<?php
/*
Plugin Name: EasyBan
Plugin URI: http://www.sothq.net/projects/easyban-plugin/
Description: Disallow IP addresses on your site.
Author: Arnan de Gans
Modified by: vvitkov (http://www.getoto.net)
Version: 0.2.2
Author URI: http://www.sothq.net/
*/
 
# ---------------------------------------------------
# Install MySQL Tables
# ---------------------------------------------------
if ( !easyban_mysql_table_exists($wpdb, "banned")) {
	easyban_mysql_install($wpdb);
}
 
# ---------------------------------------------------
# Only proceed with the plugin if MySQL Tables are setup properly
# ---------------------------------------------------
if ( easyban_mysql_table_exists($wpdb, "banned")) {
 
	easyban_check_config(); //Initialize Configuration Variables
 	if($easyban_config['length'] == "on") {
		easyban_remove_expired();
	}
	 
	add_action('admin_menu', 'easyban_add_pages'); //Add page menu links
 
	if ( isset($_POST['easyban_submit']) AND $_GET['new'] == "true")
		add_action('init', 'easyban_insert_input'); //New ban
 
	if ( isset($_GET['delete_ban']) )
		add_action('init', 'easyban_request_delete'); //Delete ban
 
	if ( isset($_POST['easyban_submit_options']) AND $_GET['updated'] == "true")
		add_action('init', 'easyban_options_submit'); //Update Options
 
	if ( isset($_POST['easyban_uninstall']) )
		add_action('init', 'easyban_plugin_uninstall'); //Uninstall
 
	// Load Options
	$easyban_config = get_option('easyban_config');
	$easyban_scriptname = basename(__FILE__);
}

/* -------------------------------------------------------------
 Name:      metMatch

 Purpose:   Matches single ip against a range or ip
 Receive:   network/ip and ip
 Return:    true/false
------------------------------------------------------------- */

function netMatch($network, $ip) {
   $network=trim($network);
   $ip = trim($ip);
   $d = strpos($network,"-");
   if ($d===false) {
       $ip_arr = explode('/', $network);
       if (!preg_match("@\d*\.\d*\.\d*\.\d*@",$ip_arr[0],$matches)){
           $ip_arr[0].=".0";    // Alternate form 194.1.4/24
       }
       $network_long = ip2long($ip_arr[0]);
       $x = ip2long($ip_arr[1]);
       $mask = long2ip($x) == $ip_arr[1] ? $x : (0xffffffff << (32 - $ip_arr[1]));
       $ip_long = ip2long($ip);
       return ($ip_long & $mask) == ($network_long & $mask);
   }
   else {
       $from = trim(ip2long(substr($network,0,$d)));
       $to = trim(ip2long(substr($network,$d+1)));

       $ip = ip2long($ip);
       return ($ip>=$from and $ip<=$to);
   }
}

/* -------------------------------------------------------------
 Name:      easyban_mysql_install
 
 Purpose:   Creates database table if it doesnt exist
 Receive:   $wpdb, $table_prefix
 Return:	-none-
------------------------------------------------------------- */
function easyban_mysql_install($wpdb) {
	require_once(ABSPATH . 'wp-admin/upgrade-functions.php');
 
	$table_name = $wpdb->prefix . "banned";
	$sql = "CREATE TABLE ".$table_name." (
		id mediumint(8) unsigned NOT NULL auto_increment,
		address varchar(18) NOT NULL default '',
		reason varchar(255) NOT NULL default '',
		thetime int(15) NOT NULL,
		timespan int(15) NOT NULL,
		redireto varchar(255) NOT NULL default '',
		PRIMARY KEY (id)
		);";
 
	dbDelta($sql);
 
	if ( !easyban_mysql_table_exists($wpdb, "banned")) {
		add_action('admin_menu', 'easyban_mysql_warning');
	}
}
 
/* -------------------------------------------------------------
 Name:      easyban_mysql_table_exists
 
 Purpose:   Check if the table exists in the database
 Receive:   $wpdb, $table_name
 Return:	-none-
------------------------------------------------------------- */
function easyban_mysql_table_exists($wpdb, $table) {
	if(!$wpdb->get_results("SHOW TABLES LIKE '%".$wpdb->prefix.$table."%'")) {
		return FALSE;
	} else {
		return TRUE;
	}
}
 
/* -------------------------------------------------------------
 Name:      easyban_mysql_warning
 
 Purpose:   Database errors if things go wrong
 Receive:   -none-
 Return:	-none-
------------------------------------------------------------- */
function easyban_mysql_warning() {
	echo '<div class="updated"><h3>WARNING! The MySQL table was not created! You cannot store bans. Seek support at www.sothq.net.</h3></div>';
}

/* -------------------------------------------------------------
 Name:      easyban_remove_expired
 
 Purpose:   Removes expired bans
 Receive:   -none-
 Return:	-none-
------------------------------------------------------------- */
function easyban_remove_expired() {
	global $wpdb;
	
	$SQL = "SELECT id, timespan FROM ".$wpdb->prefix."banned ORDER BY id asc";
	$old_bans = $wpdb->get_results($SQL);
	foreach($old_bans as $ban) {
		if($ban->timespan >= date("U")) {
			$delSQL = "DELETE FROM ".$wpdb->prefix."banned WHERE id = ".$ban->id;
			$wpdb->query($delSQL);
		}
	}
}

/* -------------------------------------------------------------
 Name:      easyban_header
 
 Purpose:   Checks if a user is banned or not
 Receive:   -none-
 Return:	-none-
------------------------------------------------------------- */
function easyban_header() {
	global $wpdb, $easyban_config;
 
	if($easyban_config['status'] == "on"){ ?>
	
		<?php $SQL = "SELECT * FROM ".$wpdb->prefix."banned ORDER BY id asc";
		$bans = $wpdb->get_results($SQL);
		foreach($bans as $ban) {
			if(netMatch($ban->address, $_SERVER['REMOTE_ADDR'])) { 
			if(strlen($ban->redirto)>0){
				$REDIR_URL=$ban->redirto;
			} else {
				$REDIR_URL=$easyban_config['redirect'];
			} ?>
	<div id="content" class="narrowcolumn">
		<meta http-equiv="refresh" content="<?=$easyban_config['delay'];?>; URL=<?=$REDIR_URL;?>">
		<br><br><br>
		<span style="font-weight: bold;">You have been banned because of the reason bellow. Redirecting ...<br><br>Достъпът ви до този сайт е забранен поради причината по долу. Пренасочване ...</span><br><br>
 
		<?php if(strlen($ban->reason)>0) { ?>
			<blockquote><p><?=$ban->reason;?></p></blockquote>
		<?php } ?>
	</div>
<div>
<!-- generated by EasyBan, enhanced by vvitkov @ http://www.getoto.net -->
<?php wp_footer(); ?>
 
</body>
</html>
		<?php exit();
			}
		}
	} 
}
 
/* ============================================
   ADMIN PANEL OPTIONS, DO NOT EDIT BELOW HERE!
============================================ */
 
/* -------------------------------------------------------------
 Name:      easyban_insert_input
 
 Purpose:   Insert the new ban into the database
 Receive:   -None-
 Return:	-None-
------------------------------------------------------------- */
function easyban_insert_input() {
	global $wpdb, $user_level;
 
	if ( $user_level >= 10 ) {
		$address = htmlentities(trim($_POST['address'], "\t\n "), ENT_QUOTES);
		$reason = htmlentities(trim($_POST['reason'], "\t\n "), ENT_QUOTES);
		$timetype = htmlentities(trim($_POST['timetype'], "\t\n "), ENT_QUOTES);
		$timeset = htmlentities(trim($_POST['timeset'], "\t\n "), ENT_QUOTES);
		$redir_url = htmlentities(trim($_POST['redir_url'], "\t\n "), ENT_QUOTES);
		
		if(strlen($address)!=0 AND strlen($address)<=18 AND strlen($reason)<=255) {
			if($timetype == "d") {
				$timespan = ($timeset * 86400) + date("U");
			} else if($timetype == "w") {
				$timespan = ($timeset * 604800) + date("U");
			} else {
				$timespan = 0;
			}
			
			/* Query */
			$postquery = "INSERT INTO
			".$wpdb->prefix."banned
			(address, reason, thetime, timespan, redirto)
			VALUES
			('$address', '$reason', '".date("U")."', '$timespan', '$redir_url')
			";
			if($wpdb->query($postquery)) {
				header('Location: edit.php?page=wp-easyban.php&new_return=true');
			} else {
				die(mysql_error());
			}
		}
	}
 
 
}
 
/* -------------------------------------------------------------
 Name:      easyban_request_delete
 
 Purpose:   Remove ban from database
 Receive:   -none-
 Return:    boolean
------------------------------------------------------------- */
function easyban_request_delete () {
	global $userdata, $wpdb;
 
	$ban_id = $_GET['delete_ban'];
	if($ban_id > 0) {
		$SQL = "SELECT
		".$wpdb->prefix."banned.id,
		".$wpdb->prefix."users.display_name as display_name
		FROM
		".$wpdb->prefix."banned,
		".$wpdb->prefix."users
		WHERE
		".$wpdb->prefix."banned.id = '$ban_id'";
 
		$ban = $wpdb->get_row($SQL);
 
		if ($userdata->user_level >= 10) {
			if(easyban_delete_banid($ban_id) == TRUE) {
				header('Location: edit.php?page=wp-easyban.php&deleted_return=true');
			} else {
				die(mysql_error());
			}
		}
	}
}
 
/* -------------------------------------------------------------
 Name:      easyban_delete_banid
 
 Purpose:   Remove ban from database
 Receive:   $ban_id
 Return:    boolean
------------------------------------------------------------- */
function easyban_delete_banid ($ban_id) {
	if($ban_id > 0) {
		global $wpdb;
 
		$SQL = "DELETE FROM ".$wpdb->prefix."banned WHERE id = $ban_id";
		if(!$wpdb->query($SQL)) {
			die(mysql_error());
		} else {
			return TRUE;
		}
	}
}
 
/* -------------------------------------------------------------
 Name:      easyban_add_pages
 
 Purpose:   Add pages to admin menus
 Receive:   -none-
 Return:    -none-
------------------------------------------------------------- */
function easyban_add_pages() {
	add_management_page('Bans', 'Bans', 10, __FILE__, 'easyban_manage_page');
	add_options_page('Bans', 'Bans', 10, __FILE__, 'easyban_options_page');
}
 
/* -------------------------------------------------------------
 Name:      easyban_manage_page
 
 Purpose:   Admin management page
 Receive:   -none-
 Return:    -none-
------------------------------------------------------------- */
function easyban_manage_page() {
	global $wpdb, $easyban_config;
 
	if ($_GET['new_return'] == "true") : ?>
		<div id="message" class="updated fade"><p><?php _e('Ban <strong>added</strong>.') ?></p>
		</div>
	<?php endif; ?>
	<?php if ($_GET['deleted_return'] == "true") : ?>
		<div id="message" class="updated fade"><p><?php _e('Ban <strong>deleted</strong>.') ?></p>
		</div>
	<?php endif; ?>
 
	<div class="wrap">
	  	<h2>EasyBan management</h2>
	  	<fieldset class="options">
	    	<legend>Active IP bans</legend>
			<?php
			$bans = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "banned ORDER BY thetime asc");
			?>
			<table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
			  <tr>
			    <th scope="col">ID</th>
		    	<th scope="col">Address</th>
			    <th scope="col">Reason</th>
				<th scope="col">Date set</th>
				<?php if($easyban_config['length'] == "on") { ?><th scope="col">Expiry date</th> <?php } ?>
				<th scope="col">Redirect to</th>
				<th scope="col"></th>
			  </tr>
			<?php if ($bans) {
				foreach($bans as $ban) {
					$class = ('alternate' != $class) ? 'alternate' : ''; ?>
				  	<tr id='ban-<?php echo $ban->id; ?>' class='<?php echo $class; ?>'>
					    <th scope="row"><?php echo $ban->id; ?></th>
						<td><?php echo $ban->address; ?></td>
						<td><?php echo $ban->reason; ?></td>
						<td><?php echo date("d-m-Y H:i", $ban->thetime); ?></td>
						<?php if($easyban_config['length'] == "on") { ?><td><?php if($ban->timespan > 0) {echo date("d-m-Y H:i", $ban->timespan); } else { echo 'Never'; } ?></td><?php } ?>
						<td><?php echo $ban->redirto; ?></td>
						<td><a href="http://<?=$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'].'&amp;delete_ban='.$ban->id;?>" class="delete" onclick="return confirm('You are about to delete this ban \'<?=$ban->address;?>\'\n  \'OK\' to delete, \'Cancel\' to stop.')">Delete</a></td>
				  	</tr>
				<?php }
			 } else { ?>
				<tr><td colspan="7"><?php _e('No bans set.') ?></td></tr>
			<?php }	?>
			</table>
		</fieldset>
 
		<h2>Add ban</h2>
		<fieldset class="options">
		  	<form method="post" action="<?=$_SERVER['REQUEST_URI']?>&amp;new=true">
		    	<input type="hidden" name="easyban_submit" value="true" />
		    	<table width="100%" cellspacing="2" cellpadding="5" class="editform">
			      	<tr>
				        <th width="15%" scope="row">Address:</th>
				        <td><input name="address" type="text" size="20" /> (123.123.123.123)</td>
			      	</tr>
			      	<tr>
				        <th width="15%" scope="row">Reason:</th>
				        <td><input name="reason" type="text" size="20" /> (Max. 255 characters, if filled in this will be shown to the banned person.)</td>
				</tr>
				<tr>
					<th>Redirect to</th>
					<td><input name="redir_url" type="text" size="20" /> (Max. 255 characters, if filled in the banned ip will be redirected to this)</td>
			      	</tr>
			      	<?php if($easyban_config['length'] == "on") { ?><tr>
				        <th width="15%" scope="row">How long:</th>
				        <td><select name="timetype">
							<option value="p">permanent</option>
							<option value="d">day(s)</option>
							<option value="w">week(s)</option>
						</select> <input name="timeset" type="text" size="6" /> (Leave field empty when using permanent. Fill in a number higher than 0 when using another option!)</td>
			      	</tr><?php } ?>
			      	<tr>
				        <th width="15%" scope="row" valign="top">Hints and tips:</th>
				        <td>
				        * Banning someone with an address in the 10.x.x.x/ 169.254.x.x / 172.16.x.x or 192.168.x.x range might not work as expected. These are reserved addresses for Small networks like the one you use at home or your work!<br />
				        * Never set a ban on 127.0.0.1!<br />
				        * An IP address ALWAYS contains 4 parts with numbers no higher than 254 separated by a dot!<br />
				        * If a ban does not seem to work try to find out if the person you're trying to ban doesn't use <a href="http://en.wikipedia.org/wiki/DHCP" target="_blank">DHCP</a>.<br />
				        * For more questions please seek help at <a href="http://www.sothq.net/forum/easyban-plugin/" target="_blank">My forum</a>.<br />
				        * A timed ban is automatically removed when it expires.
				        </td>
			      	</tr>
		    	</table>
		    	<p class="submit">
		      		<input type="submit" name="Submit" value="Save ban &raquo;" />
		    	</p>
		  	</form>
 
	  	</fieldset>
	</div>
<?php
}
 
/* -------------------------------------------------------------
 Name:      easyban_options_page
 
 Purpose:   Admin options page
 Receive:   -none-
 Return:    -none-
------------------------------------------------------------- */
function easyban_options_page() {
	$easyban_config = get_option('easyban_config');
	global $user_level;
 
	if(!isset($_GET['error']) && $user_level >= 10) {
		?>
		<div class="wrap">
		  	<h2>Ban options</h2>
		  	<form method="post" action="<?=$_SERVER['REQUEST_URI']?>&amp;updated=true">
		    	<input type="hidden" name="easyban_submit_options" value="true" />
		    	<table width="100%" cellspacing="2" cellpadding="5" class="editform">
		      	<tr>
			        <th width="33%" scope="row">Activate:</th>
			        <td><select name="status">';
					<?php if($easyban_config['status'] == "on") { ?>
				        <option value="on">enabled</option>
						<option value="off">disabled</option>
					<?php } else { ?>
						<option value="off">disabled</option>
				        <option value="on">enabled</option>
					<?php } ?>
					</select></td>
		      	</tr>
		      	<tr>
			        <th width="33%" scope="row">Enable timed bans:</th>
			        <td><select name="length">';
					<?php if($easyban_config['length'] == "on") { ?>
				        <option value="on">enabled</option>
						<option value="off">disabled</option>
					<?php } else { ?>
						<option value="off">disabled</option>
				        <option value="on">enabled</option>
					<?php } ?>
					</select></td>
		      	</tr>
		      	<tr>
			        <th width="33%" scope="row">Redirect to:</th>
			        <td><input name="redirect" type="text" value="<?=$easyban_config['redirect'];?>" size="50" /> (include 'http://')</td>
		      	</tr>
		      	<tr>
			        <th width="33%" scope="row">Redirect delay:</th>
			        <td><input name="delay" type="text" value="<?=$easyban_config['delay'];?>" size="4" /> (default: 3 sec)</td>
		      	</tr>
		    	</table>
			    <p class="submit">
			      	<input type="submit" name="Submit" value="Update Options &raquo;" />
			    </p>
			</form>
 
		  	<h2>Uninstall EasyBan</h2>
		  	<p>Banned installs a table in MySQL. When you disable the plugin the table will not be deleted. To delete the table use the button below.</p>
		  	<p><b>WARNING!</b> -- This process is irreversible and will delete ALL active bans!</p>
		  	<p>No other parts of your wordpress installation will be touched.</p>
		  	<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
		  		<p class="submit">
		    	<input type="hidden" name="easyban_uninstall" value="true" />
		    	<input onclick="return confirm('You are about to uninstall the easyban plugin. All bans will be lost!\n\'OK\' to continue, \'Cancel\' to stop.')" type="submit" name="Submit" value="Uninstall Plugin &raquo;" />
		  		</p>
		  	</form>
 
		</div>
		<?php
	} // End If
}
 
/* -------------------------------------------------------------
 Name:      easyban_check_config
 
 Purpose:   Create or update the options
 Receive:   -none-
 Return:    -none-
------------------------------------------------------------- */
function easyban_check_config() {
	if ( !$option = get_option('easyban_config') ) {
		// Default Options
		$option['status'] = 'on';
		$option['redirect'] = 'http://www.google.com';
		$option['delay'] = '3';
		$option['length'] = 'on';
		update_option('easyban_config', $option);
	}
 
	// If value not assigned insert default (upgrades)
	if (strlen($option['status']) < 1 OR strlen($option['redirect']) < 1  OR strlen($option['delay']) < 1 ) {
		$option['status'] = 'on';
		$option['redirect'] = 'http://www.google.com';
		$option['delay'] = '3';
		$option['length'] = 'on';
		update_option('easyban_config', $option);
	}
}
 
/* -------------------------------------------------------------
 Name:      easyban_options_submit

 Purpose:   Save options
 Receive:   -none-
 Return:    -none-
------------------------------------------------------------- */
function easyban_options_submit() {
	global $user_level;
 
	if ( $user_level >= 10 ) {
		//options page
		$option['status'] = trim($_POST['status'], "\t\n ");
		$option['redirect'] = trim($_POST['redirect'], "\t\n ");
		$option['delay'] = trim($_POST['delay'], "\t\n ");
		$option['length'] = trim($_POST['length'], "\t\n ");
		update_option('easyban_config', $option);
	}
}
 
/* -------------------------------------------------------------
 Name:      easyban_plugin_uninstall
 
 Purpose:   Delete the entire database table and remove the options on uninstall.
 Receive:   -none-
 Return:	-none-
------------------------------------------------------------- */
function easyban_plugin_uninstall() {
	global $easyban_scriptname, $user_level;
 
	if ( $user_level >= 10 ) {
		// Drop MySQL Tables
		$SQL = "DROP TABLE ".$wpdb->prefix."banned";
		$wpdb->query($SQL);
 
		// Delete Option
		delete_option('easyban_config');
 
		// Deactivate Plugin
		$current = get_settings('active_plugins');
        array_splice($current, array_search("$easyban_scriptname", $current), 1 );
		update_option('active_plugins', $current);
 
		$redirect_url = wp_nonce_url("plugins.php?action=deactivate&amp;plugin=wp-easyban.php", 'deactivate-plugin_wp-easyban.php');
		header('Location: '.$redirect_url);
 
		die();
 
	}
}
?>