<?php
// +-----------------------------------------------------------------------+
// | Ban IP plugin for piwigo                                              |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2016 ddtddt                            http://temmii.com |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify  |
// | it under the terms of the GNU General Public License as published by  |
// | the Free Software Foundation                                          |
// |                                                                       |
// | This program is distributed in the hope that it will be useful, but   |
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
// | General Public License for more details.                              |
// |                                                                       |
// | You should have received a copy of the GNU General Public License     |
// | along with this program; if not, write to the Free Software           |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA.                                                                  |
// +-----------------------------------------------------------------------+

if (!defined('PHPWG_ROOT_PATH'))
    die('Hacking attempt!');
global $template, $conf, $user;
include_once(PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php');
load_language('plugin.lang', BANIP_PATH);
$my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugin-';

// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok                      |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

//-------------------------------------------------------- sections definitions
if (!isset($_GET['tab']))
    $page['tab'] = 'banip';
else
    $page['tab'] = $_GET['tab'];


    $tabsheet = new tabsheet();
    $tabsheet->add('banip', l10n('Ban IP'), BANIP_ADMIN . '-banip');
    $tabsheet->select($page['tab']);
    $tabsheet->assign();

switch ($page['tab']) {
    case 'banip':
    $admin_base_url = BANIP_ADMIN . '-banip';	
	$template->assign(
       'ipbangest', array(
          'U_DELETEALL' => $admin_base_url . '&amp;deleteall',
    ));
	$ipban = pwg_query("SELECT * FROM " . BANIP_TABLE . ";");
	
	$template->func_combine_css(array('id'=>'dst','path'=>BANIP_PATH.'banip.css'));
	
   
        if (pwg_db_num_rows($ipban)) {
            while ($ipban2 = pwg_db_fetch_assoc($ipban)) {
				
                $items = array(
                    'ID' => $ipban2['id'],
                    'IP' => $ipban2['ip'],
                    'U_DELETE' => $admin_base_url . '&amp;delete=' . $ipban2['id'],
                    'U_EDIT' => $admin_base_url . '&amp;edit=' . $ipban2['id'],
                );

                $template->append('ipban2', $items);
            }
        }
		
  if (isset($_GET['delete'])) {

    check_input_parameter('delete', $_GET, false, PATTERN_ID);
    $query = 'DELETE FROM ' . BANIP_TABLE . ' WHERE id = ' . $_GET['delete'] . ';';
    pwg_query($query);

    $_SESSION['page_infos'] = array(l10n('IP ban deleted'));
    redirect($admin_base_url);
  }

if (isset($_GET['edit'])) {
    check_input_parameter('edit', $_GET, false, PATTERN_ID);
    $query = 'SELECT * FROM ' . BANIP_TABLE . ' WHERE id = \'' . $_GET['edit'] . '\';';
		$result = pwg_query($query);
		$row = pwg_db_fetch_assoc($result);
		$template->assign(
			'ipban_edit', array(
			'ID' => $row['id'],
			'IP' => $row['ip'],
		));
}  

  if (isset($_GET['deleteall'])) {
	$query = 'DELETE FROM ' . BANIP_TABLE . ';';
    pwg_query($query);
	redirect($admin_base_url);
  }


//add ban
if (isset($_POST['submitipban'])) {
	$template->assign(
		'ipban_add', array(
		'nada' => l10n('nada'),
	));
	$template->clear_assign(
		'ipban_edit', array(
	));
}

if (isset($_POST['submitaddipban'])) {
  $plage= explode(".", $_POST['inserip']);
  if(count($plage)!=4)
	{
	  $_SESSION['page_errors'] = array(l10n('This Isn\'t an IP'));
	  redirect($admin_base_url);
	}
  if($plage[3]=='*')
	{
	  $query = 'SELECT COUNT(*) AS verif_exist FROM ' . BANIP_TABLE . ' WHERE ip = \'' . $_POST['inserip'] . '\';';
	  $result = pwg_query($query);
      $exist=pwg_db_fetch_array($result);
	  if($exist['verif_exist']>0)
		{
		  $_SESSION['page_errors'] = array(l10n('Range IP already banned'));
		  redirect($admin_base_url);
		}
	}
  $ipaddinrange=$plage[0].".".$plage[1].".".$plage[2].".*";
  $query = 'SELECT COUNT(*) AS verif_exist FROM ' . BANIP_TABLE . ' WHERE ip = \'' . $ipaddinrange . '\';';
  $result = pwg_query($query);
  $exist=pwg_db_fetch_array($result);
  if($exist['verif_exist']>0)
	{
	  $_SESSION['page_errors'] = array(l10n('IP is in a range banned'));
	  redirect($admin_base_url);
	}
  $query = 'SELECT COUNT(*) AS verif_exist FROM ' . BANIP_TABLE . ' WHERE ip = \'' . $_POST['inserip'] . '\';';
  $result = pwg_query($query);
  $exist=pwg_db_fetch_array($result);
  if($exist['verif_exist']>0)
	{
	  $_SESSION['page_errors'] = array(l10n('IP already banned'));
	  redirect($admin_base_url);
	}
  if($plage[3]=='*')
    {
	  $oldip=$plage[0].".".$plage[1].".".$plage[2].".";
	  $query = 'DELETE FROM ' . BANIP_TABLE . ' WHERE ip LIKE "' . $oldip . '%";';
    pwg_query($query);
	  $_SESSION['page_infos'] = array(l10n('Range Ip ban insert'));
	}
  else
    {
	  $_SESSION['page_infos'] = array(l10n('Ip ban insert'));
	}
  $query = 'INSERT INTO ' . BANIP_TABLE .'(ip) VALUES ("' . $_POST['inserip'] . '");';
  $result = pwg_query($query);
  redirect($admin_base_url);
}

if (isset($_POST['submitaddipban2'])) {
  $plage= explode(".", $_POST['inserip']);
  if(count($plage)!=4)
	{
	  $_SESSION['page_errors'] = array(l10n('This Isn\'t an IP'));
	  redirect($admin_base_url);
	}
  if($plage[3]=='*')
	{
	  $query = 'SELECT COUNT(*) AS verif_exist FROM ' . BANIP_TABLE . ' WHERE ip = \'' . $_POST['inserip'] . '\';';
	  $result = pwg_query($query);
      $exist=pwg_db_fetch_array($result);
	  if($exist['verif_exist']>0)
		{
		  $_SESSION['page_errors'] = array(l10n('Range IP already banned'));
		  redirect($admin_base_url);
		}
	}
  $ipaddinrange=$plage[0].".".$plage[1].".".$plage[2].".*";
  $query = 'SELECT COUNT(*) AS verif_exist FROM ' . BANIP_TABLE . ' WHERE ip = \'' . $ipaddinrange . '\';';
  $result = pwg_query($query);
  $exist=pwg_db_fetch_array($result);
  if($exist['verif_exist']>0)
	{
	  $_SESSION['page_errors'] = array(l10n('IP is in a range banned'));
	  redirect($admin_base_url);
	}
  $query = 'SELECT COUNT(*) AS verif_exist FROM ' . BANIP_TABLE . ' WHERE ip = \'' . $_POST['inserip'] . '\';';
  $result = pwg_query($query);
  $exist=pwg_db_fetch_array($result);
  if($exist['verif_exist']>0)
	{
	  $_SESSION['page_errors'] = array(l10n('IP already banned'));
	  redirect($admin_base_url);
	}
  if($plage[3]=='*')
    {
	  $oldip=$plage[0].".".$plage[1].".".$plage[2].".";
	  $query = 'DELETE FROM ' . BANIP_TABLE . ' WHERE ip LIKE "' . $oldip . '%";';
    pwg_query($query);
	  $_SESSION['page_infos'] = array(l10n('Range Ip ban update'));
	}
  else
    {
	  $_SESSION['page_infos'] = array(l10n('Ip ban update'));
	}
  $query = 'UPDATE ' . BANIP_TABLE .' SET ip= "'.$_POST['inserip'].'" WHERE id = '.$_POST['invisibleID'].';';
  $result = pwg_query($query);
  redirect($admin_base_url);
}

	break;
}
	

$template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl'));
$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
?>