<?php
error_reporting(E_ALL ^ E_DEPRECATED);
mysqli_report(MYSQLI_REPORT_OFF);
if (isset($_GET['debug'])) {
$timing[]=Array("Begin",microtime(true));
}
include_once "../include/variables.php";
include_once "../include/functions.php";
include_once "../include/errors.php";
include_once "../include/getip.php";
if (!function_exists("getinfo")) {
function getinfo() {
global $ip, $host;
return "[".date("Y-m-d H:i:s")." $ip".(!empty($host)?" $host":"")."]";
}
}
$PHP_SELF=$_SERVER['PHP_SELF'];
if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
if (ob_get_length()) ob_end_clean();
ob_start("ob_gzhandler");
}
//else ob_start();
if (!empty($_SERVER['HTTPS'])) {
$session_options = array(
"secure" => true,
"SameSite" => "None"
);
session_set_cookie_params($session_options);
}
session_start();
if (isset($_GET['debug'])) {
$timing[]=Array("Index Headers",microtime(true));
}
if (!file_exists("../include/db.php")) die("No database config file");
include "../include/badbots.php";
include "../include/lang.php";
include "../include/auth.php";
header("Content-Type: text/html; charset=UTF-8");
ob_start();
?>
<html>
<head>
<style type="text/css">
<!--
body {
margin: 0px;
padding: 5px;
background: #697795;
color:#eeebf5;
font-size:11pt;
font-family: Georgia, Palatino, "Palatino Linotype", Times, "Times New Roman", serif;
text-align:center;
}
p {
margin: 0px;
text-indent:1.27cm;
text-align: justify;
}
a:link {
text-decoration:none;
color: #BDFFD6;
}
a:hover {
text-decoration:underline;
color: #FBFAD0;
}
a:visited {
text-decoration:none;
color: #C2E4EF;
}
a:visited:hover {
text-decoration:underline;
color: #E5ECD9;
}
table {
border-collapse: collapse;
margin: 0px auto 0px auto;
}
th {
background: #8590AC;
white-space: nowrap;
}
td {
vertical-align:top;
background: #6D789B;
text-align:left;
padding: 1px 2px;
white-space: nowrap;
}
h2, h3 {
text-align:center;
margin-top:15px;
margin-bottom: 12px;
}
img {
border: 0px;
padding: 0px;
margin: 0px;
}
form, pre {
padding: 0px;
margin: 0px;
}
pre {
white-space: pre-wrap;
word-wrap: break-word;
overflow:auto;
text-align:left;
}
input {
}
hr {
border-color: #8cb3d9;
}
*:focus {
outline: none;
}
-->
</style>
<?php
$timestamp = time();
if (isset($_GET['debug'])) {
$timing[]=Array("Page Header",microtime(true));
}
include "../include/db.php";
if($db_link){
mysqli_select_db($db_link,$db);
$table="bans";
$result=mysqli_query($db_link,"desc $table");
//create ban list table
if(!$result){
$result=mysqli_query($db_link,"create table $table (id int not null auto_increment primary key, ip varchar(48) not null default '', timestamp int not null default 0, expires int not null default 0, exclude int not null default 0, comment text not null) default charset=utf8mb4 collate=utf8mb4_bin") or die(mysqli_error($db_link));
}
//create abuseipdb table
$table2="abuseipdb";
if (!mysqli_query($db_link,"desc $table2")){
mysqli_query($db_link, "create table $table2 (id int not null auto_increment primary key, ip text not null, lastcheck int not null default 0, result text not null) default charset=utf8mb4 collate=utf8mb4_bin") or die (mysqli_error($db_link));
}
if (isset($_GET['debug'])) {
$timing[]=Array("DB Setup",microtime(true));
}
$whitelisted = false;
$agent=isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"";
include "../include/ipwhitelist.php";
$host_whitelist[]="mj12bot\.com$"; //MJ12bot
if (isset($whitelist) && in_array($ip, $whitelist))
$whitelisted = true;
if (isset($host_whitelist)) {
foreach ($host_whitelist as $pattern) {
if (preg_match("/".$pattern."/i",$host)) {
$whitelisted = true;
break;
}
}
}
$agent_whitelist[]="^Mozilla\/5\.0 \(compatible; MJ12bot\/[^;]+; http:\/\/mj12bot\.com\/\)$";
if (isset($agent_whitelist)) {
foreach ($agent_whitelist as $pattern) {
if (preg_match("/".$pattern."/i",$agent)) {
$whitelisted = true;
break;
}
}
}
if (isset($_GET['debug'])) {
$timing[]=Array("Whitelist",microtime(true));
}
//check abuseipdb
$abuseipdb_banned = false;
$query="select result, lastcheck from $table2 where ip='$ip'";
$result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
if(mysqli_num_rows($result) > 0) {
if ($arr=mysqli_fetch_assoc($result)) {
$abuseipdb_lastcheck=$arr['lastcheck'];
$abuseipdb_result=!empty($arr['result'])?$arr['result']:false;
if ($abuseipdb_lastcheck < $timestamp - 60*60*24) {
$abuseipdb_result = abuseipdbcheckip($ip);
if ($abuseipdb_result !== false) {
mysqli_query($db_link,"update $table2 set lastcheck='$timestamp', result='".mysqli_real_escape_string($db_link,$abuseipdb_result)."' where ip='$ip'") or die (mysqli_error($db_link));
}
}
}
} else {
$abuseipdb_result = abuseipdbcheckip($ip);
if ($abuseipdb_result !== false) {
mysqli_query($db_link,"insert into $table2 (ip, lastcheck, result) values ('$ip','$timestamp','".mysqli_real_escape_string($db_link,$abuseipdb_result)."')") or die (mysqli_error($db_link));
}
}
if (!$whitelisted && $abuseipdb_result !== false) {
$abuseipdb_json = json_decode($abuseipdb_result,true);
if ($abuseipdb_json !== NULL) {
$abuseipdb_data = json_decode($abuseipdb_result,true)['data'];
$abuseipdb_score = $abuseipdb_data['abuseConfidenceScore'];
$abuseipdb_whitelisted = $abuseipdb_data['isWhitelisted'];
$abuseipdb_usage = $abuseipdb_data['usageType'];
if (isset($abuseipdb_data['domain'])) {
$abuseipdb_domain = $abuseipdb_data['domain'];
switch ($abuseipdb_domain) {
case "facebook.com":
$abuseipdb_whitelisted = true;
break;
case "hetzner.de":
case "microsoft.com":
if ($abuseipdb_usage == "Search Engine Spider")
$abuseipdb_whitelisted = true;
break;
default: break;
}
}
if (!$abuseipdb_whitelisted && $abuseipdb_score >= 60) {
$abuseipdb_banned = true;
}
}
}
if (isset($_GET['debug'])) {
$timing[]=Array("AbuseIPDB",microtime(true));
}
//are you banned?
$banned=false;
$unban=true;
$result=mysqli_query($db_link,"select * from $table where ip='$ip'") or die(mysqli_error($db_link));
if (mysqli_num_rows($result) > 0) {
if($arr=mysqli_fetch_assoc($result)){
if ($arr['expires'] == -1 || $arr['expires'] > time()) $banned=true;
if ($arr['exclude'] == 1) {
if ($admin) $admin_notice=true;
else $unban = false;
}
}
}
if ($abuseipdb_banned && !$banned) {
$banned = true;
$unban = false;
}
?>
<title><?php echo $banned?("Your Status: ".($unban?"Banned":"Perma-Banned")):("Tools".($admin?",":" &")." Banned IP's".($admin?" & IP Filter Configuration ":""));?></title>
</head>
<body>
<?php
if (isset($_GET['debug'])) {
$timing[]=Array("Page begin",microtime(true));
}
include "../include/page.php";
if (!isset($_GET['unban'])) {
echo "<h3>Your Info</h3><b>Your IP:</b> $ip".((!empty($host))?" <b>Host:</b> $host":"");
if (!$banned) echo " (<a href=\"/source.php?file=include/getip.php\">IP Detection Example Here</a>)";
if (!empty($proxy)) echo "<br><b>Proxy IP:</b> $proxy";
echo "<br><b>Banned:</b> ";
if ($banned) {
echo "Yes";
echo "<br><b>Can Unban:</b> ";
if ($unban) {
if (!isset($_GET['unban'])) echo "<a href=\"$PHP_SELF?unban\">Yes</a>";
} else echo "No";
if (isset($admin_notice)) echo ", perma-ban disabled (admin login)";
} elseif (!isset($_GET['unban'])) {
echo "No";
echo "<hr>";
if ($admin) {
echo "<a name=\"files\"></a><a href=\"#files\"><h3>File List (Admin)</h3></a>";
$file_ex[]="index.php";
$dir=scandir(".");
foreach($dir as $item) {
if(strpos($item, ".")!==0) {
if(!is_dir($item)) {
if(!isset($file_ex) || !in_array($item, $file_ex)) {
echo "<a href=\"$item\">$item</a> (<a href=\"/source.php?file=tools/$item\">Source</a>)<br>\n";
}
}
}
}
} else { echo "<a name=\"tools\"></a><a href=\"#tools\"><h3>Misc Tools</h3></a>
<a href=\"test.php\">Test File</a> (<a href=\"/source.php?file=tools/test.php\">Source</a>)<br>
<a href=\"compare.php\">Compare Text</a> (<a href=\"/source.php?file=tools/compare.php\">Source</a>)<br>
<a href=\"randimg.php\">Random Image for Capcha</a> (<a href=\"/source.php?file=tools/randimg.php\">Source</a>)<br>
<a href=\"error.php?error=404\" rel=\"nofollow\">Error Handler</a> (<a href=\"/source.php?file=tools/error.php\">Source</a>)<br>
<a href=\"iplist.php\">List of Bad IP's</a> (<a href=\"/source.php?file=tools/iplist.php\">Source</a>)<br>
<a href=\"/source.php?file=tools/dumpsql.php\">Dababase Backup Script (Source only)</a>";
}
echo "<hr>";
}
}
mysqli_close($db_link);
if (isset($_GET['debug'])) {
$timing[]=Array("IP Info",microtime(true));
}
}
//initial config
$update = 0;
$perma = true;
$exclude = true;
//add new ban
if ($admin) {
echo "<a name=\"bans\"></a><a href=\"#bans\"><h3>Ban Management</h3></a>";
if (isset($_GET['list']) && $_GET['list'] == "bans") {
if (isset($_GET['clear'])){
include "../include/db.php";
if($db_link){
$table = "bans";
mysqli_select_db($db_link,$db);
mysqli_query($db_link,"drop table $table") or die(mysqli_error($db_link));
mysqli_close($db_link);
$update = 1;
}
}
elseif (!empty($_POST)){
//add new ban
if (!empty ($_POST['ip'])) {
if (isValidIP($_POST['ip'])) {
$perma=(isset($_POST['perma'])&&($_POST['perma']=='on'))?true:false;
$exclude=(isset($_POST['exclude'])&&($_POST['exclude']=='on'))?true:false;
include "../include/db.php";
if($db_link){
mysqli_select_db($db_link,$db);
if(mysqli_num_rows(mysqli_query($db_link,"select * from $table where ip='".$_POST['ip']."'")) > 0) {
echo "Duplicate ip address detected";
} else {
mysqli_query($db_link,"insert into $table (ip,timestamp,expires,exclude,comment) values ('".$_POST['ip']."','$timestamp.','".(($perma == true)?"-1":($timestamp+60*60*24*2))."','".($exclude == true?1:0)."','')") or die(mysqli_error($db_link));
mysqli_close($db_link);
$update = 1;
}
}
} else echo "Please provide a valid ip adress";
} else echo "Please provide an ip adress";
}
}
}
include "../include/db.php";
if($db_link){
mysqli_select_db($db_link,$db);
$table = "bans";
if($banned || isset($_GET['unban'])){
if ($banned){
if ($unban) {
$showform = true;
if (!$admin) {
if (!empty($_POST)) {
if (empty($_COOKIE)) {
echo "Cookies required for this function";
} elseif (empty($_SESSION)) {
echo "Required session cookie missing";
} else {
$ver = isset($_POST['ver'])?$_POST['ver']:"";
if (isset($_SESSION['data']['unban']['captcha']))
$captcha = $_SESSION['data']['unban']['captcha'];
elseif (isset ($_SESSION['image_value']))
$captcha = $_SESSION['image_value'];
else $captcha = "";
if (empty($captcha)) {
echo "Session captcha hash missing";
} elseif (empty($ver)) {
echo "You forgot to enter captcha";
} elseif (md5($ver) != $captcha) {
echo "The captcha you entered is incorrect";
} else
$showform = false;
}
}
} else $showform = false;
if (!$showform) {
if(!$admin) echo "Correct Verification. You may go to <a href=\"/\">Home Page</a>";
else echo "Admin Login. Automatically Unbanned. Go To <a href=\"/\">Home Page</a> Here";
$del=$ip;
mysqli_query($db_link,"delete from $table where ip='$ip'") or die(mysqli_error($db_link));
$update = true;
$showform = false;
} else {
if (!isset($_SESSION['data'])) $_SESSION['data']=Array();
$agent=!empty($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"";
if (!isset($_SESSION['data']['unban']['time']) || $_SESSION['data']['unban']['time'] < time())
$_SESSION['data']['unban']=Array("time"=>time(),"ip"=>$ip,"agent"=>$agent);
foreach(array_keys($_SESSION['data']) as $value) {
if (!isset($_SESSION['data'][$value]['time']) || $_SESSION['data'][$value]['time'] <= time()-5*60)
unset($_SESSION['data'][$value]);
}
$url="$PHP_SELF?unban";
echo "<form action=\"$url\" method=\"post\">Enter Capcha: <img src=\"randimg.php?cid=unban\">
<input type=\"text\" name=\"ver\">
<input type=\"submit\" value=\"Submit\"></form>";
}
} else {
echo "You cannot unban. Sorry.";
}
} else echo "Not Banned. Nothing to Do. <a href=\"javascript:history.back();\">Go Back</a>\n";
if (isset($_GET['debug'])) {
$timing[]=Array("Unban code",microtime(true));
}
} else {
if (isset($_GET['list']) && $_GET['list'] == "bans"){
$sta=(isset($_GET['sta']) && is_numeric($_GET['sta']))?$_GET['sta']:0;
} else {
$sta=0;
}
if ($admin) {
echo "<form method=\"post\" action=\"$PHP_SELF?list=bans\">IP Adress: <input type=\"text\" name=\"ip\" value=\"".(isset($addr)?$addr:"")."\">
<input type=\"submit\" value=\"Ban This IP\">
<br><input type=\"checkbox\" ".($perma?"checked ":"")."name=\"perma\" id=\"perma\"><label for=\"perma\">PermaBan</label>
<input type=\"checkbox\" ".($exclude?"checked ":"")."name=\"exclude\" id=\"exclude\"><label for=\"exclude\">Add to Exclude List</label>
<br></form><hr>";
if (isset ($_GET['del']) && isValidIP($_GET['del']) && isset($_GET['list']) && $_GET['list'] == "bans") {
$del = $_GET['del'];
if (!mysqli_query($db_link,"desc hosts")) {
$query="create table hosts (id int not null auto_increment primary key, ip text not null, host text not null, lastcheck int not null default 0)";
mysqli_query($db_link,$query) or die(mysqli_error($db_link));
}
$result = mysqli_query($db_link,"select host, lastcheck from hosts where ip='".mysqli_real_escape_string($db_link,$del)."'") or die(mysqli_error($db_link));
if (!mysqli_num_rows($result)) {
$del_host = gethost($del);
mysqli_query($db_link,"insert into hosts (ip, host, lastcheck) values ('".mysqli_real_escape_string($db_link,$del)."','".mysqli_real_escape_string($db_link,$del_host)."',$timestamp)") or die (mysqli_error($db_link));
} elseif ($arr2=mysqli_fetch_assoc($result)){;
$del_host=$arr2['host'];
if ($arr2['lastcheck'] < $timestamp - 60*60*24) {
$del_host = gethost($del);
mysqli_query($db_link,"update hosts set host='".mysqli_real_escape_string($db_link,$del_host)."', lastcheck=$timestamp where ip='".mysqli_real_escape_string($db_link,$del)."'") or die (mysqli_error($db_link));
}
}
if (isset($_GET['ok'])) {
mysqli_query($db_link,"delete from $table where ip='$del'");
$update = true;
} else {
$abuseipdb_cached = false;
$result = mysqli_query($db_link,"select lastcheck, result from $table2 where ip='".mysqli_real_escape_string($db_link,$del)."'") or die(mysqli_error($db_link));
if (!mysqli_num_rows($result)) {
$abuseipdb_result = abuseipdbcheckip($del);
if ($abuseipdb_result !== false) {
mysqli_query($db_link,"insert into $table2 (ip, lastcheck, result) values ('".mysqli_real_escape_string($db_link,$del)."','".time()."','".mysqli_real_escape_string($db_link,$abuseipdb_result)."')") or die (mysqli_error($db_link));
}
} else {
if ($arr2 = mysqli_fetch_assoc($result)) {
$abuseipdb_lastcheck = $arr2['lastcheck'];
if ($abuseipdb_lastcheck < $timestamp - 60*60*24) {
$abuseipdb_result = abuseipdbcheckip($del);
if ($abuseipdb_result !== false) {
mysqli_query($db_link,"update $table2 set lastcheck='$timestamp', result='".mysqli_real_escape_string($db_link,$abuseipdb_result)."' where ip='".mysqli_real_escape_string($db_link,$del)."'") or die (mysqli_error($db_link));
}
} else {
$abuseipdb_cached = true;
$abuseipdb_result = $arr2['result'];
}
}
}
$ip_whitelisted = false;
$first = true;
include "../include/ipwhitelist.php";
$host_whitelist[]="mj12bot\.com$"; //MJ12bot
if (isset($whitelist) && in_array($del, $whitelist))
$ip_whitelisted = true;
if (isset($host_whitelist)) {
foreach ($host_whitelist as $pattern) {
if (preg_match("/".$pattern."/i",$del_host)) {
$ip_whitelisted = true;
break;
}
}
}
echo "IP: $del";
if (!empty($del_host)) echo ", host: $del_host";
if($ip_whitelisted) {
echo ", whitelisted";
}
echo"<br>\n";
if ($abuseipdb_result !== false) {
$abuseipdb_json = json_decode($abuseipdb_result,true);
if ($abuseipdb_json !== NULL) {
$abuseipdb_data = $abuseipdb_json['data'];
$abuseipdb_reports = $abuseipdb_data['totalReports'];
$abuseipdb_distinctusers = $abuseipdb_data['numDistinctUsers'];
$abuseipdb_score = $abuseipdb_data['abuseConfidenceScore'];
$abuseipdb_whitelisted = $abuseipdb_data['isWhitelisted'];
$abuseipdb_usage = $abuseipdb_data['usageType'];
if (isset($abuseipdb_data['domain'])) {
$abuseipdb_domain = $abuseipdb_data['domain'];
switch ($abuseipdb_domain) {
case "facebook.com":
$abuseipdb_whitelisted = true;
break;
case "hetzner.de":
case "microsoft.com":
if ($abuseipdb_usage == "Search Engine Spider")
$abuseipdb_whitelisted = true;
break;
default: break;
}
}
if ($abuseipdb_reports > 0 || $abuseipdb_score > 0) {
echo "AbuseIPDB Records: ";
if (!empty($abuseipdb_usage)) echo "Usage: $abuseipdb_usage ";
if ($abuseipdb_whitelisted)
echo "whitelisted, ";
if (isset($abuseipdb_domain))
echo "domain: $abuseipdb_domain, ";
echo $abuseipdb_reports." recent reports";
if ($abuseipdb_reports > 0) {
echo ", newest ";
$timestamp = strtotime($abuseipdb_data['lastReportedAt']);
echo date("Y-m-d H:i:s",$timestamp);
}
echo ", score $abuseipdb_score %";
if ($abuseipdb_reports > 0) echo ", $abuseipdb_distinctusers distinct sources";
if ($abuseipdb_cached) echo " (Cached, last update ".date("Y-m-d H:i:s",$abuseipdb_lastcheck).")";
echo " <a rel=\"noreferrer\" href=\"https://www.abuseipdb.com/check/$del\" target=\"_blank\">[View details on AbuseIPDB]</a>";
echo "<br>\n";
}
}
}
echo "Delete this ip from the list? <a href=\"$PHP_SELF?del=$del&list=bans".(($sta > 0)?("&sta=".$sta):"")."&ok#bans\">[Yes]</a> <a href=\"$PHP_SELF".(($sta > 0)?("?list=bans&sta=".$sta):"")."#bans\">[No]</a></a><hr>";
}
}
if (isset($_GET['debug'])) {
$timing[]=Array("Ban management",microtime(true));
}
}
if (empty($_GET['list']) || ($_GET['list'] == "bans" && (empty($_GET['sta']) || is_numeric($_GET['sta'])))) {
$step=25; //items per page
$next=$end=$sta+$step;
$prev=$sta-$step;
$query="select * from $table order by timestamp desc limit $sta,$step";
$result=mysqli_query($db_link,$query);
$count = mysqli_num_rows($result);
if ($count > 0) {
$page = ceil(($sta+$count)/$step);
echo "<a name=\"bans\"></a>";
echo "<a href=\"#bans\"><h3>IP Bans (page $page)</h3></a>";
echo "<table>\n<tr><th>IP Address<th>Detected Host<th>Unique Links<th>Banned since<th>Expires<th>Last Seen<th>Restrictions<th>Actions<th>Notes</tr>\n";
echo "<div style=\"text-align:center\">";
if ($prev >= 0) {
if ($prev >= $step) echo "<a href=\"$PHP_SELF?list=bans&sta=$prev#bans\">[Prev Page]</a> ";
else echo "<a href=\"$PHP_SELF?list=bans#bans\">[Prev Page]</a> ";
echo "<a href=\"$PHP_SELF?list=bans#bans\">[Index]</a> ";
} else {
echo "[Prev Page] [Index] ";
}
if ($step <= $count) echo "<a href=\"$PHP_SELF?list=bans&sta=$next#bans\">[Next Page]</a> ";
else echo "[Next Page] ";
echo "</div><hr>";
$p=0;
if (isset($_GET['debug'])) {
$timing[]=Array("Ban list header",microtime(true));
}
while($ban=mysqli_fetch_assoc($result)){
if ($ban['expires'] > -1 && $ban['expires'] < time()) {
mysqli_query($db_link,"delete from $table where ip='".$ban['ip']."'");
$update = true;
} else {
echo "<tr><td>";
if ($admin) echo "<a name=\"ip".$p."\"></a>";
echo $ban['ip']."<td><div style=\"overflow:hidden;width:220px;word-break:keep-all;text-align:left\">";
$res2=mysqli_query($db_link,"select distinct host from accesslog where ip='".$ban['ip']."'") or die(mysqli_error($db_link));
if (mysqli_num_rows($res2) > 0) {
if($arr=mysqli_fetch_assoc($res2)){
$trunc=30;
echo ((strlen($arr['host'])>$trunc)?("<a title=\"".$arr['host']."\">".substr($arr['host'], 0, $trunc-3)."...</a>"):$arr['host']);
}
}
echo "</div>";
$isproxy=false;
$res2=mysqli_query($db_link,"select proxy, max(date) as date, count(url) as count from accesslog where ip='".$ban['ip']."' or proxy='".$ban['ip']."'") or die(mysqli_error($db_link));
if (mysqli_num_rows($res2) > 0) {
if($arr=mysqli_fetch_assoc($res2)) {
echo "<td>";
echo $arr['count'];
echo "<td>".(($ban['timestamp'] > 0)?date("Y-m-d H:i:s",$ban['timestamp']):"Unknown")."<td>";
echo (($ban['expires'] > -1)?(date("Y-m-d H:i:s",$ban['expires'])):"<span title=\"Only Site Manager can Remove the Ban\">Never</span>")."<td>";
if (!empty($arr['proxy']) && $ban['ip'] == $arr['proxy']) $isproxy=true;
else $isproxy=false;
if(is_numeric($arr["date"]) && $arr["date"] > 0) {
if ($admin) {
if ($arr["date"] >= time() - 60*60*24*7) echo "<b title=\"Seen on Last Week\">";
if ($arr["date"] >= time() - 60*60*24) {
$color="#FFCBCC";
$txt="Seen on last 24 Hours";
}
elseif ($arr["date"] >= time() - 60*60*24*2) {
$color="#FFE6CB";
$txt="Seen on last 2 Days";
} elseif (
$arr["date"] >= time() - 60*60*24*3) {
$color="#FFFFCB";
$txt="Seen on last 3 Days";
} elseif (
$arr["date"] >= time() - 60*60*24*4) {
$color="#CBFFFF";
$txt="Seen on last 4 Days";
}
if ($arr["date"] >= time() - 60*60*24*4) echo "<span style=\"color:$color;\"; title=\"$txt\">";
}
echo date("Y-m-d H:i:s",$arr["date"]);
if ($admin) {
if($arr["date"] >= time() - 60*60*24*4) echo "</span>";
if ($admin && $arr["date"] >= time() - 60*60*24*7) echo "</b>";
}
} else echo "<span title=\"Records of IP Unavailable or Deleted Recently\">No IP Activity Detected</span>";
}
} else {
echo "No Data";
}
}
echo "<td>".(($ban['exclude'] == 1)?"<span title=\"Unbanning by Capcha Not Available for This IP\">Can't Unban</span>":"")."<td>";
if ($admin) echo "<a href=\"$PHP_SELF?del=".$ban['ip']."&list=bans".(($sta > 0)?"&sta=$sta":"")."#bans\">[Delete]</a> <a href=\"/index.php?action=showlog&ip=".$ban['ip']."\" target=\"_blank\">[Show Logs]</a> ";
echo "<a href=\"https://www.google.com/search?q=".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[Google]</a> <a href=\"https://www.abuseipdb.com/check/".$ban['ip']."\" rel=\"nofollow noreferrer\" target=\"_blank\">[AbuseIPDB]</a> <a href=\"http://www.projecthoneypot.org/ip_".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[ProjectHoneyPot]</a> <a href=\"http://www.stopforumspam.com/ipcheck/".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[StopForumSpam]</a><td>".($isproxy?"Proxy IP":"")."</tr>\n";
$p++;
}
if (isset($_GET['debug'])) {
$timing[]=Array("Ban list header",microtime(true));
}
echo "</table>";
} else {
if (isset($_GET['list']) && $_GET['list'] == "bans" && $sta != 0) {
$evt="404";
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
echo "No entries found for this query";
}
else echo "No Entries Present Currently";
}
} else {
echo "No Entries Present Currently";
}
if (isset($_GET['debug'])) {
$timing[]=Array("Ban list",microtime(true));
}
}
//update .htaccess
if($update) {
$result=mysqli_query($db_link,"select ip from $table order by ip");
$bans="";
if (mysqli_num_rows($result) > 0) {
while($ban=mysqli_fetch_assoc($result)){
$bans.= "Deny from ".$ban['ip']."\n";
}
}
$out="$htaccess_header\n$errordoc\n$rewrite_rules\n$badbots\nOrder Allow,Deny\nAllow from all\nDeny from env=bad_bot\n$badips\n$bans";
$file=fopen("$prefix/.htaccess","w");
fwrite($file, $out);
fclose($file);
}
mysqli_close($db_link);
}
//ipfilter settings
if($admin && !$banned && !isset($_GET['unban'])) {
include "../include/db.php";
if($db_link) {
mysqli_select_db($db_link,$db);
//ipfilter
echo "<hr><a name=\"ipfilter\"></a><a href=\"#ipfilter\"><h3>IPFilter Settings</h3></a>";
$table="ipfilter";
if (!mysqli_query($db_link,"desc $table")) {
$query="create table $table (id int not null auto_increment primary key, rule varchar (128) not null default '', type varchar (32) not null default '', expires int not null default 0)";
mysqli_query($db_link,$query) or die(mysqli_error($db_link));
}
if (!empty($_POST)) {
if (isset($_GET['list']) && $_GET['list'] == "ipfilter") {
if(!empty($_POST['type']) && !empty($_POST['rule'])){
$type=$_POST['type'];
if($type) {
$rule=$_POST['rule'];
$query="select * from $table where type='$type' and rule='$rule'";
$result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
$count = mysqli_num_rows($result);
if($count > 0) {
echo "Entry already exists.<br>\n";
} else {
$query="insert into $table (type, rule) values ('$type', '$rule')";
mysqli_query($db_link,$query) or die(mysqli_error($db_link));
}
}
} else {
echo "Please provide all information required.<br>\n";
}
}
}
$del=isset($_GET['del'])?$_GET['del']:"";
if($del && isset($_GET['list']) && ($_GET['list'] == "ipfilter")) {
$query="delete from $table where id='$del'";
mysqli_query($db_link,$query) or die(mysqli_error($db_link));
}
$query="select * from $table";
$result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
$count=mysqli_num_rows($result);
if($count > 0) {
echo "<table class=\"form\" width=\"520\">";
echo "<tr><th>Type<th>Rule<th>Expires<th>Actions<th>Last Detection</tr>";
$table="ipfilter_log";
if (!mysqli_query($db_link,"desc $table")) {
$query="create table $table (id int not null auto_increment primary key, event varchar(16) not null default '', ip varchar(48) not null default '', host varchar(128) not null default '', value varchar (256) not null default '', date int not null default 0)";
mysqli_query($db_link,$query) or die(mysqli_error($db_link));
}
if (isset($_GET['debug'])) {
$timing[]=Array("Ipfilter log list header",microtime(true));
}
while($arr=mysqli_fetch_assoc($result)) {
echo "<tr><td>".$arr['type'].
"<td>".$arr['rule']."<td>".
($arr['expires']>0?date("Y-m-d H:i:s",$arr['expires']):"Never").
"<td><a href=\"$PHP_SELF?".($module?"module=$module&":"").
"del=".$arr['id']."&list=ipfilter&lang=$lang\">Delete</a>";
$search[]="/\%/";
$search[]="/\_/";
$replace[]="\%";
$replace[]="\_";
$value=preg_replace($search, $replace, addslashes($arr['rule']));
$query="select max(date) as date from $table where event='".$arr['type']."' and value like '%".$value."%'";
$res2=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
if ($arr2 =mysqli_fetch_assoc($res2)){
echo "<td>".(!empty($arr2["date"])?date("Y-m-d H:i:s",$arr2["date"]):"Not Detected Yet");
}
unset($search, $replace);
echo "</tr>";
}
echo "</table>";
if (isset($_GET['debug'])) {
$timing[]=Array("Ipfilter log list end",microtime(true));
}
}
mysqli_close($db_link);
}
echo "<hr>";
echo "<form action=\"$PHP_SELF?list=ipfilter\" method=\"post\">
Add ip filter rule: <select name=\"type\"><option value=\"\">Select Type</option>
<option value=\"agent\">User agent</option>
<option value=\"uri\">Request Uri</option>
</select><input type=\"text\" name=\"rule\"><input type=\"submit\" value=\"Add Rule\">
</form>";
if (isset($_GET['debug'])) {
$timing[]=Array("IPfilter settings",microtime(true));
}
}
if (!$banned && !isset($_GET['unban'])) {
echo "<hr><a href=\"/\">[Home]</a>";
echo " <a href=\"/source.php?file=tools/index.php\">[Source of this page]</a><br>\n";
}
echo "</body></html>";
include "../include/iplog.php";
ob_end_flush();
saveTranslations();
if (isset($_GET['debug'])) {
//unset($prev_event);
$timing[]=Array("End",microtime(true));
foreach ($timing as $event) {
if (isset($prev_event)) {
$diff = $event[1] - $prev_event[1];
echo $prev_event[0]." -> ".$event[0].": ";
if ($diff >= 0.1)
echo "<b>";
echo number_format($diff,8,".","");
if ($diff >= 0.0001)
echo "</b>";
echo "<br>\n";
}
//echo $event[0].": ".$event[1]."<br>\n";
$prev_event = $event;
}
}
?>
You can also check other includes below (some files are hidden as they are in exclusion list):
functions.php
errors.php
getip.php
lang.php
auth.php
page.php
iplog.php