Skip to content

Commit

Permalink
wesnothd/fuh: Do not consider stale temporary bans from phpBB's banli…
Browse files Browse the repository at this point in the history 
…st table

It turns out that as of phpBB 3.2.2 these are only cleared on the next
call to user_ban()/user_unban(), so they may linger around for long
after they've expired. Fixed this by making FUH aware of the existence
of the ban_end column.
  • Loading branch information
@irydacea @jyrkive
irydacea authored and jyrkive committed Oct 14, 2018
1 parent 9e4210c commit 9c2bdf7
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/server/forum_user_handler.cpp
View file
Expand Up @@ -182,8 +182,12 @@ fuh::BAN_TYPE fuh::user_is_banned(const std::string& name, const std::string& ad
// for the time being.
//

// NOTE: A ban end time of 0 is a permanent ban.
const std::string& is_extant_ban_sql =
"ban_exclude = 0 AND (ban_end = 0 OR ban_end >=" + std::to_string(std::time(nullptr)) + ")";

try {
if(!addr.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_ip) = UPPER(?) AND ban_exclude = 0", addr)) {
if(!addr.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_ip) = UPPER(?) AND " + is_extant_ban_sql, addr)) {
LOG_UH << "User '" << name << "' ip " << addr << " banned by IP address\n";
return BAN_IP;
}
Expand All @@ -199,14 +203,14 @@ fuh::BAN_TYPE fuh::user_is_banned(const std::string& name, const std::string& ad

if(uid == 0) {
ERR_UH << "Invalid user id for user '" << name << "'\n";
} else if(prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE ban_userid = ? AND ban_exclude = 0", uid)) {
} else if(prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE ban_userid = ? AND " + is_extant_ban_sql, uid)) {
LOG_UH << "User '" << name << "' uid " << uid << " banned by uid\n";
return BAN_USER;
}

auto email = get_detail_for_user<std::string>(name, "user_email");

if(!email.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_email) = UPPER(?) AND ban_exclude = 0", email)) {
if(!email.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_email) = UPPER(?) AND " + is_extant_ban_sql, email)) {
LOG_UH << "User '" << name << "' email " << email << " banned by email address\n";
return BAN_EMAIL;
}
Expand Down

0 comments on commit 9c2bdf7

Please sign in to comment.