Context Navigation

← Previous Changeset
Next Changeset →

Changeset 31953

Timestamp:

Nov 28, 2018, 10:18:04 AM (5 years ago)

Author:

plg

Message:

Simpler user interface, display banned IP current status, regroup IP management

Location:

extensions/AntiAspi

Files:

: 3 edited

admin.php (modified) (3 diffs)
admin.tpl (modified) (6 diffs)
antiaspi.css (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

extensions/AntiAspi/admin.php

-                      r31952
+                      r31953
 <?php
 if (!defined('PHPWG_ROOT_PATH'))
+    die('Hacking attempt!');
+if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
 global $template, $conf, $user;
 include_once(PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php');
 load_language('plugin.lang', ANTIASPI_PATH);
 $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugin-'; //get_admin_plugin_menu_link(__FILE__);
 …
 // | Check Access and exit when user status is not ok                      |
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);
 //-------------------------------------------------------- sections definitions
 if (!isset($_GET['tab']))
+    $page['tab'] = 'ipban';
+{
+  $page['tab'] = 'ipban';
+}
 else
+    $page['tab'] = $_GET['tab'];
+        $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css'));
+{
+  $page['tab'] = $_GET['tab'];
+}
+$template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css'));
     $tabsheet = new tabsheet();
     $tabsheet->add('ipban', l10n('IP ban'), ANTIASPI_ADMIN . '-ipban');
         $tabsheet->add('ipconfig', l10n('Configuration '), ANTIASPI_ADMIN . '-ipconfig ');
     $tabsheet->select($page['tab']);
     $tabsheet->assign();
+$tabsheet = new tabsheet();
+$tabsheet->add('ipban', '<i class="icon-network"></i> '.l10n('IP addresses'), ANTIASPI_ADMIN . '-ipban');
+$tabsheet->add('ipconfig', '<i class="icon-tools"></i> '.l10n('Configuration'), ANTIASPI_ADMIN . '-ipconfig ');
+$tabsheet->select($page['tab']);
+$tabsheet->assign();
+switch ($page['tab']) {
+    case 'ipban':
+          $template->assign(
+       'ipbangest', array(
+       'A' => 'a',
+    ));
+        $ipban = pwg_query("SELECT * FROM " . ANTIASPI_TABLE . ";");
+    $antiaspi = safe_unserialize($conf['antiaspi']);
+    $admin_base_url = ANTIASPI_ADMIN . '-ipban';
+        if (pwg_db_num_rows($ipban)) {
+            while ($ipban2 = pwg_db_fetch_assoc($ipban)) {
+                $items = array(
+                    'ID' => $ipban2['id'],
+                    'IP' => $ipban2['ip'],
+                    'DATE' => $ipban2['date'],
+                    'U_DELETE' => $admin_base_url . '&amp;delete=' . $ipban2['id'],
+                    'U_EDIT' => $admin_base_url . '&amp;edit=' . $ipban2['id'],
+                );
+if ('ipban' == $page['tab'])
+{
+  $template->assign(
+    'ipbangest',
+    array(
+      'A' => 'a',
+    )
+  );
+                $template->append('ipban2', $items);
+            }
+        }
+  if (isset($_GET['delete'])) {
+  $query = '
+SELECT
+    *,
+    IF (date > SUBTIME(NOW(), "'.$conf['antiaspi']['banned during'].'"), "active", "deprecated") AS status
+  FROM '.ANTIASPI_TABLE.'
+  ORDER BY id DESC
+;';
+  $ipban = pwg_query($query);
+  $antiaspi = safe_unserialize($conf['antiaspi']);
+  $admin_base_url = ANTIASPI_ADMIN . '-ipban';
+  if (pwg_db_num_rows($ipban))
+  {
+    while ($ipban2 = pwg_db_fetch_assoc($ipban))
+    {
+      $items = array(
+        'ID' => $ipban2['id'],
+        'IP' => $ipban2['ip'],
+        'DATE' => $ipban2['date'],
+        'STATUS' => $ipban2['status'],
+        'U_DELETE' => $admin_base_url . '&amp;delete=' . $ipban2['id'],
+      );
+      $template->append('ipban2', $items);
+    }
+  }
+  if (isset($_GET['delete']))
+  {
     check_input_parameter('delete', $_GET, false, PATTERN_ID);
     $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE id = ' . $_GET['delete'] . ';';
     pwg_query($query);
 …
+  }
+  if (isset($_POST['submitdeleteall'])) {
+        $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';';
+  if (isset($_POST['submitdeleteall']))
+  {
+    $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';';
     pwg_query($query);
         redirect($admin_base_url);
+    redirect($admin_base_url);
+  }
+  if (isset($_POST['submitdeletedeprecated'])) {
+        $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';
+        pwg_query($query);
+        redirect($admin_base_url);
+  if (isset($_POST['submitdeletedeprecated']))
+  {
+    $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';
+    pwg_query($query);
+    redirect($admin_base_url);
+  }
-        break;
-        case 'ipconfig':
-        antiaspi_check_old_conf();
-  global $conf, $template;
-  $admin_base_url = ANTIASPI_ADMIN . '-ipconfig';
-  $antiaspi = safe_unserialize($conf['antiaspi']);
-/*
-$conf['antiaspi'] = array(
-  'diff' => '20 pages in 00:00:10' , // IP banned if 20 different pages viewed in 10 seconds
-  'same' => '15 pages in 00:00:30' , // IP banned if same 15 pages viewed in 30 seconds
-  'banned during' => '23:59:59' ,    // IP banned during hh:mm:ss
-  'only guest' => true ,             // If true, don't ban registered users
-  'only picture' => false ,          // If true, apply antiaspi only on picture page
-  'allowed ip' => array()            // Autorized IP (robots for example)
-);
-*/
-$diff = explode(" pages in ", $antiaspi['diff']);
-$tempsdiff= explode(":", $diff[1]);
-$tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60);
+$same = explode(" pages in ", $antiaspi['same']);
+$tempssame= explode(":", $same[1]);
+$tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60);
+  $i = 0;
+  while ($i < count($antiaspi['allowed ip']))
+  {
+    $items = array(
+      'IP' => $antiaspi['allowed ip'][$i],
+      'U_DELETE' => $admin_base_url . '&amp;deleteallowed='.$i ,
+    );
+$onlyguest = array(
+l10n('Yes'),
+l10n('No'),
+);
+$onlyguestv = array(
+true,
+false,
+);
+$onlypicture = array(
+l10n('Yes'),
+l10n('No'),
+);
+$onlypicturev = array(
+true,
+false,
+);
+  $template->assign(
+   'ipconfiggest', array(
+          'DIFFA' => $diff[0],
+          'DIFFB' => $tempsdiffsec,
+          'SAMEA' => $same[0],
+          'SAMEB' => $tempssamesec,
+          'ONLYGUEST' => $onlyguest,
+          'ONLYGUESTV' => $onlyguestv,
+          'ONLYGUESTSELECT' => $antiaspi['only guest'],
+          'ONLYPICTURE' => $onlypicture,
+          'ONLYPICTUREV' => $onlypicturev,
+          'ONLYPICTURESELECT' => $antiaspi['only picture'],
+  ));
+  $i = 0;
+  while ($i < count($antiaspi['allowed ip'])) {
+    $template->append('allowip', $items);
+    $i++;
+  }
+        $items = array(
+                'IP' => $antiaspi['allowed ip'][$i],
+                'U_DELETE' => $admin_base_url . '&amp;delete='.$i ,
+        );
+  if (isset($_POST['submitaddipallowed']))
+  {
+    $i = 0;
+    while ($i < count($antiaspi['allowed ip']))
+    {
+      if ($_POST['insipallowed']==$antiaspi['allowed ip'][$i])
+      {
+        $_SESSION['page_errors'] = array(l10n('IP already allowed'));
+        redirect($admin_base_url);
+      }
+      $i++;
+    }
+        $template->append('allowip', $items);
+        $i++;
+    $antiaspi['allowed ip'][] = $_POST['insipallowed'];
+    conf_update_param('antiaspi', $antiaspi, true);
+    redirect($admin_base_url);
+  }
-        /*$time = '7000';
-echo date('h:i:s', $time);
-*/
+if (isset($_POST['submitconfban'])) {
+        /*$time = date('h:i:s', $_POST['insdiffb']);  revoir fonction date HS ?*/
+        $antiaspi['diff']=$_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb']));
+        $antiaspi['same']=$_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb']));
+        $antiaspi['only guest']=$_POST['insonlyguest'];
+        $antiaspi['only picture']=$_POST['insonlypicturet'];
+        conf_update_param('antiaspi', $antiaspi);
+        redirect($admin_base_url);
+  if (isset($_GET['deleteallowed']))
+  {
+    check_input_parameter('deleteallowed', $_GET, false, PATTERN_ID);
+    unset($antiaspi['allowed ip'][ $_GET['deleteallowed'] ]);
+    $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']);
+    conf_update_param('antiaspi', $antiaspi);
+    redirect($admin_base_url);
+  }
+}
+if (isset($_POST['submitaddipallowed'])) {
+         $i = 0;
+        while ($i < count($antiaspi['allowed ip'])) {
+                if($_POST['insipallowed']==$antiaspi['allowed ip'][$i])
+                {
+                        $_SESSION['page_errors'] = array(l10n('IP already allowed'));
+                        redirect($admin_base_url);
+                }
+                $i++;
+        };
+if ('ipconfig' == $page['tab'])
+{
+  antiaspi_check_old_conf();
+        $antiaspi['allowed ip'][]=$_POST['insipallowed'];
+        conf_update_param('antiaspi', $antiaspi);
+        redirect($admin_base_url);
+  $admin_base_url = ANTIASPI_ADMIN . '-ipconfig';
+  $antiaspi = safe_unserialize($conf['antiaspi']);
+  $diff = explode(" pages in ", $antiaspi['diff']);
+  $tempsdiff= explode(":", $diff[1]);
+  $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60);
+  $same = explode(" pages in ", $antiaspi['same']);
+  $tempssame= explode(":", $same[1]);
+  $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60);
+  $onlyguest = array(l10n('Yes'), l10n('No'));
+  $onlyguestv = array(true, false);
+  $onlypicture = array(l10n('Yes'), l10n('No'));
+  $onlypicturev = array(true,false);
+  $template->assign(
+    'ipconfiggest',
+    array(
+      'DIFFA' => $diff[0],
+      'DIFFB' => $tempsdiffsec,
+      'SAMEA' => $same[0],
+      'SAMEB' => $tempssamesec,
+      'ONLYGUEST' => $onlyguest,
+      'ONLYGUESTV' => $onlyguestv,
+      'ONLYGUESTSELECT' => $antiaspi['only guest'],
+      'ONLYPICTURE' => $onlypicture,
+      'ONLYPICTUREV' => $onlypicturev,
+      'ONLYPICTURESELECT' => $antiaspi['only picture'],
+    )
+  );
+  if (isset($_POST['submitconfban']))
+  {
+    /*$time = date('h:i:s', $_POST['insdiffb']);  revoir fonction date HS ?*/
+    $antiaspi['diff'] = $_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb']));
+    $antiaspi['same'] = $_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb']));
+    $antiaspi['only guest'] = $_POST['insonlyguest'];
+    $antiaspi['only picture'] = $_POST['insonlypicturet'];
+    conf_update_param('antiaspi', $antiaspi);
+    redirect($admin_base_url);
+  }
+}
+  if (isset($_GET['delete'])) {
+    check_input_parameter('delete', $_GET, false, PATTERN_ID);
+        unset($antiaspi['allowed ip'][($_GET['delete'])]);
+        $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']);
+    conf_update_param('antiaspi', $antiaspi);
+        redirect($admin_base_url);
+  }
+        break;
+}
 $template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl'));

extensions/AntiAspi/admin.tpl

-                      r31372
+                      r31953
         input.hide();
     });
+    jQuery('.add-ip-allowed-form-toggle').click(function(e) {
+        jQuery('.add-ip-allowed-form').toggle();
+        e.preventDefault();
+    })
 });
 …
         <fieldset>
           <legend>{'Action IP banned'|@translate}</legend>
+          <legend>{'Banned IP addresses'|@translate}</legend>
                 <form method="post" >
+                        <div style="text-align:center;">
+                                <input class="submit" name="submitdeleteall" type="submit" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');" value="{'Delete all IP Ban'|@translate}"/>
+                                <input class="submit" name="submitdeletedeprecated" type="submit" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');" value="{'Delete deprecated IP Ban'|@translate}"/>
+                        <div style="text-align:center;margin-bottom: 30px;">
+                                <button name="submitdeleteall" type="submit" class="buttonLike" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');">
+                    <i class="icon-trash"></i> {'Delete all'|@translate}
+                </button>
+                                <button name="submitdeletedeprecated" type="submit" class="buttonLike" onclick="return confirm('{'Are you sure?'|@translate|@escape:'javascript'}');">
+                    <i class="icon-trash"></i> {'Delete deprecated only'|@translate}
+                </button>
                         </div>
                 </form>
+        </fieldset>
+<form method="post" >
+        <fieldset>
+          <legend>{'List IP banned'|@translate}</legend>
            <table class="lban">
                 {foreach from=$ipban2 item=ipban}
 …
                         <td><!-- {$ipban.ID} --> {$ipban.IP}</td>
                         <td>{$ipban.DATE}</td>
+                        <td><span class="badge badge-{$ipban.STATUS}">{$ipban.STATUS}</span></td>
                         <td>
                         <a href="{$ipban.U_DELETE}" onclick="return confirm( document.getElementById('btn_delete').title + '\n\n' + '{'Are you sure?'|@translate|@escape:'javascript'}');">
                                 <img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/delete.png" id="btn_delete" alt="{'delete'|@translate}" title="{'Delete'|@translate}" />
+                <i class="icon-trash" id="btn_delete" title="{'Delete'|@translate}"></i>
                         </a>
                         </td>
 …
          </table>
         </fieldset>
+</form>
+         <fieldset class="antiaspi-whitelist">
+      <legend>{'Whitelist (allowed ip addresses)'|translate}</legend>
+        <form method="post">
+                        <a href="#" class="icon-plus-circled add-ip-allowed-form-toggle">{'Add allowed IP'|@translate}</a>
+                        <span class="add-ip-allowed-form">
+                        {'IP'|@translate} <input " type="text" name="insipallowed" data-ip placeholder="123.123.123.123" value="" size="50" maxlenght="50" required pattern="^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$">
+                        <input class="submit" name="submitaddipallowed" type="submit" value="{'Add IP'|@translate}" />
+                        </span>
+        </form>
+                <table class="lban">
+                        {foreach from=$allowip item=allowip2}
+                          <tr>
+                                <td>{$allowip2.IP}</td>
+                                <td>
+                                <a href="{$allowip2.U_DELETE}" onclick="return confirm( document.getElementById('btn_delete').title + '\n\n' + '{'Are you sure?'|@translate|@escape:'javascript'}');">
+                                        <i class="icon-trash" id="btn_delete" title="{'Delete'|@translate}"></i>
+                                </a>
+                                </td>
+                          </tr>
+                        {/foreach}
+                 </table>
+         </fieldset>
 {/if}
 {if isset ($ipconfiggest)}
 <form method="post">
  <fieldset>
   <legend>{'Configuration'|translate}</legend>
-         <fieldset>
                 <p class="input" style="width: 700px;">
                   <label for="insdiffa"><strong>{'IP banned if '|@translate}<span></span></strong></label>
 …
                         <input type="text" name="insdiffb" data-min="5" data-max="3599" class="range" value="{$ipconfiggest.DIFFB}"/>
                 </p>
+        </fieldset>
+        <fieldset>
+                <p class="input" style="width: 700px;">
+                <p class="input" style="width: 700px;margin-top: 50px;">
                   <label for="inssamea"><strong>{'IP banned if same '|@translate}<span></span></strong></label>
                   <input type="text" name="inssamea" data-min="10" data-max="500" class="range" value="{$ipconfiggest.SAMEA}"/>
                 </p>
                 <p class="input" style="width: 700px;">
+                <p class="input" style="width: 700px;margin-bottom: 50px;">
                         <label for="inssameb"><strong>{' different pages viewed in <span></span> seconds'|@translate} </strong></label>
                         <input type="text" name="inssameb" data-min="5" data-max="3599" class="range" value="{$ipconfiggest.SAMEB}"/>
                 </p>
+        </fieldset>
         <p>
         <strong>{'only guest'|@translate}</strong>
 …
                 ({'If yes, apply antiaspi only on picture page'|@translate})
     </p>
+         <fieldset>
+      <legend>{'allowed ip'|translate}</legend>
+                <table class="lban">
+                        {foreach from=$allowip item=allowip2}
+                          <tr>
+                                <td>{$allowip2.IP}</td>
+                                <td>
+                                <a href="{$allowip2.U_DELETE}" onclick="return confirm( document.getElementById('btn_delete').title + '\n\n' + '{'Are you sure?'|@translate|@escape:'javascript'}');">
+                                        <img src="{$ROOT_URL}{$themeconf.admin_icon_dir}/delete.png" id="btn_delete" alt="{'delete'|@translate}" title="{'Delete'|@translate}" />
+                                </a>
+                                </td>
+                          </tr>
+                        {/foreach}
+                 </table>
+         </fieldset>
+    <p>
+        <input class="submit" type="submit" name="submitconfban" value="{'Submit'|@translate}">
+    <p style="margin-top: 50px">
+        <button name="submitconfban" type="submit" class="buttonLike">
+            <i class="icon-floppy"></i> {'Save Settings'|@translate}
+        </button>
     </p>
  </fieldset>
 </form>
-  {if isset ($ipconfiggest)}
-        <form method="post">
-                <fieldset>
-                        <legend>{'Add IP allowed'|@translate}</legend>
-                        {'IP'|@translate} <input " type="text" name="insipallowed" data-ip placeholder="123.123.123.123" value="" size="50" maxlenght="50" required pattern="^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$">
-                        <br>
-                        <br>
-                                <div style="text-align:center;">
-                                <input class="submit" name="submitaddipallowed" type="submit" value="{'Submit'|@translate}" />
-                                </div>
-                </fieldset>
-        </form>
 {/if}
-{/if}

extensions/AntiAspi/antiaspi.css

-                      r31370
+                      r31953
 table.lban td{
   padding-right:20px;
+  padding-bottom: 5px;
+}
 …
   background-color:green;
+}
+.add-ip-allowed-form {
+        display:none;
+}
+span.badge {
+        padding:2px 5px;
+        border-radius:5px;
+}
+span.badge.badge-deprecated {
+    background-color:#ddd;
+    color:#999;
+}
+span.badge.badge-active {
+    background-color:#caebff;
+    color:#0080c6;
+}
+.antiaspi-whitelist form {
+        margin-bottom: 20px;
+}

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: