Changeset 31953 for extensions/AntiAspi/admin.php

Timestamp:

Nov 28, 2018, 10:18:04 AM (5 years ago)

Author:

plg

Message:

Simpler user interface, display banned IP current status, regroup IP management

File:

• extensions/AntiAspi/admin.php (modified) (3 diffs)

extensions/AntiAspi/admin.php

@@ -1 +1 @@
 <?php
 
-if (!defined('PHPWG_ROOT_PATH'))
-    die('Hacking attempt!');
+if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
+
 global $template, $conf, $user;
+
 include_once(PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php');
+
 load_language('plugin.lang', ANTIASPI_PATH);
+
 $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugin-'; //get_admin_plugin_menu_link(__FILE__);
 
@@ -11 +14 @@
 // | Check Access and exit when user status is not ok                      |
 // +-----------------------------------------------------------------------+
+
 check_status(ACCESS_ADMINISTRATOR);
 
 //-------------------------------------------------------- sections definitions
+
 if (!isset($_GET['tab']))
-    $page['tab'] = 'ipban';
+{
+  $page['tab'] = 'ipban';
+}
 else
-    $page['tab'] = $_GET['tab'];
-        $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css'));
+{
+  $page['tab'] = $_GET['tab'];
+}
 
+$template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css'));
 
-    $tabsheet = new tabsheet();
-    $tabsheet->add('ipban', l10n('IP ban'), ANTIASPI_ADMIN . '-ipban');
-        $tabsheet->add('ipconfig', l10n('Configuration '), ANTIASPI_ADMIN . '-ipconfig ');
-    $tabsheet->select($page['tab']);
-    $tabsheet->assign();
+$tabsheet = new tabsheet();
+$tabsheet->add('ipban', '<i class="icon-network"></i> '.l10n('IP addresses'), ANTIASPI_ADMIN . '-ipban');
+$tabsheet->add('ipconfig', '<i class="icon-tools"></i> '.l10n('Configuration'), ANTIASPI_ADMIN . '-ipconfig ');
+$tabsheet->select($page['tab']);
+$tabsheet->assign();
 
-switch ($page['tab']) {
-    case 'ipban':
-          $template->assign(
-       'ipbangest', array(
-       'A' => 'a',
-    ));
-        $ipban = pwg_query("SELECT * FROM " . ANTIASPI_TABLE . ";");
-    $antiaspi = safe_unserialize($conf['antiaspi']);
-        
-    $admin_base_url = ANTIASPI_ADMIN . '-ipban';
-        if (pwg_db_num_rows($ipban)) {
-            while ($ipban2 = pwg_db_fetch_assoc($ipban)) {
-                                
-                $items = array(
-                    'ID' => $ipban2['id'],
-                    'IP' => $ipban2['ip'],
-                    'DATE' => $ipban2['date'],
-                    'U_DELETE' => $admin_base_url . '&amp;delete=' . $ipban2['id'],
-                    'U_EDIT' => $admin_base_url . '&amp;edit=' . $ipban2['id'],
-                );
+if ('ipban' == $page['tab'])
+{
+  $template->assign(
+    'ipbangest',
+    array(
+      'A' => 'a',
+    )
+  );
 
-                $template->append('ipban2', $items);
-            }
-        }
-                
-  if (isset($_GET['delete'])) {
+  $query = '
+SELECT
+    *,
+    IF (date > SUBTIME(NOW(), "'.$conf['antiaspi']['banned during'].'"), "active", "deprecated") AS status
+  FROM '.ANTIASPI_TABLE.'
+  ORDER BY id DESC
+;';
+  $ipban = pwg_query($query);
 
+  $antiaspi = safe_unserialize($conf['antiaspi']);
+
+  $admin_base_url = ANTIASPI_ADMIN . '-ipban';
+  if (pwg_db_num_rows($ipban))
+  {
+    while ($ipban2 = pwg_db_fetch_assoc($ipban))
+    {
+      $items = array(
+        'ID' => $ipban2['id'],
+        'IP' => $ipban2['ip'],
+        'DATE' => $ipban2['date'],
+        'STATUS' => $ipban2['status'],
+        'U_DELETE' => $admin_base_url . '&amp;delete=' . $ipban2['id'],
+      );
+
+      $template->append('ipban2', $items);
+    }
+  }
+    
+  if (isset($_GET['delete']))
+  {
     check_input_parameter('delete', $_GET, false, PATTERN_ID);
+
     $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE id = ' . $_GET['delete'] . ';';
     pwg_query($query);
@@ -62 +84 @@
   }
   
-  if (isset($_POST['submitdeleteall'])) {
-        $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';';
+  if (isset($_POST['submitdeleteall']))
+  {
+    $query = 'DELETE FROM ' . ANTIASPI_TABLE . ';';
     pwg_query($query);
-        redirect($admin_base_url);
+    redirect($admin_base_url);
   }
-  if (isset($_POST['submitdeletedeprecated'])) {
-        $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';
-        pwg_query($query);
-        redirect($admin_base_url);
+
+  if (isset($_POST['submitdeletedeprecated']))
+  {
+    $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE date < ADDTIME(NOW(), "-' . $antiaspi['banned during'] . '");';
+    pwg_query($query);
+    redirect($admin_base_url);
   }
-        break;
-        case 'ipconfig':
-        antiaspi_check_old_conf();
-  global $conf, $template;
-  $admin_base_url = ANTIASPI_ADMIN . '-ipconfig';
-  $antiaspi = safe_unserialize($conf['antiaspi']);      
-/*
-$conf['antiaspi'] = array(
-  'diff' => '20 pages in 00:00:10' , // IP banned if 20 different pages viewed in 10 seconds
-  'same' => '15 pages in 00:00:30' , // IP banned if same 15 pages viewed in 30 seconds
-  'banned during' => '23:59:59' ,    // IP banned during hh:mm:ss
-  'only guest' => true ,             // If true, don't ban registered users
-  'only picture' => false ,          // If true, apply antiaspi only on picture page
-  'allowed ip' => array()            // Autorized IP (robots for example)
-);
-*/
-$diff = explode(" pages in ", $antiaspi['diff']);
-$tempsdiff= explode(":", $diff[1]);
-$tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60);
 
-$same = explode(" pages in ", $antiaspi['same']);
-$tempssame= explode(":", $same[1]);
-$tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60);
+  $i = 0;
+  while ($i < count($antiaspi['allowed ip']))
+  {
+    $items = array(
+      'IP' => $antiaspi['allowed ip'][$i],
+      'U_DELETE' => $admin_base_url . '&amp;deleteallowed='.$i ,
+    );
 
-$onlyguest = array(
-l10n('Yes'),
-l10n('No'),
-);
-$onlyguestv = array(
-true,
-false,
-);
-$onlypicture = array(
-l10n('Yes'),
-l10n('No'),
-);
-$onlypicturev = array(
-true,
-false,
-); 
-  $template->assign(
-   'ipconfiggest', array(
-          'DIFFA' => $diff[0],
-          'DIFFB' => $tempsdiffsec,
-          'SAMEA' => $same[0],
-          'SAMEB' => $tempssamesec,
-          'ONLYGUEST' => $onlyguest,
-          'ONLYGUESTV' => $onlyguestv,
-          'ONLYGUESTSELECT' => $antiaspi['only guest'],
-          'ONLYPICTURE' => $onlypicture,
-          'ONLYPICTUREV' => $onlypicturev,
-          'ONLYPICTURESELECT' => $antiaspi['only picture'],
-  ));
-  $i = 0;
-  while ($i < count($antiaspi['allowed ip'])) {
+    $template->append('allowip', $items);
+    $i++;
+  }
 
-        $items = array(
-                'IP' => $antiaspi['allowed ip'][$i],
-                'U_DELETE' => $admin_base_url . '&amp;delete='.$i ,
-        );
+  if (isset($_POST['submitaddipallowed']))
+  {
+    $i = 0;
+    while ($i < count($antiaspi['allowed ip']))
+    {
+      if ($_POST['insipallowed']==$antiaspi['allowed ip'][$i])
+      {
+        $_SESSION['page_errors'] = array(l10n('IP already allowed'));
+        redirect($admin_base_url);
+      }
+      $i++;
+    }
 
-        $template->append('allowip', $items);
-        $i++;
+    $antiaspi['allowed ip'][] = $_POST['insipallowed'];
+    conf_update_param('antiaspi', $antiaspi, true);
+    redirect($admin_base_url);
   }
-  
-  
-        /*$time = '7000';
-echo date('h:i:s', $time);
-*/
 
-if (isset($_POST['submitconfban'])) {
-        /*$time = date('h:i:s', $_POST['insdiffb']);  revoir fonction date HS ?*/
-        $antiaspi['diff']=$_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb']));
-        $antiaspi['same']=$_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb']));
-        $antiaspi['only guest']=$_POST['insonlyguest'];
-        $antiaspi['only picture']=$_POST['insonlypicturet'];
-        
-        conf_update_param('antiaspi', $antiaspi);
-        redirect($admin_base_url);
+  if (isset($_GET['deleteallowed']))
+  {
+    check_input_parameter('deleteallowed', $_GET, false, PATTERN_ID);
+
+    unset($antiaspi['allowed ip'][ $_GET['deleteallowed'] ]);
+
+    $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']);
+    conf_update_param('antiaspi', $antiaspi);
+    redirect($admin_base_url);
+  }
 }
 
-if (isset($_POST['submitaddipallowed'])) {
-         $i = 0;
-        while ($i < count($antiaspi['allowed ip'])) {
-                if($_POST['insipallowed']==$antiaspi['allowed ip'][$i])
-                {
-                        $_SESSION['page_errors'] = array(l10n('IP already allowed'));
-                        redirect($admin_base_url);
-                }
-                $i++;
-        };
+if ('ipconfig' == $page['tab'])
+{
+  antiaspi_check_old_conf();
 
-        $antiaspi['allowed ip'][]=$_POST['insipallowed'];
-        conf_update_param('antiaspi', $antiaspi);
-        redirect($admin_base_url);
+  $admin_base_url = ANTIASPI_ADMIN . '-ipconfig';
+  $antiaspi = safe_unserialize($conf['antiaspi']);  
+
+  $diff = explode(" pages in ", $antiaspi['diff']);
+  $tempsdiff= explode(":", $diff[1]);
+  $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60);
+
+  $same = explode(" pages in ", $antiaspi['same']);
+  $tempssame= explode(":", $same[1]);
+  $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60);
+
+  $onlyguest = array(l10n('Yes'), l10n('No'));
+  $onlyguestv = array(true, false);
+  $onlypicture = array(l10n('Yes'), l10n('No'));
+  $onlypicturev = array(true,false); 
+
+  $template->assign(
+    'ipconfiggest',
+    array(
+      'DIFFA' => $diff[0],
+      'DIFFB' => $tempsdiffsec,
+      'SAMEA' => $same[0],
+      'SAMEB' => $tempssamesec,
+      'ONLYGUEST' => $onlyguest,
+      'ONLYGUESTV' => $onlyguestv,
+      'ONLYGUESTSELECT' => $antiaspi['only guest'],
+      'ONLYPICTURE' => $onlypicture,
+      'ONLYPICTUREV' => $onlypicturev,
+      'ONLYPICTURESELECT' => $antiaspi['only picture'],
+    )
+  );
+
+  if (isset($_POST['submitconfban']))
+  {
+    /*$time = date('h:i:s', $_POST['insdiffb']);  revoir fonction date HS ?*/
+    $antiaspi['diff'] = $_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb']));
+    $antiaspi['same'] = $_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb']));
+    $antiaspi['only guest'] = $_POST['insonlyguest'];
+    $antiaspi['only picture'] = $_POST['insonlypicturet'];
+
+    conf_update_param('antiaspi', $antiaspi);
+    redirect($admin_base_url);
+  }
 }
-
-  if (isset($_GET['delete'])) {
-    check_input_parameter('delete', $_GET, false, PATTERN_ID);
-        unset($antiaspi['allowed ip'][($_GET['delete'])]);
-        $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']);
-    conf_update_param('antiaspi', $antiaspi);
-        redirect($admin_base_url);
-  }
-
-
-        break;
-}
-        
+  
 
 $template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl'));