[31362] | 1 | <?php |
---|
| 2 | |
---|
| 3 | if (!defined('PHPWG_ROOT_PATH')) |
---|
| 4 | die('Hacking attempt!'); |
---|
| 5 | global $template, $conf, $user; |
---|
| 6 | include_once(PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php'); |
---|
| 7 | load_language('plugin.lang', ANTIASPI_PATH); |
---|
| 8 | $my_base_url = PHPWG_ROOT_PATH.'admin.php?page=plugin-'; //get_admin_plugin_menu_link(__FILE__); |
---|
| 9 | |
---|
| 10 | // +-----------------------------------------------------------------------+ |
---|
| 11 | // | Check Access and exit when user status is not ok | |
---|
| 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | check_status(ACCESS_ADMINISTRATOR); |
---|
| 14 | |
---|
| 15 | //-------------------------------------------------------- sections definitions |
---|
| 16 | if (!isset($_GET['tab'])) |
---|
| 17 | $page['tab'] = 'ipban'; |
---|
| 18 | else |
---|
| 19 | $page['tab'] = $_GET['tab']; |
---|
[31370] | 20 | $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css')); |
---|
[31362] | 21 | |
---|
| 22 | |
---|
| 23 | $tabsheet = new tabsheet(); |
---|
| 24 | $tabsheet->add('ipban', l10n('IP ban'), ANTIASPI_ADMIN . '-ipban'); |
---|
[31370] | 25 | $tabsheet->add('ipconfig', l10n('Configuration '), ANTIASPI_ADMIN . '-ipconfig '); |
---|
[31362] | 26 | $tabsheet->select($page['tab']); |
---|
| 27 | $tabsheet->assign(); |
---|
| 28 | |
---|
| 29 | switch ($page['tab']) { |
---|
| 30 | case 'ipban': |
---|
[31370] | 31 | $template->assign( |
---|
| 32 | 'ipbangest', array( |
---|
| 33 | 'A' => 'a' |
---|
| 34 | )); |
---|
[31362] | 35 | $ipban = pwg_query("SELECT * FROM " . ANTIASPI_TABLE . ";"); |
---|
[31367] | 36 | |
---|
| 37 | $template->func_combine_css(array('id'=>'dst','path'=>ANTIASPI_PATH.'antiaspi.css')); |
---|
| 38 | |
---|
[31362] | 39 | $admin_base_url = ANTIASPI_ADMIN . '-ipban'; |
---|
| 40 | if (pwg_db_num_rows($ipban)) { |
---|
| 41 | while ($ipban2 = pwg_db_fetch_assoc($ipban)) { |
---|
| 42 | |
---|
| 43 | $items = array( |
---|
| 44 | 'ID' => $ipban2['id'], |
---|
| 45 | 'IP' => $ipban2['ip'], |
---|
| 46 | 'DATE' => $ipban2['date'], |
---|
| 47 | 'U_DELETE' => $admin_base_url . '&delete=' . $ipban2['id'], |
---|
| 48 | 'U_EDIT' => $admin_base_url . '&edit=' . $ipban2['id'], |
---|
| 49 | ); |
---|
| 50 | |
---|
| 51 | $template->append('ipban2', $items); |
---|
| 52 | } |
---|
| 53 | } |
---|
| 54 | |
---|
| 55 | if (isset($_GET['delete'])) { |
---|
| 56 | |
---|
| 57 | check_input_parameter('delete', $_GET, false, PATTERN_ID); |
---|
| 58 | $query = 'DELETE FROM ' . ANTIASPI_TABLE . ' WHERE id = ' . $_GET['delete'] . ';'; |
---|
| 59 | pwg_query($query); |
---|
| 60 | |
---|
[31366] | 61 | $_SESSION['page_infos'] = array(l10n('IP ban deleted')); |
---|
[31362] | 62 | redirect($admin_base_url); |
---|
| 63 | } |
---|
| 64 | |
---|
| 65 | if (isset($_GET['edit'])) { |
---|
| 66 | check_input_parameter('edit', $_GET, false, PATTERN_ID); |
---|
| 67 | $query = 'SELECT * FROM ' . ANTIASPI_TABLE . ' WHERE id = \'' . $_GET['edit'] . '\';'; |
---|
| 68 | $result = pwg_query($query); |
---|
| 69 | $row = pwg_db_fetch_assoc($result); |
---|
| 70 | $template->assign( |
---|
| 71 | 'ipban_edit', array( |
---|
| 72 | 'ID' => $row['id'], |
---|
| 73 | 'IP' => $row['ip'], |
---|
| 74 | 'DATE' => $row['date'], |
---|
| 75 | )); |
---|
| 76 | } |
---|
| 77 | |
---|
| 78 | if (isset($_POST['submitaddipban2'])) { |
---|
| 79 | $query = 'UPDATE ' . ANTIASPI_TABLE .' SET ip= "'.$_POST['inserip'].'" , date = "'.$_POST['inserdate'].'" WHERE id = '.$_POST['invisibleID'].';'; |
---|
| 80 | $result = pwg_query($query); |
---|
| 81 | $_SESSION['page_infos'] = array(l10n('Ip ban update')); |
---|
| 82 | redirect($admin_base_url); |
---|
| 83 | } |
---|
| 84 | |
---|
| 85 | //add ban |
---|
| 86 | if (isset($_POST['submitipban'])) { |
---|
| 87 | $template->assign( |
---|
| 88 | 'ipban_add', array( |
---|
| 89 | 'nada' => l10n('nada'), |
---|
| 90 | )); |
---|
| 91 | $template->clear_assign( |
---|
| 92 | 'ipban_edit', array( |
---|
| 93 | )); |
---|
| 94 | } |
---|
| 95 | |
---|
| 96 | if (isset($_POST['submitaddipban'])) { |
---|
| 97 | $query = 'INSERT INTO ' . ANTIASPI_TABLE .'(ip,date) VALUES ("' . $_POST['inserip'] . '","' . $_POST['inserdate'].'");'; |
---|
| 98 | $result = pwg_query($query); |
---|
| 99 | $_SESSION['page_infos'] = array(l10n('Ip ban insert')); |
---|
| 100 | redirect($admin_base_url); |
---|
| 101 | } |
---|
| 102 | |
---|
| 103 | |
---|
| 104 | break; |
---|
[31370] | 105 | case 'ipconfig': |
---|
| 106 | global $conf, $template; |
---|
| 107 | $admin_base_url = ANTIASPI_ADMIN . '-ipconfig'; |
---|
| 108 | $antiaspi = safe_unserialize($conf['antiaspi']); |
---|
| 109 | /* |
---|
| 110 | $conf['antiaspi'] = array( |
---|
| 111 | 'diff' => '20 pages in 00:00:10' , // IP banned if 20 different pages viewed in 10 seconds |
---|
| 112 | 'same' => '15 pages in 00:00:30' , // IP banned if same 15 pages viewed in 30 seconds |
---|
| 113 | 'banned during' => '23:59:59' , // IP banned during hh:mm:ss |
---|
| 114 | 'only guest' => true , // If true, don't ban registered users |
---|
| 115 | 'only picture' => false , // If true, apply antiaspi only on picture page |
---|
| 116 | 'allowed ip' => array() // Autorized IP (robots for example) |
---|
| 117 | ); |
---|
| 118 | */ |
---|
| 119 | $diff = explode(" pages in ", $antiaspi['diff']); |
---|
| 120 | $tempsdiff= explode(":", $diff[1]); |
---|
| 121 | $tempsdiffsec=$tempsdiff[2]+($tempsdiff[1]*60)+($tempsdiff[0]*60*60); |
---|
| 122 | |
---|
| 123 | $same = explode(" pages in ", $antiaspi['same']); |
---|
| 124 | $tempssame= explode(":", $same[1]); |
---|
| 125 | $tempssamesec=$tempssame[2]+($tempssame[1]*60)+($tempssame[0]*60*60); |
---|
| 126 | |
---|
| 127 | $onlyguest = array( |
---|
| 128 | l10n('yes'), |
---|
| 129 | l10n('no'), |
---|
| 130 | ); |
---|
| 131 | $onlyguestv = array( |
---|
| 132 | true, |
---|
| 133 | false, |
---|
| 134 | ); |
---|
| 135 | $onlypicture = array( |
---|
| 136 | l10n('yes'), |
---|
| 137 | l10n('no'), |
---|
| 138 | ); |
---|
| 139 | $onlypicturev = array( |
---|
| 140 | true, |
---|
| 141 | false, |
---|
| 142 | ); |
---|
| 143 | $template->assign( |
---|
| 144 | 'ipconfiggest', array( |
---|
| 145 | 'DIFFA' => $diff[0], |
---|
| 146 | 'DIFFB' => $tempsdiffsec, |
---|
| 147 | 'SAMEA' => $same[0], |
---|
| 148 | 'SAMEB' => $tempssamesec, |
---|
| 149 | 'ONLYGUEST' => $onlyguest, |
---|
| 150 | 'ONLYGUESTV' => $onlyguestv, |
---|
| 151 | 'ONLYGUESTSELECT' => $antiaspi['only guest'], |
---|
| 152 | 'ONLYPICTURE' => $onlypicture, |
---|
| 153 | 'ONLYPICTUREV' => $onlypicturev, |
---|
| 154 | 'ONLYPICTURESELECT' => $antiaspi['only picture'], |
---|
| 155 | )); |
---|
| 156 | $i = 0; |
---|
| 157 | while ($i < count($antiaspi['allowed ip'])) { |
---|
| 158 | |
---|
| 159 | $items = array( |
---|
| 160 | 'IP' => $antiaspi['allowed ip'][$i], |
---|
| 161 | 'U_DELETE' => $admin_base_url . '&delete='.$i , |
---|
| 162 | ); |
---|
| 163 | |
---|
| 164 | $template->append('allowip', $items); |
---|
| 165 | $i++; |
---|
| 166 | } |
---|
| 167 | |
---|
| 168 | |
---|
| 169 | /*$time = '7000'; |
---|
| 170 | echo date('h:i:s', $time); |
---|
| 171 | */ |
---|
| 172 | |
---|
| 173 | if (isset($_POST['submitconfban'])) { |
---|
| 174 | /*$time = date('h:i:s', $_POST['insdiffb']); revoir fonction date HS ?*/ |
---|
| 175 | $antiaspi['diff']=$_POST['insdiffa'].' pages in '.date('00:i:s', ($_POST['insdiffb'])); |
---|
| 176 | $antiaspi['same']=$_POST['inssamea'].' pages in '.date('00:i:s', ($_POST['inssameb'])); |
---|
| 177 | $antiaspi['only guest']=$_POST['insonlyguest']; |
---|
| 178 | $antiaspi['only picture']=$_POST['insonlypicturet']; |
---|
| 179 | |
---|
| 180 | conf_update_param('antiaspi', $antiaspi); |
---|
| 181 | redirect($admin_base_url); |
---|
[31362] | 182 | } |
---|
[31370] | 183 | |
---|
| 184 | if (isset($_POST['submitaddipallowed'])) { |
---|
| 185 | $i = 0; |
---|
| 186 | while ($i < count($antiaspi['allowed ip'])) { |
---|
| 187 | if($_POST['insipallowed']==$antiaspi['allowed ip'][$i]) |
---|
| 188 | { |
---|
| 189 | $_SESSION['page_errors'] = array(l10n('IP already allowed')); |
---|
| 190 | redirect($admin_base_url); |
---|
| 191 | } |
---|
| 192 | $i++; |
---|
| 193 | }; |
---|
| 194 | |
---|
| 195 | $antiaspi['allowed ip'][]=$_POST['insipallowed']; |
---|
| 196 | conf_update_param('antiaspi', $antiaspi); |
---|
| 197 | redirect($admin_base_url); |
---|
| 198 | } |
---|
| 199 | |
---|
| 200 | if (isset($_GET['delete'])) { |
---|
| 201 | check_input_parameter('delete', $_GET, false, PATTERN_ID); |
---|
| 202 | unset($antiaspi['allowed ip'][($_GET['delete'])]); |
---|
| 203 | $antiaspi['allowed ip'] = array_values($antiaspi['allowed ip']); |
---|
| 204 | conf_update_param('antiaspi', $antiaspi); |
---|
| 205 | redirect($admin_base_url); |
---|
| 206 | } |
---|
| 207 | |
---|
| 208 | |
---|
| 209 | break; |
---|
| 210 | } |
---|
[31362] | 211 | |
---|
| 212 | |
---|
| 213 | $template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl')); |
---|
| 214 | $template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content'); |
---|
| 215 | ?> |
---|