#29 Now IP ranges and emails can be added to the banned tables thru the settings page

2014-09-24 23:48:00 -04:00 · 2014-09-24 23:48:00 -04:00 · 26887979e1
commit 26887979e1
parent 7b3bc087b1
2 changed files with 56 additions and 24 deletions
--- a/admin/admin_settings.php
+++ b/admin/admin_settings.php
@ -2156,7 +2156,7 @@ if ( defined('HESK_DEMO') )
                      </div>
                  </div>
              </div>
-              <!-- NuMods: Denied Parties -->
+              <!-- NuMods: IP/Email Bans -->
              <div class="tab-pane fade in" id="ipEmailBans">
                  <h6 style="font-weight: bold"><?php echo $hesklang['ip_bans']; ?></h6>
                  <div class="footerWithBorder blankSpace"></div>
@ -2174,9 +2174,9 @@ if ( defined('HESK_DEMO') )
                          $ipRs= hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
                          while ($row = $ipRs->fetch_assoc()) {
                              echo '<tr id="trIp'.$row['ID'].'">';
-                              echo '<td><input type="checkbox" name="ipDelete'.$row['ID'].'" onclick="toggleRow(\'trIp'.$row['ID'].'\')"></td>';
-                              echo '<td><input type="text" name="ipFrom'.$row['ID'].'" placeholder="'.$hesklang['from'].'" class="form-control" value="'.$row['RangeStart'].'"></td>';
-                              echo '<td><input type="text" name="ipTo'.$row['ID'].'" placeholder="'.$hesklang['ip_to'].'" class="form-control" value="'.$row['RangeEnd'].'"></td>';
+                              echo '<td><input type="checkbox" name="ipDelete['.$row['ID'].']" onclick="toggleRow(\'trIp'.$row['ID'].'\')"></td>';
+                              echo '<td><input type="text" name="ipFrom['.$row['ID'].']" placeholder="'.$hesklang['from'].'" class="form-control" value="'.$row['RangeStart'].'"></td>';
+                              echo '<td><input type="text" name="ipTo['.$row['ID'].']" placeholder="'.$hesklang['ip_to'].'" class="form-control" value="'.$row['RangeEnd'].'"></td>';
                              echo '</tr>';
                          }

@ -2210,8 +2210,8 @@ if ( defined('HESK_DEMO') )
                              $emailRs = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_emails`');
                              while ($row = $emailRs->fetch_assoc()) {
                                  echo '<tr id="trEmail'.$row['ID'].'">';
-                              echo '<td><input type="checkbox" name="emailDelete'.$row['ID'].'" onclick="toggleRow(\'trEmail'.$row['ID'].'\')"></td>';
-                              echo '<td><input type="text" name="email'.$row['ID'].'" class="form-control" placeholder="'.$hesklang['email'].'" value="'.$row['Email'].'"></td>';
+                                  echo '<td><input type="checkbox" name="emailDelete['.$row['ID'].']" onclick="toggleRow(\'trEmail'.$row['ID'].'\')"></td>';
+                                  echo '<td><input type="text" name="email['.$row['ID'].']" class="form-control" placeholder="'.$hesklang['email'].'" value="'.$row['Email'].'"></td>';
                                  echo '</tr>';
                              }
                              ?>
--- a/admin/admin_settings_save.php
+++ b/admin/admin_settings_save.php
@ -497,6 +497,38 @@ $stmt = hesk_dbConnect()->prepare($updateQuery);
 $stmt->bind_param('i', $_POST['lockedTicketStatus']);
 $stmt->execute();

+//-- IP Bans
+$ipBanSql = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
+while ($row = $ipBanSql->fetch_assoc()) {
+    if (isset($_POST['ipDelete'][$row['ID']])) {
+        hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE ID = '.hesk_dbEscape($row['ID']));
+    } else {
+        hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips`
+            SET `RangeStart` = \''.hesk_dbEscape($_POST['ipFrom'][$row['ID']]).'\',
+                `RangeEnd` = \''.hesk_dbEscape($_POST['ipTo'][$row['ID']]).'\'
+            WHERE ID = '.hesk_dbEscape($row['ID']));
+    }
+}
+if (!empty($_POST['addIpFrom']) && !empty($_POST['addIpTo'])) {
+    hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` (`RangeStart`, `RangeEnd`)
+        VALUES (\''.hesk_dbEscape($_POST['addIpFrom']).'\', \''.hesk_dbEscape($_POST['addIpTo']).'\')');
+}
+
+//-- Email Bans
+$emailBanSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`');
+while ($row = $emailBanSql->fetch_assoc()) {
+    if (isset($_POST['emailDelete'][$row['ID']])) {
+        hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE ID = '.hesk_dbEscape($row['ID']));
+    } else {
+        hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`
+            SET Email = \''.hesk_dbEscape($_POST['email'][$row['ID']]).'\'
+            WHERE ID = '.hesk_dbEscape($row['ID']));
+    }
+}
+if (!empty($_POST['addEmail'])) {
+    hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` (Email) VALUES (\''.hesk_dbEscape($_POST['addEmail']).'\')');
+}
+
 $set['hesk_version'] = $hesk_settings['hesk_version'];

 // Save the nuMods_settings.inc.php file