= ".intval($hesk_settings['attempt_limit'])." AND `last_attempt` > (NOW() - INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE)"); $num = hesk_dbNumRows($res); if ($num > 0): ?>

= 0 && $matches[4] <= 32) { list($ip_from, $ip_to) = hesk_cidr_to_range($ip); } // Not a valid input else { hesk_process_messages($hesklang['validbanip'],'banned_ips.php'); } if ($ip_from === false || $ip_to === false) { hesk_process_messages($hesklang['validbanip'],'banned_ips.php'); } // Make sure we have valid ranges if ($ip_from < 0) { $ip_from += 4294967296; } elseif ($ip_from > 4294967296) { $ip_from = 4294967296; } if ($ip_to < 0) { $ip_to += 4294967296; } elseif ($ip_to > 4294967296) { $ip_to = 4294967296; } // Make sure $ip_to is not lower that $ip_from if ($ip_to < $ip_from) { $tmp = $ip_to; $ip_to = $ip_from; $ip_from = $tmp; } // Is this IP address already banned? $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1"); if ( hesk_dbNumRows($res) == 1 ) { $_SESSION['ban_ip']['id'] = hesk_dbResult($res); $hesklang['ipbanexists'] = ($ip_to == $ip_from) ? sprintf($hesklang['ipbanexists'], long2ip($ip_to) ) : sprintf($hesklang['iprbanexists'], long2ip($ip_from).' - '.long2ip($ip_to) ); hesk_process_messages($hesklang['ipbanexists'],'banned_ips.php','NOTICE'); } // Delete any duplicate banned IP or ranges that are within the new banned range hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}"); // Delete temporary bans from logins table if ($ip_to == $ip_from) { hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip_display)."'"); } // Redirect either to banned ips or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php'; // Insert the ip address into database hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'".hesk_dbEscape($ip_display)."','".intval($_SESSION['id'])."')"); // Remember ip that got banned $_SESSION['ban_ip']['id'] = hesk_dbInsertID(); // Generate success message $hesklang['ip_banned'] = ($ip_to == $ip_from) ? sprintf($hesklang['ip_banned'], long2ip($ip_to) ) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from).' - '.long2ip($ip_to) ); // Show success hesk_process_messages( sprintf($hesklang['ip_banned'], $ip) ,$redirect_to,'SUCCESS'); } // End ban_ip() function unban_temp_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Get the ip $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') ); // Delete from bans hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'"); // Show success hesk_process_messages($hesklang['ip_tempun'],'banned_ips.php','SUCCESS'); } // End unban_temp_ip() function unban_ip() { global $hesk_settings, $hesklang; // A security check hesk_token_check(); // Delete from bans hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `id`=" . intval( hesk_GET('id') ) ); // Redirect either to banned ips or ticket page from now on $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php'; // Show success hesk_process_messages($hesklang['ip_unbanned'],$redirect_to,'SUCCESS'); } // End unban_ip() function hesk_cidr_to_range($cidr) { $range = array(); $cidr = explode('/', $cidr); $range[0] = (ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1]))); $range[1] = (ip2long($cidr[0])) + pow(2, (32 - (int)$cidr[1])) - 1; return $range; } // END hesk_cidr_to_range() ?>