<?php
define('IN_PHPBB', 1);
define('IN_ANTISPAM', true);
/** Antispam admin functions
* @author Ramon Fincken, Phpbbinstallers.net, RamonFincken.com, WebsiteFreelancers.nl
*
* V 1.3.2 (Make sure you update this file on regular basis)
*/
if (!empty ($setmodules)) {
$filename = basename(__FILE__);
$module['Antispam']['Spam Database'] = $filename . "?mode=database";
return;
}
//
// Load default header
//
$no_page_header = FALSE;
$phpbb_root_path = '../';
require ($phpbb_root_path . 'extension.inc');
require ('./pagestart.' . $phpEx);
$file_version = '1.3.2';
include ('./antispam_functions/admin_antispam_functions.' . $phpEx);
// ----------------------- VERSION INFO
write_version($file_version);
// -------------------------------------------------------------------------------------
if (!$confirm && !$cancel) {
// Present the confirmation screen to the user
$template->set_filenames(array (
'body' => 'admin/antispam_confirm_body.tpl'
));
}
// -------------------------------------------------------------------------------------
$recovery_mode = false;
if(!isset($HTTP_GET_VARS['reset_to_full_mode']))
{
if($board_config['mod_spamcheck_admin_antitimeout'] == 'no')
{
$recovery_mode = true;
$limit = 13; // Max rows per page
// Show resque mode
write_block('Informationset', '<span style="color: orange"><strong>Notice: a previous attempt to load this page failed.</strong></span>', '<span style="color: orange"><strong>Running in limited/recovery mode</strong></span>');
write_block('Informationset', '', '<span style="color: blue"><strong><a href="?' . $SID . '&mode=database&reset_to_full_mode=true">Switch to normal mode</a></strong></span>');
}
}
// Init recovery mode?
antispam_update_conftable('no','mod_spamcheck_admin_antitimeout');
// MULTI RECORD OPERATIONS ( checkboxes )
// -------------------------------------------------------------------------------------
if ($mode === 'multi') {
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if (isset ($HTTP_POST_VARS['checkboxaction']) && is_array($HTTP_POST_VARS['checkboxaction']) && sizeof($HTTP_POST_VARS['checkboxaction']) > 0) {
// ----------------------- DELETE RECORDS
if (isset ($HTTP_POST_VARS['multi_delete'])) {
while (list (, $uid) = @ each($HTTP_POST_VARS['checkboxaction'])) {
if (intval($uid) > 0) {
delete_antispamtable_records(intval($uid));
}
}
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
// ----------------------- DELETE RECORDS
// ----------------------- BAN IPS
if (isset ($HTTP_POST_VARS['multi_ban'])) {
while (list (, $uid) = @ each($HTTP_POST_VARS['checkboxaction'])) {
if (intval($uid) > 0)
$ip = uid2ip($uid);
// GOGOGO!
// Only if the IP is NOT banned !
if (!ip2banstatus($ip)) {
antispam_quick_ban(encode_ip($ip), 'IP');
}
delete_antispamtable_records(intval($uid));
}
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
// ----------------------- BAN IPS
} else {
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . 'None selected!<br />');
}
}
// -------------------------------------------------------------------------------------
// MULTI RECORD OPERATIONS ( checkboxes )
// INSERT POST
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'insert_post') {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0) {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_post'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
$sql = "SELECT db.user_id, db.Id, db.Ip FROM " . ANTISPAMDB_TABLE . " as db ";
$sql .= " WHERE Id = " . intval($HTTP_GET_VARS['uid']) . " ORDER BY db.Id ASC LIMIT 1";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
$core_id = $row['Id'];
$user_id = $row['user_id'];
$approve_ip = $row['Ip'];
} else {
message_die(GENERAL_MESSAGE, 'Could not get info for this post!');
}
$db->sql_freeresult($result);
$profiledata = get_userdata($user_id);
$result = grab_db_data($core_id);
$tmparray = array ();
if($user_id == ANONYMOUS)
{
$profiledata['user_attachsig'] = 0;
}
while ($row = $db->sql_fetchrow($result)) {
$tmparray[$row['varkey']] = $row['varvalue'];
}
if ($tmparray['mode'] === 'newtopic' || $tmparray['mode'] === 'reply') {
include_once ($phpbb_root_path . 'includes/functions_insert_post.' . $phpEx);
} else {
include_once ($phpbb_root_path . 'includes/bbcode.' . $phpEx);
include_once ($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once ($phpbb_root_path . 'includes/functions_search.' . $phpEx);
}
// GOGOGO !
if ($tmparray['mode'] === 'newtopic') {
$post_details = insert_post($tmparray['message'], $tmparray['subject'], $tmparray[POST_FORUM_URL], $user_id, $profiledata['username'], intval($profiledata['user_attachsig']));
}
// GOGOGO !
if ($tmparray['mode'] === 'reply') {
// Reply, normal
$post_details = insert_post($tmparray['message'], $tmparray['subject'], topic2forum($tmparray[POST_TOPIC_URL]), $user_id, $profiledata['username'], intval($profiledata['user_attachsig']), $tmparray[POST_TOPIC_URL], POST_NORMAL, true);
}
// GOGOGO !
if ($tmparray['mode'] === 'editpost') {
// Editpost, update the contents
$post_id = intval($tmparray[POST_POST_URL]);
// Prepare start
$bbcode_on = $board_config['allow_bbcode'];
$html_on = $board_config['allow_html'];
$smilies_on = $board_config['allow_smilies'];
$bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : '';
// parse the message and the subject (belt & braces :)
$message = addslashes(unprepare_message($tmparray['message']));
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
$subject = addslashes(unprepare_message(trim($tmparray['subject'])));
// Prepare end
$sql = "UPDATE " . POSTS_TEXT_TABLE .
" SET post_subject = '" . $subject . "'," .
" post_text = '" . $message . "'," .
" bbcode_uid = '" . $bbcode_uid . "'" .
" WHERE post_id = $post_id LIMIT 1";
parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);
// Create array with topic_id
$post_details = array (
'topic_id' => post2topic($post_id
), 'post_id' => $post_id);
}
$topic_id = $post_details['topic_id'];
// Admin watch
$sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
}
// 1.2.7 We can't sent watch info to guests yet
if ($user_id > -1) {
// User watch
$sql = "INSERT INTO " . TOPICS_WATCH_TABLE .
" (user_id, topic_id, notify_status) " .
" VALUES (" . $user_id . ", $topic_id, 0)";
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
}
}
// Clear spamstatus
$sql = "UPDATE " . ANTISPAMDB_TABLE .
" SET status = '" . $post_details['post_id'] . "' " .
" WHERE Id = $core_id LIMIT 1";
parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
// Delete this record
delete_antispamtable_records($HTTP_GET_VARS['uid']);
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
// -----------------------
}
}
}
// -------------------------------------------------------------------------------------
// INSERT POST
// INSERT USER
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'insert_user') {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0) {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_reg'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
$sql = "SELECT db.user_id, db.Id " .
" FROM " . ANTISPAMDB_TABLE . " as db" .
" WHERE Id = " . intval($HTTP_GET_VARS['uid']) .
" ORDER BY db.Id ASC";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
$core_id = $row['Id'];
$user_id = $row['user_id'];
}
$db->sql_freeresult($result);
$profiledata = get_userdata($user_id);
$result = grab_db_data($core_id);
$tmparray = array ();
while ($row = $db->sql_fetchrow($result)) {
$tmparray[$row['varkey']] = $row['varvalue'];
}
include_once ($phpbb_root_path . 'includes/functions_insert_user.' . $phpEx);
$new_user_id = username2id($tmparray['username']);
if ($new_user_id > 0) {
// Username is allready in database
$message = $lang['Username_taken'];
} else {
// GOGOGO !
insert_user($tmparray['username'], md5($tmparray['password']), $tmparray['email']);
$new_user_id = username2id($tmparray['username']);
if ($new_user_id > 0) {
// Success
$sql = "UPDATE " . ANTISPAMDB_TABLE . " SET status = 'approved', user_id = " . $new_user_id . " WHERE Id = $core_id";
parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);
// V1.3.0 Now free user of any new spam checks
$sql = "UPDATE " . USERS_TABLE . " SET antispam_approved = '1' WHERE user_id = '".$new_user_id."' LIMIT 1";
parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);
$message = 'Succes !';
} else {
$message = 'User was denied due to ban rules OR username was in use';
}
}
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $message);
// -----------------------
}
}
}
// -------------------------------------------------------------------------------------
// INSERT USER
// DELETE RECORD
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_record') {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_record') {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_delrec'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
delete_antispamtable_records($HTTP_GET_VARS['uid']);
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
}
// -----------------------
}
// -------------------------------------------------------------------------------------
// DELETE RECORD
// BAN IP
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_ip') {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_ip') {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_banip'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
$ip = uid2ip(intval($HTTP_GET_VARS['uid']));
// GOGOGO!
antispam_quick_ban(encode_ip($ip), 'IP');
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
}
// -----------------------
}
// -------------------------------------------------------------------------------------
// BAN IP
// BAN FORWARDED_IP
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_forwarded_ip') {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_forwarded_ip') {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_banfwdip'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
$ip_forwarded = uid2ip(intval($HTTP_GET_VARS['uid']), '_forwarded');
// GOGOGO!
antispam_quick_ban(encode_ip($ip_forwarded), 'IP');
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
}
// -----------------------
}
// -------------------------------------------------------------------------------------
// BAN FORWARDED_IP
// DELETE USER
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_user') {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_user') {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['User_delete_explain'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
// First antispam tables
delete_antispamtable_records($HTTP_GET_VARS['uid'], 'user_id');
// Present the confirmation screen to the user
$template->set_filenames(array (
'body' => 'admin/antispam_confirm_body.tpl'
));
// Now show input for admin_users
// Yes... I know its dirty.. if anyone has a better solution feel
// free to leave your suggestion over at www.phpbbantispam.com :)
$hidden_fields = '<input type="hidden" name="mode" value="save" />';
$hidden_fields .= '<input type="hidden" name="submit" value="true" />';
$hidden_fields .= '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="id" value="' . $HTTP_GET_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="deleteuser" value="1" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => 'Antispam data removed for user. Please select yes to complete removal process' .
'<br /><a href="' . append_sid("admin_antispam_database.$phpEx?mode=database"
) . '">Please click here to go back to the database</a>', 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_users.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields));
antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
}
}
// -----------------------
}
// -------------------------------------------------------------------------------------
// DELETE USER
// MASS RECORD OPERATIONS
// -------------------------------------------------------------------------------------
// ----------------------- DELETE FIRST (X) RECORDS
if ($mode === 'database' && isset ($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] === 'massrecordops' && ((isset ($HTTP_POST_VARS['banned']) && $HTTP_POST_VARS['banned'] === '0') || !(isset ($HTTP_POST_VARS['banned'])))) {
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_POST_VARS['uid']) < 1) {
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . 'Please enter a value above 0!<br />');
}
if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_POST_VARS['uid']) > 0) {
// -----------------------
if (!$confirm && !$cancel) {
$hidden_fields = '<input type="hidden" name="mode" value="database" />';
$hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_POST_VARS['uid'] . '" />';
$hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';
$template->assign_vars(array (
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => sprintf($lang['Antispam_spam_database_conf_massfirst'],
$HTTP_POST_VARS['uid']
), 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"), 'S_HIDDEN_FIELDS' => $hidden_fields));
}
// -----------------------
if ($confirm) {
$limit = $HTTP_POST_VARS['uid'];
$sql = "SELECT db.Id FROM " . ANTISPAMDB_TABLE . " as db" .
" ORDER BY db.Id ASC LIMIT " . intval($limit);
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$ids = '';
while ($row = $db->sql_fetchrow($result)) {
$ids .= (strlen($ids) > 1) ? ", '$row[Id]'" : "'$row[Id]'";
}
$db->sql_freeresult($result);
// GOGOGO!
$sql = "DELETE FROM " . ANTISPAMDB_TABLE .
" WHERE Id IN ($ids) LIMIT " . intval($limit);
parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);
$sql = "DELETE FROM " . ANTISPAMDB_DATA_TABLE .
" WHERE core_id IN ($ids)";
parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
}
// -----------------------
}
// ----------------------- DELETE FIRST (X) RECORDS
// ----------------------- BANNED
if ($mode === 'database' && isset ($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] === 'massrecordops' && isset ($HTTP_POST_VARS['banned'])) {
// User has already confirmed with radio buttons ... value YES => 1, NO => 0
if (intval($HTTP_POST_VARS['banned']) == 1)
$confirm = true;
// -----------------------
if ($confirm) {
$sql = "SELECT db.Id, ip, ip_forwarded FROM " . ANTISPAMDB_TABLE . " as db";
$sql .= " ORDER BY db.Id ASC";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
// Base id ..
$ids = '-1';
while ($row = $db->sql_fetchrow($result)) {
// Test ips...
if (ip2banstatus($row[ip]) || ip2banstatus($row[ip_forwarded])) {
// Mark for deletion ..
$ids .= (strlen($ids) > 1) ? ", '$row[Id]'" : "'$row[Id]'";
}
}
// Emails ..
// We don't need the ones allready marked with Ip's
$sql = "SELECT db_data.core_id, varvalue as email " .
" FROM " . ANTISPAMDB_DATA_TABLE . " as db_data" .
" WHERE varkey = 'email' " .
" AND core_id NOT IN ($ids)";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
while ($row = $db->sql_fetchrow($result)) {
// Test emails...
$testresult = test_email($row[email], '');
if (strlen($testresult) > 0) {
// Mark for deletion ..
$ids .= (strlen($ids) > 1) ? ", '$row[core_id]'" : "'$row[core_id]'";
}
unset ($testresult);
}
// Usernames ..
// We don't need the ones allready marked with Ip's
// We don't need the ones allready marked with emails
$sql = "SELECT db_data.core_id, varvalue as username " .
" FROM " . ANTISPAMDB_DATA_TABLE . " as db_data" .
" WHERE varkey = 'username' " .
" AND core_id NOT IN ($ids)";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
while ($row = $db->sql_fetchrow($result)) {
// Test usernames...
$testresult = test_username($row[username], '');
if (strlen($testresult) > 0) {
// Mark for deletion ..
$ids .= (strlen($ids) > 1) ? ", '$row[core_id]'" : "'$row[core_id]'";
}
unset ($testresult);
}
// GOGOGO!
$sql = "DELETE FROM " . ANTISPAMDB_TABLE .
" WHERE Id IN ($ids)";
parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);
$sql = "DELETE FROM " . ANTISPAMDB_DATA_TABLE .
" WHERE core_id IN ($ids)";
parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);
$url = "admin_antispam_database.$phpEx";
$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
}
// -----------------------
}
// ----------------------- BANNED
// -------------------------------------------------------------------------------------
// MASS RECORD OPERATIONS
// DATABASE
// -------------------------------------------------------------------------------------
if ($mode === 'database' && (!isset ($HTTP_GET_VARS['action']) || $cancel)) {
$template->set_filenames(array (
"body" => "admin/antispam_database_body.tpl"
));
if(!$recovery_mode)
{
// -----------------------MOD STATS
$sql = "SELECT user_id, count(user_id) as count_mod_posts from " . ANTISPAMDB_TABLE;
$sql .= " WHERE status = 'false' AND type = 'post' group by user_id order by count_mod_posts DESC";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$i = 0;
$info = '';
while ($row = $db->sql_fetchrow($result)) {
if (!(strlen($info) < 1))
$info .= '<br />';
// 1.2.7
$profile_path = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']);
$server_url = get_serverurl($profile_path);
$row['user_id'] = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
$info .= $row['count_mod_posts'] . ' by : ' . $row['user_id'];
}
if (strlen($info) < 1)
$info = 0;
write_block('SpamStats', $lang['Antispam_spam_database_postapprove'] . ' : ', $info);
$db->sql_freeresult($result);
// -----------------------MOD STATS
// ----------------------- IP
$count_threshold = 2;
$sql = "SELECT id, ip, count(ip) as ip_count from " . ANTISPAMDB_TABLE;
$sql .= " group by ip HAVING ( ip_count >" . intval($count_threshold) . ") order by ip_count DESC";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$i = 0;
while ($row = $db->sql_fetchrow($result)) {
$ip_font_start = '<font color="green"><i>';
$ip_font_end = '</i /></font>';
$action = '';
if (ip2banstatus($row['ip'])) {
$ip_font_start = '<font color="red"><b>';
$ip_font_end = '</b /></font>';
} else {
$action = '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[id] . '">Ban this ip</a>';
write_block('SpamStats', $lang['Antispam_spam_database_actip'] . ', treshold : ' . intval($count_threshold) . ' times', '<b>' . @ gethostbyaddr($row['ip']) . '<br/></b /> ' . $ip_font_start . $row['ip'] . $ip_font_end . ' -- ' . $row['ip_count'] . ' times' . $action);
}
}
$db->sql_freeresult($result);
// ----------------------- IP
// ----------------------- IP FORWARDED
$count_threshold = 2;
$sql = "SELECT ip_forwarded, count(ip_forwarded) as ip_count from " . ANTISPAMDB_TABLE;
$sql .= " group by ip_forwarded HAVING ( ip_count >" . intval($count_threshold) . " AND ip_forwarded > 0) order by ip_count DESC";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$i = 0;
while ($row = $db->sql_fetchrow($result)) {
$ip_font_start = '<font color="green"><i>';
$ip_font_end = '</i /></font>';
$action = '';
if (ip2banstatus($row['ip_forwarded'])) {
$ip_font_start = '<font color="red"><b>';
$ip_font_end = '</b /></font>';
} else {
$action = '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[id] . '">Ban this ip</a>';
write_block('SpamStats', $lang['Antispam_spam_database_actfwdip'] . ', treshold : ' . intval($count_threshold) . ' times', '<b>' . @ gethostbyaddr($row['ip_forwarded']) . '<br/></b /> ' . $ip_font_start . $row['ip_forwarded'] . $ip_font_end . ' -- ' . $row['ip_count'] . ' times' . $action);
}
}
$db->sql_freeresult($result);
// ----------------------- IP FORWARDED
// -----------------------USERNAME
$count_threshold = 2;
$sql = "SELECT user_id, count(user_id) as user_id_count from " . ANTISPAMDB_TABLE;
$sql .= " group by user_id HAVING ( user_id_count >" . intval($count_threshold) . ") AND user_id > 0 order by user_id_count DESC";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$i = 0;
while ($row = $db->sql_fetchrow($result)) {
// 1.2.7
$profile_path = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']);
$server_url = get_serverurl($profile_path);
$link = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
write_block('SpamStats', $lang['Antispam_spam_database_actuser'] . ', treshold : ' . intval($count_threshold) . ' times', $link . ' -- ' . $row['user_id_count'] . ' times');
}
$db->sql_freeresult($result);
// -----------------------USERNAME
} // END !recovery mode
// -----------------------MASS RECORD OPERATIONS
$input = make_input('text', 'uid', 0, 2) . ' ' . make_submit('massrecordops', 'Apply changes');
write_block('MassRecordOps', 'Delete the first (X) records', $input);
unset ($input);
if(!$recovery_mode)
{
$input = make_radio(array (
'banned',
'banned'
), array (
'1',
'0'
), array (
'Yes',
'No'
), '0');
$input .= ' ' . make_submit('massrecordops', 'Apply changes');
write_block('MassRecordOps', 'Delete all banned records', $input);
unset ($input);
write_block('DatabaseConfigset', 'Delete all login records', '');
}
// -----------------------MASS RECORD OPERATIONS
// ----------------------- PAGINATION
$sql = "SELECT count(Id) as rows_count FROM " . ANTISPAMDB_TABLE;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$rows_count = 0;
while ($row = $db->sql_fetchrow($result)) {
$rows_count = $row['rows_count'];
}
$pagination = $rows_count . ' records found, '. $limit.' records per page<br />';
$pagination .= generate_pagination("admin_antispam_database.$phpEx?mode=database&$SID", $rows_count, $limit, $start). ' ';
// ----------------------- PAGINATION
// -----------------------
$sql = "SELECT db.* FROM " . ANTISPAMDB_TABLE . " as db ORDER BY db.Id ASC LIMIT ".$start.", ".$limit;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
}
$i = 0;
$uid = 1;
// Semi cache arrays
$userdataarray = array ();
$banarray = array ();
// Semi cache arrays
while ($row = $db->sql_fetchrow($result)) {
$result2 = grab_db_data($row['Id']);
$vartype = '';
$all = '';
$varvalue = '';
$all .= '<table border="1" style="border-collapse: collapse" width="100%" id="table1">';
$all .= '<tr><th align="left">Field</th>';
$all .= '<th align="left">Value</th><th align="left" width="155">Type(post,get)</th></tr>';
$i_action = 0;
while ($row2 = $db->sql_fetchrow($result2)) {
$i_action++;
if ($i_action > 2)
$i_action = 1;
$all .= '<tr><td class="row' . $i_action . '" valign="top" align="left">' . $row2['varkey'] . '</td>';
if ($row2['varkey'] === 'website') {
$all .= '<td class="row' . $i_action . '" valign="top" align="left"><a href="' . $row2['varvalue'] . '" target="_blank">' . $row2['varvalue'] . '<a/></td>';
} else {
$all .= '<td class="row' . $i_action . '" valign="top" align="left">' . htmlspecialchars($row2['varvalue']) . '</td>';
}
$all .= '<td class="row' . $i_action . '" valign="top" align="left">' . $row2['vartype'] . '</td></tr>';
}
$all .= '</table>';
$db->sql_freeresult($result2);
// 1.2.7
$profile_path = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']);
$server_url = get_serverurl($profile_path);
// 1.2.8 Fix, thanks to Websnail http://www.phpbbantispam.com/viewtopic.php?t=100
// Is the user a current one OR is it a guest?
$thisuser = false;
if (isset ($userdataarray[$row['user_id']])) {
if ($userdataarray[$row['user_id']]['currentuser'] == 'yes') {
$thisuser = true;
}
} else {
if ($row['user_id'] > 0) {
// Is OR was a member of this board..
// Now lookup if the times align :)
$time_to_check = $row['time'];
$user_id_to_check = $row['user_id'];
$sql_userlookup = "SELECT user_id FROM " . USERS_TABLE;
$sql_userlookup .= " WHERE user_id = '" . $user_id_to_check . "' AND user_regdate <= '" . $time_to_check. "' LIMIT 1";
if (!$result_userlookup = $db->sql_query($sql_userlookup)) {
message_die(GENERAL_ERROR, $lang['qb_nouq'], "", __LINE__, __FILE__, $sql_userlookup);
}
if ($row_userlookup = $db->sql_fetchrow($result_userlookup)) {
$userdataarray[$row['user_id']]['currentuser'] = 'yes';
$thisuser = true;
}
}
}
if ($thisuser) {
// Current member of this board..
$userinfo = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
} else {
$userinfo = '-1 ( guest )';
// Override, because of a deleted user
$row['user_id'] = -1;
}
$uid++;
$i++;
if ($i > 2)
$i = 1;
$open_close_alert_base = '(open/close)';
$open_close_alert = '';
$action = '';
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=delete_record&uid=' . $row['Id'] . '">' . $lang['Antispam_spam_database_removerec'] . '</a>';
// ---- DETERMINE ACTION
// ---------------
// Removed: && ($row['user_id'] > 0)
// Since 1.2.7 we allow guest posting to be approved
// http://www.phpbbantispam.com/viewtopic.php?t=10
$mod_action_postapprove = false;
if ($row['type'] == 'post') {
if (!($row['status'] === 'false')) {
$post_path = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx . '?' . POST_POST_URL . '=' . $row['status'] . '#' . $row['status']);
$server_url = get_serverurl($post_path);
$action .= '<br/><b>(This post has been approved)</b>' . ' <a href="' . $server_url . '" target="_blank">' . $lang['Antispam_spam_database_posturl'] . '</a>';
} else {
$mod_action_postapprove = true;
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=insert_post&uid=' . $row['Id'] . '">' . $lang['Antispam_spam_database_apppost'] . '</a>';
}
}
// ---------------
// ---------------
$mod_action_userapprove = false; // Don't bother the user_id ...
if ($row['type'] == 'register' || $row['type'] == 'website source') {
if (!($row['status'] === 'false')) {
$url = $board_config['server_name'] . $board_config['script_path'] . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']);
$action .= '<br/><b>(This user has been approved)</b>' . ' <a href="' . $url . '" target="_blank">' . $lang['Antispam_spam_database_profileurl'] . '</a>';
} else {
$mod_action_userapprove = true;
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=insert_user&uid=' . $row['Id'] . '">' . $lang['Antispam_spam_database_appreg'] . '</a>';
}
}
// ---------------
// TODO: editprofile
// ---- DETERMINE ACTION
// 1.2.6
if (($row['user_id'] > 2)) {
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=delete_user&uid=' . $row['user_id'] . '">' . $lang['User_delete'] . '</a>';
}
// ---------------
if ($mod_action_postapprove || $mod_action_userapprove) {
if ($mod_action_postapprove)
$approve_type = 'Post';
if ($mod_action_userapprove)
$approve_type = 'User';
$open_close_alert .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $approve_type . ' approval needed';
}
// ---------------
// ---------------
// IP banned ?
// Base case
$ip_font_start = '<font color="green"><i>';
$ip_font_end = '</i></font>';
// Read cache array with ips already queried
if (isset ($banarray[$row['ip']])) {
if ($banarray[$row['ip']]['result'] == 'banned') {
// Got a previous hit !
$ip_font_start = '<font color="red"><b>';
$ip_font_end = '</b /></font>';
} else {
// IP looks clean
// IP not banned, show ban ip option...
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banip'] . '</a>';
}
} else {
// First time lookup for this ip
if (ip2banstatus($row['ip'])) {
$banarray[$row['ip']]['result'] = 'banned';
// Got a hit !
$ip_font_start = '<font color="red"><b>';
$ip_font_end = '</b /></font>';
} else {
$banarray[$row['ip']]['result'] = 'looking_clean';
// IP not banned, show ban ip option...
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banip'] . '</a>';
}
}
// Base case
$ip_font_start_fw = '<font color="green"><i>';
$ip_font_end_fw = '</i></font>';
if (!empty ($row['ip_forwarded'])) {
// Read cache array with ips already queried
if (isset ($banarray[$row['ip_forwarded']])) {
if ($banarray[$row['ip_forwarded']]['result'] == 'banned') {
// Got a previous hit !
$ip_font_start_fw = '<font color="red"><strong>';
$ip_font_end_fw = '</strong></font>';
} else {
// IP looks clean
// Forwarded IP not banned, show ban ip option...
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_forwarded_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banfwdip'] . '</a>';
$action .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_exp'];
$open_close_alert .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_excl'];
}
} else {
// First time lookup for this ip
if (ip2banstatus($row['ip_forwarded'])) {
$banarray[$row['ip_forwarded']]['result'] = 'banned';
// Got a hit !
$ip_font_start_fw = '<font color="red"><strong>';
$ip_font_end_fw = '</strong></font>';
} else {
$banarray[$row['ip_forwarded']]['result'] = 'looking_clean';
// Forwarded IP not banned, show ban ip option...
$action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_forwarded_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banfwdip'] . '</a>';
$action .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_exp'];
$open_close_alert .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_excl'];
}
}
}
// IP banned ?
// ---------------
// Final check to remove action alerts to user...
if (!empty ($row['ip']) && isset ($banarray[$row['ip']]) && $banarray[$row['ip']]['result'] == 'banned') {
$open_close_alert = '';
} else {
if (!empty ($row['ip_forwarded']) && isset ($banarray[$row['ip_forwarded']]) && $banarray[$row['ip_forwarded']]['result'] == 'banned') {
$open_close_alert = '';
}
}
// Show trigger word to admin
// 1.2.7
$sql_wordlookup = "SELECT word FROM " . ANTISPAMWORDLIST_TABLE .
" WHERE word_id = '" . $row['word_triggerid'] . "' LIMIT 1";
if (!($result_wordlookup = $db->sql_query($sql_wordlookup))) {
message_die(GENERAL_ERROR, 'Could not obtain trigger word for this user', '', __LINE__, __FILE__, $sql_wordlookup);
}
$row['word'] = '<deleted>';
while ($row_wordlookup = $db->sql_fetchrow($result_wordlookup)) {
$row['word'] = $row_wordlookup['word'];
}
if($row['human'] > 0)
{
$verified_alert = '<img src="../images/smiles/icon_exclaim.gif" border="0"><span style="color:green"><strong>Verified user</strong></span>';
$open_close_alert .= '<br />'.$verified_alert;
}
$template->assign_block_vars('SpamAttempts', array (
'row' => $i,
'open_close_alert' => $open_close_alert_base . $open_close_alert,
'uid' => $uid,
'actions' => $action,
'actionvars' => $all,
'id' => $row['Id'],
'user_id' => $row['user_id'],
'score' => $row['score'],
'human' => ($row['human'] == 0) ? 'No verification' : $verified_alert,
'user_name_id' => $userinfo,
'word' => $row['word'],
'ip' => $row['ip'],
'ip_html' => $ip_font_start . $row['ip'] . $ip_font_end,
'ip_forwarded' => $row['ip_forwarded'],
'ip_forwarded_html' => $ip_font_start_fw . $row['ip_forwarded'] . $ip_font_end_fw,
'time' => create_date((!empty ($userdata['user_dateformat']
)) ? $userdata['user_dateformat'] : $board_config['default_dateformat'], $row['time'], $userdata['user_timezone']), 'type' => $row['type']));
}
$db->sql_freeresult($result);
// -----------------------
// General //
$template->assign_vars(array (
'MODE' => ucfirst($HTTP_GET_VARS['mode']
), 'SPAMPAGINATION' => $pagination, 'SID' => $SID, 'L_MARK_ALL' => $lang['Mark_all'], 'L_UNMARK_ALL' => $lang['Unmark_all'], 'L_DELETE' => $lang['Delete'], 'L_BAN_AND_DELETE' => $lang['Antispam_ban_and_delete'], 'ALPHA' => $lang['Antispam_alphafunction']));
}
// -------------------------------------------------------------------------------------
// DATABASE
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
$template->pparse("body");
write_antispam_footer();
include ('./page_footer_admin.' . $phpEx);
?>