1
I tried to make things harder for a troll I have. I had made a fourth group called banned which had no priviliges and put them in there and removed them from registered users group. I was guessing deleting them would enable them to register again with the same email address. IP blocking wasnt working as they were on dialup. So they continued.
So I made this code to help, it is inserted in checklogin.php in the includes directory, my code is between the slash lines, whats above and below is to guide you as to where to place it.
You need to set the variables at the top.
You need to create a fourth group to put banned people in.
the code creates the specified table if it doesnt exist.
To ban a user add them to group 4.
When they log in, this code will stop login and present a blank page. It also records their username, cleartext password, ip address and sets a cookie, all these attributes now indicate a ban. They can't use anonymous proxy because of the cookie, if they try from another computer and try their old ID that computer becomes banned to, if they clear the cookies, then the ip is still used to identify. If they register a new user on a computer with the ban cookie on, that new user becomes banned, if they know another users password and try to log in with that then that user becomes banned. There are ways around it but it's the best i could think of.
heres the code, if anyone could make a module or suggest an enhancement or offer any feedback that would be appreciated.
Just create a fourth group, set the top variables, and bung the code into checklogin.php. If there was a way, i'd attatch the whole file. If you ban yourself, delete the table and clear your cookies and login with a user not in the banned group. Do not bad admin user! I am not responsible for anything caused by this code, use it at your own risk.
-->Code
redirect_header(XOOPS_URL.'/index.php', 1, _NOPERM);
exit();
}
}
//////////////////////////////////////////////////////////////
$dbserver="localhost";
//set me
$dbusername="";
$dbpassword="";
$dbdatabase="";
$dbtable="passes";
$banned=false;
$connected=false;
//gets ip address
if (getenv(HTTP_X_FORWARDED_FOR)) {
$ip=getenv(HTTP_X_FORWARDED_FOR);
}
else if (getenv(HTTP_CLIENT_IP)) {
$ip=getenv(HTTP_CLIENT_IP);
}
else {
$ip=getenv(REMOTE_ADDR);
}
//connects to DB
if (!$dbh=mysql_connect($dbserver,$dbusername,$dbpassword)) {
print("Failed to connect to MySQL Server: " . mysql_error() . "");
}
else {
//select database
if (!$err=mysql_select_db($dbdatabase)) {
print("
Failed to select db:" . $dbdatabase . " " . mysql_error() . "");
}
else {
//check for table existence
$sql = "select id,uname,pass,vpass,email,ip,datetime,banned from " . $dbtable;
if(!$result=mysql_query($sql)){
$sql = "create table ".$dbtable."(id int not null auto_increment primary key," .
"uname varchar(20),pass varchar(20),vpass varchar(20),email varchar(20)," .
"ip varchar(20), datetime varchar(20),banned varchar(20))";
if(!$result=mysql_query($sql)) {
print("
Error! " . mysql_error() . "
");
print("
Query:" . $sql . "
");
}
}
//check if user is in group 4
foreach ($user->getGroups() as $group) {
//1 webmaster 2 registered 3 anon 4 added as ban
if ($group==4) {
$banned=true;
}
}
if($banned==false) {
//check for ban cookie
if(isset($_COOKIE["ccqrrt"])){
$banned=true;
} else {
//check for banned username
$sql='select * from '.$dbtable.' where uname="'.$uname.'" and banned="yes"';
$result=mysql_query($sql);
if(!$result=mysql_query($sql)){
print("
Error! " . mysql_error() . "
");
print("
Query:" . $sql . "
");
}
$rownum= mysql_num_rows($result);
if($rownum>0){
$banned=true;
} else {
//check for banned ip
$sql='select * from '.$dbtable.' where ip="'.$ip.'" and banned="yes"';
if(!$result=mysql_query($sql)){
print("
Error! " . mysql_error() . "
");
print("
Query:" . $sql . "
");
}
$rownum= mysql_num_rows($result);
if($rownum>0){
$banned=true;
}
}
}
}
}
}
//if indication of banned user set cookie, record ip etc
if($banned==true){
setcookie("ccqrrt", "r", time()+60*60*24*31*12*100);
$datetime=date("d,m,y h:i:s");
$sql='insert into ' . $dbtable . ' (uname, pass, ip, datetime, banned)' .
'values ("'.$uname.'","'.$pass.'","'.$ip.'","'.$datetime.'", "yes")';
if(!$result=mysql_query($sql)){
print("
Error! " . mysql_error() . "
");
print("
Query:" . $sql . "
");
}
die();
}
//////////////////////////////////////////////////////////////
$user->setVar('last_login', time());
if (!$member_handler->insertUser($user)) {