AddIP idea

technocrat · Posted: Wed Aug 10, 2005 1:25 pm

We had decieded to remove the ipban for our site because its worthless when you have Sentinel installed. But you loose the ability to use the link that is at the bottom of YA profiles to ban a user. Sure you can find them in the Sentinel logs (if you turned it on), but its not as easy as clicking the link.

So I adjusted the link but found that ABBlockedIPAdd.php doesnt allow passed in IP addresses. Sad

With abit of adjusting I think I found away to allow it to do so and protect it from user error.

In admin/modules/nukesentinel/ABBlockedIPAdd.php

Find:

Code:

$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";

Replace with:

Code:

if(!isset($tip)) {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
} else {
if(ereg("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$",$tip)) {
   $tok = strtok($tip, ".");
   $i = 0;
   while ($tok !== false) {
      if(intval($tok) <= 255) {
         $t_ip[$i]=$tok;
      } else {
         $t_ip[0]=""; $t_ip[1]=$t_ip[2]=$t_ip[3]="0";
         break;
      }
      $tok = strtok(".");
      $i++;
   }
   $tip=$t_ip;
} else {
   $tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
}
}

Anyways I figured I would see if this could be added to future versions

Raven · Posted: Wed Aug 10, 2005 2:06 pm

Great idea! Can you post the modification to YA also?

technocrat · Posted: Wed Aug 10, 2005 2:12 pm

Sure. This will work with CNBYA also.

In modules/Your_Account/index.php

Find:

Code:

echo "[ <a href='".$admin_file.".php?op=ipban&ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";

Change to:

Code:

echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";

In CNBYA its 2 lines instead of 1 so just look for the link.

BobMarion · Posted: Wed Aug 10, 2005 9:06 pm

You should also know that nuke doesn't look for the real ip of a user but instead it only looks at $_SERVER['REMOTE_ADDR'] which as we all know can be masked. In the standard nuke packs and Patched packs you should look at these two functions:
1) mail_password
2) login

In their global lines add $nsnst_const and then replace $_SERVER['REMOTE_ADDR'] with $nsnst_const['remote_ip'] for it to log the true user ip.

BobMarion · Posted: Wed Aug 10, 2005 9:15 pm

After thinking about it a little bit it would be safer to replace:

Code:

$ip = $_SERVER['REMOTE_ADDR'];

with:

Code:

if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}

You can also do this to the online function in your mainfile.php file to get the true ip. Be sure to add $nsnst_const to the global in the online function too.

BobMarion · Posted: Wed Aug 10, 2005 9:30 pm

Okay, here's the new Edits_For_Core_Files/modules/Your_Account/index.txt file:

Code:

/************************************************************************/
/* This file is for instructional use. */
/* By: NukeScripts Network (webmaster@nukescripts.net) */
/* http://www.nukescripts.net */
/* Modifications Copyright ï¿½ 2000-2005 by NukeScripts Network */
/************************************************************************/

#
#-----[ OPEN ]------------------------------------------
#
index.php

in function mail_password($username, $code) {
#
#-----[ FIND ]------------------------------------------
#
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;

#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,

Now it will look something like:
global $nsnst_const, $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;

#
#-----[ FIND ]------------------------------------------
# This appears twice in this function
$host_name = $_SERVER['REMOTE_ADDR'];

#
#-----[ REPLACE WITH ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
$host_name = $_SERVER['REMOTE_ADDR'];
} else {
$host_name = $nsnst_const['remote_ip'];
}

in function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {
#
#-----[ FIND ]------------------------------------------
#
global $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;

#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,

Now it will look something like:
global $nsnst_const, $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;

#
#-----[ FIND ]------------------------------------------
#
$uname = $_SERVER['REMOTE_ADDR'];

#
#-----[ REPLACE WITH ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
$uname = $_SERVER['REMOTE_ADDR'];
} else {
$uname = $nsnst_const['remote_ip'];
}

in function userinfo($username, $bypass=0, $hid=0, $url=0) {
# Submitted by technocrat
#-----[ FIND ]------------------------------------------
#
echo "[ <a href='".$admin_file.".php?op=ipban&ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";

#
#-----[ REPLACE WITH ]------------------------------------------
#
echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";

BobMarion · Posted: Wed Aug 10, 2005 9:44 pm

Slightly modified, admin/modules/nukesentinel/ABBlockedIPAdd.php:

Code:

/********************************************************/
/* NukeSentinel(tm) */
/* By: NukeScripts Network (webmaster@nukescripts.net) */
/* http://www.nukescripts.net */
/* Copyright ï¿½ 2000-2005 by NukeScripts Network */
/********************************************************/

$pagetitle = _AB_NUKESENTINEL.": "._AB_ADDIP;
include("header.php");
title($pagetitle);
OpenTable();
OpenMenu();
ipbanmenu();
CarryMenu();
blockedipmenu();
CloseMenu();
CloseTable();
echo "<br />\n";
OpenTable();
echo "<table align='center' border='0' cellpadding='2' cellspacing='2'>\n";
echo "<form action='".$admin_file.".php' method='post'>\n";
echo "<tr bgcolor='$bgcolor1'><td align='center' class='content' colspan='2'>"._AB_ADDIPS."</td></tr>\n";
// Start submitted by technocrat
if(!isset($tip)) {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
} else {
if(ereg("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $tip)) {
$tip = explode(".", $tip);
} else {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
}
}
// End submitted by technocrat
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_IPBLOCKED.":</b></td>\n";
echo "<td><input type='text' name='xip[0]' value='$tip[0]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[1]' value='$tip[1]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[2]' value='$tip[2]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[3]' value='$tip[3]' size='4' maxlength='3' align='right'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_USERID.":</b></td><td><input type='text' name='xuser_id' size='10' value='1'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_USERNAME.":</b></td><td><input type='text' name='xusername' size='20' value='$anonymous'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_AGENT.":</b></td><td><input type='text' name='xuser_agent' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2' valign='top'><b>"._AB_EXPIRESIN.":</b></td><td><select name='xexpires'>\n";
select_box7();
echo "</select><br />\n"._AB_EXPIRESINS."</td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_COUNTRY.":</b></td>\n";
echo "<td><select name='xc2c'>\n";
echo "<option value='00' selected>"._AB_SELECTCOUNTRY."</option>\n";
$result = $db->sql_query("SELECT * FROM `".$prefix."_nsnst_countries` ORDER BY `country`");
while($countryrow = $db->sql_fetchrow($result)) {
echo "<option value='".$countryrow['c2c']."'>".$countryrow['country']." (".$countryrow['c2c'].")</option>\n";
}
echo "</select></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2' valign='top'><b>"._AB_NOTES.":</b></td><td><textarea name='xnotes' $textrowcol>"._AB_ADDBY." $aid</textarea></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REASON.":</b></td><td><select name='xreason'>";
select_box8();
echo "</select></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_QUERY.":</b></td><td><input type='text' name='xquery_string' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_X_FORWARDED.":</b></td><td><input type='text' name='xx_forward_for' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_CLIENT_IP.":</b></td><td><input type='text' name='xclient_ip' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REMOTE_ADDR.":</b></td><td><input type='text' name='xremote_addr' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REMOTE_PORT.":</b></td><td><input type='text' name='xremote_port' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REQUEST_METHOD.":</b></td><td><input type='text' name='xrequest_method' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<input type='hidden' name='op' value='ABBlockedIPAddSave'>\n";
echo "<tr><td colspan='2' align='center'><input type='checkbox' name='another' value='1' checked'>"._AB_ADDANOTHERIP."</td></tr>\n";
echo "<tr><td colspan='2' align='center'><input type=submit value='"._AB_ADDIP."'></td></tr>\n";
echo "</form>";
echo "</table>\n";
CloseTable();
ab_copy();
include("footer.php");

technocrat · Posted: Thu Aug 11, 2005 8:08 am

Ah great idea Bob with using the sentinel IP.

I used string tokens instead of exploded just to do a logic check on the IP address. Sure explode is faster but I figured it would be better to make absolutely sure the IP address was valid.

BobMarion · Posted: Thu Aug 11, 2005 9:22 am

Since you had the ereg checking the ip format I decided to then explode it since if it doesn't match it's not an ip and therefore goes with the default Smile

Only thing it doesn't check is that the numbers are between 0 and 255 but that can be fixed.

technocrat · Posted: Thu Aug 11, 2005 9:36 am

I guess something like 431.23.999.23 would be pretty rare Smile

BobMarion · Posted: Thu Aug 11, 2005 2:26 pm

Coming from within NukeSentinel it wouldn't happen but a user, if there was an entry field, would try it just to see what happened Smile

technocrat · Posted: Thu Aug 11, 2005 2:34 pm

Well you got that covered