You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2010-07-19 21:48:58
- xSDMx
- Member
- Registered: 2008-06-24
- Posts: 129
Bad Behavior Admin List
<?php
/***********************************************************************
Copyright (C) 2002-2005 Smartys (smartys@punbb-hosting.com)
This file is part of PunBB.
PunBB is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
PunBB is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
// Make sure no one attempts to run this script "directly"
if (!defined('PUN'))
exit;
// Tell admin_loader.php that this is indeed a plugin and that it is loaded
define('PUN_PLUGIN_LOADED', 1);
// If the "Save" button was clicked
if (isset($_POST['save']))
{
$form = array_map("trim", $_POST['form']);
while (list($key, $input) = @each($form))
{
$db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'o_badbehavior_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
}
// Regenerate the config cache
require_once PUN_ROOT.'include/cache.php';
generate_config_cache();
redirect($_SERVER['REQUEST_URI'], 'Options updated. Redirecting...');
}
else
{
// Display the admin navigation menu
generate_admin_menu($plugin);
?>
<div id="badbehaviorplugin" class="blockform">
<h2><span>Bad Behavior Plugin</span></h2>
<div class="box">
<div class="inbox">
<p>The Bad Behavior system helps protect your site from malicious bots (spammers, email harvesters, etc).</p>
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
</div>
</div>
<h2 class="block2"><span>Statistics:</span></h2>
<div class="box">
<div class="inbox">
<p><?php echo bb2_insert_stats(true) ?></p>
</div>
</div>
<h2 class="block2"><span>Settings</span></h2>
<div class="box">
<form id="example" method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
<p class="submittop"><input type="submit" name="save" value="Save changes" /></p>
<div class="inform">
<fieldset>
<legend>Change your settings and submit!</legend>
<div class="infldset">
<table class="aligntop" cellspacing="0">
<tr>
<th scope="row">Display Statistics</th>
<td>
<input type="radio" name="form[display_stats]" value="1"<?php if ($pun_config['o_badbehavior_display_stats'] == '1') echo ' checked="checked"' ?> /> <strong>Yes</strong> <input type="radio" name="form[display_stats]" value="0"<?php if ($pun_config['o_badbehavior_display_stats'] == '0') echo ' checked="checked"' ?> /> <strong>No</strong>
<span>Allows you to decide if statistics should be displayed publicly or not (you will also need to edit the code to include a call to bb2_insert_stats()). This setting does not affect the statistics seen above.</span>
</td>
</tr>
<tr>
<th scope="row">Verbose Logging</th>
<td>
<input type="radio" name="form[verbose]" value="1"<?php if ($pun_config['o_badbehavior_verbose'] == '1') echo ' checked="checked"' ?> /> <strong>Yes</strong> <input type="radio" name="form[verbose]" value="0"<?php if ($pun_config['o_badbehavior_verbose'] == '0') echo ' checked="checked"' ?> /> <strong>No</strong>
<span>More verbose logging (logs data from all requests made).</span>
</td>
</tr>
<tr>
<th scope="row">Strict Mode</th>
<td>
<input type="radio" name="form[strict]" value="1"<?php if ($pun_config['o_badbehavior_strict'] == '1') echo ' checked="checked"' ?> /> <strong>Yes</strong> <input type="radio" name="form[strict]" value="0"<?php if ($pun_config['o_badbehavior_strict'] == '0') echo ' checked="checked"' ?> /> <strong>No</strong>
<span>Strict checking (blocks more spam but may block some people)</span>
</td>
</tr>
</table>
</div>
</fieldset>
</form>
<p>
<div class="inform">
<fieldset>
<legend>Block List</legend>
<table class="aligntop" cellspacing="0">
<tr>
<th scope="col">ID</th>
<th scope="col">Time</th>
<th scope="col">IP</th>
<th scope="col">User Agent</th>
</tr>
</fieldset>
</div>
<?php
// Grab bb list
$result = $db->query('SELECT * FROM '.$db->prefix.'bad_behavior ORDER BY id DESC LIMIT 10') or error('Unable to fetch bad_behavior list', __FILE__, __LINE__, $db->error());
$num_bb = $db->num_rows($result);
if ($num_bb > 0)
{
while ($bb_data = $db->fetch_assoc($result))
{
echo"\t\t\t\t".'<tr>'."\n";
echo "\t\t\t\t\t".'<td>'.$bb_data['id'].'</td>'."\n";
echo "\t\t\t\t\t".'<td>'.$bb_data['date'].'</td>'."\n";
echo "\t\t\t\t\t".'<td>'.$bb_data['ip'].'</td>'."\n";
echo "\t\t\t\t\t".'<td>'.$bb_data['user_agent'].'</td>'."\n";
if ($pun_user['g_id'] <= PUN_MOD)
echo"\t\t\t\t\t".'<td><a href="'.PUN_ROOT.'admin_users.php?show_users='.$user_data['current_ip'].'">'.$user_data['current_ip'].'</a></td>'."\n";
echo"\t\t\t\t".'</tr>'."\n";
}
}
else
{
echo "\t\t\t\t".'<tr><td colspan="'.(($pun_user['g_id'] <= PUN_MOD) ? '4' : '3').'">'.$lang_online['No users'].'</td>'."\n\t\t\t\t".'</tr>'."\n";
}
?>
</table>
</div>
</div>
</div>
<?php
}
// Note that the script just ends here. The footer will be included by admin_loader.php.Quick and sloppy, but I put together a list within the admin plugin that queries the database and shows the ten most recent blocks. I hope someone finds this useful!
Last edited by xSDMx (2010-07-20 00:59:54)
Offline
#2 2010-07-20 10:16:55
- Visman
- Member
- From: Siberia
- Registered: 2010-07-10
- Posts: 1,476
- Website
Re: Bad Behavior Admin List
...SET conf_value='.$input.' WHERE...
It is unsafe?
Can be so:
...SET conf_value='.intval($input).' WHERE...My modification of FluxBB 1.5.11 - rev.82, Parserus, UserAgentAnalyzer
I speak only Russian 
Offline
#3 2010-07-20 10:43:48
- FSX
- Former Developer
- From: NL
- Registered: 2008-05-09
- Posts: 818
- Website
Re: Bad Behavior Admin List
Use:
foreach ($form as $key => $input)Instead of:
while (list($key, $input) = @each($form))And also escape the input like this:
$db->escape($input)SQL injections are not nice.
Offline
#4 2010-07-20 14:03:06
- Smartys
- Former Developer
- Registered: 2008-04-27
- Posts: 3,139
- Website
Re: Bad Behavior Admin List
That's actually my mistake: it's in the Bad Behavior modification I wrote 
Offline
#6 2010-07-21 00:32:53
- Smartys
- Former Developer
- Registered: 2008-04-27
- Posts: 3,139
- Website
Re: Bad Behavior Admin List
If it makes you feel any better, I still can't believe that I wrote that code
I'll be releasing a new version in the next day or so (no time tonight, unfortunately).
Offline
#7 2010-07-21 02:16:50
- xSDMx
- Member
- Registered: 2008-06-24
- Posts: 129
Re: Bad Behavior Admin List
This thread is 
Offline
#8 2010-07-26 18:32:38
- xSDMx
- Member
- Registered: 2008-06-24
- Posts: 129
Re: Bad Behavior Admin List
So, did you release a new version?
Offline
#9 2010-07-26 19:42:55
- quy
- Administrator
- From: California
- Registered: 2008-05-09
- Posts: 928
Re: Bad Behavior Admin List
Yes, as of 7/21,
http://fluxbb.org/resources/mods/bad-be … ses/1.1.1/
Offline
Pages: 1