2015-01-13 23:27:47 -05:00
< ? php
/*******************************************************************************
2015-09-12 00:46:46 -04:00
* Title : Help Desk Software HESK
2016-04-18 18:57:07 -04:00
* Version : 2.6 . 7 from 18 th April 2016
2015-09-12 00:46:46 -04:00
* Author : Klemen Stirn
* Website : http :// www . hesk . com
********************************************************************************
* COPYRIGHT AND TRADEMARK NOTICE
* Copyright 2005 - 2015 Klemen Stirn . All Rights Reserved .
* HESK is a registered trademark of Klemen Stirn .
* The HESK may be used and modified free of charge by anyone
* AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT .
* By using this code you agree to indemnify Klemen Stirn from any
* liability that might arise from it ' s use .
* Selling the code for this program , in part or full , without prior
* written consent is expressly forbidden .
* Using this code , in part or full , to create derivate work ,
* new scripts or products is expressly forbidden . Obtain permission
* before redistributing this software over the Internet or in
* any other medium . In all cases copyright and header must remain intact .
* This Copyright is in full effect in any country that has International
* Trade Agreements with the United States of America or
* with the European Union .
* Removing any of the copyright notices without purchasing a license
* is expressly forbidden . To remove HESK copyright notice you must purchase
* a license for this script . For more information on how to obtain
* a license please visit the page below :
* https :// www . hesk . com / buy . php
*******************************************************************************/
define ( 'IN_SCRIPT' , 1 );
define ( 'HESK_PATH' , '../' );
2015-10-27 18:37:58 -04:00
define ( 'PAGE_TITLE' , 'ADMIN_TOOLS' );
2015-01-13 23:27:47 -05:00
/* Get all the required files and functions */
require ( HESK_PATH . 'hesk_settings.inc.php' );
require ( HESK_PATH . 'inc/common.inc.php' );
require ( HESK_PATH . 'inc/admin_functions.inc.php' );
hesk_load_database_functions ();
hesk_session_start ();
hesk_dbConnect ();
hesk_isLoggedIn ();
/* Check permissions for this feature */
hesk_checkPermission ( 'can_ban_ips' );
$can_unban = hesk_checkPermission ( 'can_unban_ips' , 0 );
// Define required constants
2015-09-12 00:46:46 -04:00
define ( 'LOAD_TABS' , 1 );
2015-01-13 23:27:47 -05:00
// What should we do?
2015-09-12 00:46:46 -04:00
if ( $action = hesk_REQUEST ( 'a' )) {
if ( defined ( 'HESK_DEMO' )) {
hesk_process_messages ( $hesklang [ 'ddemo' ], 'banned_ips.php' , 'NOTICE' );
} elseif ( $action == 'ban' ) {
ban_ip ();
} elseif ( $action == 'unban' && $can_unban ) {
unban_ip ();
} elseif ( $action == 'unbantemp' && $can_unban ) {
unban_temp_ip ();
}
2015-01-13 23:27:47 -05:00
}
/* Print header */
require_once ( HESK_PATH . 'inc/headerAdmin.inc.php' );
/* Print main manage users page */
require_once ( HESK_PATH . 'inc/show_admin_nav.inc.php' );
?>
2015-09-10 16:33:16 -04:00
< div class = " row pad-20 " >
2015-01-13 23:27:47 -05:00
< ul class = " nav nav-tabs " role = " tablist " >
< ? php
// Show a link to banned_emails.php if user has permission to do so
2015-09-12 00:46:46 -04:00
if ( hesk_checkPermission ( 'can_ban_emails' , 0 )) {
2015-01-13 23:27:47 -05:00
echo '
< li role = " presentation " >
< a title = " ' . $hesklang['banemail'] . ' " href = " banned_emails.php " > ' . $hesklang[' banemail '] . ' </ a >
</ li > ' ;
}
?>
< li role = " presentation " class = " active " >
2015-09-12 00:46:46 -04:00
< a href = " # " >< ? php echo $hesklang [ 'banip' ]; ?> <i class="fa fa-question-circle settingsquestionmark"
onclick = " javascript:alert('<?php echo hesk_makeJsString( $hesklang['banip_intro'] ); ?>') " ></ i ></ a >
2015-01-13 23:27:47 -05:00
</ li >
< ? php
// Show a link to status_message.php if user has permission to do so
2015-09-12 00:46:46 -04:00
if ( hesk_checkPermission ( 'can_service_msg' , 0 )) {
2015-01-13 23:27:47 -05:00
echo '
< li role = " presentation " >
< a title = " ' . $hesklang['sm_title'] . ' " href = " service_messages.php " > ' . $hesklang[' sm_title '] . ' </ a >
</ li > ' ;
}
2015-04-08 17:09:56 -04:00
// Show a link to email tpl management if user has permission to do so
if ( hesk_checkPermission ( 'can_man_email_tpl' , 0 )) {
echo '
< li role = " presentation " >
2015-09-12 00:46:46 -04:00
< a title = " ' . $hesklang['email_templates'] . ' " href = " manage_email_templates.php " > ' . $hesklang[' email_templates '] . ' </ a >
2015-04-08 17:09:56 -04:00
</ li >
' ;
}
2015-09-12 00:46:46 -04:00
if ( hesk_checkPermission ( 'can_man_ticket_statuses' , 0 )) {
2015-05-13 17:56:52 -04:00
echo '
< li role = " presentation " >
2015-09-12 00:46:46 -04:00
< a title = " ' . $hesklang['statuses'] . ' " href = " manage_statuses.php " > ' . $hesklang[' statuses '] . ' </ a >
2015-05-13 17:56:52 -04:00
</ li >
' ;
}
2015-01-13 23:27:47 -05:00
?>
</ ul >
< div class = " tab-content summaryList tabPadding " >
< script language = " javascript " type = " text/javascript " ><!--
2015-09-12 00:46:46 -04:00
function confirm_delete () {
if ( confirm ( '<?php echo hesk_makeJsString($hesklang[' delban_confirm ']); ?>' )) {
return true ;
}
else {
return false ;
}
2015-01-13 23:27:47 -05:00
}
//-->
</ script >
< div class = " row " >
< div class = " col-md-8 " >
< ? php
/* This will handle error, success and notice messages */
hesk_handle_messages ();
?>
2015-10-05 12:56:16 -04:00
< form action = " banned_ips.php " method = " post " name = " form1 " role = " form " class = " form-horizontal " data - toggle = " validator " >
2015-01-13 23:27:47 -05:00
< div class = " form-group " >
< label for = " ip " class = " col-sm-3 control-label " >< ? php echo $hesklang [ 'bananip' ]; ?> </label>
2015-09-12 00:46:46 -04:00
2015-01-13 23:27:47 -05:00
< div class = " col-sm-9 " >
2015-10-05 12:56:16 -04:00
< input type = " text " name = " ip " size = " 30 " maxlength = " 255 " class = " form-control " data - error = " <?php echo htmlspecialchars( $hesklang['enterbanip'] ); ?> "
placeholder = " <?php echo htmlspecialchars( $hesklang['iprange'] ); ?> " required >
2015-09-12 00:46:46 -04:00
< input type = " hidden " name = " token " value = " <?php hesk_token_echo(); ?> " />
< input type = " hidden " name = " a " value = " ban " />
2015-10-05 12:56:16 -04:00
< div class = " help-block with-errors " ></ div >
2015-01-13 23:27:47 -05:00
</ div >
</ div >
< div class = " form-group " >
< div class = " col-sm-9 col-sm-offset-3 " >
< input type = " submit " value = " <?php echo $hesklang['savebanip'] ; ?> " class = " btn btn-default " >
</ div >
</ div >
</ form >
</ div >
< div class = " col-md-4 " >
2015-09-10 16:33:16 -04:00
< h6 class = " bold " >< ? php echo $hesklang [ 'banex' ]; ?> </h6>
2015-09-12 00:46:46 -04:00
2015-01-13 23:27:47 -05:00
< div class = " footerWithBorder blankSpace " ></ div >
2015-09-12 00:46:46 -04:00
< b > 123.0 . 0.0 </ b >< br />
< b > 123.0 . 0.1 - 123.0 . 0.53 </ b >< br />
< b > 123.0 . 0.0 / 24 </ b >< br />
2015-01-13 23:27:47 -05:00
< b > 123.0 .*.*</ b >
</ div >
</ div >
< div class = " row " >
< ? php
// Get login failures
2015-09-12 00:46:46 -04:00
$res = hesk_dbQuery ( " SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL " . intval ( $hesk_settings [ 'attempt_banmin' ]) . " MINUTE) ) AS `minutes` FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " logins` WHERE `number` >= " . intval ( $hesk_settings [ 'attempt_limit' ]) . " AND `last_attempt` > (NOW() - INTERVAL " . intval ( $hesk_settings [ 'attempt_banmin' ]) . " MINUTE) " );
2015-01-13 23:27:47 -05:00
$num = hesk_dbNumRows ( $res );
2015-09-12 00:46:46 -04:00
echo '<h4>' . $hesklang [ 'iptemp' ] . '</h4>' ;
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
if ( $num > 0 ) {
2015-01-13 23:27:47 -05:00
?>
< table class = " table table-hover " >
< thead >
2015-09-12 00:46:46 -04:00
< tr >
< th >< ? php echo $hesklang [ 'ip' ]; ?> </th>
< th >< ? php echo $hesklang [ 'm2e' ]; ?> </th>
< ? php
if ( $can_unban ) {
2015-01-13 23:27:47 -05:00
?>
2015-09-12 00:46:46 -04:00
< th >< ? php echo $hesklang [ 'opt' ]; ?> </th>
< ? php
}
?>
</ tr >
2015-01-13 23:27:47 -05:00
</ thead >
< tbody >
2015-09-12 00:46:46 -04:00
< ? php
while ( $ban = hesk_dbFetchAssoc ( $res )) {
echo '
2015-01-13 23:27:47 -05:00
< tr >
2015-09-12 00:46:46 -04:00
< td > ' . $ban[' ip '] . ' </ td >
< td > ' . $ban[' minutes '] . ' </ td >
2015-01-13 23:27:47 -05:00
' ;
2015-09-12 00:46:46 -04:00
if ( $can_unban ) {
echo '
2015-01-13 23:27:47 -05:00
< td >
2015-09-12 00:46:46 -04:00
< a href = " banned_ips.php?a=ban&ip=' . urlencode( $ban['ip'] ) . '&token=' . hesk_token_echo(0) . ' " >
< i class = " fa fa-ban red font-size-16p " data - toggle = " tooltip " data - placement = " top " data - original - title = " ' . $hesklang['ippermban'] . ' " ></ i ></ a >
< a href = " banned_ips.php?a=unbantemp&ip=' . urlencode( $ban['ip'] ) . '&token=' . hesk_token_echo(0) . ' " onclick = " return confirm_delete(); " >
< i class = " fa fa-times red font-size-16p " data - toggle = " tooltip " data - placement = " top " data - original - title = " ' . $hesklang['delban'] . ' " ></ i ></ a >
2015-01-13 23:27:47 -05:00
</ td >
' ;
2015-09-12 00:46:46 -04:00
}
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
echo '</tr>' ;
} // End while
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
?>
2015-01-13 23:27:47 -05:00
</ tbody >
</ table >
2015-09-12 00:46:46 -04:00
< ? php
} else {
echo '<p>' . $hesklang [ 'no_banips' ] . '</p>' ;
2015-01-13 23:27:47 -05:00
}
// Get banned ips from database
2015-09-12 00:46:46 -04:00
$res = hesk_dbQuery ( 'SELECT * FROM `' . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . 'banned_ips` ORDER BY `ip_from` ASC' );
2015-01-13 23:27:47 -05:00
$num = hesk_dbNumRows ( $res );
2015-09-12 00:46:46 -04:00
echo '<br><h4>' . $hesklang [ 'ipperm' ] . '</h4>' ;
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
if ( $num < 1 ) {
echo '<p>' . $hesklang [ 'no_banips' ] . '</p>' ;
} else {
2015-01-13 23:27:47 -05:00
// List of staff
2015-09-12 00:46:46 -04:00
if ( ! isset ( $admins )) {
2015-01-13 23:27:47 -05:00
$admins = array ();
2015-09-12 00:46:46 -04:00
$res2 = hesk_dbQuery ( " SELECT `id`,`name` FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " users` " );
while ( $row = hesk_dbFetchAssoc ( $res2 )) {
$admins [ $row [ 'id' ]] = $row [ 'name' ];
2015-01-13 23:27:47 -05:00
}
}
?>
< table class = " table table-hover " >
< thead >
2015-09-12 00:46:46 -04:00
< tr >
< th >< ? php echo $hesklang [ 'ip' ]; ?> </th>
< th >< ? php echo $hesklang [ 'iprange' ]; ?> </th>
< th >< ? php echo $hesklang [ 'banby' ]; ?> </th>
< th >< ? php echo $hesklang [ 'date' ]; ?> </th>
< ? php
if ( $can_unban ) {
2015-01-13 23:27:47 -05:00
?>
2015-09-12 00:46:46 -04:00
< th >< ? php echo $hesklang [ 'opt' ]; ?> </th>
< ? php
}
?>
</ tr >
2015-01-13 23:27:47 -05:00
</ thead >
< tbody >
< ? php
2015-09-12 00:46:46 -04:00
while ( $ban = hesk_dbFetchAssoc ( $res )) {
2015-01-13 23:27:47 -05:00
$color = '' ;
2015-09-12 00:46:46 -04:00
if ( isset ( $_SESSION [ 'ban_ip' ][ 'id' ]) && $ban [ 'id' ] == $_SESSION [ 'ban_ip' ][ 'id' ]) {
2015-01-13 23:27:47 -05:00
$color = 'success' ;
unset ( $_SESSION [ 'ban_ip' ][ 'id' ]);
}
echo '
< tr >
2015-09-12 00:46:46 -04:00
< td class = " ' . $color . ' " > ' . $ban[' ip_display '] . ' </ td >
< td class = " ' . $color . ' " > ' . (($ban[' ip_to '] == $ban[' ip_from ']) ? long2ip($ban[' ip_to ']) : long2ip($ban[' ip_from ']) . ' - ' . long2ip($ban[' ip_to '])) . ' </ td >
< td class = " ' . $color . ' " > ' . (isset($admins[$ban[' banned_by ']]) ? $admins[$ban[' banned_by ']] : $hesklang[' e_udel ']) . ' </ td >
< td class = " ' . $color . ' " > ' . $ban[' dt '] . ' </ td >
2015-01-13 23:27:47 -05:00
' ;
2015-09-12 00:46:46 -04:00
if ( $can_unban ) {
2015-01-13 23:27:47 -05:00
echo '
2015-09-12 00:46:46 -04:00
< td class = " ' . $color . ' text-left " >
< a href = " banned_ips.php?a=unban&id=' . $ban['id'] . '&token=' . hesk_token_echo(0) . ' " onclick = " return confirm_delete(); " >
< i class = " fa fa-times red font-size-16p " data - toggle = " tooltip " data - placement = " top " data - original - title = " ' . $hesklang['delban'] . ' " ></ i ></ a >
2015-01-13 23:27:47 -05:00
</ td >
' ;
}
echo '</tr>' ;
} // End while
?>
</ tbody >
</ table >
2015-09-12 00:46:46 -04:00
< ? php
2015-01-13 23:27:47 -05:00
}
?>
</ div >
</ div >
</ div >
< ? php
require_once ( HESK_PATH . 'inc/footer.inc.php' );
exit ();
/*** START FUNCTIONS ***/
function ban_ip ()
{
2015-09-12 00:46:46 -04:00
global $hesk_settings , $hesklang ;
// A security check
hesk_token_check ();
// Get the ip
$ip = preg_replace ( '/[^0-9\.\-\/\*]/' , '' , hesk_REQUEST ( 'ip' ));
$ip_display = str_replace ( '-' , ' - ' , $ip );
// Nothing entered?
if ( ! strlen ( $ip )) {
hesk_process_messages ( $hesklang [ 'enterbanip' ], 'banned_ips.php' );
}
// Convert asterisk to ranges
if ( strpos ( $ip , '*' ) !== false ) {
$ip = str_replace ( '*' , '0' , $ip ) . '-' . str_replace ( '*' , '255' , $ip );
}
$ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])' ;
// Is this a single IP address?
if ( preg_match ( '/^' . $ip_regex . '$/' , $ip )) {
$ip_from = ip2long ( $ip );
$ip_to = $ip_from ;
} // Is this an IP range?
elseif ( preg_match ( '/^' . $ip_regex . '\-' . $ip_regex . '$/' , $ip )) {
list ( $ip_from , $ip_to ) = explode ( '-' , $ip );
$ip_from = ip2long ( $ip_from );
$ip_to = ip2long ( $ip_to );
} // Is this an IP with CIDR?
elseif ( preg_match ( '/^' . $ip_regex . '\/([0-9]{1,2})$/' , $ip , $matches ) && $matches [ 4 ] >= 0 && $matches [ 4 ] <= 32 ) {
list ( $ip_from , $ip_to ) = hesk_cidr_to_range ( $ip );
} // Not a valid input
else {
hesk_process_messages ( $hesklang [ 'validbanip' ], 'banned_ips.php' );
}
// Make sure we have valid ranges
if ( $ip_from < 0 ) {
$ip_from += 4294967296 ;
} elseif ( $ip_from > 4294967296 ) {
$ip_from = 4294967296 ;
}
if ( $ip_to < 0 ) {
$ip_to += 4294967296 ;
} elseif ( $ip_to > 4294967296 ) {
$ip_to = 4294967296 ;
}
// Make sure $ip_to is not lower that $ip_from
if ( $ip_to < $ip_from ) {
$tmp = $ip_to ;
$ip_to = $ip_from ;
$ip_from = $tmp ;
}
// Is this IP address already banned?
$res = hesk_dbQuery ( " SELECT `id` FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " banned_ips` WHERE { $ip_from } BETWEEN `ip_from` AND `ip_to` AND { $ip_to } BETWEEN `ip_from` AND `ip_to` LIMIT 1 " );
if ( hesk_dbNumRows ( $res ) == 1 ) {
$_SESSION [ 'ban_ip' ][ 'id' ] = hesk_dbResult ( $res );
$hesklang [ 'ipbanexists' ] = ( $ip_to == $ip_from ) ? sprintf ( $hesklang [ 'ipbanexists' ], long2ip ( $ip_to )) : sprintf ( $hesklang [ 'iprbanexists' ], long2ip ( $ip_from ) . ' - ' . long2ip ( $ip_to ));
hesk_process_messages ( $hesklang [ 'ipbanexists' ], 'banned_ips.php' , 'NOTICE' );
}
// Delete any duplicate banned IP or ranges that are within the new banned range
hesk_dbQuery ( " DELETE FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " banned_ips` WHERE `ip_from` >= { $ip_from } AND `ip_to` <= { $ip_to } " );
// Delete temporary bans from logins table
if ( $ip_to == $ip_from ) {
hesk_dbQuery ( " DELETE FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " logins` WHERE `ip`=' " . hesk_dbEscape ( $ip_display ) . " ' LIMIT 1 " );
}
// Redirect either to banned ips or ticket page from now on
$redirect_to = ( $trackingID = hesk_cleanID ()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand ( 10000 , 99999 ) : 'banned_ips.php' ;
// Insert the ip address into database
hesk_dbQuery ( " INSERT INTO ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ( { $ip_from } , { $ip_to } ,' " . hesk_dbEscape ( $ip_display ) . " ',' " . intval ( $_SESSION [ 'id' ]) . " ') " );
// Remember ip that got banned
$_SESSION [ 'ban_ip' ][ 'id' ] = hesk_dbInsertID ();
2015-01-13 23:27:47 -05:00
// Generate success message
2015-09-12 00:46:46 -04:00
$hesklang [ 'ip_banned' ] = ( $ip_to == $ip_from ) ? sprintf ( $hesklang [ 'ip_banned' ], long2ip ( $ip_to )) : sprintf ( $hesklang [ 'ip_rbanned' ], long2ip ( $ip_from ) . ' - ' . long2ip ( $ip_to ));
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Show success
hesk_process_messages ( sprintf ( $hesklang [ 'ip_banned' ], $ip ), $redirect_to , 'SUCCESS' );
2015-01-13 23:27:47 -05:00
} // End ban_ip()
function unban_temp_ip ()
{
2015-09-12 00:46:46 -04:00
global $hesk_settings , $hesklang ;
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// A security check
hesk_token_check ();
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Get the ip
$ip = preg_replace ( '/[^0-9\.\-\/\*]/' , '' , hesk_REQUEST ( 'ip' ));
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Delete from bans
hesk_dbQuery ( " DELETE FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " logins` WHERE `ip`=' " . hesk_dbEscape ( $ip ) . " ' LIMIT 1 " );
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Show success
hesk_process_messages ( $hesklang [ 'ip_tempun' ], 'banned_ips.php' , 'SUCCESS' );
2015-01-13 23:27:47 -05:00
} // End unban_temp_ip()
function unban_ip ()
{
2015-09-12 00:46:46 -04:00
global $hesk_settings , $hesklang ;
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// A security check
hesk_token_check ();
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Delete from bans
hesk_dbQuery ( " DELETE FROM ` " . hesk_dbEscape ( $hesk_settings [ 'db_pfix' ]) . " banned_ips` WHERE `id`= " . intval ( hesk_GET ( 'id' )) . " LIMIT 1 " );
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Redirect either to banned ips or ticket page from now on
$redirect_to = ( $trackingID = hesk_cleanID ()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand ( 10000 , 99999 ) : 'banned_ips.php' ;
2015-01-13 23:27:47 -05:00
2015-09-12 00:46:46 -04:00
// Show success
hesk_process_messages ( $hesklang [ 'ip_unbanned' ], $redirect_to , 'SUCCESS' );
2015-01-13 23:27:47 -05:00
} // End unban_ip()
function hesk_cidr_to_range ( $cidr )
{
2015-09-12 00:46:46 -04:00
$range = array ();
$cidr = explode ( '/' , $cidr );
$range [ 0 ] = ( ip2long ( $cidr [ 0 ])) & (( - 1 << ( 32 - ( int ) $cidr [ 1 ])));
$range [ 1 ] = ( ip2long ( $cidr [ 0 ])) + pow ( 2 , ( 32 - ( int ) $cidr [ 1 ])) - 1 ;
return $range ;
2015-01-13 23:27:47 -05:00
} // END hesk_cidr_to_range()
?>
