_GET['do'];

echo "<h3>Manage Users</h3>
<p>Use this interface to manage users. Look up IPs, ban users and more are controlled here.</p>";

if(!isset($do)) {
	$do = "quicktask";
}

if($do == "quicktask") {
	// Users Hub
	echo "<div style='width:100%; border:1px dashed #bbb; padding:3px;'>
	 <h3><a href='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=iplookup'>IP Lookup</a></h3>
	 <span style='font-size:10px;'>Find all posts by IP, get IP Info</span>
	 <form action='index.php' method='get'>
	  <input type='hidden' name='book' value='$book' />
	  <input type='hidden' name='act' value='admin' />
	  <input type='hidden' name='acpact' value='users' />
	  <input type='hidden' name='do' value='iplookup' />
	  <input type='text' name='ip' value='Enter Internet Protocol Address...' onclick='this.value=\"\"' size='32' /><br />
	  <input type='submit' name='submit' value='Submit' />
	 </form>
	</div><br />
	<div style='width:100%; border:1px dashed #bbb; padding:3px;'>
	 <h3><a href='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=ban'>Quick Ban</a></h3>
	 <span style='font-size:10px;'>Ban user by IP or E-Mail</span>
	 <form action='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=ban' method='post'>
	  <input type='text' name='email' value='Enter E-Mail Address...' onclick='this.value=\"\"' size='32' /><br />
	  <input style='margin-top:3px;' type='text' name='ip' value='Enter Internet Protocol Address...' onclick='this.value=\"\"' size='32' /><br />
	  <input type='submit' name='submit' value='Submit' />	  
	 </form>
	</div><br />
	<div style='width:100%; border:1px dashed #bbb; padding:3px;'>
	 <h3><a href='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=names'>Add Reserved Name</a></h3>
	 <span style='font-size:10px;'>Reserving a name will prevent people who sign your book from using that name.</span>
	 <form action='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=ban' method='post'>
	  <input type='text' name='name' value='Enter Name...' onclick='this.value=\"\"' size='32' /><br />
	  <input type='submit' name='submit' value='Submit' />	  
	 </form>
	</div>";
}

if($do == "ban") {
    // Delete User Ban
    if(isset($_GET['delete'])) {
        $db->query("DELETE FROM ". TABLE_PREFIX ."banned WHERE ban_id = '". intval($_GET['delete']) ."'");
		$tpl->assign("sysmsg","Ban Removed");
		$tpl->assign("linkback","index.php?book=$book&amp;act=admin&amp;acpact=users&do=ban");
		$tpl->display("system/admin/sysmsg.tpl");
		$tpl->display("system/admin/footer.tpl");
		exit;
    }
    
	// Insert Ban by Email
	if($_GET['insert'] == "email") {
		$email = $post->clean_var($_GET['email']);
		
		// Check that the address isn't already banned.
		$check = (int) $db->get_var("SELECT ban_id FROM ". TABLE_PREFIX ."banned WHERE ban_email = '". $email ."' AND ban_gbook_id = '". $book ."'");
		if($check > 0) {
			$gbook->kill("<strong>Already banned</strong>");
		}
		
		// Check that it's a valid address
		if(!$post->check_email($email)) {
			$gbook->kill("<strong>Invalid email</strong>");
		}
		
		// Check that the authorization code is right
		if($_GET['auth'] != $gbook->auth) {
			$gbook->kill("<strong>Security Error</strong>");
		}

		$db->query("INSERT INTO ". TABLE_PREFIX ."banned(ban_gbook_id,ban_email) VALUES('". $book ."','". $email ."')");
		$tpl->assign("sysmsg","Email Banned");
		$tpl->assign("linkback","index.php?book=$book&amp;act=admin&amp;acpact=users&do=ban");
		$tpl->display("system/admin/sysmsg.tpl");
		$tpl->display("system/admin/footer.tpl");
		exit;
		
	}
	
	// Insert Ban by IP
	if($_GET['insert'] == "ip") {
		$ip = $post->clean_var($_GET['ip']);
		
		// Check that the address isn't already banned.
		$check = (int) $db->get_var("SELECT ban_id FROM ". TABLE_PREFIX ."banned WHERE ban_ip = '". $ip ."' AND ban_gbook_id = '". $book ."'");
		if($check > 0) {
			$gbook->kill("<strong>Already banned</strong>");
		}
		
		// Check that the authorization code is right
		if($_GET['auth'] != $gbook->auth) {
			$gbook->kill("<strong>Security Error</strong>");
		}

		$db->query("INSERT INTO ". TABLE_PREFIX ."banned(ban_gbook_id,ban_ip) VALUES('". $book ."','". $ip ."')");
		$tpl->assign("sysmsg","IP Banned");
		$tpl->assign("linkback","index.php?book=$book&amp;act=admin&amp;acpact=users&do=ban");
		$tpl->display("system/admin/sysmsg.tpl");
		$tpl->display("system/admin/footer.tpl");
		exit;
		
	}
	
	// Ban
	echo "<div style='width:100%; border:1px dashed #bbb; padding:3px; float:both;'>
	 <strong>User Banning Tool</strong><br />
	 This tool allows you add User Bans. You can ban users by IP or E-Mail. You can also ban certain names via the the <a href='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=names'>Reserved Names</a> tool.<br />
	 <br /><div id='banlink'><a href='javascript:show_add_ban_form(\"ban\",\"banlink\")'>Add Ban</a></div><br />
	 <div id='ban'><a href='javascript:show_add_ban_form(\"banlink\",\"ban\")'>Hide</a><br />
	 <strong>Add Ban</strong><br />
	 <form style='float:left;' action='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=ban&insert=email' method='get'>
	  <input type='hidden' name='book' value='". $book ."' />
	  <input type='hidden' name='act' value='admin' />
	  <input type='hidden' name='acpact' value='users' />
	  <input type='hidden' name='do' value='ban' />
	  <input type='hidden' name='insert' value='email' />
	  <input type='hidden' name='auth' value='". $gbook->auth ."' />
	  <span style='font-size:8px;'>Email</span><br />
	  <input type='text' name='email' size='32' /><br />
	  <input type='submit' name='submit' value='Submit' />
	 </form>
	 <form style='float:right;' action='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=ban&insert=ip' method='get'>
	  <input type='hidden' name='book' value='". $book ."' />
	  <input type='hidden' name='act' value='admin' />
	  <input type='hidden' name='acpact' value='users' />
	  <input type='hidden' name='do' value='ban' />
	  <input type='hidden' name='insert' value='ip' />
	  <input type='hidden' name='auth' value='". $gbook->auth ."' />
	  <span style='font-size:8px;'>IP Address</span><br />
	  <input style='margin-top:3px;' type='text' name='ip' size='32' /><br />
	  <input type='submit' name='submit' value='Submit' />
	 </form><br /><br /><br /><br /><br /><br /></div></div><br />
	 <div style='width:100%; border:1px dashed #bbb; padding:3px;'>
	 <strong>Manage Banned Users</strong><br />
	 This tool manages banned users. You can view or delete them here.<br /><br />";
	$sql = ($CONFIG['show_global_ban']) ? "OR ban_global = '1'" : " AND ban_global = '0'";
	$ban = $db->get_results("SELECT * FROM ". TABLE_PREFIX ."banned WHERE ban_gbook_id = '$book' ". $sql);
	if($db->num_rows > 0) {
		echo  "<div style='background-color:#eee;'>
		 <table style='border:0px' width='100%'>";
		foreach($ban as $ban) {
		echo "		  <tr>
		   		<td style='border:0px; background-color:#fff;' width='25%'>
		    	". $ban->ban_email ."
		   		</td>
		   		<td style='border:0px; background-color:#fff;' width='25%'>
		   		". $ban->ban_ip ."
		   		<td style='border:0px; background-color:#fff;' width='25%'>";
		   		echo ($ban->ban_global == 0) ? "<a href='index.php?book=$book&amp;act=admin&amp;acpact=users&amp;do=ban&amp;delete=". $ban->ban_id ."&auth=". $gbook->auth ."'>Delete</a>" : "Global Ban";
		   		echo "</td>
		   		</tr>";
		}
		echo "</table></div>";
	}
	else {
        echo  "<div style='background-color:#eee;'>
		 <table style='border:0px' width='100%'>
		 <tr>
 		  <td style='border:0px; background-color:#fff; text-align:center;' width='25%'>
            <strong>No Rows Returned</strong>
 		  </td>
         </tr>
		 </table></div>";
    }
	echo " </div>";
}

if($do == "iplookup") {
	// IP Tools
	echo "<div style='width:100%; border:1px dashed #bbb; padding:3px;'>
	 <strong>IP Lookup Tool</strong><br />
	 This tool allows you to search for all posts by a certain IP, as well as giving you handy information about the IP. It also provides you a link for detailed information.";
	$ip = $post->clean_var($_GET['ip']);
	if($ip == 0) {
		echo "<br /><br /><form action='index.php?' method='get'>
		<input type='hidden' name='book' value='$book' />
		<input type='hidden' name='act' value='admin' />
		<input type='hidden' name='acpact' value='users' />
		<input type='hidden' name='do' value='iplookup' />
		<input type='text' name='ip' value='Enter Internet Protocol Address...' onclick='this.value=\"\"' size='32' />
		<input type='submit' name='submit' value='Submit' />
	   </form>";
	}
	else {
		echo "<br /><br />You Searched For: <a href=\"http://ip-lookup.net/?ip=". $ip ."\" title=\"Advanced IP Lookup\">". $ip ."</a><br />
		IP Host: ". @gethostbyaddr($ip) ."<br />
		<a href=\"index.php?book=". $book ."&amp;act=admin&amp;acpact=users&amp;do=ban&amp;insert=ip&ip=". $ip ."&amp;auth=". $gbook->auth ."\">Ban this IP</a><br /><br />
		All Posts By This IP:
		<div style='background-color:#eee;'>
		 <table style='border:0px' width='100%'>";
		$posts = $db->get_results("SELECT post_author, post_date, post_ip, post_id, post_hash FROM ". TABLE_PREFIX ."posts WHERE post_ip = '$ip' AND post_gbook = '$book' ORDER BY post_author");
		if($db->num_rows > 0) {
			foreach($posts as $posts) {
				echo "		  <tr>
		   		<td style='border:0px; background-color:#fff;' width='25%'>
		    	<a href='index.php?book=$book&amp;act=idx#post". $posts->post_id ."'>". $posts->post_author ."</a>
		   		</td>
		   		<td style='border:0px; background-color:#fff; text-align:center;' width='15%'>
		    	<a href='index.php?book=$book&amp;act=admin&amp;acpact=posts&amp;edit=". $posts->post_id ."'>Edit</a>
		   		</td>
		   		<td style='border:0px; background-color:#fff; text-align:center;' width='15%'>
		    	<a href='javascript:delete_post(\"index.php?book=$book&amp;act=admin&amp;acpact=posts&amp;delete=". $posts->post_id ."&amp;auth=". $posts->post_hash ."\")'>Delete</a>
		   		</td>
		   		<td style='border:0px; background-color:#fff; text-align:center;' width='20%'>
		    	". date("M d, Y", $posts->post_date) ."
		   		</td>
		  		</tr>";
			}
		}
		else {
			echo "<tr><td width='100%' style='text-align:center'><strong>No Matches Found!</strong></td></tr>";
		}
		echo "</table>
		</div>";
	}
	echo "</div>";
}

?>
Return current item: Cadence Guestbook Host