PageRenderTime 142ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/phpBB/includes/acp/acp_bots.php

https://github.com/naderman/phpbb-orchestra
PHP | 418 lines | 328 code | 67 blank | 23 comment | 42 complexity | d13705914fac3c03c05d2f16e64a7dea MD5 | raw file
  1. <?php
  2. /**
  3. *
  4. * @package acp
  5. * @version $Id$
  6. * @copyright (c) 2005 phpBB Group
  7. * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  8. *
  9. */
  10. /**
  11. * @ignore
  12. */
  13. if (!defined('IN_PHPBB'))
  14. {
  15. exit;
  16. }
  17. /**
  18. * @package acp
  19. */
  20. class acp_bots
  21. {
  22. var $u_action;
  23. function main($id, $mode)
  24. {
  25. global $config, $db, $user, $auth, $template, $cache;
  26. global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
  27. $action = request_var('action', '');
  28. $submit = (isset($_POST['submit'])) ? true : false;
  29. $mark = request_var('mark', array(0));
  30. $bot_id = request_var('id', 0);
  31. if (isset($_POST['add']))
  32. {
  33. $action = 'add';
  34. }
  35. $error = array();
  36. $user->add_lang('acp/bots');
  37. $this->tpl_name = 'acp_bots';
  38. $this->page_title = 'ACP_BOTS';
  39. $form_key = 'acp_bots';
  40. add_form_key($form_key);
  41. if ($submit && !check_form_key($form_key))
  42. {
  43. $error[] = $user->lang['FORM_INVALID'];
  44. }
  45. // User wants to do something, how inconsiderate of them!
  46. switch ($action)
  47. {
  48. case 'activate':
  49. if ($bot_id || sizeof($mark))
  50. {
  51. $sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')';
  52. $sql = 'UPDATE ' . BOTS_TABLE . "
  53. SET bot_active = 1
  54. WHERE bot_id $sql_id";
  55. $db->sql_query($sql);
  56. }
  57. $cache->destroy('_bots');
  58. break;
  59. case 'deactivate':
  60. if ($bot_id || sizeof($mark))
  61. {
  62. $sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')';
  63. $sql = 'UPDATE ' . BOTS_TABLE . "
  64. SET bot_active = 0
  65. WHERE bot_id $sql_id";
  66. $db->sql_query($sql);
  67. }
  68. $cache->destroy('_bots');
  69. break;
  70. case 'delete':
  71. if ($bot_id || sizeof($mark))
  72. {
  73. if (confirm_box(true))
  74. {
  75. // We need to delete the relevant user, usergroup and bot entries ...
  76. $sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')';
  77. $sql = 'SELECT bot_name, user_id
  78. FROM ' . BOTS_TABLE . "
  79. WHERE bot_id $sql_id";
  80. $result = $db->sql_query($sql);
  81. $user_id_ary = $bot_name_ary = array();
  82. while ($row = $db->sql_fetchrow($result))
  83. {
  84. $user_id_ary[] = (int) $row['user_id'];
  85. $bot_name_ary[] = $row['bot_name'];
  86. }
  87. $db->sql_freeresult($result);
  88. $db->sql_transaction('begin');
  89. $sql = 'DELETE FROM ' . BOTS_TABLE . "
  90. WHERE bot_id $sql_id";
  91. $db->sql_query($sql);
  92. if (sizeof($user_id_ary))
  93. {
  94. $_tables = array(USERS_TABLE, USER_GROUP_TABLE);
  95. foreach ($_tables as $table)
  96. {
  97. $sql = "DELETE FROM $table
  98. WHERE " . $db->sql_in_set('user_id', $user_id_ary);
  99. $db->sql_query($sql);
  100. }
  101. }
  102. $db->sql_transaction('commit');
  103. $cache->destroy('_bots');
  104. add_log('admin', 'LOG_BOT_DELETE', implode(', ', $bot_name_ary));
  105. trigger_error($user->lang['BOT_DELETED'] . adm_back_link($this->u_action));
  106. }
  107. else
  108. {
  109. confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
  110. 'mark' => $mark,
  111. 'id' => $bot_id,
  112. 'mode' => $mode,
  113. 'action' => $action))
  114. );
  115. }
  116. }
  117. break;
  118. case 'edit':
  119. case 'add':
  120. include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  121. $bot_row = array(
  122. 'bot_name' => utf8_normalize_nfc(request_var('bot_name', '', true)),
  123. 'bot_agent' => request_var('bot_agent', ''),
  124. 'bot_ip' => request_var('bot_ip', ''),
  125. 'bot_active' => request_var('bot_active', true),
  126. 'bot_lang' => request_var('bot_lang', $config['default_lang']),
  127. 'bot_style' => request_var('bot_style' , $config['default_style']),
  128. );
  129. if ($submit)
  130. {
  131. if (!$bot_row['bot_agent'] && !$bot_row['bot_ip'])
  132. {
  133. $error[] = $user->lang['ERR_BOT_NO_MATCHES'];
  134. }
  135. if ($bot_row['bot_ip'] && !preg_match('#^[\d\.,:]+$#', $bot_row['bot_ip']))
  136. {
  137. if (!$ip_list = gethostbynamel($bot_row['bot_ip']))
  138. {
  139. $error[] = $user->lang['ERR_BOT_NO_IP'];
  140. }
  141. else
  142. {
  143. $bot_row['bot_ip'] = implode(',', $ip_list);
  144. }
  145. }
  146. $bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']);
  147. // Make sure the admin is not adding a bot with an user agent similar to his one
  148. if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent'], 0, 149))
  149. {
  150. $error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA'];
  151. }
  152. $bot_name = false;
  153. if ($bot_id)
  154. {
  155. $sql = 'SELECT u.username_clean
  156. FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u
  157. WHERE b.bot_id = $bot_id
  158. AND u.user_id = b.user_id";
  159. $result = $db->sql_query($sql);
  160. $row = $db->sql_fetchrow($result);
  161. $db->sql_freeresult($result);
  162. if (!$bot_row)
  163. {
  164. $error[] = $user->lang['NO_BOT'];
  165. }
  166. else
  167. {
  168. $bot_name = $row['username_clean'];
  169. }
  170. }
  171. if (!$this->validate_botname($bot_row['bot_name'], $bot_name))
  172. {
  173. $error[] = $user->lang['BOT_NAME_TAKEN'];
  174. }
  175. if (!sizeof($error))
  176. {
  177. // New bot? Create a new user and group entry
  178. if ($action == 'add')
  179. {
  180. $sql = 'SELECT group_id, group_colour
  181. FROM ' . GROUPS_TABLE . "
  182. WHERE group_name = 'BOTS'
  183. AND group_type = " . GROUP_SPECIAL;
  184. $result = $db->sql_query($sql);
  185. $group_row = $db->sql_fetchrow($result);
  186. $db->sql_freeresult($result);
  187. if (!$group_row)
  188. {
  189. trigger_error($user->lang['NO_BOT_GROUP'] . adm_back_link($this->u_action . "&amp;id=$bot_id&amp;action=$action"), E_USER_WARNING);
  190. }
  191. $user_id = user_add(array(
  192. 'user_type' => (int) USER_IGNORE,
  193. 'group_id' => (int) $group_row['group_id'],
  194. 'username' => (string) $bot_row['bot_name'],
  195. 'user_regdate' => time(),
  196. 'user_password' => '',
  197. 'user_colour' => (string) $group_row['group_colour'],
  198. 'user_email' => '',
  199. 'user_lang' => (string) $bot_row['bot_lang'],
  200. 'user_style' => (int) $bot_row['bot_style'],
  201. 'user_allow_massemail' => 0,
  202. ));
  203. $sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
  204. 'user_id' => (int) $user_id,
  205. 'bot_name' => (string) $bot_row['bot_name'],
  206. 'bot_active' => (int) $bot_row['bot_active'],
  207. 'bot_agent' => (string) $bot_row['bot_agent'],
  208. 'bot_ip' => (string) $bot_row['bot_ip'])
  209. );
  210. $db->sql_query($sql);
  211. $log = 'ADDED';
  212. }
  213. else if ($bot_id)
  214. {
  215. $sql = 'SELECT user_id, bot_name
  216. FROM ' . BOTS_TABLE . "
  217. WHERE bot_id = $bot_id";
  218. $result = $db->sql_query($sql);
  219. $row = $db->sql_fetchrow($result);
  220. $db->sql_freeresult($result);
  221. if (!$row)
  222. {
  223. trigger_error($user->lang['NO_BOT'] . adm_back_link($this->u_action . "&amp;id=$bot_id&amp;action=$action"), E_USER_WARNING);
  224. }
  225. $sql_ary = array(
  226. 'user_style' => (int) $bot_row['bot_style'],
  227. 'user_lang' => (string) $bot_row['bot_lang'],
  228. );
  229. if ($bot_row['bot_name'] !== $row['bot_name'])
  230. {
  231. $sql_ary['username'] = (string) $bot_row['bot_name'];
  232. $sql_ary['username_clean'] = (string) utf8_clean_string($bot_row['bot_name']);
  233. }
  234. $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = {$row['user_id']}";
  235. $db->sql_query($sql);
  236. $sql = 'UPDATE ' . BOTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array(
  237. 'bot_name' => (string) $bot_row['bot_name'],
  238. 'bot_active' => (int) $bot_row['bot_active'],
  239. 'bot_agent' => (string) $bot_row['bot_agent'],
  240. 'bot_ip' => (string) $bot_row['bot_ip'])
  241. ) . " WHERE bot_id = $bot_id";
  242. $db->sql_query($sql);
  243. // Updated username?
  244. if ($bot_row['bot_name'] !== $row['bot_name'])
  245. {
  246. user_update_name($row['bot_name'], $bot_row['bot_name']);
  247. }
  248. $log = 'UPDATED';
  249. }
  250. $cache->destroy('_bots');
  251. add_log('admin', 'LOG_BOT_' . $log, $bot_row['bot_name']);
  252. trigger_error($user->lang['BOT_' . $log] . adm_back_link($this->u_action));
  253. }
  254. }
  255. else if ($bot_id)
  256. {
  257. $sql = 'SELECT b.*, u.user_lang, u.user_style
  258. FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u
  259. WHERE b.bot_id = $bot_id
  260. AND u.user_id = b.user_id";
  261. $result = $db->sql_query($sql);
  262. $bot_row = $db->sql_fetchrow($result);
  263. $db->sql_freeresult($result);
  264. if (!$bot_row)
  265. {
  266. trigger_error($user->lang['NO_BOT'] . adm_back_link($this->u_action . "&amp;id=$bot_id&amp;action=$action"), E_USER_WARNING);
  267. }
  268. $bot_row['bot_lang'] = $bot_row['user_lang'];
  269. $bot_row['bot_style'] = $bot_row['user_style'];
  270. unset($bot_row['user_lang'], $bot_row['user_style']);
  271. }
  272. $s_active_options = '';
  273. $_options = array('0' => 'NO', '1' => 'YES');
  274. foreach ($_options as $value => $lang)
  275. {
  276. $selected = ($bot_row['bot_active'] == $value) ? ' selected="selected"' : '';
  277. $s_active_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$lang] . '</option>';
  278. }
  279. $style_select = style_select($bot_row['bot_style'], true);
  280. $lang_select = language_select($bot_row['bot_lang']);
  281. $l_title = ($action == 'edit') ? 'EDIT' : 'ADD';
  282. $template->assign_vars(array(
  283. 'L_TITLE' => $user->lang['BOT_' . $l_title],
  284. 'U_ACTION' => $this->u_action . "&amp;id=$bot_id&amp;action=$action",
  285. 'U_BACK' => $this->u_action,
  286. 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '',
  287. 'BOT_NAME' => $bot_row['bot_name'],
  288. 'BOT_IP' => $bot_row['bot_ip'],
  289. 'BOT_AGENT' => $bot_row['bot_agent'],
  290. 'S_EDIT_BOT' => true,
  291. 'S_ACTIVE_OPTIONS' => $s_active_options,
  292. 'S_STYLE_OPTIONS' => $style_select,
  293. 'S_LANG_OPTIONS' => $lang_select,
  294. 'S_ERROR' => (sizeof($error)) ? true : false,
  295. )
  296. );
  297. return;
  298. break;
  299. }
  300. $s_options = '';
  301. $_options = array('activate' => 'BOT_ACTIVATE', 'deactivate' => 'BOT_DEACTIVATE', 'delete' => 'DELETE');
  302. foreach ($_options as $value => $lang)
  303. {
  304. $s_options .= '<option value="' . $value . '">' . $user->lang[$lang] . '</option>';
  305. }
  306. $template->assign_vars(array(
  307. 'U_ACTION' => $this->u_action,
  308. 'S_BOT_OPTIONS' => $s_options)
  309. );
  310. $sql = 'SELECT b.bot_id, b.bot_name, b.bot_active, u.user_lastvisit
  311. FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . ' u
  312. WHERE u.user_id = b.user_id
  313. ORDER BY u.user_lastvisit DESC, b.bot_name ASC';
  314. $result = $db->sql_query($sql);
  315. while ($row = $db->sql_fetchrow($result))
  316. {
  317. $active_lang = (!$row['bot_active']) ? 'BOT_ACTIVATE' : 'BOT_DEACTIVATE';
  318. $active_value = (!$row['bot_active']) ? 'activate' : 'deactivate';
  319. $template->assign_block_vars('bots', array(
  320. 'BOT_NAME' => $row['bot_name'],
  321. 'BOT_ID' => $row['bot_id'],
  322. 'LAST_VISIT' => ($row['user_lastvisit']) ? $user->format_date($row['user_lastvisit']) : $user->lang['BOT_NEVER'],
  323. 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&amp;id={$row['bot_id']}&amp;action=$active_value",
  324. 'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang],
  325. 'U_EDIT' => $this->u_action . "&amp;id={$row['bot_id']}&amp;action=edit",
  326. 'U_DELETE' => $this->u_action . "&amp;id={$row['bot_id']}&amp;action=delete")
  327. );
  328. }
  329. $db->sql_freeresult($result);
  330. }
  331. /**
  332. * Validate bot name against username table
  333. */
  334. function validate_botname($newname, $oldname = false)
  335. {
  336. global $db;
  337. if ($oldname && utf8_clean_string($newname) === $oldname)
  338. {
  339. return true;
  340. }
  341. // Admins might want to use names otherwise forbidden, thus we only check for duplicates.
  342. $sql = 'SELECT username
  343. FROM ' . USERS_TABLE . "
  344. WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($newname)) . "'";
  345. $result = $db->sql_query($sql);
  346. $row = $db->sql_fetchrow($result);
  347. $db->sql_freeresult($result);
  348. return ($row) ? false : true;
  349. }
  350. }
  351. ?>