Location: PHPKode > projects > Phpbbantispam > files/admin/admin_antispam_database.php
<?php
define('IN_PHPBB', 1);
define('IN_ANTISPAM', true);
/** Antispam admin functions
 * @author  Ramon Fincken, Phpbbinstallers.net, RamonFincken.com, WebsiteFreelancers.nl
 *
 * V 1.3.2  (Make sure you update this file on regular basis) 
 */

if (!empty ($setmodules)) {
   $filename = basename(__FILE__);
   $module['Antispam']['Spam Database'] = $filename . "?mode=database";
   return;
}

//
// Load default header
//
$no_page_header = FALSE;
$phpbb_root_path = '../';
require ($phpbb_root_path . 'extension.inc');
require ('./pagestart.' . $phpEx);

$file_version = '1.3.2';
include ('./antispam_functions/admin_antispam_functions.' . $phpEx);

// ----------------------- VERSION INFO
write_version($file_version);

// -------------------------------------------------------------------------------------
if (!$confirm && !$cancel) {
   // Present the confirmation screen to the user
   $template->set_filenames(array (
      'body' => 'admin/antispam_confirm_body.tpl'
   ));
}
// -------------------------------------------------------------------------------------

$recovery_mode = false;
if(!isset($HTTP_GET_VARS['reset_to_full_mode']))
{
   if($board_config['mod_spamcheck_admin_antitimeout'] == 'no')
   {
      $recovery_mode = true;
      $limit = 13; // Max rows per page
      // Show resque mode
      write_block('Informationset', '<span style="color: orange"><strong>Notice: a previous attempt to load this page failed.</strong></span>', '<span style="color: orange"><strong>Running in limited/recovery mode</strong></span>');
      write_block('Informationset', '', '<span style="color: blue"><strong><a href="?' . $SID . '&mode=database&reset_to_full_mode=true">Switch to normal mode</a></strong></span>');
   }
}

// Init recovery mode?
antispam_update_conftable('no','mod_spamcheck_admin_antitimeout');


// MULTI RECORD OPERATIONS ( checkboxes )
// -------------------------------------------------------------------------------------
if ($mode === 'multi') {
   $url = "admin_antispam_database.$phpEx";
   $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';

   if (isset ($HTTP_POST_VARS['checkboxaction']) && is_array($HTTP_POST_VARS['checkboxaction']) && sizeof($HTTP_POST_VARS['checkboxaction']) > 0) {
      // ----------------------- DELETE RECORDS
      if (isset ($HTTP_POST_VARS['multi_delete'])) {
         while (list (, $uid) = @ each($HTTP_POST_VARS['checkboxaction'])) {
            if (intval($uid) > 0) {
               delete_antispamtable_records(intval($uid));
            }
         }
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
      }
      // ----------------------- DELETE RECORDS 

      // ----------------------- BAN IPS
      if (isset ($HTTP_POST_VARS['multi_ban'])) {
         while (list (, $uid) = @ each($HTTP_POST_VARS['checkboxaction'])) {
            if (intval($uid) > 0)
               $ip = uid2ip($uid);
            // GOGOGO!
            // Only if the IP is NOT banned !
            if (!ip2banstatus($ip)) {
               antispam_quick_ban(encode_ip($ip), 'IP');
            }
            delete_antispamtable_records(intval($uid));
         }
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
      }
      // ----------------------- BAN IPS     
   } else {
      if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
      message_die(GENERAL_MESSAGE, $meta . 'None selected!<br />');
   }
}
// -------------------------------------------------------------------------------------
// MULTI RECORD OPERATIONS ( checkboxes )

// INSERT POST
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'insert_post') {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0) {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_post'],
            'L_YES' => $lang['Yes'],
            'L_NO' => $lang['No'],
            'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
         ), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }
      // -----------------------
      if ($confirm) {
         $sql = "SELECT db.user_id, db.Id, db.Ip FROM " . ANTISPAMDB_TABLE . " as db ";
         $sql .= " WHERE Id = " . intval($HTTP_GET_VARS['uid']) . " ORDER BY db.Id ASC LIMIT 1";
         if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
         }
         if ($row = $db->sql_fetchrow($result)) {
            $core_id = $row['Id'];
            $user_id = $row['user_id'];
            $approve_ip = $row['Ip'];
         } else {
            message_die(GENERAL_MESSAGE, 'Could not get info for this post!');
         }
         $db->sql_freeresult($result);

         $profiledata = get_userdata($user_id);
         $result = grab_db_data($core_id);
         $tmparray = array ();
         
         if($user_id == ANONYMOUS)
         {
            $profiledata['user_attachsig'] = 0;
         }
         
         while ($row = $db->sql_fetchrow($result)) {
            $tmparray[$row['varkey']] = $row['varvalue'];
         }

         if ($tmparray['mode'] === 'newtopic' || $tmparray['mode'] === 'reply') {
            include_once ($phpbb_root_path . 'includes/functions_insert_post.' . $phpEx);
         } else {
            include_once ($phpbb_root_path . 'includes/bbcode.' . $phpEx);
            include_once ($phpbb_root_path . 'includes/functions_post.' . $phpEx);
            include_once ($phpbb_root_path . 'includes/functions_search.' . $phpEx);
         }

         // GOGOGO !
         if ($tmparray['mode'] === 'newtopic') {
            $post_details = insert_post($tmparray['message'], $tmparray['subject'], $tmparray[POST_FORUM_URL], $user_id, $profiledata['username'], intval($profiledata['user_attachsig']));
         }

         // GOGOGO !
         if ($tmparray['mode'] === 'reply') {
            // Reply, normal
            $post_details = insert_post($tmparray['message'], $tmparray['subject'], topic2forum($tmparray[POST_TOPIC_URL]), $user_id, $profiledata['username'], intval($profiledata['user_attachsig']), $tmparray[POST_TOPIC_URL], POST_NORMAL, true);
         }

         // GOGOGO !
         if ($tmparray['mode'] === 'editpost') {
            // Editpost, update the contents
            $post_id = intval($tmparray[POST_POST_URL]);

            // Prepare start
            $bbcode_on = $board_config['allow_bbcode'];
            $html_on = $board_config['allow_html'];
            $smilies_on = $board_config['allow_smilies'];

            $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : '';

            // parse the message and the subject (belt & braces :)
            $message = addslashes(unprepare_message($tmparray['message']));
            $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
            $subject = addslashes(unprepare_message(trim($tmparray['subject'])));
            // Prepare end

            $sql = "UPDATE " . POSTS_TEXT_TABLE .
            " SET post_subject = '" . $subject . "'," .
            " post_text = '" . $message . "'," .
            " bbcode_uid = '" . $bbcode_uid . "'" .
            " WHERE post_id = $post_id LIMIT 1";
            parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);

            // Create array with topic_id
            $post_details = array (
               'topic_id' => post2topic($post_id
            ), 'post_id' => $post_id);
         }

         $topic_id = $post_details['topic_id'];

         // Admin watch
         $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
                                                                                                      VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
         if (!$db->sql_query($sql)) {
            message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
         }

         // 1.2.7 We can't sent watch info to guests yet
         if ($user_id > -1) {
            // User watch
            $sql = "INSERT INTO " . TOPICS_WATCH_TABLE .
            " (user_id, topic_id, notify_status) " .
            " VALUES (" . $user_id . ", $topic_id, 0)";
            if (!$db->sql_query($sql)) {
               message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
            }
         }
         // Clear spamstatus
         $sql = "UPDATE " . ANTISPAMDB_TABLE .
         " SET status = '" . $post_details['post_id'] . "' " .
         " WHERE Id = $core_id LIMIT 1";
         parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);

         $url = "admin_antispam_database.$phpEx";
         $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         
         // Delete this record
         delete_antispamtable_records($HTTP_GET_VARS['uid']);
         
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);

         // -----------------------
      }
   }
}
// -------------------------------------------------------------------------------------
// INSERT POST

// INSERT USER
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'insert_user') {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0) {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_reg'],
            'L_YES' => $lang['Yes'],
            'L_NO' => $lang['No'],

            'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
         ), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }

      // -----------------------
      if ($confirm) {
         $sql = "SELECT db.user_id, db.Id " .
         " FROM " . ANTISPAMDB_TABLE . " as db" .
         " WHERE Id = " . intval($HTTP_GET_VARS['uid']) .
         " ORDER BY db.Id ASC";
         if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
         }
         if ($row = $db->sql_fetchrow($result)) {
            $core_id = $row['Id'];
            $user_id = $row['user_id'];
         }
         $db->sql_freeresult($result);

         $profiledata = get_userdata($user_id);
         $result = grab_db_data($core_id);
         $tmparray = array ();
         while ($row = $db->sql_fetchrow($result)) {
            $tmparray[$row['varkey']] = $row['varvalue'];
         }

         include_once ($phpbb_root_path . 'includes/functions_insert_user.' . $phpEx);
         $new_user_id = username2id($tmparray['username']);
         if ($new_user_id > 0) {
            // Username is allready in database
            $message = $lang['Username_taken'];
         } else {
            // GOGOGO !
            insert_user($tmparray['username'], md5($tmparray['password']), $tmparray['email']);

            $new_user_id = username2id($tmparray['username']);
            if ($new_user_id > 0) {
               // Success
               $sql = "UPDATE " . ANTISPAMDB_TABLE . " SET status = 'approved', user_id = " . $new_user_id . " WHERE Id = $core_id";
               parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);
               
               // V1.3.0 Now free user of any new spam checks
                  $sql = "UPDATE " . USERS_TABLE . " SET antispam_approved = '1' WHERE user_id = '".$new_user_id."' LIMIT 1";
                  parse_sql($sql, $lang['Antispam_db_errorstore'], __LINE__, __FILE__);               
               $message = 'Succes !';
            } else {
               $message = 'User was denied due to ban rules OR username was in use';
            }
         }

         $url = "admin_antispam_database.$phpEx";
         $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $message);

         // -----------------------
      }
   }
}
// -------------------------------------------------------------------------------------
// INSERT USER

// DELETE RECORD
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_record') {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_record') {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_delrec'],

            'L_YES' => $lang['Yes'],
            'L_NO' => $lang['No'],

            'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
         ), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }

      // -----------------------
      if ($confirm) {
         delete_antispamtable_records($HTTP_GET_VARS['uid']);

         $url = "admin_antispam_database.$phpEx";
         $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
      }

   }
   // -----------------------
}
// -------------------------------------------------------------------------------------
// DELETE RECORD

// BAN IP
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_ip') {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_ip') {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_banip'],

            'L_YES' => $lang['Yes'],
            'L_NO' => $lang['No'],

            'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
         ), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }

      // -----------------------
      if ($confirm) {
         $ip = uid2ip(intval($HTTP_GET_VARS['uid']));

         // GOGOGO!
         antispam_quick_ban(encode_ip($ip), 'IP');

         $url = "admin_antispam_database.$phpEx";
         $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
      }
   }
   // -----------------------
}
// -------------------------------------------------------------------------------------
// BAN IP

// BAN FORWARDED_IP
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_forwarded_ip') {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'ban_forwarded_ip') {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => $lang['Antispam_spam_database_conf_banfwdip'],

            'L_YES' => $lang['Yes'],
            'L_NO' => $lang['No'],

            'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
         ), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }

      // -----------------------
      if ($confirm) {

         $ip_forwarded = uid2ip(intval($HTTP_GET_VARS['uid']), '_forwarded');

         // GOGOGO!
         antispam_quick_ban(encode_ip($ip_forwarded), 'IP');

         $url = "admin_antispam_database.$phpEx";
         $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
      }
   }
   // -----------------------
}
// -------------------------------------------------------------------------------------
// BAN FORWARDED_IP

// DELETE USER
// -------------------------------------------------------------------------------------
if ($mode === 'database' && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_user') {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_GET_VARS['uid']) > 0 && isset ($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] === 'delete_user') {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => $lang['User_delete_explain'],

            'L_YES' => $lang['Yes'],
            'L_NO' => $lang['No'],

            'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"
         ), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }

      // -----------------------
      if ($confirm) {
         // First antispam tables
         delete_antispamtable_records($HTTP_GET_VARS['uid'], 'user_id');

         // Present the confirmation screen to the user
         $template->set_filenames(array (
            'body' => 'admin/antispam_confirm_body.tpl'
         ));

         // Now show input for admin_users
         // Yes... I know its dirty.. if anyone has a better solution feel
         // free to leave your suggestion over at www.phpbbantispam.com :)
         $hidden_fields = '<input type="hidden" name="mode" value="save" />';
         $hidden_fields .= '<input type="hidden" name="submit" value="true" />';
         $hidden_fields .= '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="id" value="' . $HTTP_GET_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="deleteuser" value="1" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => 'Antispam data removed for user. Please select yes to complete removal process' .
            '<br /><a href="' . append_sid("admin_antispam_database.$phpEx?mode=database"
         ) . '">Please click here to go back to the database</a>', 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_users.$phpEx"), 'S_HIDDEN_FIELDS' => $hidden_fields));
         
         antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
      }
   }
   // -----------------------
}
// -------------------------------------------------------------------------------------
// DELETE USER

// MASS RECORD OPERATIONS
// -------------------------------------------------------------------------------------
// ----------------------- DELETE FIRST (X) RECORDS
if ($mode === 'database' && isset ($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] === 'massrecordops' && ((isset ($HTTP_POST_VARS['banned']) && $HTTP_POST_VARS['banned'] === '0') || !(isset ($HTTP_POST_VARS['banned'])))) {
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_POST_VARS['uid']) < 1) {
      $url = "admin_antispam_database.$phpEx";
      $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
      if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
      message_die(GENERAL_MESSAGE, $meta . 'Please enter a value above 0!<br />');
   }
   if (isset ($HTTP_GET_VARS['uid']) && intval($HTTP_POST_VARS['uid']) > 0) {
      // -----------------------
      if (!$confirm && !$cancel) {
         $hidden_fields = '<input type="hidden" name="mode" value="database" />';
         $hidden_fields .= '<input type="hidden" name="uid" value="' . $HTTP_POST_VARS['uid'] . '" />';
         $hidden_fields .= '<input type="hidden" name="action" value="' . $HTTP_GET_VARS['action'] . '" />';

         $template->assign_vars(array (
            'MESSAGE_TITLE' => $lang['Confirm'],
            'MESSAGE_TEXT' => sprintf($lang['Antispam_spam_database_conf_massfirst'],
            $HTTP_POST_VARS['uid']
         ), 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid("admin_antispam_database.$phpEx?mode=database"), 'S_HIDDEN_FIELDS' => $hidden_fields));
      }
      // -----------------------
      if ($confirm) {
         $limit = $HTTP_POST_VARS['uid'];
         $sql = "SELECT db.Id FROM " . ANTISPAMDB_TABLE . " as db" .
         " ORDER BY db.Id ASC LIMIT " . intval($limit);
         if (!($result = $db->sql_query($sql))) {
            message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
         }
         $ids = '';
         while ($row = $db->sql_fetchrow($result)) {
            $ids .= (strlen($ids) > 1) ? ", '$row[Id]'" : "'$row[Id]'";
         }

         $db->sql_freeresult($result);

         // GOGOGO!
         $sql = "DELETE FROM " . ANTISPAMDB_TABLE .
         " WHERE Id IN ($ids) LIMIT " . intval($limit);
         parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);

         $sql = "DELETE FROM " . ANTISPAMDB_DATA_TABLE .
         " WHERE core_id IN ($ids)";
         parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);

         $url = "admin_antispam_database.$phpEx";
         $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
         if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
         message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
      }
   }
   // -----------------------
}
// ----------------------- DELETE FIRST (X) RECORDS

// ----------------------- BANNED
if ($mode === 'database' && isset ($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] === 'massrecordops' && isset ($HTTP_POST_VARS['banned'])) {
   // User has already confirmed with radio buttons ... value YES => 1, NO => 0
   if (intval($HTTP_POST_VARS['banned']) == 1)
      $confirm = true;
   // -----------------------
   if ($confirm) {
      $sql = "SELECT db.Id, ip, ip_forwarded FROM " . ANTISPAMDB_TABLE . " as db";
      $sql .= " ORDER BY db.Id ASC";
      if (!($result = $db->sql_query($sql))) {
         message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
      }

      // Base id ..
      $ids = '-1';
      while ($row = $db->sql_fetchrow($result)) {
         // Test ips...
         if (ip2banstatus($row[ip]) || ip2banstatus($row[ip_forwarded])) {
            // Mark for deletion ..
            $ids .= (strlen($ids) > 1) ? ", '$row[Id]'" : "'$row[Id]'";
         }
      }

      // Emails ..
      // We don't need the ones allready marked with Ip's
      $sql = "SELECT db_data.core_id, varvalue as email " .
      " FROM " . ANTISPAMDB_DATA_TABLE . " as db_data" .
      " WHERE varkey = 'email' " .
      " AND core_id NOT IN ($ids)";
      if (!($result = $db->sql_query($sql))) {
         message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
      }
      while ($row = $db->sql_fetchrow($result)) {
         // Test emails...
         $testresult = test_email($row[email], '');
         if (strlen($testresult) > 0) {
            // Mark for deletion ..
            $ids .= (strlen($ids) > 1) ? ", '$row[core_id]'" : "'$row[core_id]'";
         }
         unset ($testresult);
      }

      // Usernames ..
      // We don't need the ones allready marked with Ip's
      // We don't need the ones allready marked with emails
      $sql = "SELECT db_data.core_id, varvalue as username " .
      " FROM " . ANTISPAMDB_DATA_TABLE . " as db_data" .
      " WHERE varkey = 'username' " .
      " AND core_id NOT IN ($ids)";

      if (!($result = $db->sql_query($sql))) {
         message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
      }
      while ($row = $db->sql_fetchrow($result)) {
         // Test usernames...
         $testresult = test_username($row[username], '');
         if (strlen($testresult) > 0) {
            // Mark for deletion ..
            $ids .= (strlen($ids) > 1) ? ", '$row[core_id]'" : "'$row[core_id]'";
         }
         unset ($testresult);
      }

      // GOGOGO!
      $sql = "DELETE FROM " . ANTISPAMDB_TABLE .
      "  WHERE Id IN ($ids)";
      parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);

      $sql = "DELETE FROM " . ANTISPAMDB_DATA_TABLE .
      " WHERE core_id IN ($ids)";
      parse_sql($sql, 'Could not delete antispam information', __LINE__, __FILE__);

      $url = "admin_antispam_database.$phpEx";
      $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid($url) . '&mode=database">';
      if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
      message_die(GENERAL_MESSAGE, $meta . $lang['Antispam_success']);
   }
   // -----------------------
}
// ----------------------- BANNED
// -------------------------------------------------------------------------------------
// MASS RECORD OPERATIONS

// DATABASE
// -------------------------------------------------------------------------------------
if ($mode === 'database' && (!isset ($HTTP_GET_VARS['action']) || $cancel)) {
   $template->set_filenames(array (
      "body" => "admin/antispam_database_body.tpl"
   ));

   if(!$recovery_mode)
   {
   // -----------------------MOD STATS
   $sql = "SELECT user_id, count(user_id) as count_mod_posts from " . ANTISPAMDB_TABLE;
   $sql .= " WHERE status = 'false' AND type = 'post' group by user_id order by count_mod_posts DESC";

   if (!($result = $db->sql_query($sql))) {
      message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
   }
   $i = 0;
   $info = '';
   while ($row = $db->sql_fetchrow($result)) {
      if (!(strlen($info) < 1))
         $info .= '<br />';
      // 1.2.7
      $profile_path = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=" . $row['user_id']);
      $server_url = get_serverurl($profile_path);

      $row['user_id'] = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
      $info .= $row['count_mod_posts'] . ' by : ' . $row['user_id'];
   }

   if (strlen($info) < 1)
      $info = 0;
   write_block('SpamStats', $lang['Antispam_spam_database_postapprove'] . ' : ', $info);
   $db->sql_freeresult($result);
   // -----------------------MOD STATS
   // ----------------------- IP
   $count_threshold = 2;
   $sql = "SELECT id, ip, count(ip) as ip_count from " . ANTISPAMDB_TABLE;
   $sql .= " group by ip HAVING ( ip_count >" . intval($count_threshold) . ") order by ip_count DESC";

   if (!($result = $db->sql_query($sql))) {
      message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
   }
   $i = 0;
   while ($row = $db->sql_fetchrow($result)) {
      $ip_font_start = '<font color="green"><i>';
      $ip_font_end = '</i /></font>';
      $action = '';
      if (ip2banstatus($row['ip'])) {
         $ip_font_start = '<font color="red"><b>';
         $ip_font_end = '</b /></font>';
      } else {
         $action = '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[id] . '">Ban this ip</a>';
         write_block('SpamStats', $lang['Antispam_spam_database_actip'] . ', treshold : ' . intval($count_threshold) . ' times', '<b>' . @ gethostbyaddr($row['ip']) . '<br/></b />  ' . $ip_font_start . $row['ip'] . $ip_font_end . '  -- ' . $row['ip_count'] . ' times' . $action);
      }

   }
   $db->sql_freeresult($result);
   // ----------------------- IP
   // ----------------------- IP FORWARDED
   $count_threshold = 2;
   $sql = "SELECT ip_forwarded, count(ip_forwarded) as ip_count from " . ANTISPAMDB_TABLE;
   $sql .= " group by ip_forwarded HAVING ( ip_count >" . intval($count_threshold) . " AND ip_forwarded > 0) order by ip_count DESC";

   if (!($result = $db->sql_query($sql))) {
      message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
   }
   $i = 0;
   while ($row = $db->sql_fetchrow($result)) {
      $ip_font_start = '<font color="green"><i>';
      $ip_font_end = '</i /></font>';
      $action = '';
      if (ip2banstatus($row['ip_forwarded'])) {
         $ip_font_start = '<font color="red"><b>';
         $ip_font_end = '</b /></font>';
      } else {
         $action = '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[id] . '">Ban this ip</a>';
         write_block('SpamStats', $lang['Antispam_spam_database_actfwdip'] . ', treshold : ' . intval($count_threshold) . ' times', '<b>' . @ gethostbyaddr($row['ip_forwarded']) . '<br/></b />  ' . $ip_font_start . $row['ip_forwarded'] . $ip_font_end . '  -- ' . $row['ip_count'] . ' times' . $action);
      }

   }
   $db->sql_freeresult($result);
   // ----------------------- IP FORWARDED

   // -----------------------USERNAME
   $count_threshold = 2;
   $sql = "SELECT user_id, count(user_id) as user_id_count from " . ANTISPAMDB_TABLE;
   $sql .= " group by user_id HAVING ( user_id_count >" . intval($count_threshold) . ")  AND user_id > 0 order by user_id_count DESC";

   if (!($result = $db->sql_query($sql))) {
      message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
   }
   $i = 0;
   while ($row = $db->sql_fetchrow($result)) {
      // 1.2.7
      $profile_path = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=" . $row['user_id']);
      $server_url = get_serverurl($profile_path);
      $link = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
      write_block('SpamStats', $lang['Antispam_spam_database_actuser'] . ', treshold : ' . intval($count_threshold) . ' times', $link . '  -- ' . $row['user_id_count'] . ' times');
   }
   $db->sql_freeresult($result);
   // -----------------------USERNAME
} // END !recovery mode

   // -----------------------MASS RECORD OPERATIONS
   $input = make_input('text', 'uid', 0, 2) . ' ' . make_submit('massrecordops', 'Apply changes');
   write_block('MassRecordOps', 'Delete the first (X) records', $input);
   unset ($input);

   if(!$recovery_mode)
   {
      $input = make_radio(array (
         'banned',
         'banned'
      ), array (
         '1',
         '0'
      ), array (
         'Yes',
         'No'
      ), '0');
      $input .= ' ' . make_submit('massrecordops', 'Apply changes');
      write_block('MassRecordOps', 'Delete all banned records', $input);
      unset ($input);
   
      write_block('DatabaseConfigset', 'Delete all login records', '');
   }
   // -----------------------MASS RECORD OPERATIONS


   // ----------------------- PAGINATION
   $sql = "SELECT count(Id) as rows_count FROM " . ANTISPAMDB_TABLE;
   if (!($result = $db->sql_query($sql))) {
      message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
   }  
   $rows_count = 0;
   while ($row = $db->sql_fetchrow($result)) {
      $rows_count = $row['rows_count'];
   }
   $pagination = $rows_count . ' records found, '. $limit.' records per page<br />';
   $pagination .= generate_pagination("admin_antispam_database.$phpEx?mode=database&$SID", $rows_count, $limit, $start). '&nbsp;';
   // ----------------------- PAGINATION

   // -----------------------
   $sql = "SELECT db.* FROM " . ANTISPAMDB_TABLE . " as db ORDER BY db.Id ASC LIMIT ".$start.", ".$limit;
   if (!($result = $db->sql_query($sql))) {
      message_die(GENERAL_ERROR, $error_msg, '', $line, $file, $sql);
   }
   $i = 0;
   $uid = 1;
   // Semi cache arrays
   $userdataarray = array ();
   $banarray = array ();
   // Semi cache arrays
   while ($row = $db->sql_fetchrow($result)) {
      $result2 = grab_db_data($row['Id']);
      $vartype = '';
      $all = '';
      $varvalue = '';

      $all .= '<table border="1" style="border-collapse: collapse" width="100%" id="table1">';
      $all .= '<tr><th align="left">Field</th>';
      $all .= '<th align="left">Value</th><th align="left" width="155">Type(post,get)</th></tr>';
      $i_action = 0;
      while ($row2 = $db->sql_fetchrow($result2)) {
         $i_action++;
         if ($i_action > 2)
            $i_action = 1;
         $all .= '<tr><td class="row' . $i_action . '" valign="top"  align="left">' . $row2['varkey'] . '</td>';
         if ($row2['varkey'] === 'website') {
            $all .= '<td class="row' . $i_action . '" valign="top"  align="left"><a href="' . $row2['varvalue'] . '" target="_blank">' . $row2['varvalue'] . '<a/></td>';
         } else {
            $all .= '<td class="row' . $i_action . '" valign="top"  align="left">' . htmlspecialchars($row2['varvalue']) . '</td>';
         }
         $all .= '<td class="row' . $i_action . '" valign="top"  align="left">' . $row2['vartype'] . '</td></tr>';
      }
      $all .= '</table>';
      $db->sql_freeresult($result2);

      // 1.2.7
      $profile_path = append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=" . $row['user_id']);
      $server_url = get_serverurl($profile_path);

      // 1.2.8 Fix, thanks to Websnail http://www.phpbbantispam.com/viewtopic.php?t=100
      // Is the user a current one OR is it a guest?
      $thisuser = false;
      if (isset ($userdataarray[$row['user_id']])) {
         if ($userdataarray[$row['user_id']]['currentuser'] == 'yes') {
            $thisuser = true;
         }
      } else {
         if ($row['user_id'] > 0) {
            // Is OR was a member of this board..
            // Now lookup if the times align :)
            $time_to_check = $row['time'];
            $user_id_to_check = $row['user_id'];
            $sql_userlookup = "SELECT user_id FROM " . USERS_TABLE;
            $sql_userlookup .= " WHERE user_id = '" . $user_id_to_check . "' AND user_regdate <= '" . $time_to_check. "' LIMIT 1";
            if (!$result_userlookup = $db->sql_query($sql_userlookup)) {
               message_die(GENERAL_ERROR, $lang['qb_nouq'], "", __LINE__, __FILE__, $sql_userlookup);
            }
            if ($row_userlookup = $db->sql_fetchrow($result_userlookup)) {
               $userdataarray[$row['user_id']]['currentuser'] = 'yes';
               $thisuser = true;
            }
         }
      }

      if ($thisuser) {
         // Current member of this board..
         $userinfo = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
      } else {
         $userinfo = '-1 ( guest )';
         // Override, because of a deleted user
         $row['user_id'] = -1;
      }
      $uid++;
      $i++;
      if ($i > 2)
         $i = 1;

      $open_close_alert_base = '(open/close)';
      $open_close_alert = '';
      $action = '';
      $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=delete_record&uid=' . $row['Id'] . '">' . $lang['Antispam_spam_database_removerec'] . '</a>';


      // ---- DETERMINE ACTION
      // ---------------
      // Removed: && ($row['user_id'] > 0) 
      // Since 1.2.7 we allow guest posting to be approved
      // http://www.phpbbantispam.com/viewtopic.php?t=10
      $mod_action_postapprove = false;
      if ($row['type'] == 'post') {
         if (!($row['status'] === 'false')) {
            $post_path = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx . '?' . POST_POST_URL . '=' . $row['status'] . '#' . $row['status']);
            $server_url = get_serverurl($post_path);
            $action .= '<br/><b>(This post has been approved)</b>' . '  <a href="' . $server_url . '" target="_blank">' . $lang['Antispam_spam_database_posturl'] . '</a>';
         } else {
            $mod_action_postapprove = true;
            $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=insert_post&uid=' . $row['Id'] . '">' . $lang['Antispam_spam_database_apppost'] . '</a>';
         }
      }
      // ---------------

      // ---------------
      $mod_action_userapprove = false; // Don't bother the user_id ...
      if ($row['type'] == 'register' || $row['type'] == 'website source') {
         if (!($row['status'] === 'false')) {
            $url = $board_config['server_name'] . $board_config['script_path'] . append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=" . $row['user_id']);
            $action .= '<br/><b>(This user has been approved)</b>' . '  <a href="' . $url . '" target="_blank">' . $lang['Antispam_spam_database_profileurl'] . '</a>';
         } else {
            $mod_action_userapprove = true;
            $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=insert_user&uid=' . $row['Id'] . '">' . $lang['Antispam_spam_database_appreg'] . '</a>';
         }
      }
      // ---------------
      
      // TODO: editprofile
      // ---- DETERMINE ACTION      
      
      // 1.2.6
      if (($row['user_id'] > 2)) {
         $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=delete_user&uid=' . $row['user_id'] . '">' . $lang['User_delete'] . '</a>';
      }

      // ---------------
      if ($mod_action_postapprove || $mod_action_userapprove) {
         if ($mod_action_postapprove)
            $approve_type = 'Post';
         if ($mod_action_userapprove)
            $approve_type = 'User';
         $open_close_alert .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $approve_type . ' approval needed';
      }
      // ---------------

      // ---------------
      // IP banned ?

      // Base case
      $ip_font_start = '<font color="green"><i>';
      $ip_font_end = '</i></font>';

      // Read cache array with ips already queried
      if (isset ($banarray[$row['ip']])) {
         if ($banarray[$row['ip']]['result'] == 'banned') {
            // Got a previous hit !
            $ip_font_start = '<font color="red"><b>';
            $ip_font_end = '</b /></font>';
         } else {
            // IP looks clean
            // IP not banned, show ban ip option...
            $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banip'] . '</a>';
         }
      } else {
         // First time lookup for this ip
         if (ip2banstatus($row['ip'])) {
            $banarray[$row['ip']]['result'] = 'banned';
            // Got a hit !
            $ip_font_start = '<font color="red"><b>';
            $ip_font_end = '</b /></font>';
         } else {
            $banarray[$row['ip']]['result'] = 'looking_clean';
            // IP not banned, show ban ip option...
            $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banip'] . '</a>';
         }
      }

      // Base case
      $ip_font_start_fw = '<font color="green"><i>';
      $ip_font_end_fw = '</i></font>';

      if (!empty ($row['ip_forwarded'])) {
         // Read cache array with ips already queried
         if (isset ($banarray[$row['ip_forwarded']])) {
            if ($banarray[$row['ip_forwarded']]['result'] == 'banned') {
               // Got a previous hit !
               $ip_font_start_fw = '<font color="red"><strong>';
               $ip_font_end_fw = '</strong></font>';
            } else {
               // IP looks clean
               // Forwarded IP not banned, show ban ip option...
               $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_forwarded_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banfwdip'] . '</a>';
               $action .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_exp'];
               $open_close_alert .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_excl'];
            }
         } else {
            // First time lookup for this ip
            if (ip2banstatus($row['ip_forwarded'])) {
               $banarray[$row['ip_forwarded']]['result'] = 'banned';
               // Got a hit !
               $ip_font_start_fw = '<font color="red"><strong>';
               $ip_font_end_fw = '</strong></font>';
            } else {
               $banarray[$row['ip_forwarded']]['result'] = 'looking_clean';
               // Forwarded IP not banned, show ban ip option...
               $action .= '<br/>»<a href="?' . $SID . '&mode=database&action=ban_forwarded_ip&uid=' . $row[Id] . '">' . $lang['Antispam_spam_database_banfwdip'] . '</a>';
               $action .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_exp'];
               $open_close_alert .= '<br /><img src="../images/smiles/icon_exclaim.gif" border="0">' . $lang['Antispam_spam_database_banfwdip_excl'];
            }
         }
      }

      // IP banned ?
      // ---------------

      // Final check to remove action alerts to user...
      if (!empty ($row['ip']) && isset ($banarray[$row['ip']]) && $banarray[$row['ip']]['result'] == 'banned') {
         $open_close_alert = '';
      } else {
         if (!empty ($row['ip_forwarded']) && isset ($banarray[$row['ip_forwarded']]) && $banarray[$row['ip_forwarded']]['result'] == 'banned') {
            $open_close_alert = '';
         }
      }

      // Show trigger word to admin
      // 1.2.7
      $sql_wordlookup = "SELECT word FROM " . ANTISPAMWORDLIST_TABLE .
      " WHERE word_id = '" . $row['word_triggerid'] . "' LIMIT 1";
      if (!($result_wordlookup = $db->sql_query($sql_wordlookup))) {
         message_die(GENERAL_ERROR, 'Could not obtain trigger word for this user', '', __LINE__, __FILE__, $sql_wordlookup);
      }
      $row['word'] = '<deleted>';
      while ($row_wordlookup = $db->sql_fetchrow($result_wordlookup)) {
         $row['word'] = $row_wordlookup['word'];
      }

		if($row['human'] > 0)
		{
			$verified_alert = '<img src="../images/smiles/icon_exclaim.gif" border="0"><span style="color:green"><strong>Verified user</strong></span>';
			$open_close_alert .= '<br />'.$verified_alert;
		}
      $template->assign_block_vars('SpamAttempts', array (
         'row' => $i,
         'open_close_alert' => $open_close_alert_base . $open_close_alert,
         'uid' => $uid,
         'actions' => $action,
         'actionvars' => $all,
         'id' => $row['Id'],
         'user_id' => $row['user_id'],
         'score' => $row['score'],
         'human' => ($row['human'] == 0) ? 'No verification' : $verified_alert,
         'user_name_id' => $userinfo,
         'word' => $row['word'],
         'ip' => $row['ip'],
         'ip_html' => $ip_font_start . $row['ip'] . $ip_font_end,
         'ip_forwarded' => $row['ip_forwarded'],
         'ip_forwarded_html' => $ip_font_start_fw . $row['ip_forwarded'] . $ip_font_end_fw,
         'time' => create_date((!empty ($userdata['user_dateformat']
      )) ? $userdata['user_dateformat'] : $board_config['default_dateformat'], $row['time'], $userdata['user_timezone']), 'type' => $row['type']));
   }
   $db->sql_freeresult($result);
   // -----------------------

   // General //
   $template->assign_vars(array (
      'MODE' => ucfirst($HTTP_GET_VARS['mode']
   ), 'SPAMPAGINATION' => $pagination, 'SID' => $SID, 'L_MARK_ALL' => $lang['Mark_all'], 'L_UNMARK_ALL' => $lang['Unmark_all'], 'L_DELETE' => $lang['Delete'], 'L_BAN_AND_DELETE' => $lang['Antispam_ban_and_delete'], 'ALPHA' => $lang['Antispam_alphafunction']));
}
// -------------------------------------------------------------------------------------
// DATABASE
if(!$recovery_mode) antispam_update_conftable('yes','mod_spamcheck_admin_antitimeout');
$template->pparse("body");
write_antispam_footer();
include ('./page_footer_admin.' . $phpEx);
?>
Return current item: Phpbbantispam