Working with v1.7 and v1.7.1 (possible with v1.7.2 too)
With this mod administrators can control who should not visit their 4images site and for how long.
here are a few screenshots of the control panel:
The list of bans:
The list of current visitors with ability ban them from there:
A clean form for a new ban:
Logs of banned visitors:
--------- [ Features ] ------------ ban by IP, hostname, email, username and user ID
- use wildcard for partial matching (*.aol.com) (one exeption is user ID)
- use IP range (192.168.0.1-9 this will ban IPs from 192.168.0.1 to 192.168.0.9
- in the list of already added bans u can filter what type of ban u would like to see and which to hide
- multi-sorting options
- temporary or perm bans
- add info about a current visitor from "who's online" menu directly to the "add new ban" form (dont need type manualy)
---------- [ Changed/new files ] -----------New files:
admin/plugins/ban.php
templates/<your template>/ban.html
Changed files:
admin/settings.php
includes/constants.php
includes/functions.php
includes/sessions.php
lang/<your language>/admin.php
lang/<your language>/main.php
member.php
---------- [ Installation ] ----------Step 1Open
admin/settings.phpFind:
show_form_footer($lang['save_changes'], "", 2);Add
above:
/*
MOD BAN
START INSERT
*/
show_table_separator($setting_group[XX], 2, "#setting_group_XX");
show_setting_row("look_hostname", "radio");
/*
MOD BAN
END INSERT
*/Now is the tricky part. Scroll little bit up and find the last
show_table_separator($setting_group[XX], 2, "#setting_group_XX");where
XX is a number of the last section. Now add 1 to that number and memorize that number, u'll need it in
Step 5Also, replace
XX in the code u've just added to
admin/settings.php with that number.
For example if the last section looks like
show_table_separator($setting_group[7], 2, "#setting_group_7"); Then the number u should "memorize" is
8 (7+1=8)
Step 2Open
includes/constants.phpAt the very end,
above closing
?> insert:
/*
MOD BAN
START INSERT
*/
define("BAN_TABLE", $table_prefix."ban");
define("BAN_LOGS_TABLE", $table_prefix."ban_logs");
define("BAN_IP", 1);
define("BAN_HOSTNAME", 2);
define("BAN_USERID", 3);
define("BAN_NAME", 4);
define("BAN_EMAIL", 5);
/*
MOD BAN
END INSERT
*/
Step 3Open
includes/functions.phpAt the very end,
above closing
?> insert:
/*
MOD BAN
START INSERT
*/
function check_ban()
{
global $user_info, $site_sess, $config, $lang, $site_db, $HTTP_GET_VARS;
$types = array("ip", "hostname", "name", "user_id", "email");
if (!$config['ban_update'])
{
return false;
}
if ($user_info['user_level'] == ADMIN)
{
if (!isset($HTTP_GET_VARS['bantest'])) return false;
$return = true;
foreach ($types as $key)
{
if (isset($HTTP_GET_VARS[$key]) && $$key = $HTTP_GET_VARS[$key]) $return = false;
else $$key = "";
}
if ($return) return false;
$force = true;
}
else
{
$ip = $site_sess->session_info['session_ip'];
$email = $user_info['user_email'];
$user_id = $user_info['user_id'];
$name = $user_info['user_name'];
$hostname = "";
$force = false;
}
$ban = false;
$ban_checked = $site_sess->get_session_var("ban_checked");
$ban_userid = $site_sess->get_session_var("ban_userid");
$ban_banned = $site_sess->get_session_var("ban_banned");
if (get_magic_quotes_gpc() != 0)
{
$ban_banned = stripslashes($ban_banned);
}
// $ban_banned = stripslashes($ban_banned); //uncomment this line if magic_quotes_gpc is turned on on your server
$ban_banned = ($ban_banned) ? unserialize($ban_banned) : "";
if ($force || (!$ban_checked || !$ban_userid || ($ban_userid && $ban_userid != $user_info['user_id']) || ($ban_checked && $ban_checked < $config['ban_update']) || ($ban_banned && $ban_banned['expire'] < time())))
{
$query = array();
if (preg_match('/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/', $ip, $ip_chop) == 1)
{
$query[] = "(type = ".BAN_IP." AND ($ip_chop[1] BETWEEN ip1_start AND ip1_end) AND ($ip_chop[2] BETWEEN ip2_start AND ip2_end) AND ($ip_chop[3] BETWEEN ip3_start AND ip3_end) AND ($ip_chop[4] BETWEEN ip4_start AND ip4_end))";
if ($config['look_hostname'] && !$hostname)
{
$hostname = @gethostbyaddr($ip);
}
}
if ($hostname)
{
$query[] = "(type = ".BAN_HOSTNAME." AND ('$hostname' LIKE hostname))";
}
if ($email)
{
$query[] = "(type = ".BAN_EMAIL." AND ('".addslashes($email)."' LIKE email))";
}
if ($user_id && $user_id > GUEST)
{
$query[] = "(type = ".BAN_USERID." AND user_id = ".$user_id.")";
}
if ($name)
{
$query[] = "(type = ".BAN_NAME." AND ('".addslashes($name)."' LIKE name))";
}
if (!empty($query))
{
$sql = "SELECT id, type, message, date, expire
FROM ".BAN_TABLE."
WHERE (".implode(' OR ', $query).")";
if ($result = $site_db->query($sql))
{
while ($row = $site_db->fetch_array($result))
{
$site_sess->set_session_var("ban_banned", addslashes(serialize($row)));
if ($row['date'] <= time() && (!$row['expire'] || $row['expire'] > time()))
{
$ban = $row;
break;
}
}
}
else
{
$site_sess->set_session_var("ban_banned", "");
}
}
$site_sess->set_session_var("ban_checked", time());
$site_sess->set_session_var("ban_userid", $user_info['user_id']);
}
elseif ($ban_banned && $ban_banned['date'] <= time() && (!$ban_banned['expire'] || $ban_banned['expire'] > time()))
{
$ban = $ban_banned;
}
return $ban;
}
/*
MOD BAN
END INSERT
*/
Step 4Open
includes/sessions.phpFind:
$user_info = $site_sess->return_user_info();Insert
below:
/*
MOD BAN
START INSERT
*/
if ($ban = check_ban())
{
$sql = "INSERT INTO ".BAN_LOGS_TABLE."
(date, ip, uri, ban_id, user_id)
VALUES
(".time().", '".$site_sess->session_info['session_ip']."', 'http".(($_SERVER['SERVER_PORT'] != 80) ? "s" : "")."//".$_SERVER['SERVER_NAME'].addslashes($_SERVER['REQUEST_URI'])."', ".$ban['id'].", '".$user_info['user_id']."')";
$site_db->query($sql);
$main_template = "ban";
$config['badword_list'] = "";
include(ROOT_PATH.'includes/page_header.php');
$site_template->register_vars(array(
"lang_ban" => $lang['ban_banned'],
"message" => format_text($ban['message'], 1, 0, 1, 1, 1, 1)
));
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
exit;
}
/*
MOD BAN
END INSERT
*/
Step 5Open
lang/<your language>/admin.phpAt the very end,
above closing
?> insert:
/*
MOD BAN
START INSERT
*/
/*-- Setting-Group XX --*/
$setting_group[XX]="Ban";
$setting['look_hostname'] = "Lookup hostnames<span class=\"smalltext\"><br />might affect the perfomance";
$lang['ban'] = "Ban";
$lang['ban_ip'] = "IP";
$lang['ban_ip_expl'] = "<span class=\"smalltext\">ex: 123.123.123.123 or 123.123.123.* or 123.123.123.0-255</span>";
$lang['ban_user_id'] = "User id";
$lang['ban_email'] = "Email";
$lang['ban_email_expl'] = "<span class=\"smalltext\">ex: example*@example.com</span>";
$lang['ban_name'] = "Name";
$lang['ban_name_expl'] = "<span class=\"smalltext\">ex: example*</span>";
$lang['ban_hostname'] = "Hostname";
$lang['ban_hostname_expl'] = "<span class=\"smalltext\">ex: *.aol.com</span>";
$lang['ban_add'] = "Add new ban";
$lang['ban_edit'] = "Edit ban";
$lang['ban_date'] = "Start date";
$lang['ban_date_expl'] = "<span class=\"smalltext\">yyyy-mm-dd hh:mm:ss</span>";
$lang['ban_expire'] = "End date";
$lang['ban_expire_expl'] = "(leave blank for permanent ban)<br /><span class=\"smalltext\">yyyy-mm-dd hh:mm:ss</span>";
$lang['ban_message'] = "Message";
$lang['ban_message_expl'] = "<span class=\"smalltext\">Will be displayed to the banned visitor</span>";
$lang['ban_reason'] = "Reason";
$lang['ban_reason_expl'] = "<span class=\"smalltext\">Remind yourself</span>";
$lang['ban_required'] = array(
BAN_IP => "Please enter IP",
BAN_HOSTNAME => "Please enter a hostname",
BAN_USERID => "Please enter a user ID",
BAN_NAME => "Please enter a username",
BAN_EMAIL => "Please enter an email"
);
$lang['ban_bad_entry'] = array(
BAN_IP => "IP is incorrect",
BAN_HOSTNAME => "Hostname is incorrect",
BAN_USERID => "User ID is incorrect",
BAN_NAME => "Username is incorrect",
BAN_EMAIL => "Email is incorrect"
);
$lang['ban_dublicate'] = array(
BAN_IP => "This IP is already present in the database",
BAN_HOSTNAME => "This hostname is already present in the database",
BAN_USERID => "This user ID is already present in the database",
BAN_NAME => "This username is already present in the database",
BAN_EMAIL => "This email is already present in the database"
);
$lang['ban_type_array'] = array(
BAN_IP => "IP",
BAN_HOSTNAME => "Hostname",
BAN_USERID => "User ID",
BAN_NAME => "Username",
BAN_EMAIL => "Email"
);
$lang['ban_list'] = "List";
$lang['ban_type'] = "Type";
$lang['ban_value'] = "Value";
$lang['ban_add_success'] = "Entry added successfuly";
$lang['ban_add_error'] = "Error adding new entry";
$lang['ban_update_success'] = "Entry updated successfuly";
$lang['ban_update'] = "Update";
$lang['ban_update_error'] = "Error updating entry";
$lang['ban_edit_error'] = "Error edit entry";
$lang['ban_edit_success'] = "Entry edited successfuly";
$lang['ban_delete_error'] = "Error delete entry";
$lang['ban_delete_success'] = "Entry deleted successfuly";
$lang['ban_filter'] = "Filter";
$lang['ban_menu'] = "Content menu";
$lang['ban_whois'] = "Whos online";
$lang['ban_action'] = "Action";
$lang['ban_perm'] = "Never";
$lang['ban_perpage'] = "Show per page";
$lang['ban_logs'] = "Logs";
$lang['ban_uri'] = "Accessed URL";
$lang['ban_user_name'] = "User name";
$lang['ban_date_access'] = "Access date";
$lang['ban_logs_del_success'] = "Log(s) deleted successfuly";
$lang['ban_logs_del_error'] = "Error deleting log(s)";
$lang['ban_active'] = "Active";
$lang['ban_expired'] = "Expired";
$lang['ban_notactive'] = "Not active";
$lang['bad_invalid_date'] = "End date must be bigger then start date";
$lang['ban_copy'] = "Copy";
$lang['ban_test'] = "Test";
/*
MOD BAN
END INSERT
*/Replace
XX with the number u were supposed to memorize from
Step 1/*-- Setting-Group XX --*/
$setting_group[XX]="Ban";
Step 6Open
lang/<your language>/main.phpAt the very end, above closing
?> insert:
/*
MOD BAN
START INSERT
*/
$lang['ban_banned'] = "You've been banned";
/*
MOD BAN
END INSERT
*/
Step 7Download
this package.
Unzip it and upload acording the following directory tree:
ban_install.php
admin/plugins/ban.php
templates/<your template>/ban.html
(If u dont have
admin/plugins/ folder, then simply create it)
Step 7.1Login with your administrator account and run the installer (
ban_install.php)
by typing in your browser:
http://<yoursiteaddress>/<path_to_4images>/ban_install.phpOnce the database update is finished, delete
ban_install.php
Step 8 (added 2006-05-20)Open
member.phpFind:
if ($user_row = get_user_info($user_id)) {
Replace with:
if (($user_info['user_level'] == ADMIN || !$site_db->query_firstrow("SELECT id FROM ".BAN_TABLE." WHERE type = ".BAN_USERID." AND user_id = ".$user_id." AND (NOT expire OR expire > ".time().") LIMIT 1")) && $user_row = get_user_info($user_id)) {
In the settings u should see now a new section "Ban" were u can turn on/off hostname lookup. If u turn it off, u wont be able ban by hostname, but it might increase server perfomance. U should only turn it off if your site loose its perfomance.
---------- [ F.A.Q. ] --------------| Q: | Why when I ban someone, they see the ban message only first time they open the page, after refresh the ban doesnt work anymore? |
| A: | This is a recent discover and its probably because your server has magic_quotes_gpc is turned on (check in phpinfo()).
To fix that, uncomment this line from includes/functions.php:
// $ban_banned = stripslashes($ban_banned); //uncomment this line if magic_quotes_gpc is turned on on your server
Since v1.6.1 added auto check if magic_quotes_gpc is enabled
|
| |
|
| Q: | Why when I enter an user id, name or an email address for a new ban it says id/name/email is not valid? |
| A: | The plugin checks if a member exists with such id/name/email, you can not ban non-existing members. |
| |
|
| Q: | How can I ban entire subnet? |
| A: | If you want ban a subnet 192.168.0.X u have two ways to do so either use wildcard (*): 192.168.0.* or use IP range: 192.168.0.0-255
You can specify range of each of 4 IP parts. 0-255.0-255.0-255.0-255
In green is start number of the range and red is the end of the range. (be carefull, dont ban your own IP, otherwise ones you logout, the only way to get back is manualy edit database) |
| |
|
| Q: | I just tryed ban myself, but I still was able access my site. Why? |
| A: | For security reason ban does not apply for administrators. Ones you log out, the only way unban yourself is edit manualy MySQL database. |
| |
|
| Q: | When click on "whos online" link, it takes a while before it opens the page. Why? |
| A: | Most probably the "Hostname lookup" is turned on in the settings. You can disable it there, or edit ban.php and read comments for $look_hostname variable on top of the file. |
| |
|
| Q: | How can I properly test the mod working? |
| A: | Well, the best sollution is add ban for your own IP/hostname and logout. BUT before you do that, make sure that you set expiration date for just a few minutes, you will have enough time to test the ban before it get expired and you'll be able login. To test ban by username/userid/email - set a ban for your test account and then try to login with that account.
Also, since v1.5 you can test the ban by clicking "test" link next to it from the bans list page. |
---------- [ Version history ] -------------1.7 (2006-05-20)
- added an optional Step 8 which will allow view profiles of banned by user id members only to admins, other visitors will get "user not found" message.
1.6.3 (2006-05-20)
- fixed issue with not able see member's profile by admin when member banned by user id. (replace ban.php and redo step 3)
1.6.2 (2005-07-09)
- fixed issue when ban wouldnt work for name, user id or email, when visitor visited the site as a guest and then login.
1.6.1 (2005-06-03)
- added auto check if magic_quotes_gpc is enabled on the server. it should fix issue covered in FAQ about ban doesnt work after page referesh. (just 3 lines added into includes/functions.php above the line mentioned in the FAQ)
1.6 (2005-04-01) (more info
here)
- added support for
[MOD] Country flags (based on IP) in whos online in ACP - added "reason" field in the logs page
- fixed test by hostname
- improved test feature
1.5 (2005-03-29) (more info
here)
- added two new features: copy existing bans data into new ban form and test feature for admins
1.4.3 (2005-03-29)
- not a bug, and not a new feature, it just didnt show correct page when editing an entry. (replace ban.php)
1.4.2 (2005-03-28)
- very minor bug fixed where input form named "Add new ban" instead of "Update ban" after update failure (replace ban.php)
1.4.1 (2005-03-28) (more info
here)
- found a bug that would only check the first found entry in the database and if the first entry is expired or not active and second entry is valid, the visitor will not get banned..
1.4 (2005-03-28) (more info
here)
- added sorting by "value", its not perfect, but its close enough :)
1.3 (2005-03-28) (more info
here)
- added another filter "not active" which will show/hide bans that are not active yet (the start date is still in the future)
- added check for end date, that must be bigger then the start date.
1.2 (2005-03-28) (more info
here)
- very minor change, now it coloring bans which are not active or expired
- and now it parses bbcode, smiles (if installed) in the ban list
1.1.1 (2005-03-28) (more info
here)
- fixed a very minor warning message
1.1 (2005-03-28) (more info
here)
- added two new filters for the ban list
1.0 (2005-03-28)
- first release
Show Posts
Open members.php 
Öffne members.php 
