Location: PHPKode > projects > EBA-News > admin/filters.php
<?php

// -------------------------------------------------------------
//
// FILENAME		: create_user.php
// COPYRIGHT	:  2003, 2004, 2005, 2006 Espen Andersson
// WWW				: http://ebascripts.com/
//
// -------------------------------------------------------------

define('ADMIN_DIR', './');

include_once ADMIN_DIR . 'includes/page_start.php';
include_once ADMIN_DIR . 'includes/top.php';

if ($_SESSION['sess_user_level'] < 3) {
	$auth->not_authorized();
}

$id = isset($_GET['id']) ? number_input($_GET['id']) : 0;

$blacklisted_words = $suspicious_words = '';

$expectedVars->check_get(array('act'));
$expectedVars->check_post(array('delete', 'allbox', 'submit', 'action', 'field', 'type', 'rule', 'blacklisted_words', 'suspicious_words'));

// Delete filters
if ( (isset($_GET['act'])) && ($_GET['act'] == 'update') ) {
	if ( (isset($_POST['delete'])) && (sizeof($_POST['delete']) > 0) ) {
		$query = 'DELETE FROM `' . FILTERS_TABLE . '` WHERE ';

		foreach ($_POST['delete'] as $id) {
			$query .= " `id` = '$id' OR";
		}

		$query = substr($query, 0, -3);
		$result = $sql_db->query($query, __FILE__, __LINE__);
	}

	redirect('filters.php');
}

if ( (isset($_POST['delete'])) && (is_array($_POST['delete'])) && (sizeof($_POST['delete']) > 0) ) {
	$query = 'DELETE FROM `' . FILTERS_TABLE . '` WHERE ';

	foreach ($_POST['delete'] as $id) {
		$query .= " `id` = '$id' OR";
	}

	$query = substr($query, 0, -3);
	$result = $sql_db->query($query, __FILE__, __LINE__);

	redirect('filters.php');
}

if ( (isset($_GET['act'])) && ($_GET['act'] == 'add') ) {
	// Block comment or mark as spam
	$action = intval($_POST['action']);

	// IP Address, Name, E-mail, Homepage or Comment
	$field = isset($_POST['field']) ? sql_input($_POST['field']) : '';

	// Contains, Exact, Starts with or ends with
	$type = isset($_POST['type']) ? $_POST['type'] : '';

	// What to block
	$rule = isset($_POST['rule']) ? sql_input($_POST['rule']) : '';

	// The user has entered something to block/delete/eat
	if (strlen($rule) > 0) {
		// We have 4 types in $type: "contains" (1), "exact match" (2),
		// "starts with" (3) and "ends with" (4)

		// Contains
		if ($type == 1) {
			// Check for multiple words
			$words = explode(' ', $rule);
			$wordcount = count($words);

			// Create expression-content for multiple words
			if ($wordcount > 1) {
				foreach ($words as $parts) {
					$trimmed_parts[] = trim($parts);
				}

				$expression_string = implode('|', $trimmed_parts);
			} else {
				// Create string for only one word
				$expression_string = $rule;
			}

			// Setup regular expression
			// It should now look like this:
			// "/oneword/i" or "/word1|word2/i"
			$regular_expression = '/' . $expression_string . '/i';
		}

		// Exact match
		elseif ($type == 2) {
			$regular_expression = '/^'.$rule.'$/i';
		}

		// Starts with
		elseif ($type == 3) {
			$regular_expression = '/^'.$rule.'/i';
		}

		// Ends with
		elseif ($type == 4) {
			$regular_expression = '/'.$rule.'/$';
		}

		elseif ($type == 5) {
			$regular_expression = $rule;
		}
	}

	$count = $sql_db->result($sql_db->query('SELECT COUNT(`id`) 
	  AS `count`
	  FROM `' . FILTERS_TABLE . '`
	  WHERE `banned_content` = \'' . $regular_expression . '\'', __FILE__, __LINE__));

	if ($count == 0) {
		$query = sprintf("
		  INSERT INTO `" . FILTERS_TABLE . "`
		  (`banned_content`, `banned_field`, `bantype`, `action`)
		  VALUES ('%s', '" . $field . "', '" . $type . "', '" . $action . "')",
		  sql_input($regular_expression));

		$result = $sql_db->query($query, __FILE__, __LINE__);
	}

	redirect('filters.php');
}

// Update spam files
if ( (isset($_GET['act'])) && ($_GET['act'] == 'updatefiles') ) {
	file_put_contents(ADMIN_DIR . 'words_blacklisted.txt', sql_input($_POST['blacklisted_words']));
	file_put_contents(ADMIN_DIR . 'words_suspicious.txt', sql_input($_POST['suspicious_words']));

	redirect('filters.php');
}

$header = GenImage(ADMIN_DIR . 'templates/images/lang_' . LANGUAGE . '/top_administrate_filters.gif', lang('a_header_admin_filters'));
echo '<div class="top"><div id="img">' . $header . '</div></div>';

$page = new Page(ADMIN_DIR . 'templates/filters_top.tpl');
$page->output_page();

$result = $sql_db->query('SELECT *
  FROM `' . FILTERS_TABLE . '`
  ORDER BY `id`', __FILE__, __LINE__);

while ($row = $sql_db->fetch_object($result)) {
	$page = new Page(ADMIN_DIR . 'templates/filters_middle.tpl');

	$field_name = lang('a_filters_field_' . $row->banned_field . '');

	$page->replace_tags(array(
	  'FILTER' => $row->banned_content,
	  'FIELD' => $field_name,
	  'ACTIVE' => ($row->active == 0) ? lang('a_filters_option_no') : lang('a_filters_option_yes'),
	  'ACTION' => ($row->action == 1) ? lang('a_filters_mark_as_spam') : lang('a_filters_block_comment'),
	  'HITS' => $row->hits,
	  'ROW->ID' => $row->id
	));

	$page->output_page();
}

$blacklisted_words = file_get_contents(ADMIN_DIR . 'words_blacklisted.txt');
$suspicious_words = file_get_contents(ADMIN_DIR . 'words_suspicious.txt');

$page = new Page(ADMIN_DIR . 'templates/filters_bottom.tpl');

$page->replace_tags(array(
  'BLACKLISTED_WORDS' => $blacklisted_words,
  'SUSPICIOUS_WORDS' => $suspicious_words
));

$page->output_page();

include_once ADMIN_DIR . 'includes/bottom.php';

?>
Return current item: EBA-News