Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Enhancement Requests
Author Message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed Aug 10, 2005 1:25 pm Reply with quote

We had decieded to remove the ipban for our site because its worthless when you have Sentinel installed. But you loose the ability to use the link that is at the bottom of YA profiles to ban a user. Sure you can find them in the Sentinel logs (if you turned it on), but its not as easy as clicking the link.

So I adjusted the link but found that ABBlockedIPAdd.php doesnt allow passed in IP addresses. Sad With abit of adjusting I think I found away to allow it to do so and protect it from user error.

In admin/modules/nukesentinel/ABBlockedIPAdd.php

Find:
Code:
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";


Replace with:
Code:
if(!isset($tip)) {

   $tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
} else {
   if(ereg("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$",$tip)) {
      $tok = strtok($tip, ".");
      $i = 0;
      while ($tok !== false) {
         if(intval($tok) <= 255) {
            $t_ip[$i]=$tok;
         } else {
            $t_ip[0]=""; $t_ip[1]=$t_ip[2]=$t_ip[3]="0";
            break;
         }
         $tok = strtok(".");
         $i++;
      }
      $tip=$t_ip;
   } else {
      $tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
   }
}


Anyways I figured I would see if this could be added to future versions

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Aug 10, 2005 2:06 pm Reply with quote

Great idea! Can you post the modification to YA also?
 
View user's profile Send private message
technocrat
PostPosted: Wed Aug 10, 2005 2:12 pm Reply with quote

Sure. This will work with CNBYA also.

In modules/Your_Account/index.php

Find:
Code:
echo "[ <a href='".$admin_file.".php?op=ipban&ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";


Change to:
Code:
echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";


In CNBYA its 2 lines instead of 1 so just look for the link.
 
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Wed Aug 10, 2005 9:06 pm Reply with quote

You should also know that nuke doesn't look for the real ip of a user but instead it only looks at $_SERVER['REMOTE_ADDR'] which as we all know can be masked. In the standard nuke packs and Patched packs you should look at these two functions:
1) mail_password
2) login

In their global lines add $nsnst_const and then replace $_SERVER['REMOTE_ADDR'] with $nsnst_const['remote_ip'] for it to log the true user ip.

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
BobMarion
PostPosted: Wed Aug 10, 2005 9:15 pm Reply with quote

After thinking about it a little bit it would be safer to replace:
Code:
$ip = $_SERVER['REMOTE_ADDR'];

with:
Code:
  if(!file_exists('includes/nukesentinel.php')) {

    $ip = $_SERVER['REMOTE_ADDR'];
  } else {
    $ip = $nsnst_const['remote_ip'];
  }


You can also do this to the online function in your mainfile.php file to get the true ip. Be sure to add $nsnst_const to the global in the online function too.
 
BobMarion
PostPosted: Wed Aug 10, 2005 9:30 pm Reply with quote

Okay, here's the new Edits_For_Core_Files/modules/Your_Account/index.txt file:
Code:
/************************************************************************/

/* This file is for instructional use.                                  */
/* By: NukeScripts Network (webmaster@nukescripts.net)                  */
/* http://www.nukescripts.net                                           */
/* Modifications Copyright � 2000-2005 by NukeScripts Network           */
/************************************************************************/

#
#-----[ OPEN ]------------------------------------------
#
index.php

in function mail_password($username, $code) {
#
#-----[ FIND ]------------------------------------------
#
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;

#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,

Now it will look something like:
global $nsnst_const, $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;

#
#-----[ FIND ]------------------------------------------
# This appears twice in this function
  $host_name = $_SERVER['REMOTE_ADDR'];

#
#-----[ REPLACE WITH ]------------------------------------------
#
  if(!file_exists('includes/nukesentinel.php')) {
    $host_name = $_SERVER['REMOTE_ADDR'];
  } else {
    $host_name = $nsnst_const['remote_ip'];
  }


in function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {
#
#-----[ FIND ]------------------------------------------
#
global $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;

#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,

Now it will look something like:
global $nsnst_const, $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;


#
#-----[ FIND ]------------------------------------------
#
  $uname = $_SERVER['REMOTE_ADDR'];

#
#-----[ REPLACE WITH ]------------------------------------------
#
  if(!file_exists('includes/nukesentinel.php')) {
    $uname = $_SERVER['REMOTE_ADDR'];
  } else {
    $uname = $nsnst_const['remote_ip'];
  }


in function userinfo($username, $bypass=0, $hid=0, $url=0) {
# Submitted by technocrat
#-----[ FIND ]------------------------------------------
#
echo "[ <a href='".$admin_file.".php?op=ipban&ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";

#
#-----[ REPLACE WITH ]------------------------------------------
#
echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
 
BobMarion
PostPosted: Wed Aug 10, 2005 9:44 pm Reply with quote

Slightly modified, admin/modules/nukesentinel/ABBlockedIPAdd.php:
Code:
/********************************************************/

/* NukeSentinel(tm)                                     */
/* By: NukeScripts Network (webmaster@nukescripts.net)  */
/* http://www.nukescripts.net                           */
/* Copyright � 2000-2005 by NukeScripts Network         */
/********************************************************/

$pagetitle = _AB_NUKESENTINEL.": "._AB_ADDIP;
include("header.php");
title($pagetitle);
OpenTable();
OpenMenu();
ipbanmenu();
CarryMenu();
blockedipmenu();
CloseMenu();
CloseTable();
echo "<br />\n";
OpenTable();
echo "<table align='center' border='0' cellpadding='2' cellspacing='2'>\n";
echo "<form action='".$admin_file.".php' method='post'>\n";
echo "<tr bgcolor='$bgcolor1'><td align='center' class='content' colspan='2'>"._AB_ADDIPS."</td></tr>\n";
// Start submitted by technocrat
if(!isset($tip)) {
  $tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
} else {
  if(ereg("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $tip)) {
    $tip = explode(".", $tip);
  } else {
    $tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
  }
}
// End submitted by technocrat
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_IPBLOCKED.":</b></td>\n";
echo "<td><input type='text' name='xip[0]' value='$tip[0]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[1]' value='$tip[1]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[2]' value='$tip[2]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[3]' value='$tip[3]' size='4' maxlength='3' align='right'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_USERID.":</b></td><td><input type='text' name='xuser_id' size='10' value='1'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_USERNAME.":</b></td><td><input type='text' name='xusername' size='20' value='$anonymous'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_AGENT.":</b></td><td><input type='text' name='xuser_agent' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2' valign='top'><b>"._AB_EXPIRESIN.":</b></td><td><select name='xexpires'>\n";
select_box7();
echo "</select><br />\n"._AB_EXPIRESINS."</td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_COUNTRY.":</b></td>\n";
echo "<td><select name='xc2c'>\n";
echo "<option value='00' selected>"._AB_SELECTCOUNTRY."</option>\n";
$result = $db->sql_query("SELECT * FROM `".$prefix."_nsnst_countries` ORDER BY `country`");
while($countryrow = $db->sql_fetchrow($result)) {
  echo "<option value='".$countryrow['c2c']."'>".$countryrow['country']." (".$countryrow['c2c'].")</option>\n";
}
echo "</select></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2' valign='top'><b>"._AB_NOTES.":</b></td><td><textarea name='xnotes' $textrowcol>"._AB_ADDBY." $aid</textarea></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REASON.":</b></td><td><select name='xreason'>";
select_box8();
echo "</select></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_QUERY.":</b></td><td><input type='text' name='xquery_string' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_X_FORWARDED.":</b></td><td><input type='text' name='xx_forward_for' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_CLIENT_IP.":</b></td><td><input type='text' name='xclient_ip' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REMOTE_ADDR.":</b></td><td><input type='text' name='xremote_addr' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REMOTE_PORT.":</b></td><td><input type='text' name='xremote_port' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REQUEST_METHOD.":</b></td><td><input type='text' name='xrequest_method' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<input type='hidden' name='op' value='ABBlockedIPAddSave'>\n";
echo "<tr><td colspan='2' align='center'><input type='checkbox' name='another' value='1' checked'>"._AB_ADDANOTHERIP."</td></tr>\n";
echo "<tr><td colspan='2' align='center'><input type=submit value='"._AB_ADDIP."'></td></tr>\n";
echo "</form>";
echo "</table>\n";
CloseTable();
ab_copy();
include("footer.php");
 
technocrat
PostPosted: Thu Aug 11, 2005 8:08 am Reply with quote

Ah great idea Bob with using the sentinel IP.

I used string tokens instead of exploded just to do a logic check on the IP address. Sure explode is faster but I figured it would be better to make absolutely sure the IP address was valid.
 
BobMarion
PostPosted: Thu Aug 11, 2005 9:22 am Reply with quote

Since you had the ereg checking the ip format I decided to then explode it since if it doesn't match it's not an ip and therefore goes with the default Smile

Only thing it doesn't check is that the numbers are between 0 and 255 but that can be fixed.
 
technocrat
PostPosted: Thu Aug 11, 2005 9:36 am Reply with quote

I guess something like 431.23.999.23 would be pretty rare Smile
 
BobMarion
PostPosted: Thu Aug 11, 2005 2:26 pm Reply with quote

Coming from within NukeSentinel it wouldn't happen but a user, if there was an entry field, would try it just to see what happened Smile
 
technocrat
PostPosted: Thu Aug 11, 2005 2:34 pm Reply with quote

Laughing Well you got that covered
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Enhancement Requests

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©