1
Jakobo
Re: User banning
  • 2005/2/1 6:43

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


I hate to necro a thread like this, but I wanted to just put forward some basic stuff on banning users. I have been insanely busy with stuff at Gaia Online (phpbb never was my favorite) and haven't had time to close out this issue. Here is a VERY QUICK script I wrote to perform a "ban"

Requisites:
a group for "banned" users Mine happened to be group 11

a working XOOPS install is very nice


Todo (maybe) change the AUTH to an actual XOOPS Auth. :(


<?php
$AUTH_USER 
"xoopsadmin";
$AUTH_PASS "somepassword";
if (!isset(
$_SERVER['PHP_AUTH_USER'])) {
   
header('WWW-Authenticate: Basic realm="Kaizoku Fansubs Tools"');
   
header('HTTP/1.0 401 Unauthorized');
   echo 
'You must enter a valid username and password to access this tool.';
   exit;
} else {
   if(
md5($_SERVER['PHP_AUTH_USER']) != md5($AUTH_USER) || md5($_SERVER['PHP_AUTH_PW']) != md5($AUTH_PASS)) {
      
header('WWW-Authenticate: Basic realm="Kaizoku Fansubs Tools"');
      
header('HTTP/1.0 401 Unauthorized');
      echo 
'You must enter a valid username and password to access this tool.';
      exit;
   }
}

// CONFIG
// REG GROUP
define("GROUP_REGISTERED_USERS"2);
// BAN GROUP
define("GROUP_BANNED_USERS"11);


// okay they are in, let's check some stuff
if(isset($_POST['action']) && $_POST['action'] == "ban") {
    
$action "ban";
} else if(isset(
$_POST['action']) && $_POST['action'] == "unban") {
    
$action "unban";
} else {
    
$action "list";
}

if(isset(
$_POST['who']) && $_POST['who'] != "") {
    
$who addslashes(stripslashes(trim($_POST['who'])));
} else {
    if(
$action == "ban" || $action == "unban") {
        echo 
"Did not supply valid username";
        exit;
    }
}

// echo "HOST is ".XOOPS_DB_HOST." AND USER IS ".XOOPS_DB_USER." AND PASS IS ";XOOPS_DB_PASS;exit;
$xoopsOption['nocommon'] = true;
include(
"mainfile.php");

$system_message "";

// okay, we have our data
switch($action) {
    case 
"ban":
    case 
"unban":
        
// get username from the db, open connection
        
$link mysql_connect(XOOPS_DB_HOSTXOOPS_DB_USERXOOPS_DB_PASS);
        if (!
$link) {
            echo 
'Could not connect: ' mysql_error();
            exit;
        }
        
        
$db_selected mysql_select_db(XOOPS_DB_NAME$link);
        if (!
$db_selected) {
            echo 
'Can'use '.XOOPS_DB_NAME.' ' . mysql_error();
            exit;
        }

        
        $sql = "SELECT uid, uname FROM ".XOOPS_DB_PREFIX."_users WHERE uname = '
$who' LIMIT 1";
        $result = mysql_query($sql);
        if (!$result) {
            echo '
Invalid query' . mysql_error() . "<br /> SQL: $sql";
            exit;
        }
        
        $user_id = -1;
        while ($row = mysql_fetch_assoc($result)) {
            $user_id = $row['
uid'];
        }
        
        if($user_id <= 0) {
            echo "Invalid username specified.";
            exit;
        }

        // woo, we have a user ID.  If banning, remove from REG Group, insert into ban
        // if unbanning, remove from ban group, insert into reg group
        if($action == "ban") {
            $remove_from = GROUP_REGISTERED_USERS;
            $add_to = GROUP_BANNED_USERS;
            $real_do = "banned";
        } else {
            $remove_from = GROUP_REGISTERED_USERS;
            $add_to = GROUP_BANNED_USERS;
            $real_do = "unbanned";
        }
        $sql_delete = "DELETE FROM ".XOOPS_DB_PREFIX."_groups_users_link WHERE uid = $user_id AND groupid = $remove_from LIMIT 1";
        $sql_add = "INSERT INTO ".XOOPS_DB_PREFIX."_groups_users_link ('
groupid','uid') VALUES ($add_to, $user_id)";
        
        $result = mysql_query($sql_delete);
        if (!$result) {
            echo '
Could not delete from group' . mysql_error() . "<br /> SQL: $sql_delete";
            exit;
        }
        
        $result = mysql_query($sql_add);
        if (!$result) {
            // they might be added
            $sql = "SELECT * FROM ".XOOPS_DB_PREFIX."_groups_users_link WHERE uid = $user_id AND groupid = $add_to LIMIT 1";
            $result = mysql_query($sql);
            if (!$result) {
                echo '
Could not query user table' . mysql_error() . "<br /> SQL: $sql_delete";
            }
            $user_id_check = -1;
            while ($row = mysql_fetch_assoc($result)) {
                $user_id_check = $row['
uid'];
            }
            
            if($user_id_check <= 0) {
                echo '
Could not add to group' . mysql_error() . "<br /> SQL: $sql_delete";
                exit;
            }
            // no exit. user was already in group
        }
        
        // close that connection cowboy!
        mysql_close($link);
        
        $system_message = "The username $who (ID: $user_id) has been $real_do from the site.<br /><hr /><br />";
        
    case "list":
    default:
        echo "<html><body><font color="red">$system_message</font>";
        echo "<form action="admin_banusers.php" method="POST">";
        echo "<input type="text" name="who" /><br />";
        echo "<input type="radio" name="action" value="ban" CHECKED />Ban User<br />";
        echo "<input type="radio" name="action" value="unban" />Unban User<br />";
        echo "<input type="submit" name="submit" value="Submit" />";
        echo "</form></body></html>";
}

?>



I don't think I've ever written something so sloppy in my life. :) Anywho, this may be rather helpful to anyone who has before had to "remove person from group A and ban them by adding them to group B".

Cheers all!

~Overworked Jakobo



2
Jakobo
Xoops v Other CMSes
  • 2004/9/30 2:17

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


http://forum.mamboserver.com/showthread.php?t=11782

Some people will most certainly find this interesting to see where XOOPS sits compared to some other powerful CMSes under "slashdot" style hammering. XOOPS ability to weather the assault (with proper MySQL caching) says a lot about the power of this portal system. :)

(the article is using XOOPS 2.0.7)



3
Jakobo
Re: PHP Warning: Unknown(): A session is active. You cannot change the session module's ini settin
  • 2004/9/14 19:32

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


I haven't been active for a while, but this is a great way to jump back into things.

I just finished solving this problem on kaizoku-fansubs.com and of all things, it was connected to a corrupted table:
xoops_session

running "myisamchk -o *.MYI" inside of the database directory put things to right once more. The field information had become damaged. Once repaired, XOOPS was able to manage its sessions again, and everything was right and good in the world.

I hope this helps other people who have this problem. We still don't know what blew away the session table, so that's another investigation all its own. :)



4
Jakobo
Re: IP Address Range Ban
  • 2004/6/27 22:38

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Sounds good. I'm "felocity" on dev.xoops due to the sillyness of circumstance. I'll work on some class designs and ideas to get the thing to work.

The only core hack I can think of for this one would be if the ban manager is installed and running, don't display the ban list in General Preferences (because that would get very messy very quickly. I also have set up for newbb / etc a user level ban I do that inolves pulling users from all groups and then adding them to a "banned" group that has no permissions.

Do you think it would be better as just IP level, or should there be user support for banning as well? (that would require some adaptations of the core I think, or possibly just some group management).

Cheers!



5
Jakobo
Signature Control Hack
  • 2004/6/27 22:34

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Signature Control Hack:
Status: VERY hacky, requires manual editing of code

Purpose: If you have ever had a user decide to upload a 1.5MB image into their sig, you know exactly what I am talking about here. If you have ever had someone upload a sig image more than 800 pixels wide, you know what I am talking about. This hack regulates and controls signatures, forcing the users to play nice.

Restrictions: Will be marked in bold.


File:
http://felocity.org/files/
MOD_XOOPS2_edituser.php_SigController.zip (6,042 bytes)

$user_sig = substr($user_sig,0,500);
This sets the maximum sig length (including tags) to 500 characters

if (count($temp_sig_array) > 2) {
We split the sig on the IMG tag, and there should only be one open img tag

if (count($temp_sig_array) > 1) {
This is used only if there is an image (1 img tag) and helps us isolate the image's URL

$localfile = 'XOOPS DIRECTORY/uploads/'.$xoopsUser->getVar('uid').'-'.$time.'-'.basename($filename);
This is where your file is stored locally. It is used for the reading function.

while (!feof($fd) && $bytecount < 75001) {
Read 1 more byte than your maximum allowed size (this way we can test file size)

if (filesize($localfile) <= 75000)
Test if the locally stored image is greater than the alotted size.

if ( $sigimgwidth > 650 || $sigimgheight > 300 )
Test the image dimensions of the local file to make sure it complies.



It isn't as confusing as it sounds. Maybe someone can come back and clean it up a bit. This was written in a hurry to address a serious need. Ideally, I would like to write this a bit cleaner into the core as a set of user options, but that will come with time.

Cheers and happy hacking!


Manual Update
(insert) line 79 in edituser.php
[color=009900][font=Courier]
   
// MOD RJH   05-12-2004
   // we do some special things to our sig field here
   // not only do we truncate at 500 characters, but we
   // only allow 1 image tag
   // explode on every opening image tag

   
[b]$user_sig substr($user_sig,0,500);[/b]
   
$temp_sig_array explode("[img]",$user_sig);

   
// temp sig array had better only have 2 parts...
   // else they put a second img tag in there
   
[b]if (count($temp_sig_array) > 2) {[/b]
      
$errors[] = "Only one IMG tag is allowed in the sig";
   }

   @
unlink($temp_sig_array);

   
// only bother to look for size checking stuff if there
   // are no errors yet.  (prevents overloading)
   
if (count($errors) == 0) {
      
$temp_sig_array explode("[img]",$user_sig);
      [
b]if (count($temp_sig_array) > 1) {[/b]
         
$temp_img_location_arr explode("[/img]",$temp_sig_array[1]);
         
$filename $temp_img_location_arr[0];
         
// Get remote avatar size [R. 17.04.2002]
         // Download the file
         
$retvar="NULL";
         
$time time();
         
$localfile '[b]XOOPS DIRECTORY[/b]/uploads/'.$xoopsUser->getVar('uid').'-'.$time.'-'.basename($filename);
         
$fd = @fopen($filename,"rb");
         if (
$fd)
         {
            
/* This is the tricky part:
            The filesize() function does not work on a remote file system.
            This means we need to download the file to local storage before we
            can check filesize. As it is quite possible that some weirdos may
            specify a remote file with a filesize bigger than 200 megabytes,
            we do not want to download the entire file. If we can read just 1
            byte more than allowed, it's simply too big.
            */
            
clearstatcache();
            
$imgdata '';
            
$bytecount 0;
            [
b]while (!feof($fd) && $bytecount 75001) {[/b]
               
$imgdata .= fread($fd1024);
               
$bytecount $bytecount 1024;
            }
            
// $imgdata = fread($fd, 75001);
            // echo $imgdata;
            
$fl = @fopen($localfile,"wb");
            if (
$fl)
            {
               
$fp=@fwrite($fl,$imgdata);
               @
fclose($fl);
               if (
$fp != -1)
               {
                  [
b]if (filesize($localfile) <= 75000)[/b]
                  {
                     
$retvar $localfile;   // Filesize within size limits
                     // echo filesize($localfile).'<br>'.$localfile.'<br>'.$filename;
                     // exit;
                  
}
                  else
                  {
                     
$retvar 'SIZE';      // File is too big
                  
}
               }
               else
               {
                  @
unlink($localfile);
                  
message_die(GENERAL_ERROR'Could not write avatar file to local storage. Please contact the board administrator with this message'''__LINE____FILE__);
               }
            }
            else
            {
               @
unlink($localfile);
               
message_die(GENERAL_ERROR'Could not write avatar file to local storage. Please contact the board administrator with this message'''__LINE____FILE__);
            }
            
fclose($fd);
         }

         
$tmp_filename=$retvar;

         
// echo $temp_img_location.'<br>'.filesize($tmp_filename);
         // exit;
         
         // Get avatar size, check the values and invalidate them, if necessary
         
if ($tmp_filename!='NULL' && $tmp_filename!='SIZE') list($sigimgwidth$sigimgheight) = getimagesize($tmp_filename);
         if (!isset(
$sigimgwidth) || $sigimgwidth==0$sigimgwidth=2*650;
         if (!isset(
$sigimgheight) || $sigimgheight==0$sigimgheight=2*300;
         
         
// Delete the tempfile
         
@unlink($tmp_filename);
         
         
// Now compare the image dimension with phpBB config and print error message, if necessary
         
[b]if ( $sigimgwidth 650 || $sigimgheight 300 )[/b]
         {
            
$errors[] = "Your image is larger than the maximum allowed 650 x 300 and 75kb";
         }
      }
   }

   
// now this sig is okay.  Heh   
   // END MOD RJH 05-12-2004
[/font][/color]



6
Jakobo
Re: IP Address Range Ban
  • 2004/6/27 22:03

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


The best method I can think of would be a module that directly manipulates the XOOPS ban fdield in the database (which means no core hacking- woo). It could then handle advanced banning. For example, the user could drop in an address range, and while in the ban manager it would show it as a range, in the XOOPS -> general preferences, it would log all 200+ IP addresses. Just an idea.

I won't be able to work on it much until after the 10th of July due to some other obligations, but bd if you would like a hand with it, let me know. :)

~Jakob



7
Jakobo
Re: IP Address Range Ban
  • 2004/6/23 4:09

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Unfortunately, I tried that, but XOOPS takes to the \. like a brick takes to water :( I think the regex functions in XOOPS are slightly limited. In doing so, it cleared out the ban list completely. (I guess that's better than banning the entire site).

:)

~Jakob



8
Jakobo
Re: IP Address Range Ban
  • 2004/6/22 18:18

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Ouch :\
Okay, thanks...



9
Jakobo
IP Address Range Ban
  • 2004/6/22 17:50

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Hello, I am trying to put an IP ban in place for a provider that refuses to work with us to deal with a case of absuse of our website. The native regex I am trying to use is:

^213\.5\.([0-9]|[0-9][0-9]|10[0-2])\.[0-9]+

for the range 213.5.0.0 - 213.5.102.255

However, XOOPS will not take it, despite allowing for regular expressions in the IP. Any ideas about how to put this ban in place?



10
Jakobo
Re: Xoops causes httpd bind, cpu use jumps to 40+%
  • 2004/6/18 16:33

  • Jakobo

  • Just popping in

  • Posts: 61

  • Since: 2003/12/18


Ha, I forgot about that. XD

Though this experience does have me looking very critically at efficient SQL, and MySQL clustering.

Who knows, maybe when I get NetProject to 1.0 I'll start on a multiserver/db modification for the core. <_< >_>
It's only muddling with classes here and there, right?




TopTop
(1) 2 3 4 ... 6 »



Login

Who's Online

229 user(s) are online (156 user(s) are browsing Support Forums)


Members: 0


Guests: 229


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits