phpBB.de

Verfasst: **24.08.2005 02:19**

Servus!

Hab vor einiger Zeit den Moderator Ban Panel Hack installiert damit auch Mods bannen können.

Jetzt hab ich den Global Moderator Hack installiert um "Supermoderatoren" zu bestimmen.

Leider können die Supermods jetzt nicht mehr auf den Moderator Ban Panel zugreifen da sie ja jetzt ein anderes User-Level haben....

Eigentlich sollen auch nur die Supermods bzw. Global Mods auf das Ban Panel Zugriff haben, es müsste also im Prinzip nur die Rechtevergabe
in der mod_user_ban.php von normalen Moderatoren auf Global Moderatoren umgestellt werden, komme aber nicht dahinter wie ich das anstellen soll!

Hier die mod_user_ban.php:

Code: Alles auswählen

<?php 
define('IN_PHPBB', true);

/* mod_user_ban.php by BigJim */ 

if ($setmodules == 1) 
{ 
   $filename = basename(__FILE__); 
   $module['Users']['Ban_Management'] = $filename; 

   return; 
} 


// 
// Load default header 
// 
$phpbb_root_dir = './../'; 
require('modpagestart.inc'); 

$ban_admin_allowed = FALSE;
$ban_mods_allowed = FALSE;

// 
// Start program 
// 
if( isset($HTTP_POST_VARS['submit']) ) 
{ 
	//
	// Determine forbidden banning conditions
	//
	$forbidden_bans = array();
	$sql_param = '';

	if (!$ban_mods_allowed)
	{
		$sql_param .= 'user_level = ' . MOD . ' '; 
	}

	if (!$ban_admin_allowed)
	{
		$sql_param .= ( $sql_param == '') ? 'user_level = ' . ADMIN . ' ' : 'OR user_level = ' . ADMIN . ' ';
	}

	if ($sql_param != '')
	{
		$sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE " . $sql_param;

		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not query forum moderator/admin information', '', __LINE__, __FILE__, $sql);
		}

		$rows = $db->sql_fetchrowset($result);
		$num_rows = $db->sql_numrows($result);

		for ($i = 0; $i < $num_rows; $i++)
		{
			echo "-".$rows[$i]['user_id'];
			$forbidden_bans[] = $rows[$i]['user_id'];
		}
	}

	$user_bansql = ''; 
	$email_bansql = ''; 
	$ip_bansql = ''; 

	$user_list = array(); 
	if( isset($HTTP_POST_VARS['username']) ) 
	{ 
		$username = trim($HTTP_POST_VARS['username']); 
	
		if ($username != '')
		{
			$sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE username = '" . $username . "'";

			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not query forum moderator information', '', __LINE__, __FILE__, $sql);
			}

			$row = $db->sql_fetchrow($result);
			$user_list[] = $row['user_id'];
		}
	} 

	$ip_list = array(); 

	if( isset($HTTP_POST_VARS['ban_ip']) ) 
	{ 
		$ip_list_temp = explode(",", $HTTP_POST_VARS['ban_ip']); 

		for($i = 0; $i < count($ip_list_temp); $i++) 
		{ 
         if( preg_match("/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/", trim($ip_list_temp[$i]), $ip_range_explode) ) 
         { 
            // 
            // Don't ask about all this, just don't ask ... ! 
            // 
            $ip_1_counter = $ip_range_explode[1]; 
            $ip_1_end = $ip_range_explode[5]; 

            while($ip_1_counter <= $ip_1_end) 
            { 
               $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; 
               $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; 

               if($ip_2_counter == 0 && $ip_2_end == 254) 
               { 
                  $ip_2_counter = 255; 
                  $ip_2_fragment = 255; 

                  $ip_list[] = encode_ip("$ip_1_counter.255.255.255"); 
               } 

               while($ip_2_counter <= $ip_2_end) 
               { 
                  $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; 
                  $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; 

                  if($ip_3_counter == 0 && $ip_3_end == 254 ) 
                  { 
                     $ip_3_counter = 255; 
                     $ip_3_fragment = 255; 

                     $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255"); 
                  } 

                  while($ip_3_counter <= $ip_3_end) 
                  { 
                     $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; 
                     $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; 

                     if($ip_4_counter == 0 && $ip_4_end == 254) 
                     { 
                        $ip_4_counter = 255; 
                        $ip_4_fragment = 255; 

                        $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255"); 
                     } 

                     while($ip_4_counter <= $ip_4_end) 
                     { 
                        $ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"); 
                        $ip_4_counter++; 
                     } 
                     $ip_3_counter++; 
                  } 
                  $ip_2_counter++; 
               } 
               $ip_1_counter++; 
            } 
         } 
         else if( preg_match("/^([\w\-_]\.?){2,}$/is", trim($ip_list_temp[$i])) ) 
         { 
            $ip = gethostbynamel(trim($ip_list_temp[$i])); 

            for($j = 0; $j < count($ip); $j++) 
            { 
               if( !empty($ip[$j]) ) 
               { 
                  $ip_list[] = encode_ip($ip[$j]); 
               } 
            } 
         } 
         else if( preg_match("/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/", trim($ip_list_temp[$i])) ) 
         { 
            $ip_list[] = encode_ip(str_replace("*", "255", trim($ip_list_temp[$i]))); 
         } 
      } 
   } 

   $email_list = array(); 
   if(isset($HTTP_POST_VARS['ban_email'])) 
   { 
      $email_list_temp = explode(",", $HTTP_POST_VARS['ban_email']); 

      for($i = 0; $i < count($email_list_temp); $i++) 
      { 
         // 
         // This ereg match is based on one by php@unreelpro.com 
         // contained in the annotated php manual at php.com (ereg 
         // section) 
         // 
         if( eregi("^(([[:alnum:]]+([-_.][[:alnum:]]+)*\.?)|(\*))@([[:alnum:]]+([-_]?[[:alnum:]]+)*\.){1,3}([[:alnum:]]{2,6})$", trim($email_list_temp[$i])) ) 
         { 
            $email_list[] = trim($email_list_temp[$i]); 
         } 
      } 
   } 

   $sql = "SELECT * 
      FROM " . BANLIST_TABLE; 

   if( !$result = $db->sql_query($sql) ) 
   { 
      message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql); 
   } 

   $current_banlist = $db->sql_fetchrowset($result); 

   $kill_session_sql = ''; 
   for($i = 0; $i < count($user_list); $i++) 
   { 
      $in_banlist = false; 
      for($j = 0; $j < count($current_banlist); $j++) 
      { 
         if($user_list[$i] == $current_banlist[$j]['ban_userid']) 
         { 
            $in_banlist = true; 
         } 
      } 

	  if ( (!$in_banlist) && (!in_array($user_list[$i], $forbidden_bans)) )
      { 
		echo $user_list[$i]. ";";
		 $kill_session_sql .= ( ($kill_session_sql != '') ? ' OR ' : '' ) . 'session_user_id = ' . $user_list[$i]; 

         $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid) 
            VALUES (" . $user_list[$i] . ")"; 
         if( !$result = $db->sql_query($sql) ) 
         { 
            message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql); 
         } 
      } 
   } 

   for($i = 0; $i < count($ip_list); $i++) 
   { 
      $in_banlist = false; 
      for($j = 0; $j < count($current_banlist); $j++) 
      { 
         if($ip_list[$i] == $current_banlist[$j]['ban_ip']) 
         { 
            $in_banlist = true; 
         } 
      } 

      if(!$in_banlist) 
      { 
         if( preg_match("/(ff\.)|(\.ff)/is", chunk_split($ip_list[$i], 2, ".")) ) 
         { 
            $kill_ip_sql = "session_ip LIKE '" . str_replace(".", "", preg_replace("/(ff\.)|(\.ff)/is", "%", chunk_split($ip_list[$i], 2, "."))) . "'"; 
         } 
         else 
         { 
            $kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'"; 
         } 

         $kill_session_sql .= ( ($kill_session_sql != "") ? " OR " : "" ) . $kill_ip_sql; 

         $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) 
            VALUES ('" . $ip_list[$i] . "')"; 
         if( !$result = $db->sql_query($sql) ) 
         { 
            message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); 
         } 
      } 
   } 

   // 
   // Now we'll delete all entries from the 
   // session table with any of the banned 
   // user or IP info just entered into the 
   // ban table ... this will force a session 
   // initialisation resulting in an instant 
   // ban 
   // 
   if( $kill_session_sql != "" ) 
   { 
      $sql = "DELETE FROM " . SESSIONS_TABLE . " 
         WHERE $kill_session_sql"; 
      if( !$result = $db->sql_query($sql) ) 
      { 
         message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); 
      } 
   } 

   for($i = 0; $i < count($email_list); $i++) 
   { 
      $in_banlist = false; 
      for($j = 0; $j < count($current_banlist); $j++) 
      { 
         if( $email_list[$i] == $current_banlist[$j]['ban_email'] ) 
         { 
            $in_banlist = true; 
         } 
      } 

      if( !$in_banlist ) 
      { 
         $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) 
            VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; 
         if( !$result = $db->sql_query($sql) ) 
         { 
            message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); 
         } 
      } 
   } 

   $where_sql = ""; 

   if(isset($HTTP_POST_VARS['unban_user'])) 
   { 
      $user_list = $HTTP_POST_VARS['unban_user']; 

      for($i = 0; $i < count($user_list); $i++) 
      { 
         if($user_list[$i] != -1) 
         { 
            if($where_sql != "") 
            { 
               $where_sql .= ", "; 
            } 
            $where_sql .= $user_list[$i]; 
         } 
      } 
   } 

   if( isset($HTTP_POST_VARS['unban_ip']) ) 
   { 
      $ip_list = $HTTP_POST_VARS['unban_ip']; 

      for($i = 0; $i < count($ip_list); $i++) 
      { 
         if($ip_list[$i] != -1) 
         { 
            if($where_sql != "") 
            { 
               $where_sql .= ", "; 
            } 
            $where_sql .= $ip_list[$i]; 
         } 
      } 
   } 

   if( isset($HTTP_POST_VARS['unban_email']) ) 
   { 
      $email_list = $HTTP_POST_VARS['unban_email']; 

      for($i = 0; $i < count($email_list); $i++) 
      { 
         if($email_list[$i] != -1) 
         { 
            if($where_sql != "") 
            { 
               $where_sql .= ", "; 
            } 
            $where_sql .= $email_list[$i]; 
         } 
      } 
   } 

   if( $where_sql != '' ) 
   { 
      $sql = "DELETE FROM " . BANLIST_TABLE . " 
         WHERE ban_id IN ($where_sql)"; 
      if( !$result = $db->sql_query($sql) ) 
      { 
         message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); 
      } 
   } 

   $message = $lang['Ban_update_sucessful'] . "<br /><br />" . sprintf($lang['Click_return_banmod'], "<a href=\"" . append_sid("mod_user_ban.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_mod_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>"); 

   message_die(GENERAL_MESSAGE, $message); 

} 
else 
{ 

   $template->set_filenames(array( 
      'body' => 'admin/user_ban_body.tpl') 
   ); 

   $template->assign_vars(array( 
		'L_FIND_USERNAME' => $lang['Find_username'],

		'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), 
		'L_USERNAME' => $lang['Username'],
		'L_BAN_TITLE' => $lang['Ban_control'], 
		'L_BAN_EXPLAIN' => $lang['Ban_explain'], 
		'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'], 
		'L_IP_OR_HOSTNAME' => $lang['IP_hostname'], 
		'L_EMAIL_ADDRESS' => $lang['Email_address'], 
		'L_SUBMIT' => $lang['Submit'], 
		'L_RESET' => $lang['Reset'], 

		'S_BANLIST_ACTION' => append_sid("mod_user_ban.$phpEx")) 
	); 

   $userban_count = 0; 

   $sql = "SELECT user_id, username 
      FROM " . USERS_TABLE . " 
      WHERE user_id <> " . ANONYMOUS . " 
      ORDER BY username ASC"; 
   $u_result = $db->sql_query($sql); 
   $user_list = $db->sql_fetchrowset($u_result); 

   $select_userlist = ""; 
   for($i = 0; $i < count($user_list); $i++) 
   { 
      $select_userlist .= "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>"; 
      $userban_count++; 
   } 
   $select_userlist = "<select name=\"ban_user[]\" multiple=\"multiple\" size=\"5\">" . $select_userlist . "</select>"; 

   $template->assign_vars(array( 
      "L_BAN_USER" => $lang['Ban_username'], 
      "L_BAN_USER_EXPLAIN" => $lang['Ban_username_explain'], 
      "L_BAN_IP" => $lang['Ban_IP'], 
      "L_BAN_IP_EXPLAIN" => $lang['Ban_IP_explain'], 
      "L_BAN_EMAIL" => $lang['Ban_email'], 
      "L_BAN_EMAIL_EXPLAIN" => $lang['Ban_email_explain'], 

      "S_BAN_USERLIST_SELECT" => $select_userlist) 
   ); 

   $userban_count = 0; 
   $ipban_count = 0; 
   $emailban_count = 0; 

   $sql = "SELECT b.ban_id, u.user_id, u.username 
      FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u 
      WHERE u.user_id = b.ban_userid 
         AND b.ban_userid <> 0 
         AND u.user_id <> " . ANONYMOUS . " 
      ORDER BY u.user_id ASC"; 
   $u_result = $db->sql_query($sql); 
   $user_list = $db->sql_fetchrowset($u_result); 

   $select_userlist = ""; 
   for($i = 0; $i < count($user_list); $i++) 
   { 
      $select_userlist .= "<option value=\"" . $user_list[$i]['ban_id'] . "\">" . $user_list[$i]['username'] . "</option>"; 
      $userban_count++; 
   } 

   if( $select_userlist == "" ) 
   { 
      $select_userlist = "<option value=\"-1\">" . $lang['No_banned_users'] . "</option>"; 
   } 

   $select_userlist = "<select name=\"unban_user[]\" multiple=\"multiple\" size=\"5\">" . $select_userlist; 
   $select_userlist .= "</select>"; 

   $sql = "SELECT ban_id, ban_ip, ban_email 
      FROM " . BANLIST_TABLE; 
   $b_result = $db->sql_query($sql); 
   $banlist = $db->sql_fetchrowset($b_result); 

   $select_iplist = ""; 
   $select_emaillist = ""; 

   for($i = 0; $i < $db->sql_numrows($b_result); $i++) 
   { 
      $ban_id = $banlist[$i]['ban_id']; 

      if( !empty($banlist[$i]['ban_ip']) ) 
      { 
         $ban_ip = str_replace("255", "*", decode_ip($banlist[$i]['ban_ip'])); 
         $select_iplist .= "<option value=\"$ban_id\">$ban_ip</option>"; 
         $ipban_count++; 
      } 
      else if( !empty($banlist[$i]['ban_email']) ) 
      { 
         $ban_email = $banlist[$i]['ban_email']; 
         $select_emaillist .= "<option value=\"$ban_id\">$ban_email</option>"; 
         $emailban_count++; 
      } 
   } 

   if($select_iplist == "") 
   { 
      $select_iplist = "<option value=\"-1\">" . $lang['No_banned_ip'] . "</option>"; 
   } 

   if( $select_emaillist == "") 
   { 
      $select_emaillist = "<option value=\"-1\">" . $lang['No_banned_email'] . "</option>"; 
   } 

   $select_iplist = "<select name=\"unban_ip[]\" multiple=\"multiple\" size=\"5\">" . $select_iplist . "</select>"; 
   $select_emaillist = "<select name=\"unban_email[]\" multiple=\"multiple\" size=\"5\">" . $select_emaillist . "</select>"; 

   $template->assign_vars(array( 
      "L_UNBAN_USER" => $lang['Unban_username'], 
      "L_UNBAN_USER_EXPLAIN" => $lang['Unban_username_explain'], 
      "L_UNBAN_IP" => $lang['Unban_IP'], 
      "L_UNBAN_IP_EXPLAIN" => $lang['Unban_IP_explain'], 
      "L_UNBAN_EMAIL" => $lang['Unban_email'], 
      "L_UNBAN_EMAIL_EXPLAIN" => $lang['Unban_email_explain'], 

      "S_UNBAN_USERLIST_SELECT" => $select_userlist, 
      "S_UNBAN_IPLIST_SELECT" => $select_iplist, 
      "S_UNBAN_EMAILLIST_SELECT" => $select_emaillist, 
      "S_BAN_ACTION" => append_sid("mod_user_ban.$phpEx")) 
   ); 
} 

$template->pparse("body"); 

?>

Muss ja irgendwo in den ersten Zeilen liegen, ich seh's aber nicht!

Kann mir vielleicht jemand auf die Sprünge helfen bitte?

Verfasst: **24.08.2005 10:08**

hmm

füg mal testweise nach

Code: Alles auswählen

$ban_mods_allowed = FALSE;

folgendes ein:

Code: Alles auswählen

$ban_gmods_allowed = FALSE;

und nach

Code: Alles auswählen

   if (!$ban_mods_allowed) 
   { 
      $sql_param .= 'user_level = ' . MOD . ' '; 
   }

folgendes

Code: Alles auswählen

   if (!$ban_gmods_allowed) 
   { 
      $sql_param .= 'user_level = ' . GLOBAL_MOD . ' '; 
   }

ich habe es allerdings nicht getestet, also sichere zur Sicherheit deine Originaldatei vorher

BTW: KB:datei wegen des vielen Codes

Verfasst: **24.08.2005 17:00**

Danke, aber hat leider nix gebracht....

Verfasst: **28.08.2005 15:00**

Hab das Problem übrigens behoben....

Es gibt ja eine modpagestart.inc in der definiert ist wer Zugang hat, in der musste einfach von

Code: Alles auswählen

$userdata['user_level'] != MOD

auf

Code: Alles auswählen

$userdata['user_level'] != GLOBAL_MOD

abgeändert werden!

phpBB.de

Moderator Ban Panel -> Global Moderator Problem

Moderator Ban Panel -> Global Moderator Problem