uid) { $track = db_fetch_object(db_query("SELECT * FROM {troll_ip_track} WHERE uid = %d AND ip_address = '%s'", $user->uid, $_SERVER['REMOTE_ADDR'])); if ($track->uid) { // record for this IP exists, update accessed timestamp db_query("UPDATE {troll_ip_track} SET accessed = %d WHERE uid = %d AND ip_address = '%s'", time(), $user->uid, $_SERVER['REMOTE_ADDR']); } else { // insert new IP record for user db_query("INSERT INTO {troll_ip_track} (uid, ip_address, created, accessed) VALUES (%d, '%s', %d, %d)", $user->uid, $_SERVER['REMOTE_ADDR'], time(), time()); } } if (variable_get('troll_enable_ip_ban', FALSE)) { $ban = db_fetch_object(db_query('SELECT * FROM {troll_ip_ban} WHERE (expires > %d OR expires = 0) AND ip_address = \'%s\'', time(), $_SERVER['REMOTE_ADDR'])); if ($ban->ip_address) { global $base_url; watchdog('troll', 'IP Ban: '. $_SERVER['REMOTE_ADDR'], l(t('administer'), 'admin/settings/troll/ip_ban/'), WATCHDOG_NOTICE); $troll_ip_ban_redirect = variable_get('troll_ip_ban_redirect', ''); $page = (empty($troll_ip_ban_redirect) ? drupal_get_path('module', 'troll') .'/blocked.html' : $troll_ip_ban_redirect); header('location: '. $base_url .'/'. $page); die(); } } } /** * Implementation of hook_help. * * @param $section string */ function troll_help($section = 'admin/help#legal') { switch ($section) { case 'admin/settings/troll/ip_ban': if (!variable_get('troll_enable_ip_ban', FALSE)) { return theme('error', t('IP banning is currently disabled, you can enable it in the !settings page', array('!settings' => l(t('settings'), 'admin/settings/troll/settings')))); } break; } } /** * Implementation of hook_settings(). * * @return array */ function troll_admin_settings() { $form['ip_settings'] = array( '#type' => 'fieldset', '#title' => 'IP Address Banning' ); $form['ip_settings']['troll_enable_ip_ban'] = array( '#type' => 'radios', '#title' => t('IP Address Banning'), '#default_value' => variable_get('troll_enable_ip_ban', 1), '#options' => array('1' => t('Enable banning by IP address'), '0' => t('Disable banning by IP address')) ); $form['ip_settings']['troll_ip_ban_redirect'] = array( '#type' => 'textfield', '#title' => t('IP Ban Relocation Page'), '#default_value' => variable_get('troll_ip_ban_redirect', ''), '#description' => t("Page for relocating users banned based on their IP address or domain name. If left blank, users will be redirected to blocked.html in the troll module's directory. Do not use a drupal path here! You will cause a loop since IP banning completely blocks all access to the site! Edit the blocked.html file, or redirect to http://localhost."), ); $roles = user_roles(); $form['role_settings'] = array( '#type' => 'fieldset', '#title' => t('User Blocking') ); $form['role_settings']['troll_block_role'] = array( '#type' => 'select', '#title' => t('Troll Block Role'), '#default_value' => variable_get('troll_block_role', ''), '#options' => $roles, '#description' => t('Select the role to set users to when blocking from the troll adminstration screens') ); return system_settings_form($form); } /** * Implementation of hook_perm(). */ function troll_perm() { return array('administer troll'); } /** * Implementation of hook_menu(). * * @return array */ function troll_menu($may_cache) { $items = array(); $access = user_access('administer troll'); if ($may_cache) { $items[] = array( 'path' => 'admin/settings/troll', 'title' => t('Troll'), 'description' => t('Manage visitor IP banning.'), 'callback' => 'troll_search_users', 'access' => $access, 'weight' => 0, ); $items[] = array( 'path' => 'admin/settings/troll/search', 'title' => t('Search Users'), 'callback' => 'troll_search_users', 'type' => MENU_DEFAULT_LOCAL_TASK, 'access' => $access, 'weight' => 0 ); $items[] = array( 'path' => 'admin/settings/troll/ip_ban', 'title' => t('IP Banning'), 'callback' => 'troll_ip_ban', 'type' => MENU_LOCAL_TASK, 'access' => $access, 'weight' => 1 ); $items[] = array( 'path' => 'admin/settings/troll/ip_blacklist', 'title' => t('Blacklists'), 'callback' => 'troll_blacklist', 'type' => MENU_LOCAL_TASK, 'access' => $access, 'weight' => 2 ); $items[] = array( 'path' => 'admin/settings/troll/settings', 'title' => t('Settings'), 'callback' => 'drupal_get_form', 'callback arguments' => array('troll_admin_settings'), 'type' => MENU_LOCAL_TASK, 'access' => user_access('administer site configuration'), 'weight' => 3 ); $items[] = array( 'path' => 'admin/settings/troll/ip_ban/edit', 'title' => t('IP Ban Form'), 'callback' => 'drupal_get_form', 'callback arguments' => 'troll_ip_ban_form', 'type' => MENU_CALLBACK, 'access' => $access ); } return $items; } /** * * MENU CALLBACKS * **/ /** * User IP banning page callback function. */ function troll_ip_ban($op = NULL, $iid = NULL) { $op = $_POST['op'] ? $_POST['op'] : $op; $edit = $_POST ? $_POST : $edit; switch ($op) { case 'user': $ip = db_fetch_object(db_query('SELECT ip_address FROM {troll_ip_track} WHERE uid = %d ORDER BY accessed DESC', $iid)); $edit['ip_address'] = $ip->ip_address; troll_insert_ip($edit); drupal_goto('admin/settings/troll/ip_ban'); break; case t('Ban IP'): troll_insert_ip($edit); drupal_goto('admin/settings/troll/ip_ban'); break; case t('Update Banned IP'): troll_update_ip($edit); drupal_goto('admin/settings/troll/ip_ban'); break; case 'delete': $output = troll_confirm_delete_ip($iid); break; case t('Confirm'): troll_remove_ip($iid); drupal_goto('admin/settings/troll/ip_ban'); break; case t('Cancel'): drupal_goto('admin/settings/troll/ip_ban'); break; default: $form['banform'] = array( '#type' => 'fieldset', '#title' => t('Add IP Ban'), '#value' => drupal_get_form('troll_ip_ban_form'), '#weight' => -1, '#collapsible' => true ); $form['ipdisplay'] = array( '#type' => 'fieldset', '#title' => t('Banned IPs'), '#value' => troll_display_ip(), '#weight' => 0, '#collapsible' => true ); $output = drupal_render($form); break; } return $output; } /** * Central function to display Blacklists tab and fire * off functions for Blacklist-related form submissions * * @param string $op * @param array $edit * @return string */ function troll_blacklist($op = NULL, $edit = NULL) { $op = $_POST['op'] ? $_POST['op'] : $op; switch ($op) { case t('Update Blacklist Punishments'): variable_set('troll_blacklist_mod_requests', $_POST['mod_requests']); variable_set('troll_blacklist_stutter', $_POST['stutter']); variable_set('troll_blacklist_alt_page', $_POST['alt_page']); variable_set('troll_blacklist_alt_url', $_POST['alt_url']); drupal_goto('admin/settings/troll/ip_blacklist'); break; case t('Import List'): if (!empty($_POST['truncate_list'])) { if (db_query('TRUNCATE TABLE {troll_blacklist}')) { drupal_set_message(t('Blacklist table truncated.')); } } if (!empty($_POST['select_list'])) { troll_blacklist_import_list($_POST['select_list']); } if (!empty($_POST['custom_list'])) { troll_blacklist_import_url($_POST['custom_list']); } drupal_goto('admin/settings/troll/ip_blacklist'); break; case t('Search Blacklisted IPs'): return troll_blacklist_search($_POST['ip_address']); break; case t('Insert Whitelist IPs'): troll_whitelist_insert_ips($_POST['whitelist_addr1'], $_POST['whitelist_addr2']); drupal_goto('admin/settings/troll/ip_blacklist'); break; case t('Update Whitelist IPs'): troll_whitelist_insert_ips($_POST['whitelist_addr1'], $_POST['whitelist_addr2']); drupal_goto('admin/settings/troll/ip_blacklist'); break; case 'deletewhite': $output = troll_confirm_delete_white_block(arg(5), arg(6)); break; case t('Confirm Whitelist Removal'): troll_remove_whitelist($_POST['net'], $_POST['bcast']); drupal_goto('admin/settings/troll/ip_blacklist'); break; case 'deleteblack': $output = troll_confirm_delete_black_block(arg(5), arg(6)); break; case t('Confirm Blacklist Removal'): troll_remove_blacklist($_POST['net'], $_POST['bcast']); drupal_goto('admin/settings/troll/ip_blacklist'); break; default: $form['blacklist_info'] = array( '#type' => 'fieldset', '#title' => t('Blacklist Summary'), '#value' => troll_blacklist_summary(), '#weight' => -4, '#collapsible' => true, '#collapsed' => false ); $form['blacklist_punishment'] = array( '#type' => 'fieldset', '#title' => t('Blacklist Visitor Punishment'), '#value' => troll_blacklist_punishment(), '#weight' => -3, '#collapsible' => true, '#collapsed' => true ); $form['blacklist_import'] = array( '#type' => 'fieldset', '#title' => t('Import Blacklist'), '#value' => troll_blacklist_import(), '#weight' => -2, '#collapsible' => true, '#collapsed' => true ); $form['search_blacklist'] = array( '#type' => 'fieldset', '#title' => t('Search Blacklisted IPs'), '#value' => troll_blacklist_search_blacklist(), '#weight' => 0, '#collapsible' => true, '#collapsed' => true ); $form['whitelist_form'] = array( '#type' => 'fieldset', '#title' => t('Whitelist IPs'), '#value' => troll_whitelist(), '#description' => t('Whitelisted IPs override the blacklist. Does not apply to the IP Ban feature.'), '#weight' => 1, '#collapsible' => true, '#collapsed' => true ); $output = drupal_render($form); break; } return $output; } /** * Summary of how many IP blocks are filtered * * @return string */ function troll_blacklist_summary() { $count = db_result(db_query('SELECT COUNT(net) FROM {troll_blacklist}')); return t('%d address blocks filtered.', array('%d' => $count)); } /** * Form builder function * * @uses troll_blacklist_punishment_form() * @return string */ function troll_blacklist_punishment() { return drupal_get_form('troll_blacklist_punishment_form'); } /** * Gives admins a choice of how to punish blacklisted visitors * * @return array */ function troll_blacklist_punishment_form() { $form['stutter'] = array( '#type' => 'checkbox', '#title' => t('Randomly stutter output'), '#default_value' => variable_get('troll_blacklist_stutter', 0), '#description' => t('While outputting content, the troll module will cause Drupal to "sleep" for random intervals of 1-5 seconds to delay output.') ); $form['mod_requests'] = array( '#type' => 'radios', '#title' => t('Page request modification'), '#options' => array(t('none'), 'silent_post_drop' => 'Silently drop form post submission data', 'notice_post_drop' => 'Drop form post submission data and give a notice'), '#default_value' => variable_get('troll_blacklist_mod_requests', '0'), '#description' => t('Modifies data sent by visitors from blacklisted IPs before Drupal even has a chance to process it.') ); $form['alt_page_output'] = array( '#type' => 'fieldset', '#title' => 'Alternate page output' ); $form['alt_page_output']['alt_page'] = array( '#type' => 'radios', '#title' => 'Alternate pages', '#options' => array(t('none'), 'blank' => t('Blank pages'), '404' => t('404 every page request'), 'redirect' => t('Redirect to alternate URL')), '#default_value' => variable_get('troll_blacklist_alt_page', '0'), '#description' => t('Sends alternate page output, whether the visitor hits a real URL or not.') ); $form['alt_page_output']['alt_url'] = array( '#type' => 'textfield', '#title' => t('Redirection URL'), '#default_value' => variable_get('troll_blacklist_alt_url', ''), '#description' => t('URL to redirect blacklisted visitors to if "Redirect to alternate URL" is selected. Start with the appropriate prefix (e.g. http://)') ); $form['submit'] = array( '#type' => 'submit', '#value' => t('Update Blacklist Punishments'), '#weight' => 1 ); return $form; } /** * Form builder function * * @uses troll_blacklist_import_form() * @return string */ function troll_blacklist_import() { return drupal_get_form('troll_blacklist_import_form'); } /** * Builds form array for admin to select how to import a new blacklist. * * @return array */ function troll_blacklist_import_form() { $form['truncate_list'] = array( '#type' => 'checkbox', '#title' => t('Truncate/delete existing blacklist before import') ); $options = array(); $options[0] = ''; if (function_exists('gzopen')) { $options['S1gz'] = 'OpenBSD mirror: SPEWS.org Level 1 bzip archive'; $options['S2gz'] = 'OpenBSD mirror: SPEWS.org Level 2 bzip archive'; $options['OCgz'] = 'OpenBSD mirror: okean.com China bzip archive'; $options['OKgz'] = 'OpenBSD mirror: okean.com Korea bzip archive'; } $options['S1tx'] = 'SPEWS.org Level 1 text file'; $options['S2tx'] = 'SPEWS.org Level 2 text file'; $options['OTtx'] = 'okean.com China and Korea text file'; $options['OCtx'] = 'okean.com China text file'; $options['OKtx'] = 'okean.com Korea text file'; $form['select_list'] = array( '#type' => 'select', '#title' => t('Download and import'), '#options' => $options, '#description' => t('Downloads supported blacklist from the internet. Please select a mirror when possible.'), ); $form['custom_list'] = array( '#type' => 'textfield', '#title' => t('List URL'), '#description' => t('URL of a list to import. List files should have one address per line in Classless Internet Domain Routing CIDR format (x.x.x.x/x). Individual IPs should still have /32.'), ); $form['submit'] = array( '#type' => 'submit', '#value' => t('Import List'), '#weight' => 1, ); return $form; } /** * Decyphers what dropdown selection was chosen to send for parsing out IP blocks * * @see troll_blacklist_import_form() * @see troll_blacklist_parse_save() * @param array $edit */ function troll_blacklist_import_list($list) { $files = array('S1gz' => array('gz' => 'http://www.openbsd.org/spamd/spews_list_level1.txt.gz'), 'S2gz' => array('gz' => 'http://www.openbsd.org/spamd/spews_list_level2.txt.gz'), 'OCgz' => array('gz' => 'http://www.openbsd.org/spamd/chinacidr.txt.gz'), 'OKgz' => array('gz' => 'http://www.openbsd.org/spamd/koreacidr.txt.gz'), 'S1tx' => array('txt' => 'http://www.spews.org/spews_list_level1.txt'), 'S2tx' => array('txt' => 'http://www.spews.org/spews_list_level2.txt'), 'OTtx' => array('txt' => 'http://www.okean.com/sinokoreacidr.txt'), 'OCtx' => array('txt' => 'http://www.okean.com/chinacidr.txt'), 'OKtx' => array('txt' => 'http://www.okean.com/koreacidr.txt')); if (!isset($files[$list])) { drupal_set_message(t('Form input not valid')); return false; } $file_type = array_keys($files[$list]); troll_blacklist_parse_save($files[$list][$file_type[0]], $file_type[0]); } /** * Parses a URL to send for parsing out IP blocks * * @see troll_blacklist_parse_save() * @param array $edit */ function troll_blacklist_import_url($edit) { $url_parts = parse_url($edit['custom_list']); $file_parts = pathinfo($url_parts['path']); troll_blacklist_parse_save($edit['custom_list'], $file_parts['extension']); } /** * Parses input file, line by line, searching for IP blocks in CIDR * format (x.x.x.x/x). Understands files in text, bzip, and bzip2 format, * where the PHP installation supports it. Writes what it finds to the * database as long integers. * * @todo should probably function_exists() the compression file functions * @param $file_name string * @param $file_type string */ function troll_blacklist_parse_save($file_name, $file_type) { $netmasks = array( 0, -2147483648, -1073741824, -536870912, -268435456, -134217728, -67108864, -33554432, -16777216, -8388608, -4194304, -2097152, -1048576, -524288, -262144, -131072, -65536, -32768, -16384, -8192, -4096, -2048, -1024, -512, -256, -128, -64, -32, -16, -8, -4, -2, -1); switch ($file_type) { case 'gz': $fp = gzopen($file_name, 'r'); break; default: $fp = fopen($file_name, 'r'); break; } if (is_resource($fp)) { $i = 0; while (!feof($fp)) { $buffer = fgets($fp); if ($buffer{0} != '#' && ($buffer{0} != '/' && $buffer{1} != '/') && !empty($buffer)) { preg_match("/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\/([0-9]{1,2})/", $buffer, $matches); // $matches array // 0 = whole string // 1 = i.i.i.i // 2 = s $longip = ip2long($matches[1]); unset($buffer, $matches[0], $matches[1]); if ($matches[2] == 32) { $net = $bcast = $longip; } else { $net = $longip & $netmasks[$matches[2]]; $bcast = $longip | ($netmasks[$matches[2]] ^ -1); } db_query('DELETE FROM {troll_blacklist} WHERE net = %d AND bcast = %d', $net, $bcast); db_query('INSERT INTO {troll_blacklist} (net, bcast) VALUES (%d, %d)', $net, $bcast); $i++; } } switch ($file_type) { case 'gz': gzclose($fp); break; default: fclose($fp); break; } drupal_set_message(t('%i IP blocks imported', array('%i' => $i))); } else { drupal_set_message(t('Import failed! File could not be read.')); } } /** * Form builder function * * @uses troll_blacklist_search_blacklist_form() * @return string */ function troll_blacklist_search_blacklist() { return drupal_get_form('troll_blacklist_search_blacklist_form'); } /** * Form to search blacklist to see if an IP matches * * @return array */ function troll_blacklist_search_blacklist_form() { $form['ip_address'] = array( '#type' => 'textfield', '#title' => t('IP Address'), '#size' => 15, '#maxlength' => 15, '#description' => t('Address to search for in the database of imported IP blocks.'), '#required' => TRUE ); $form['submit'] = array( '#type' => 'submit', '#value' => t('Search Blacklisted IPs'), '#weight' => 1 ); return $form; } /** * Perform search to see if an IP address matches a blacklisted IP block. * If no results are found, get redirected to the blacklist management * page instead of seeing results. * * @param $edit array * @return string */ function troll_blacklist_search($ip_address) { $longip = _troll_longip($ip_address); $sql = "SELECT net, bcast FROM {troll_blacklist} WHERE net <= %d AND bcast >= %d"; $headers = array( array('data' => t('Network Address'), 'field' => 'net', 'sort' => 'asc'), array('data' => t('Broadcast Address'), 'field' => 'bcast'), array('data' => t('Actions'), 'field' => 'delete') ); $sql .= tablesort_sql($headers); $result = pager_query($sql, 25, 0, NULL, $longip, $longip); if (db_num_rows($result) == 0) { drupal_set_message(t('No matches found in blacklist search.')); drupal_goto('admin/settings/troll/ip_blacklist'); } while ($row = db_fetch_object($result)) { $printnet = long2ip($row->net); $printbcast = long2ip($row->bcast); $action = l(t('remove'), "admin/settings/troll/ip_blacklist/deleteblack/{$row->net}/{$row->bcast}"); $rows[] = array($printnet, $printbcast, $action); } $pager = theme('pager', NULL, 25, 0); if (!empty($pager)) { $rows[] = array(array('data' => $pager, 'colspan' => 3)); } return theme('table', $headers, $rows); } /** * Form builder function * * @param $net string Not used, here for later implementation of whitelist editing * @param $bcast string Not used, here for later implementation of whitelist editing * @uses troll_whitelist_form() * @return string */ function troll_whitelist($net = NULL, $bcast = NULL) { $output = drupal_get_form('troll_whitelist_form', $net, $bcast); $sql = 'SELECT net, bcast FROM {troll_whitelist}'; $headers = array( array('data' => t('Start/Network Address'), 'field' => 'net', 'sort' => 'asc'), array('data' => t('End/Broadcast Address'), 'field' => 'bcast'), array('data' => t('Actions'), 'field' => 'delete') ); $sql .= tablesort_sql($headers); $result = pager_query($sql, 25); while($row = db_fetch_object($result)) { $printnet = long2ip($row->net); $printbcast = long2ip($row->bcast); $action = l(t('remove'), "admin/settings/troll/ip_blacklist/deletewhite/{$row->net}/{$row->bcast}"); $rows[] = array($printnet, $printbcast, $action); } $pager = theme('pager', NULL, 25, 0); if (!empty($pager)) { $rows[] = array(array('data' => $pager, 'colspan' => 3)); } return $output . theme('table', $headers, $rows); } /** * Display form for creating new whitelist block and table of current whitelisted IPs * * @return array */ function troll_whitelist_form($net, $bcast) { $form['whitelist_addr1'] = array( '#type' => 'textfield', '#title' => t('Starting IP Address'), '#size' => 15, '#maxlength' => 15, '#default_value' => $net ? long2ip($net) : '', '#description' => t('IP or start to range of IPs to whitelist.'), '#required' => TRUE ); $form['whitelist_addr2'] = array( '#type' => 'textfield', '#title' => t('Ending IP Address'), '#size' => 15, '#maxlength' => 15, '#default_value' => $bcast ? long2ip($bcast) : '', '#description' => t('End of IP range to whitelist. If whitelisting a single IP, leave this blank.'), '#required' => false ); $form['submit'] = array( '#type' => 'submit', '#value' => ($net && $bcast) ? t('Update Whitelist IPs') : t('Insert Whitelist IPs'), '#weight' => 1 ); $form['#action'] = url('admin/settings/troll/ip_blacklist'); return $form; } /** * Insert a new IP block into the whitelist * * @param array $edit */ function troll_whitelist_insert_ips($whitelist_addr1, $whitelist_addr2) { $longip1 = _troll_longip($whitelist_addr1); $longip2 = _troll_longip(empty($whitelist_addr2) ? $whitelist_addr1 : $whitelist_addr2); if ($longip1 > $longip2) { $temp = $longip1; $longip1 = $longip2; $longip2 = $temp; unset($temp); } db_query("REPLACE INTO {troll_whitelist} (net, bcast) VALUES (%d, %d)", $longip1, $longip2); drupal_set_message(t('IP range %ip1 to %ip2 whitelisted.', array('%ip1' => long2ip($longip1), '%ip2' => long2ip($longip2)))); } /** * Convert dotted decimal IP to long integer and check for validity * * @param $ip string * @return integer */ function _troll_longip($ip) { $longip = ip2long($ip); if ($longip === false || $longip == -1) { drupal_set_message(t('IP %ip not valid!', array('%ip' => $ip))); drupal_goto('admin/settings/troll/ip_blacklist'); } return $longip; } /** * User search page callback function. * * @param $op array * @param $uid * @return string */ function troll_search_users($op = NULL, $uid = NULL) { $form_values = $_POST; $output = ''; switch ($op) { case 'view': $output = troll_search_user_detail($uid); break; case 'block': troll_block_user($uid); drupal_goto('admin/settings/troll/search'); break; default: $output = troll_search(); $output .= troll_list_users($form_values); break; } return $output; } /** * * FORM FUNCTIONS * **/ /** * IP banning form. * * @param $iid int * @return array */ function troll_ip_ban_form($iid = NULL) { $form['submit'] = array( '#type' => 'submit', '#value' => ($iid) ? t('Update Banned IP') : t('Ban IP'), '#weight' => 1, ); $ip = db_fetch_object(db_query('SELECT * FROM {troll_ip_ban} WHERE iid = %d', $iid)); $form['iid'] = array( '#type' => 'hidden', '#value' => $ip->iid, ); $form['ip_address'] = array( '#type' => 'textfield', '#title' => t('IP Address'), '#default_value' => $ip->ip_address, '#description' => t('The IP address to ban.'), '#required' => TRUE ); $form['domain_name'] = array( '#type' => 'textfield', '#title' => t('Domain Name'), '#default_value' => ($ip->domain_name ? $ip->domain_name : ($ip->ip_address ? gethostbyaddr($ip->ip_address) : '')), '#description' => t('The Domain Name of the IP address to ban - for reference only.') ); $timestamp = ($ip->expires ? $ip->expires : time()); $date = getdate( gmmktime() ); $curyear = $date['year']; while ($i < 10) { $years[$curyear+$i] = $curyear+$i; $i++; } $months = array(1 => t('January'), t('February'), t('March'), t('April'), t('May'), t('June'), t('July'), t('August'), t('September'), t('October'), t('November'), t('December')); for ($i = 1; $i <= 31; $i++) { $days[$i] = $i; } $form['timestamp'] = array( '#type' => 'fieldset', '#title' => t('Expires'), '#prefix' => '
', '#suffix' => '
', '#description' => t('The ban will be removed after this day.') ); $form['timestamp']['expires'] = array( '#type' => 'checkbox', '#default_value' => ($ip->expires ? TRUE : FALSE) ); $form['timestamp']['month'] = array( '#type' => 'select', '#default_value' => date('n', $timestamp), '#options' => $months ); $form['timestamp']['day'] = array( '#type' => 'select', '#default_value' => date('j', $timestamp), '#options' => $days ); $form['timestamp']['year'] = array( '#type' => 'select', '#default_value' => date('Y', $timestamp), '#options' => $years ); $form['#action'] = url('admin/settings/troll/ip_ban'); return $form; } /** * troll_ip_ban form validate callback function. * * @param $form_id * @param $edit array */ function troll_ip_ban_validate($form_id, $edit) { if (!preg_match('([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})', $edit['ip_address'])) { form_set_error('ip_address', t('Please include an valid IP address')); } } /** * IP ban information form. */ function troll_display_ip() { $sql = 'SELECT iid, ip_address, domain_name, expires, uid FROM {troll_ip_ban}'; $headers = array( array('data' => t('IP Address'), 'field' => 'ip_address'), array('data' => t('Domain Name'), 'field' => 'domain_name'), array('data' => t('Expires'), 'field' => 'expires', 'sort' => 'desc'), array('data' => t('Actions'), 'field' => 'delete') ); $sql .= tablesort_sql($headers); $result = pager_query($sql, 25); while ($row = db_fetch_object($result)) { $thisip = l($row->ip_address, 'admin/settings/troll/ip_ban/edit/'. $row->iid); $thisdom = l(($row->domain_name ? $row->domain_name : gethostbyname($row->ip_address)), 'admin/settings/troll/ip_ban/edit/'. $row->iid); $expires = ($row->expires ? date('M d, Y', $row->expires) : t('never')); $action = l(t('remove'), 'admin/settings/troll/ip_ban/delete/'. $row->iid); $rows[] = array($thisip, $thisdom, $expires, $action); } $pager = theme('pager', NULL, 25, 0); if (!empty($pager)) { $rows[] = array(array('data' => $pager, 'colspan' => 5)); } return theme('table', $headers, $rows); } /** * IP ban delete confirmation. */ function troll_confirm_delete_ip($iid) { return drupal_get_form('troll_confirm_delete_ip_form', $iid); } /** * IP ban delete confirmation form. */ function troll_confirm_delete_ip_form($iid) { $ip = db_fetch_object(db_query('SELECT * FROM {troll_ip_ban} WHERE iid = %d', $iid)); return confirm_form(array(), t('Remove Ban for IP %ip?', array('%ip' => $ip->ip_address)), 'admin/settings/troll/ip_ban'. $edit['field_id'], t('Are you sure you want to remove the ban on this IP?')); } /** * Confirmation before deleting a blacklist IP block * * @param integer $net IP in long format * @param integer $bcast IP in long format * @return string */ function troll_confirm_delete_black_block($net, $bcast) { $result = db_result(db_query('SELECT COUNT(net) FROM {troll_blacklist} WHERE net = %d AND bcast = %d', $net, $bcast)); if (empty($result)) { drupal_set_message(t('No such IP range found in the database.')); drupal_goto('admin/settings/troll/ip_blacklist'); } return drupal_get_form('troll_confirm_delete_black_block_form', $net, $bcast); } /** * Confirmation form for deleting a blacklist IP block * * @param integer $net IP in long format * @param integer $bcast IP in long format */ function troll_confirm_delete_black_block_form($net, $bcast) { return confirm_form(array( 'net' => array( '#type' => 'hidden', '#value' => $net), 'bcast' => array( '#type' => 'hidden', '#value' => $bcast) ), t('Remove listing for IP block %ip1 to %ip2?', array('%ip1' => long2ip($net), '%ip2' => long2ip($bcast)) ), 'admin/settings/troll/ip_blacklist', t('Are you sure you want to remove this IP block from the blacklist?'), t('Confirm Blacklist Removal') ); } /** * Confirmation before deleting a whitelist IP block * * @param integer $net IP in long format * @param integer $bcast IP in long format * @return string */ function troll_confirm_delete_white_block($net, $bcast) { $result = db_result(db_query('SELECT COUNT(net) FROM {troll_whitelist} WHERE net = %d AND bcast = %d', $net, $bcast)); if (empty($result)) { drupal_set_message(t('No such IP range found in the database.')); drupal_goto('admin/settings/troll/ip_blacklist'); } return drupal_get_form('troll_confirm_delete_white_block_form', $net, $bcast); } /** * Confirmation form for deleting a whitelist IP block * * @param integer $net IP in long format * @param integer $bcast IP in long format */ function troll_confirm_delete_white_block_form($net, $bcast) { return confirm_form(array( 'net' => array( '#type' => 'hidden', '#value' => $net), 'bcast' => array( '#type' => 'hidden', '#value' => $bcast) ), t('Remove listing for IP block %ip1 to %ip2?', array('%ip1' => long2ip($net), '%ip2' => long2ip($bcast))), 'admin/settings/troll/ip_blacklist', t('Are you sure you want to remove this IP block from the whitelist?'), t('Confirm Whitelist Removal') ); } /** * Form builder function * * @uses troll_search_form() * @return sring */ function troll_search() { return drupal_get_form('troll_search_form'); } /** * User search form. * * @return array */ function troll_search_form() { $form['#action'] = url('admin/settings/troll/search'); $form['#redirect'] = FALSE; $form['search'] = array( '#type' => 'fieldset', '#title' => t('Search Users'), '#collapsible' => true ); $form['search']['username'] = array( '#type' => 'textfield', '#title' => t('Username'), '#description' => t('You can use % for wildcard, so to get all usernames with \'A\' in them, use %A%') ); $form['search']['mail'] = array( '#type' => 'textfield', '#title' => t('Email') ); $form['search']['ip_address'] = array( '#type' => 'textfield', '#title' => t('IP Address') ); $form['search']['date_created'] = array( '#type' => 'textfield', '#title' => t('Account Date Created'), '#description' => t('Enter date in mm/dd/yyyy format. Returns all users created after the date entered.') ); $form['search']['submit'] = array( '#type' => 'submit', '#value' => t('Search Users') ); return $form; } /** * User list form. * * @param $edit array */ function troll_list_users($edit) { $where[] = 'u.uid <> 0'; if (strlen($edit['username']) > 0) { $where[] = "LOWER(u.name) LIKE '%%%s%%' "; $args[] = drupal_strtolower($edit['username']); } if (strlen($edit['mail']) > 0) { $where[] = "LOWER(u.mail) LIKE '%%%s%%' "; $args[] = drupal_strtolower($edit['mail']); } if (strlen($edit['ip_address']) > 0) { $where[] = "LOWER(t.ip_address) LIKE '%%%s%%' "; $args[] = drupal_strtolower($edit['ip_address']); } if (strlen($edit['date_created']) > 0) { $where[] = "u.created > %d "; $args[] = drupal_strtotime($edit['date_created']); } $sql = "SELECT u.uid, u.name, u.mail, u.status, t.ip_address, MAX(t.accessed) AS recorded, u.created FROM {users} u LEFT JOIN {troll_ip_track} t ON u.uid = t.uid"; $sql .= ' WHERE '. implode(' AND ', $where); $headers = array( array('data' => t('Username'), 'field' => 'u.name'), array('data' => t('Email'), 'field' => 'u.mail'), array('data' => t('Status'), 'field' => 'u.status'), array('data' => t('IP Address'), 'field' => 't.ip_address'), array('data' => t('Last Access'), 'field' => 't.created'), array('data' => t('Account Created'), 'field' => 'u.created'), array('data' => t('Actions'), 'field' => 'actions') ); $sql .= ' GROUP BY u.uid, u.name, u.mail, u.status, t.ip_address, u.created'; $sql .= tablesort_sql($headers); $count = 'SELECT COUNT(*) FROM {users} u LEFT JOIN {troll_ip_track} t ON u.uid = t.uid WHERE '. implode(' AND ', $where) .' AND u.uid <> 0'; $result = pager_query($sql, 25, 0, $count, $args); while($user = db_fetch_object($result)) { $name = l($user->name, 'admin/settings/troll/search/view/'. $user->uid, array('title' => t('View detailed user information'))); $email = $user->mail; $status = ($user->status ? t('Active') : t('Blocked')); $ip = ($user->ip_address ? l($user->ip_address, 'admin/settings/troll/search/view/'. $user->uid, array('title' => t('View detailed user information'))) : t('none')); $recorded = ($user->recorded ? date('M d, Y', $user->recorded) : t('none recorded')); $created = date('M d, Y', $user->created); $actions = array(); if (!$user->status) { $actions[] = array('title' => t('Edit User'), 'href' => "user/{$user->uid}/edit"); } else if (variable_get('troll_block_role', NULL)) { $actions[] = array('title' => t('Block User'), 'href' => 'admin/settings/troll/search/block/'. $user->uid); } else { $actions[] = array('title' => t('Setup Block Role'), 'href' => 'admin/settings/troll/settings'); } if ($user->ip_address) { $actions[] = array('title' => t('Ban IP'), 'href' => 'admin/settings/troll/ip_ban/user/'. $user->uid); } $action = theme('links', $actions); $rows[] = array($name, $email, $status, $ip, $recorded, $created, $action); } $pager = theme('pager', NULL, 25); if (!empty($pager)) { $rows[] = array(array('data' => $pager, 'colspan' => 7)); } return theme('table', $headers, $rows); } /** * User detail form. * * @param $uid int * @return string */ function troll_search_user_detail($uid) { $u = user_load(array('uid' => $uid)); $u->ip = db_fetch_object(db_query('SELECT t.ip_address FROM {troll_ip_track} t WHERE t.uid = %d GROUP BY t.uid, t.ip_address', $uid)); $roles = $u->roles; $form['details'] = array( '#type' => 'fieldset', '#title' => t('Account Details for %username', array('%username' => $u->name)) ); $form['details'][] = array( '#type' => 'item', '#title' => t('User Name'), '#value' => theme('username', $u), ); $form['details'][] = array( '#type' => 'item', '#title' => t('Email'), '#value' => $u->mail ); $form['details'][] = array( '#type' => 'item', '#title' => t('User ID'), '#value' => $uid ); $form['details'][] = array( '#type' => 'item', '#title' => t('Account Created'), '#value' => format_date($u->created, 'long') ); $form['details'][] = array( '#type' => 'item', '#title' => t('Last Access'), '#value' => format_date($u->changed, 'long') ); $form['details'][] = array( '#type' => 'item', '#title' => t('Status'), '#value' => ($u->status ? t('Active') : t('Blocked')) ); $form['details'][] = array( '#type' => 'item', '#title' => t('User Roles'), '#value' => implode(', ', $u->roles) ); if ($u->status) { $links[] = array('title' => t('Block User'), 'href' => "admin/settings/troll/search/block/$uid"); } else { $links[] = array('title' => t('Edit User'), 'href' => "user/$uid/edit"); } if ($u->ip->ip_address) { $links[] = array('title' => t('Ban IP'), 'href' => "admin/settings/troll/ip_ban/user/$uid"); } $form['details'][] = array( '#type' => 'item', '#title' => t('Actions'), '#value' => theme('links', $links) ); $content = drupal_render($form); // get IP history $results = db_query('SELECT * FROM {troll_ip_track} WHERE uid = %d ORDER BY created DESC', $uid); while ($ip = db_fetch_object($results)) { $banned = db_fetch_object(db_query('SELECT * FROM {troll_ip_ban} WHERE ip_address = \'%s\'', $ip->ip_address)); if ($banned->ip_address) { if ($banned->expires && $banned->expires < time()) { $status = l(t('expired'), 'admin/settings/troll/ip_ban/edit/'. $banned->iid, array('title' => t('Edit IP ban information'))); } else { $status = l(t('banned'), 'admin/settings/troll/ip_ban/edit/'. $banned->iid, array('title' => t('Edit IP ban information'))); } } else { $status = l(t('not banned'), 'admin/settings/troll/ip_ban/ip/'. $ip->ip_address, array('title' => t('Ban this IP'))); } $rows[] = array($ip->ip_address, $status, format_date($ip->accessed, 'long'), format_date($ip->created, 'long'), exec('host '. $ip->ip_address)); } if ($rows) { $pheader = array(t('IP'), t('Status'), t('Last Access'), t('First Access'), t('Host Information')); $posts = theme('table', $pheader, $rows); } $content .= theme('box', t('IP History'), ($posts ? $posts : t('No ip history'))); // get recent posts $rdat = db_query("SELECT * FROM {node} WHERE uid = %d ORDER BY created DESC LIMIT 5", $uid); $posts = NULL; $rows = array(); while ($node = db_fetch_object($rdat)) { $rows[] = array(l($node->title, "node/{$node->nid}") .' '. theme('mark', node_mark($node->nid, $node->changed)), $node->type, date('M d, Y', $node->created), ($node->status ? t('published') : t('not published'))); } if ($rows) { $pheader = array(t('Title'), t('Type'), t('Created'), t('Status')); $posts = theme('table', $pheader, $rows); } $content .= theme('box', t('Recent Posts'), ($posts ? $posts : t('No recent posts'))); // Get recent comments $cp = 'SELECT * FROM {comments} WHERE uid = %d ORDER BY timestamp DESC'; $cdat = db_query($cp, $uid); $rows = array(); $posts = NULL; while ($comment = db_fetch_object($cdat)) { $rows[] = array(l($comment->subject, 'node/'. $comment->nid, NULL, NULL, 'comment-'. $comment->cid) .' '. theme('mark', node_mark($comment->nid, $comment->changed)), date('M d, Y', $comment->timestamp), ($comment->status ? t('not published') : t('published'))); } if ($rows) { $cheader = array(t('Subject'), t('Date Created'), t('Status')); $posts = theme('table', $cheader, $rows); } $content .= theme('box', t('Recent Comments'), ($posts ? $posts : t('No recent comments'))); return $content; } /** * * DATABASE FUNCTIONS * **/ /** * Removes an IP ban from the database. */ function troll_remove_ip($iid) { if (db_query('DELETE FROM {troll_ip_ban} WHERE iid = %d', $iid)) { drupal_set_message(t('IP ban removed')); } else { drupal_set_message(t('An error occurred, IP ban not removed')); } } /** * Removes IP block from the blacklist * * @param $edit array */ function troll_remove_blacklist($net, $bcast) { if (db_query('DELETE FROM {troll_blacklist} WHERE net = %d AND bcast = %d', $net, $bcast)) { drupal_set_message(t('Blacklist block removed')); } else { drupal_set_message(t('An error occurred, blacklist block not removed')); } } /** * Removes IP block from the whitelist * * @param $edit array */ function troll_remove_whitelist($net, $bcast) { if (db_query('DELETE FROM {troll_whitelist} WHERE net = %d AND bcast = %d', $net, $bcast)) { drupal_set_message(t('IP whitelist removed')); } else { drupal_set_message(t('An error occurred, IP whitelist not removed')); } } /** * Inserts an IP ban into the database. * * @param $edit array */ function troll_insert_ip($edit) { global $user; $expires = ($edit['expires'] ? mktime(23, 59, 0, $edit['month'], $edit['day'], $edit['year']) : 0); db_query("DELETE FROM {troll_ip_ban} WHERE ip_address = '%s'", $edit['ip_address']); if (db_query("INSERT INTO {troll_ip_ban} (ip_address, domain_name, created, expires, uid) VALUES ('%s', '%s', %d, %d, %d)", $edit['ip_address'], $edit['domain_name'], time(), $expires, $user->uid)) { drupal_set_message(t('IP ban added: %ip', array('%ip' => $edit['ip_address']))); } else { drupal_set_message(t('An error occurred, IP ban not created')); } drupal_goto('admin/settings/troll/ip_ban'); } /** * Updates an IP ban in the database. * * @param $edit array */ function troll_update_ip($edit) { global $user; $expires = ($edit['expires'] ? mktime(23, 59, 0, $edit['month'], $edit['day'], $edit['year']) : 0); if (db_query("UPDATE {troll_ip_ban} SET ip_address = '%s', domain_name = '%s', expires = %d, uid = %d WHERE iid = %d", $edit['ip_address'], $edit['domain_name'], $expires, $user->uid, $edit['iid'])) { drupal_set_message(t('IP ban updated: %ip', array('%ip' => $edit['ip_address']))); } else { drupal_set_message(t('An error occurred, IP ban not updated')); } } /** * Logs IP information for users in the database. */ function troll_check_ip(){ global $user; $sql = "SELECT uid FROM {troll_ip_track} WHERE ip_address = '%s' AND uid = %d"; $chk = db_query($sql, $_SERVER['REMOTE_ADDR'], $user->uid); $check = db_fetch_array($chk); if (!isset($check['uid'])){ $isql = "INSERT INTO {troll_ip_track} (uid, ip_address, created) VALUES (%d, '%s', %d)"; db_query($isql, $user->uid, $_SERVER['REMOTE_ADDR'], time()); } } /** * Checks remote IP to see if it is blacklisted. * * @todo declare $blacklisted to be static if this function is called more than once, and figure out a proper table join * @return integer zero if whitelisted or not blacklisted, otherwise the number of IP blacklist block matches */ function troll_is_blacklisted() { $longip = ip2long($_SERVER['REMOTE_ADDR']); if ($longip === FALSE || $longip == -1) { return FALSE; } else { $blacklisted = db_result(db_query('SELECT COUNT(b.net) FROM {troll_blacklist} b WHERE b.net <= %d AND b.bcast >= %d', $longip, $longip)); $whitelisted = db_result(db_query('SELECT COUNT(w.net) FROM {troll_whitelist} w WHERE w.net <= %d AND w.bcast >= %d', $longip, $longip)); return $whitelisted ? FALSE : $blacklisted; } } /** * Bans a user. * * @param $uid int */ function troll_block_user($uid) { db_query('UPDATE {users} SET status = 0 WHERE uid = %d', $uid); db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid); sess_destroy_uid($uid); if (variable_get('troll_block_role', NULL)) { db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $uid, variable_get('troll_block_role', '0')); } drupal_set_message(t('Blocked user !link', array('!link' => l($uid, "admin/settings/troll/search/view/$uid")))); } /** * For functions that need tables that only exist after updates * * @return bool */ function _troll_updated_schema() { if (!preg_match("/update\.php$/", $_SERVER['PHP_SELF'])) { return db_result(db_query("SELECT schema_version FROM {system} WHERE name = 'troll' AND type = 'module' AND status = 1")); } return false; }