Changeset 31953 for extensions/AntiAspi/admin.php
- Timestamp:
- Nov 28, 2018, 10:18:04 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/AntiAspi/admin.php
r31952 r31953 1 1 <?php 2 2 3 if (!defined('PHPWG_ROOT_PATH')) 4 die('Hacking attempt!'); 3 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); 4 5 5 global $template, $conf, $user; 6 6 7 include_once(PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php'); 8 7 9 load_language('plugin.lang', ANTIASPI_PATH); 10 8 11 $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugin-'; //get_admin_plugin_menu_link(__FILE__); 9 12 … … 11 14 // | Check Access and exit when user status is not ok | 12 15 // +-----------------------------------------------------------------------+ 16 13 17 check_status(ACCESS_ADMINISTRATOR); 14 18 15 19 //-------------------------------------------------------- sections definitions 20 16 21 if (!isset($_GET['tab'])) 17 $page['tab'] = 'ipban'; 22 { 23 $page['tab'] = 'ipban'; 24 } 18 25 else 19 $page['tab'] = $_GET['tab']; 20 $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css')); 26 { 27 $page['tab'] = $_GET['tab']; 28 } 21 29 30 $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css')); 22 31 23 24 $tabsheet->add('ipban', l10n('IP ban'), ANTIASPI_ADMIN . '-ipban');25 $tabsheet->add('ipconfig', l10n('Configuration'), ANTIASPI_ADMIN . '-ipconfig ');26 27 32 $tabsheet = new tabsheet(); 33 $tabsheet->add('ipban', '<i class="icon-network"></i> '.l10n('IP addresses'), ANTIASPI_ADMIN . '-ipban'); 34 $tabsheet->add('ipconfig', '<i class="icon-tools"></i> '.l10n('Configuration'), ANTIASPI_ADMIN . '-ipconfig '); 35 $tabsheet->select($page['tab']); 36 $tabsheet->assign(); 28 37 29 switch ($page['tab']) { 30 case 'ipban': 31 $template->assign( 32 'ipbangest', array( 33 'A' => 'a', 34 )); 35 $ipban = pwg_query("SELECT * FROM " . ANTIASPI_TABLE . ";"); 36 $antiaspi = safe_unserialize($conf['antiaspi']); 37 38 $admin_base_url = ANTIASPI_ADMIN . '-ipban'; 39 if (pwg_db_num_rows($ipban)) { 40 while ($ipban2 = pwg_db_fetch_assoc($ipban)) { 41 42 $items = array( 43 'ID' => $ipban2['id'], 44 'IP' => $ipban2['ip'], 45 'DATE' => $ipban2['date'], 46 'U_DELETE' => $admin_base_url . '&delete=' . $ipban2['id'], 47 'U_EDIT' => $admin_base_url . '&edit=' . $ipban2['id'], 48 ); 38 if ('ipban' == $page['tab']) 39 { 40 $template->assign( 41 'ipbangest', 42 array( 43 'A' => 'a', 44 ) 45 ); 49 46 50 $template->append('ipban2', $items); 51 } 52 } 53 54 if (isset($_GET['delete'])) { 47 $query = ' 48 SELECT 49 *, 50 IF (date > SUBTIME(NOW(), "'.$conf['antiaspi']['banned during'].'"), "active", "deprecated") AS status 51 FROM '.ANTIASPI_TABLE.' 52 ORDER BY id DESC 53 ;'; 54 $ipban = pwg_query($query); 55 55 56 $antiaspi = safe_unserialize($conf['antiaspi']); 57 58 $admin_base_url = ANTIASPI_ADMIN . '-ipban'; 59 if (pwg_db_num_rows($ipban)) 60 { 61 while ($ipban2 = pwg_db_fetch_assoc($ipban)) 62 { 63 $items = array( 64 'ID' => $ipban2['id'], 65 'IP' => $ipban2['ip'], 66 'DATE' => $ipban2['date'], 67 'STATUS' => $ipban2['status'], 68 'U_DELETE' => $admin_base_url . '&delete=' . $ipban2['id'], 69 ); 70 71 $template->append('ipban2', $items); 72 } 73 } 74 75 if (isset($_GET['delete'])) 76 { 56 77 check_input_parameter('delete', $_GET, false, PATTERN_ID); 78 57 79 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE id = ' . $_GET['delete'] . ';'; 58 80 pwg_query($query); … … 62 84 } 63 85 64 if (isset($_POST['submitdeleteall'])) { 65 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';'; 86 if (isset($_POST['submitdeleteall'])) 87 { 88 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';'; 66 89 pwg_query($query); 67 90 redirect($admin_base_url); 68 91 } 69 if (isset($_POST['submitdeletedeprecated'])) { 70 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; 71 pwg_query($query); 72 redirect($admin_base_url); 92 93 if (isset($_POST['submitdeletedeprecated'])) 94 { 95 $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");'; 96 pwg_query($query); 97 redirect($admin_base_url); 73 98 } 74 break;75 case 'ipconfig':76 antiaspi_check_old_conf();77 global $conf, $template;78 $admin_base_url = ANTIASPI_ADMIN . '-ipconfig';79 $antiaspi = safe_unserialize($conf['antiaspi']);80 /*81 $conf['antiaspi'] = array(82 'diff' => '20 pages in 00:00:10' , // IP banned if 20 different pages viewed in 10 seconds83 'same' => '15 pages in 00:00:30' , // IP banned if same 15 pages viewed in 30 seconds84 'banned during' => '23:59:59' , // IP banned during hh:mm:ss85 'only guest' => true , // If true, don't ban registered users86 'only picture' => false , // If true, apply antiaspi only on picture page87 'allowed ip' => array() // Autorized IP (robots for example)88 );89 */90 $diff = explode(" pages in ", $antiaspi['diff']);91 $tempsdiff= explode(":", $diff[1]);92 $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60);93 99 94 $same = explode(" pages in ", $antiaspi['same']); 95 $tempssame= explode(":", $same[1]); 96 $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60); 100 $i = 0; 101 while ($i < count($antiaspi['allowed ip'])) 102 { 103 $items = array( 104 'IP' => $antiaspi['allowed ip'][$i], 105 'U_DELETE' => $admin_base_url . '&deleteallowed='.$i , 106 ); 97 107 98 $onlyguest = array( 99 l10n('Yes'), 100 l10n('No'), 101 ); 102 $onlyguestv = array( 103 true, 104 false, 105 ); 106 $onlypicture = array( 107 l10n('Yes'), 108 l10n('No'), 109 ); 110 $onlypicturev = array( 111 true, 112 false, 113 ); 114 $template->assign( 115 'ipconfiggest', array( 116 'DIFFA' => $diff[0], 117 'DIFFB' => $tempsdiffsec, 118 'SAMEA' => $same[0], 119 'SAMEB' => $tempssamesec, 120 'ONLYGUEST' => $onlyguest, 121 'ONLYGUESTV' => $onlyguestv, 122 'ONLYGUESTSELECT' => $antiaspi['only guest'], 123 'ONLYPICTURE' => $onlypicture, 124 'ONLYPICTUREV' => $onlypicturev, 125 'ONLYPICTURESELECT' => $antiaspi['only picture'], 126 )); 127 $i = 0; 128 while ($i < count($antiaspi['allowed ip'])) { 108 $template->append('allowip', $items); 109 $i++; 110 } 129 111 130 $items = array( 131 'IP' => $antiaspi['allowed ip'][$i], 132 'U_DELETE' => $admin_base_url . '&delete='.$i , 133 ); 112 if (isset($_POST['submitaddipallowed'])) 113 { 114 $i = 0; 115 while ($i < count($antiaspi['allowed ip'])) 116 { 117 if ($_POST['insipallowed']==$antiaspi['allowed ip'][$i]) 118 { 119 $_SESSION['page_errors'] = array(l10n('IP already allowed')); 120 redirect($admin_base_url); 121 } 122 $i++; 123 } 134 124 135 $template->append('allowip', $items); 136 $i++; 125 $antiaspi['allowed ip'][] = $_POST['insipallowed']; 126 conf_update_param('antiaspi', $antiaspi, true); 127 redirect($admin_base_url); 137 128 } 138 139 140 /*$time = '7000';141 echo date('h:i:s', $time);142 */143 129 144 if (isset($_POST['submitconfban'])) { 145 /*$time = date('h:i:s', $_POST['insdiffb']); revoir fonction date HS ?*/ 146 $antiaspi['diff']=$_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb'])); 147 $antiaspi['same']=$_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb'])); 148 $antiaspi['only guest']=$_POST['insonlyguest']; 149 $antiaspi['only picture']=$_POST['insonlypicturet']; 150 151 conf_update_param('antiaspi', $antiaspi); 152 redirect($admin_base_url); 130 if (isset($_GET['deleteallowed'])) 131 { 132 check_input_parameter('deleteallowed', $_GET, false, PATTERN_ID); 133 134 unset($antiaspi['allowed ip'][ $_GET['deleteallowed'] ]); 135 136 $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']); 137 conf_update_param('antiaspi', $antiaspi); 138 redirect($admin_base_url); 139 } 153 140 } 154 141 155 if (isset($_POST['submitaddipallowed'])) { 156 $i = 0; 157 while ($i < count($antiaspi['allowed ip'])) { 158 if($_POST['insipallowed']==$antiaspi['allowed ip'][$i]) 159 { 160 $_SESSION['page_errors'] = array(l10n('IP already allowed')); 161 redirect($admin_base_url); 162 } 163 $i++; 164 }; 142 if ('ipconfig' == $page['tab']) 143 { 144 antiaspi_check_old_conf(); 165 145 166 $antiaspi['allowed ip'][]=$_POST['insipallowed']; 167 conf_update_param('antiaspi', $antiaspi); 168 redirect($admin_base_url); 146 $admin_base_url = ANTIASPI_ADMIN . '-ipconfig'; 147 $antiaspi = safe_unserialize($conf['antiaspi']); 148 149 $diff = explode(" pages in ", $antiaspi['diff']); 150 $tempsdiff= explode(":", $diff[1]); 151 $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60); 152 153 $same = explode(" pages in ", $antiaspi['same']); 154 $tempssame= explode(":", $same[1]); 155 $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60); 156 157 $onlyguest = array(l10n('Yes'), l10n('No')); 158 $onlyguestv = array(true, false); 159 $onlypicture = array(l10n('Yes'), l10n('No')); 160 $onlypicturev = array(true,false); 161 162 $template->assign( 163 'ipconfiggest', 164 array( 165 'DIFFA' => $diff[0], 166 'DIFFB' => $tempsdiffsec, 167 'SAMEA' => $same[0], 168 'SAMEB' => $tempssamesec, 169 'ONLYGUEST' => $onlyguest, 170 'ONLYGUESTV' => $onlyguestv, 171 'ONLYGUESTSELECT' => $antiaspi['only guest'], 172 'ONLYPICTURE' => $onlypicture, 173 'ONLYPICTUREV' => $onlypicturev, 174 'ONLYPICTURESELECT' => $antiaspi['only picture'], 175 ) 176 ); 177 178 if (isset($_POST['submitconfban'])) 179 { 180 /*$time = date('h:i:s', $_POST['insdiffb']); revoir fonction date HS ?*/ 181 $antiaspi['diff'] = $_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb'])); 182 $antiaspi['same'] = $_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb'])); 183 $antiaspi['only guest'] = $_POST['insonlyguest']; 184 $antiaspi['only picture'] = $_POST['insonlypicturet']; 185 186 conf_update_param('antiaspi', $antiaspi); 187 redirect($admin_base_url); 188 } 169 189 } 170 171 if (isset($_GET['delete'])) { 172 check_input_parameter('delete', $_GET, false, PATTERN_ID); 173 unset($antiaspi['allowed ip'][($_GET['delete'])]); 174 $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']); 175 conf_update_param('antiaspi', $antiaspi); 176 redirect($admin_base_url); 177 } 178 179 180 break; 181 } 182 190 183 191 184 192 $template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl'));
Note: See TracChangeset
for help on using the changeset viewer.