| Author |
Message |
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
 Posted:
Wed Aug 10, 2005 1:25 pm |
|
We had decieded to remove the ipban for our site because its worthless when you have Sentinel installed. But you loose the ability to use the link that is at the bottom of YA profiles to ban a user. Sure you can find them in the Sentinel logs (if you turned it on), but its not as easy as clicking the link.
So I adjusted the link but found that ABBlockedIPAdd.php doesnt allow passed in IP addresses.  With abit of adjusting I think I found away to allow it to do so and protect it from user error.
In admin/modules/nukesentinel/ABBlockedIPAdd.php
Find:
Code:$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
|
Replace with:
Code:if(!isset($tip)) {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
} else {
if(ereg("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$",$tip)) {
$tok = strtok($tip, ".");
$i = 0;
while ($tok !== false) {
if(intval($tok) <= 255) {
$t_ip[$i]=$tok;
} else {
$t_ip[0]=""; $t_ip[1]=$t_ip[2]=$t_ip[3]="0";
break;
}
$tok = strtok(".");
$i++;
}
$tip=$t_ip;
} else {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
}
}
|
Anyways I figured I would see if this could be added to future versions |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Aug 10, 2005 2:06 pm |
|
Great idea! Can you post the modification to YA also? |
| |
|
|
|
|
technocrat
|
| Posted:
Wed Aug 10, 2005 2:12 pm |
|
Sure. This will work with CNBYA also.
In modules/Your_Account/index.php
Find:
Code:echo "[ <a href='".$admin_file.".php?op=ipban&ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
|
Change to:
Code:echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
|
In CNBYA its 2 lines instead of 1 so just look for the link. |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Wed Aug 10, 2005 9:06 pm |
|
You should also know that nuke doesn't look for the real ip of a user but instead it only looks at $_SERVER['REMOTE_ADDR'] which as we all know can be masked. In the standard nuke packs and Patched packs you should look at these two functions:
1) mail_password
2) login
In their global lines add $nsnst_const and then replace $_SERVER['REMOTE_ADDR'] with $nsnst_const['remote_ip'] for it to log the true user ip. |
_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! |
|
 
|
|
BobMarion
|
| Posted:
Wed Aug 10, 2005 9:15 pm |
|
After thinking about it a little bit it would be safer to replace:Code:$ip = $_SERVER['REMOTE_ADDR'];
|
with:Code: if(!file_exists('includes/nukesentinel.php')) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = $nsnst_const['remote_ip'];
}
|
You can also do this to the online function in your mainfile.php file to get the true ip. Be sure to add $nsnst_const to the global in the online function too. |
| |
|
|
|
|
BobMarion
|
| Posted:
Wed Aug 10, 2005 9:30 pm |
|
Okay, here's the new Edits_For_Core_Files/modules/Your_Account/index.txt file:Code:/************************************************************************/
/* This file is for instructional use. */
/* By: NukeScripts Network (webmaster@nukescripts.net) */
/* http://www.nukescripts.net */
/* Modifications Copyright � 2000-2005 by NukeScripts Network */
/************************************************************************/
#
#-----[ OPEN ]------------------------------------------
#
index.php
in function mail_password($username, $code) {
#
#-----[ FIND ]------------------------------------------
#
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;
#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,
Now it will look something like:
global $nsnst_const, $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;
#
#-----[ FIND ]------------------------------------------
# This appears twice in this function
$host_name = $_SERVER['REMOTE_ADDR'];
#
#-----[ REPLACE WITH ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
$host_name = $_SERVER['REMOTE_ADDR'];
} else {
$host_name = $nsnst_const['remote_ip'];
}
in function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {
#
#-----[ FIND ]------------------------------------------
#
global $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;
#
#-----[ ADD TO IT ]------------------------------------------
#
$nsnst_const,
Now it will look something like:
global $nsnst_const, $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;
#
#-----[ FIND ]------------------------------------------
#
$uname = $_SERVER['REMOTE_ADDR'];
#
#-----[ REPLACE WITH ]------------------------------------------
#
if(!file_exists('includes/nukesentinel.php')) {
$uname = $_SERVER['REMOTE_ADDR'];
} else {
$uname = $nsnst_const['remote_ip'];
}
in function userinfo($username, $bypass=0, $hid=0, $url=0) {
# Submitted by technocrat
#-----[ FIND ]------------------------------------------
#
echo "[ <a href='".$admin_file.".php?op=ipban&ip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
#
#-----[ REPLACE WITH ]------------------------------------------
#
echo "[ <a href='".$admin_file.".php?op=ABBlockedIPAdd&tip=".$userinfo['last_ip']."'>"._BANTHIS."</a> | <a href=\"".$admin_file.".php?op=modifyUser&chng_uid=".$userinfo['username']."\">"._EDITUSER."</a> ]</center>";
|
|
| |
|
|
|
|
BobMarion
|
| Posted:
Wed Aug 10, 2005 9:44 pm |
|
Slightly modified, admin/modules/nukesentinel/ABBlockedIPAdd.php:Code:/********************************************************/
/* NukeSentinel(tm) */
/* By: NukeScripts Network (webmaster@nukescripts.net) */
/* http://www.nukescripts.net */
/* Copyright � 2000-2005 by NukeScripts Network */
/********************************************************/
$pagetitle = _AB_NUKESENTINEL.": "._AB_ADDIP;
include("header.php");
title($pagetitle);
OpenTable();
OpenMenu();
ipbanmenu();
CarryMenu();
blockedipmenu();
CloseMenu();
CloseTable();
echo "<br />\n";
OpenTable();
echo "<table align='center' border='0' cellpadding='2' cellspacing='2'>\n";
echo "<form action='".$admin_file.".php' method='post'>\n";
echo "<tr bgcolor='$bgcolor1'><td align='center' class='content' colspan='2'>"._AB_ADDIPS."</td></tr>\n";
// Start submitted by technocrat
if(!isset($tip)) {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
} else {
if(ereg("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $tip)) {
$tip = explode(".", $tip);
} else {
$tip[0]=""; $tip[1]=$tip[2]=$tip[3]="0";
}
}
// End submitted by technocrat
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_IPBLOCKED.":</b></td>\n";
echo "<td><input type='text' name='xip[0]' value='$tip[0]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[1]' value='$tip[1]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[2]' value='$tip[2]' size='4' maxlength='3' align='right'>\n";
echo ". <input type='text' name='xip[3]' value='$tip[3]' size='4' maxlength='3' align='right'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_USERID.":</b></td><td><input type='text' name='xuser_id' size='10' value='1'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_USERNAME.":</b></td><td><input type='text' name='xusername' size='20' value='$anonymous'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_AGENT.":</b></td><td><input type='text' name='xuser_agent' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2' valign='top'><b>"._AB_EXPIRESIN.":</b></td><td><select name='xexpires'>\n";
select_box7();
echo "</select><br />\n"._AB_EXPIRESINS."</td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_COUNTRY.":</b></td>\n";
echo "<td><select name='xc2c'>\n";
echo "<option value='00' selected>"._AB_SELECTCOUNTRY."</option>\n";
$result = $db->sql_query("SELECT * FROM `".$prefix."_nsnst_countries` ORDER BY `country`");
while($countryrow = $db->sql_fetchrow($result)) {
echo "<option value='".$countryrow['c2c']."'>".$countryrow['country']." (".$countryrow['c2c'].")</option>\n";
}
echo "</select></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2' valign='top'><b>"._AB_NOTES.":</b></td><td><textarea name='xnotes' $textrowcol>"._AB_ADDBY." $aid</textarea></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REASON.":</b></td><td><select name='xreason'>";
select_box8();
echo "</select></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_QUERY.":</b></td><td><input type='text' name='xquery_string' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_X_FORWARDED.":</b></td><td><input type='text' name='xx_forward_for' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_CLIENT_IP.":</b></td><td><input type='text' name='xclient_ip' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REMOTE_ADDR.":</b></td><td><input type='text' name='xremote_addr' size='40' value='none'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REMOTE_PORT.":</b></td><td><input type='text' name='xremote_port' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<tr><td bgcolor='$bgcolor2'><b>"._AB_REQUEST_METHOD.":</b></td><td><input type='text' name='xrequest_method' size='40' value='"._AB_UNKNOWN."'></td></tr>\n";
echo "<input type='hidden' name='op' value='ABBlockedIPAddSave'>\n";
echo "<tr><td colspan='2' align='center'><input type='checkbox' name='another' value='1' checked'>"._AB_ADDANOTHERIP."</td></tr>\n";
echo "<tr><td colspan='2' align='center'><input type=submit value='"._AB_ADDIP."'></td></tr>\n";
echo "</form>";
echo "</table>\n";
CloseTable();
ab_copy();
include("footer.php");
|
|
| |
|
|
|
|
technocrat
|
| Posted:
Thu Aug 11, 2005 8:08 am |
|
Ah great idea Bob with using the sentinel IP.
I used string tokens instead of exploded just to do a logic check on the IP address. Sure explode is faster but I figured it would be better to make absolutely sure the IP address was valid. |
| |
|
|
|
|
BobMarion
|
| Posted:
Thu Aug 11, 2005 9:22 am |
|
Since you had the ereg checking the ip format I decided to then explode it since if it doesn't match it's not an ip and therefore goes with the default 
Only thing it doesn't check is that the numbers are between 0 and 255 but that can be fixed. |
| |
|
|
|
|
technocrat
|
| Posted:
Thu Aug 11, 2005 9:36 am |
|
I guess something like 431.23.999.23 would be pretty rare |
| |
|
|
|
|
BobMarion
|
| Posted:
Thu Aug 11, 2005 2:26 pm |
|
Coming from within NukeSentinel it wouldn't happen but a user, if there was an entry field, would try it just to see what happened |
| |
|
|
|
|
technocrat
|
| Posted:
Thu Aug 11, 2005 2:34 pm |
|
 Well you got that covered |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
