如何限制访问者的ip(PHPBB的代码)
2018-09-07 12:10
如何限制访问者的ip(PHPBB的代码) Code: <?php
/***************************************************************************
* admin_user_ban.php
* -------------------
* begin : Tuesday, Jul 31, 2001
* copyright : (C) 2001 The phpBB Group
*
* $Id: admin_user_ban.php,v 1.21.2.2 2002/05/12 15:57:45 psotfx Exp $
*
*
***************************************************************************/
/***************************************************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* [url]
*
* As always, make a backup before messing with anything. All code
* release by me is considered sample code only. It may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on [url]
* then on my site. All original header code and copyright messages will be maintained
* to give credit where credit is due. If you modify this, the only requirement is
* that you also maintain all original copyright messages. All my work is released
* under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
define(IN_PHPBB, 1);
if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module[Users][Ban_Management] = $filename;
return;
}
//
// Load default header
//
$phpbb_root_path = ./../;
require(./pagestart. . $phpEx);
//
// Start program
//
if ( isset($HTTP_POST_VARS[submit]) )
{
$user_bansql = ;
$email_bansql = ;
$ip_bansql = ;
$user_list = array();
if ( !empty($HTTP_POST_VARS[username]) )
{
$this_userdata = get_userdata($HTTP_POST_VARS[username]);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang[No_user_id_specified] );
}
$user_list[] = $this_userdata[user_id];
}
$ip_list = array();
if ( isset($HTTP_POST_VARS[ban_ip]) )
{
$ip_list_temp = explode(,, $HTTP_POST_VARS[ban_ip]);
for($i = 0; $i < count($ip_list_temp); $i++)
{
if ( preg_match(/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/, trim($ip_list_temp[$i]), $ip_range_explode) )
{
//
// Dont ask about all this, just dont ask ... !为什么
//
$ip_1_counter = $ip_range_explode[1];
$ip_1_end = $ip_range_explode[5];
while ( $ip_1_counter <= $ip_1_end )
{
$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];
if ( $ip_2_counter == 0 && $ip_2_end == 254 )
{
$ip_2_counter = 255;
$ip_2_fragment = 255;
$ip_list[] = encode_ip($ip_1_counter.255.255.255);
}
while ( $ip_2_counter <= $ip_2_end )
{
$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
$ip_3_end = ( $ip_2_counter < $ip_2_end
$ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];
if ( $ip_3_counter == 0 && $ip_3_end == 254 )
{
$ip_3_counter = 255;
$ip_3_fragment = 255;
$ip_list[] = encode_ip($ip_1_counter.$ip_2_counter.255.255);
}
while ( $ip_3_counter <= $ip_3_end )
{
$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
$ip_4_end = ( $ip_3_counter < $ip_3_end
$ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];
if ( $ip_4_counter == 0 && $ip_4_end == 254 )
{
$ip_4_counter = 255;
$ip_4_fragment = 255;
$ip_list[] = encode_ip($ip_1_counter.$ip_2_counter.$ip_3_counter.255);
}
while ( $ip_4_counter <= $ip_4_end )
{
$ip_list[] = encode_ip($ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter);
$ip_4_counter++;
}
$ip_3_counter++;
}
$ip_2_counter++;
}
$ip_1_counter++;
}
}
else if ( preg_match(/^([\w\-_]\.?){2,}$/is, trim($ip_list_temp[$i])) )
{
$ip = gethostbynamel(trim($ip_list_temp[$i]));
for($j = 0; $j < count($ip); $j++)
{
if ( !empty($ip[$j]) )
{
$ip_list[] = encode_ip($ip[$j]);
}
}
}
else if ( preg_match(/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/, trim($ip_list_temp[$i])) )
{
$ip_list[] = encode_ip(str_replace(*, 255, trim($ip_list_temp[$i])));
}
}
}
$email_list = array();
if ( isset($HTTP_POST_VARS[ban_email]) )
{
$email_list_temp = explode(,, $HTTP_POST_VARS[ban_email]);
for($i = 0; $i < count($email_list_temp); $i++)
{
//
// This ereg match is based on one by [email]php@unreelpro.com[/email]
// contained in the annotated php manual at php.com (ereg
// section)
//
if ( eregi(^(([[:alnum:]\*]+([-_.][[:alnum:]\*]+)*\.?)(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$, trim($email_list_temp[$i])) )
{
$email_list[] = trim($email_list_temp[$i]);
}
}
}
$sql = SELECT *
FROM . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, Couldnt obtain banlist information, , __LINE__, __FILE__, $sql);
}
$current_banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$kill_session_sql = ;
for($i = 0; $i < count($user_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $user_list[$i] == $current_banlist[$j][ban_userid] )
{
$in_banlist = true;
}
}
if ( !$in_banlist )
{
$kill_session_sql .= ( ( $kill_session_sql != ) ? OR : ) . session_user_id = . $user_list[$i];
$sql = INSERT INTO . BANLIST_TABLE . (ban_userid)
VALUES ( . $user_list[$i] . );
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, Couldnt insert ban_userid info into database, , __LINE__, __FILE__, $sql);
}
}
}
for($i = 0; $i < count($ip_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $ip_list[$i] == $current_banlist[$j][ban_ip] )
{
$in_banlist = true;
}
}
if ( !$in_banlist )
{
if ( preg_match(/(ff\.)(\.ff)/is, chunk_split($ip_list[$i], 2, .)) )
{
$kill_ip_sql = session_ip LIKE . str_replace(., , preg_replace(/(ff\.)(\.ff)/is, %, chunk_split($ip_list[$i], 2, .))) . ;
}
else
{
$kill_ip_sql = session_ip = . $ip_list[$i] . ;
}
$kill_session_sql .= ( ( $kill_session_sql != ) ? OR : ) . $kill_ip_sql;
$sql = INSERT INTO . BANLIST_TABLE . (ban_ip)
VALUES ( . $ip_list[$i] . );
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, Couldnt insert ban_ip info into database, , __LINE__, __FILE__, $sql);
}
}
}
//
// Now well delete all entries from the session table with any of the banned
// user or IP info just entered into the ban table ... this will force a session
// initialisation resulting in an instant ban
//
if ( $kill_session_sql != )
{
$sql = DELETE FROM . SESSIONS_TABLE .
WHERE $kill_session_sql;
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, Couldnt delete banned sessions from database, , __LINE__, __FILE__, $sql);
}
}
for($i = 0; $i < count($email_list); $i++)
{
$in_banlist = false;
for($j = 0; $j < count($current_banlist); $j++)
{
if ( $email_list[$i] == $current_banlist[$j][ban_email] )
{
$in_banlist = true;
}
}
if ( !$in_banlist )
{
$sql = INSERT INTO . BANLIST_TABLE . (ban_email)
VALUES ( . str_replace(, , $email_list[$i]) . );
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, Couldnt insert ban_email info into database, , __LINE__, __FILE__, $sql);
}
}
}
$where_sql = ;
if ( isset($HTTP_POST_VARS[unban_user]) )
{
$user_list = $HTTP_POST_VARS[unban_user];
for($i = 0; $i < count($user_list); $i++)
{
if ( $user_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != ) ? , : ) . $user_list[$i];
}
}
}
if ( isset($HTTP_POST_VARS[unban_ip]) )
{
$ip_list = $HTTP_POST_VARS[unban_ip];
for($i = 0; $i < count($ip_list); $i++)
{
if ( $ip_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != ) ? , : ) . $ip_list[$i];
}
}
}
if ( isset($HTTP_POST_VARS[unban_email]) )
{
$email_list = $HTTP_POST_VARS[unban_email];
for($i = 0; $i < count($email_list); $i++)
{
if ( $email_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != ) ? , : ) . $email_list[$i];
}
}
}
if ( $where_sql != )
{
$sql = DELETE FROM . BANLIST_TABLE .
WHERE ban_id IN ($where_sql);
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, Couldnt delete ban info from database, , __LINE__, __FILE__, $sql);
}
}
$message = $lang[Ban_update_sucessful] . <br /><br /> . sprintf($lang[Click_return_banadmin], <a href= . append_sid(admin_user_ban.$phpEx) . >, </a>) . <br /><br /> . sprintf($lang[Click_return_admin_index], <a href= . append_sid(index.$phpEx?pane=right) . >, </a>);
message_die(GENERAL_MESSAGE, $message);
}
else
{
$template->set_filenames(array(
body => admin/user_ban_body.tpl)
);
$template->assign_vars(array(
L_BAN_TITLE => $lang[Ban_control],
L_BAN_EXPLAIN => $lang[Ban_explain],
L_BAN_EXPLAIN_WARN => $lang[Ban_explain_warn],
L_IP_OR_HOSTNAME => $lang[IP_hostname],
L_EMAIL_ADDRESS => $lang[Email_address],
L_SUBMIT => $lang[Submit],
L_RESET => $lang[Reset],
S_BANLIST_ACTION => append_sid(admin_user_ban.$phpEx))
);
$template->assign_vars(array(
L_BAN_USER => $lang[Ban_username],
L_BAN_USER_EXPLAIN => $lang[Ban_username_explain],
L_BAN_IP => $lang[Ban_IP],
L_BAN_IP_EXPLAIN => $lang[Ban_IP_explain],
L_BAN_EMAIL => $lang[Ban_email],
L_BAN_EMAIL_EXPLAIN => $lang[Ban_email_explain])
);
$userban_count = 0;
$ipban_count = 0;
$emailban_count = 0;
FROM . BANLIST_TABLE . b, . USERS_TABLE . u
WHERE u.user_id = b.ban_userid
AND b.ban_userid <> 0
AND u.user_id <> . ANONYMOUS .
ORDER BY u.user_id ASC;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, Could not select current user_id ban list, , __LINE__, __FILE__, $sql);
}
$user_list = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$select_userlist = ;
for($i = 0; $i < count($user_list); $i++)
{
$select_userlist .= <option value= . $user_list[$i][ban_id] . > . $user_list[$i][username] . </option>;
$userban_count++;
}
if( $select_userlist == )
{
$select_userlist = <option value=-1> . $lang[No_banned_users] . </option>;
}
$select_userlist = <select name=unban_user[] multiple=multiple size=5> . $select_userlist . </select>;
$sql = SELECT ban_id, ban_ip, ban_email
FROM . BANLIST_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, Could not select current ip ban list, , __LINE__, __FILE__, $sql);
}
$banlist = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$select_iplist = ;
$select_emaillist = ;
for($i = 0; $i < count($banlist); $i++)
{
$ban_id = $banlist[$i][ban_id];
if ( !empty($banlist[$i][ban_ip]) )
{
$ban_ip = str_replace(255, *, decode_ip($banlist[$i][ban_ip]));
$select_iplist .= <option value= . $ban_id . > . $ban_ip . </option>;
$ipban_count++;
}
else if ( !empty($banlist[$i][ban_email]) )
{
$ban_email = $banlist[$i][ban_email];
$select_emaillist .= <option value= . $ban_id . > . $ban_email . </option>;
$emailban_count++;
}
}
if ( $select_iplist == )
{
$select_iplist = <option value=-1> . $lang[No_banned_ip] . </option>;
}
if ( $select_emaillist == )
{
$select_emaillist = <option value=-1> . $lang[No_banned_email] . </option>;
}
$select_iplist = <select name=unban_ip[] multiple=multiple size=5> . $select_iplist . </select>;
$select_emaillist = <select name=unban_email[] multiple=multiple size=5> . $select_emaillist . </select>;
$template->assign_vars(array(
L_UNBAN_USER => $lang[Unban_username],
L_UNBAN_USER_EXPLAIN => $lang[Unban_username_explain],
L_UNBAN_IP => $lang[Unban_IP],
L_UNBAN_IP_EXPLAIN => $lang[Unban_IP_explain],
L_UNBAN_EMAIL => $lang[Unban_email],
L_UNBAN_EMAIL_EXPLAIN => $lang[Unban_email_explain],
L_USERNAME => $lang[Username],
L_LOOK_UP => $lang[Look_up_User],
L_FIND_USERNAME => $lang[Find_username],
U_SEARCH_USER => append_sid(search.$phpEx?mode=searchuser&popup=1&menu=1),
S_UNBAN_USERLIST_SELECT => $select_userlist,
S_UNBAN_IPLIST_SELECT => $select_iplist,
S_UNBAN_EMAILLIST_SELECT => $select_emaillist,
S_BAN_ACTION => append_sid(admin_user_ban.$phpEx))
);
}
$template->pparse(body);
include(./page_footer_admin..$phpEx);
?>
上一篇:一个好用的分页函数
下一篇:Yii2.0多文件上传实例说明