From 127aeb1193e63d5e7367ca69d24021af298842f4 Mon Sep 17 00:00:00 2001 From: Tom Homer Date: Tue, 14 Nov 2017 11:57:06 -0500 Subject: [PATCH] Added Ban Plugin support to Comment Manager Added Ban plugin support to Comment Manager Feature #742. If User banned then name will be in red. Fix for banning ips of comment submissions. Fix for if Spam-X plugin disabled or not installed. --- language/english.php | 10 ++-- language/english_utf-8.php | 10 ++-- language/japanese_utf-8.php | 8 ++- logs/error.log | 8 +++ public_html/admin/comment.php | 106 ++++++++++++++++++++++++++++++---- 5 files changed, 119 insertions(+), 23 deletions(-) diff --git a/language/english.php b/language/english.php index 2cc14242f..b159b91a6 100644 --- a/language/english.php +++ b/language/english.php @@ -253,10 +253,11 @@ 101 => 'Existing Comments', 102 => 'Bulk Action', 103 => 'Ban this user', - 104 => 'Ban this IP address with the Spamx plugin', + 104 => 'Ban this IP address with the Spam-X plugin', 105 => 'IP Address', - 106 => 'Perform bulk action on comments and comment submissions including approval, deleting, and banning of user or IP address. IP addresses in red are the ones banned by the Spam-X plugin.', - 'record_edit' => 'Record user and time of edit?' + 106 => 'Perform bulk action on comments and comment submissions including approval and deleting. You can also bulk ban users and IP addresses. IP addresses in red are the ones banned by the Spam-X plugin (banned from submissions only) and/or Ban plugin (banned from visiting site). User names in red are users that have been banned.', + 'record_edit' => 'Record user and time of edit?', + 'ban_plugin_ban_ip' => 'Ban this IP address with the Ban plugin' ); ############################################################################### @@ -1541,7 +1542,8 @@ 141 => 'Failed to delete a comment.', 142 => 'Approved comment(s).', 143 => 'Banned user(s).', - 144 => 'Banned IP addresses with the Spamx plugin.', + 144 => 'Banned IP addresses with the Spam-X plugin.', + 145 => 'Banned IP addresses with the Ban plugin.', 150 => 'Successfully deleted all the files and directories used during the installation.', 151 => 'Failed to delete some files and directories used during the installation. Please remove them manually.', 152 => 'All the files and directories used during the installation are left as they are. It is dangerous to keep them on the server, so please don\'t forget to remove them manually.', diff --git a/language/english_utf-8.php b/language/english_utf-8.php index dcba21027..8275039bd 100644 --- a/language/english_utf-8.php +++ b/language/english_utf-8.php @@ -253,10 +253,11 @@ 101 => 'Existing Comments', 102 => 'Bulk Action', 103 => 'Ban this user', - 104 => 'Ban this IP address with the Spamx plugin', + 104 => 'Ban this IP address with the Spam-X plugin', 105 => 'IP Address', - 106 => 'Perform bulk action on comments and comment submissions including approval, deleting, and banning of user or IP address. IP addresses in red are the ones banned by the Spam-X plugin.', - 'record_edit' => 'Record user and time of edit?' + 106 => 'Perform bulk action on comments and comment submissions including approval and deleting. You can also bulk ban users and IP addresses. IP addresses in red are the ones banned by the Spam-X plugin (banned from submissions only) and/or Ban plugin (banned from visiting site). User names in red are users that have been banned.', + 'record_edit' => 'Record user and time of edit?', + 'ban_plugin_ban_ip' => 'Ban this IP address with the Ban plugin' ); ############################################################################### @@ -1541,7 +1542,8 @@ 141 => 'Failed to delete a comment.', 142 => 'Approved comment(s).', 143 => 'Banned user(s).', - 144 => 'Banned IP addresses with the Spamx plugin.', + 144 => 'Banned IP addresses with the Spam-X plugin.', + 145 => 'Banned IP addresses with the Ban plugin.', 150 => 'Successfully deleted all the files and directories used during the installation.', 151 => 'Failed to delete some files and directories used during the installation. Please remove them manually.', 152 => 'All the files and directories used during the installation are left as they are. It is dangerous to keep them on the server, so please don\'t forget to remove them manually.', diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php index d2012edf8..699bc9708 100644 --- a/language/japanese_utf-8.php +++ b/language/japanese_utf-8.php @@ -263,8 +263,9 @@ 103 => 'このユーザーを禁止する', 104 => 'このIPアドレスをSpamxプラグインで禁止する', 105 => 'IPアドレス', - 106 => 'ユーザーやIPアドレスの一括承認・削除・禁止を含めて、コメントに対するアクションを一括して行います。赤字のIPアドレスはSpam-Xプラグインで禁止されているIPです。', - 'record_edit' => '編集者と編集時刻を記録する' + 106 => 'Perform bulk action on comments and comment submissions including approval and deleting. You can also bulk ban users and IP addresses. IP addresses in red are the ones banned by the Spam-X plugin (banned from submissions only) and/or Ban plugin (banned from visiting site). User names in red are users that have been banned.', + 'record_edit' => '編集者と編集時刻を記録する', + 'ban_plugin_ban_ip' => 'Ban this IP address with the Ban plugin' ); ############################################################################### @@ -1542,7 +1543,8 @@ 141 => 'コメントを削除できませんでした。', 142 => 'コメントを承認しました。', 143 => 'ユーザーを禁止しました。', - 144 => 'IPアドレスをSpamxプラグインで禁止しました。', + 144 => 'IPアドレスをSpam-Xプラグインで禁止しました。', + 145 => 'Banned IP addresses with the Ban plugin.', 150 => 'インストール時に使用したすべてのファイルとディレクトリを削除しました。', 151 => 'インストール時に使用したファイルとディレクトリを削除しようとしましたが、一部を削除できませんでした。お手数ですが、手動で削除してください。', 152 => 'インストール時に使用したすべてのファイルとディレクトリはそのまま残っています。このまま残しておくのは危険なので、お手数ですが、手動で削除してください。', diff --git a/logs/error.log b/logs/error.log index ecea95964..0187401bc 100644 --- a/logs/error.log +++ b/logs/error.log @@ -1 +1,9 @@ *** dummy entry *** +Tue Nov 14 11:54:01 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/index.php?msg=8". Headers were already sent at line 0 of "". +Tue Nov 14 11:54:07 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". +Tue Nov 14 11:54:16 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". +Tue Nov 14 11:54:48 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". +Tue Nov 14 11:55:34 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". +Tue Nov 14 11:55:36 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". +Tue Nov 14 11:55:39 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". +Tue Nov 14 11:55:42 2017 - 192.168.1.224 - COM_redirect failed to redirect to "http://192.168.1.200/admin/plugins.php". Headers were already sent at line 0 of "". diff --git a/public_html/admin/comment.php b/public_html/admin/comment.php index 0cd56c08a..813b29526 100644 --- a/public_html/admin/comment.php +++ b/public_html/admin/comment.php @@ -92,7 +92,7 @@ function getCommentIds($suffix) */ function ADMIN_getListField_comments($fieldName, $fieldValue, $A, $iconArray, $suffix) { - global $_CONF, $LANG01, $LANG_STATIC, $LANG_POLLS; + global $_CONF, $LANG01, $LANG_STATIC, $LANG_POLLS, $_PLUGINS, $_TABLES; static $encoding = null; if ($encoding === null) { @@ -162,8 +162,14 @@ function ADMIN_getListField_comments($fieldName, $fieldValue, $A, $iconArray, $s $fieldValue = htmlspecialchars($fieldValue, ENT_QUOTES, $encoding); if ($userId > 1) { - $fieldValue = '' . $fieldValue . ''; + // Check if user disabled + if (DB_getItem($_TABLES['users'], 'status', "uid = $userId") == USER_ACCOUNT_DISABLED) { + $fieldValue = '' . $fieldValue . ''; + } else { + $fieldValue = '' . $fieldValue . ''; + } } break; @@ -171,10 +177,14 @@ function ADMIN_getListField_comments($fieldName, $fieldValue, $A, $iconArray, $s case 'ipaddress': $forDisplay = htmlspecialchars($fieldValue, ENT_QUOTES, $encoding); - if (SPAMX_isIPBanned($fieldValue)) { + if (in_array('spamx', $_PLUGINS) && SPAMX_isIPBanned($fieldValue)) { $fieldValue = '' . $forDisplay . ''; } else { - $fieldValue = $forDisplay; + if (function_exists('BAN_for_plugins_ban_found') && BAN_for_plugins_ban_found($fieldValue)) { + $fieldValue = '' . $forDisplay . ''; + } else { + $fieldValue = $forDisplay; + } } break; @@ -319,8 +329,12 @@ function ADMIN_buildCommentList($suffix, $tableName, $securityToken) . '' . LB; if (in_array('spamx', $_PLUGINS)) { - $actionSelector .= '' . LB; + $actionSelector .= '' . LB; } + + if (function_exists('BAN_for_plugins_check_access') AND BAN_for_plugins_check_access()) { + $actionSelector .= '' . LB; + } $actionSelector .= '' . LB . ' '::1') AND " . " (cid IN (" . implode(',', $getCommentIds) . "))"; + $result = DB_query($sql); if (!DB_error()) { @@ -526,6 +547,63 @@ function banIpAddresses($suffix) } } +/** + * Ban IP Addresses being selected with the Ban plugin + * + * @param string $suffix + */ +function banIpAddresses_ban($suffix) +{ + global $_CONF, $_PLUGINS, $_TABLES, $_USER; + + if (SEC_checkToken()) { + if (!in_array('ban', $_PLUGINS)) { + COM_errorLog(__FUNCTION__ . ': Ban plugin is not installed or disabled.'); + COM_redirect($_CONF['site_admin_url'] . '/index.php'); + } + + if (!(function_exists('BAN_for_plugins_check_access') AND BAN_for_plugins_check_access())) { + COM_errorLog(__FUNCTION__ . ': This version of the Ban plugin doesn\'t support this function or the user doesn\'t have Ban Admin access.'); + COM_redirect($_CONF['site_admin_url'] . '/index.php'); + } + + $getCommentIds = getCommentIds($suffix); + + if (count($getCommentIds) > 0) { + if ($suffix === SUFFIX_COMMENTS) { + $table = $_TABLES['comments']; + } else { + $table = $_TABLES['commentsubmissions']; + } + + $sql = "SELECT DISTINCT ipaddress FROM $table " + . "WHERE (ipaddress NOT LIKE '192.168.%') AND (ipaddress <> '::1') AND " + . " (cid IN (" . implode(',', $getCommentIds) . "))"; + + $sql = "SELECT DISTINCT ipaddress FROM $table " + . "WHERE " + . " (cid IN (" . implode(',', $getCommentIds) . "))"; + + $result = DB_query($sql); + + if (!DB_error()) { + while (($A = DB_fetchArray($result, false)) !== false) { + if (!BAN_for_plugins_ban_found($A['ipaddress'])) { + BAN_for_plugins_ban_ip($A['ipaddress'], '', true, 'Banned via Comment Manager'); + } + } + + } + + //COM_redirect($_CONF['site_admin_url'] . '/comment.php?msg=145'); + } + } else { + COM_accessLog("User {$_USER['username']} tried to ban IP addresses and failed CSRF checks."); + COM_redirect($_CONF['site_admin_url'] . '/index.php'); + } +} + + // MAIN $list = \Geeklog\Input::fPost('list', ''); @@ -552,8 +630,12 @@ function banIpAddresses($suffix) banUsers($suffix); break; + case 'bulk_spamx_ban_ip_address': + banIpAddresses_spamx($suffix); + break; + case 'bulk_ban_ip_address': - banIpAddresses($suffix); + banIpAddresses_ban($suffix); break; default: