Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 330 |
acp_bots | |
0.00% |
0 / 1 |
|
0.00% |
0 / 2 |
3906 | |
0.00% |
0 / 326 |
main | |
0.00% |
0 / 1 |
3422 | |
0.00% |
0 / 312 |
|||
validate_botname | |
0.00% |
0 / 1 |
20 | |
0.00% |
0 / 14 |
<?php | |
/** | |
* | |
* This file is part of the phpBB Forum Software package. | |
* | |
* @copyright (c) phpBB Limited <https://www.phpbb.com> | |
* @license GNU General Public License, version 2 (GPL-2.0) | |
* | |
* For full copyright and license information, please see | |
* the docs/CREDITS.txt file. | |
* | |
*/ | |
/** | |
* @ignore | |
*/ | |
if (!defined('IN_PHPBB')) | |
{ | |
exit; | |
} | |
class acp_bots | |
{ | |
var $u_action; | |
function main($id, $mode) | |
{ | |
global $config, $db, $user, $template, $cache, $request, $phpbb_log; | |
global $phpbb_root_path, $phpEx; | |
$action = $request->variable('action', ''); | |
$submit = (isset($_POST['submit'])) ? true : false; | |
$mark = $request->variable('mark', array(0)); | |
$bot_id = $request->variable('id', 0); | |
if (isset($_POST['add'])) | |
{ | |
$action = 'add'; | |
} | |
$error = array(); | |
$user->add_lang('acp/bots'); | |
$this->tpl_name = 'acp_bots'; | |
$this->page_title = 'ACP_BOTS'; | |
$form_key = 'acp_bots'; | |
add_form_key($form_key); | |
if ($submit && !check_form_key($form_key)) | |
{ | |
$error[] = $user->lang['FORM_INVALID']; | |
} | |
// User wants to do something, how inconsiderate of them! | |
switch ($action) | |
{ | |
case 'activate': | |
if ($bot_id || count($mark)) | |
{ | |
$sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')'; | |
$sql = 'UPDATE ' . BOTS_TABLE . " | |
SET bot_active = 1 | |
WHERE bot_id $sql_id"; | |
$db->sql_query($sql); | |
} | |
$cache->destroy('_bots'); | |
break; | |
case 'deactivate': | |
if ($bot_id || count($mark)) | |
{ | |
$sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')'; | |
$sql = 'UPDATE ' . BOTS_TABLE . " | |
SET bot_active = 0 | |
WHERE bot_id $sql_id"; | |
$db->sql_query($sql); | |
} | |
$cache->destroy('_bots'); | |
break; | |
case 'delete': | |
if ($bot_id || count($mark)) | |
{ | |
if (confirm_box(true)) | |
{ | |
// We need to delete the relevant user, usergroup and bot entries ... | |
$sql_id = ($bot_id) ? " = $bot_id" : ' IN (' . implode(', ', $mark) . ')'; | |
$sql = 'SELECT bot_name, user_id | |
FROM ' . BOTS_TABLE . " | |
WHERE bot_id $sql_id"; | |
$result = $db->sql_query($sql); | |
$user_id_ary = $bot_name_ary = array(); | |
while ($row = $db->sql_fetchrow($result)) | |
{ | |
$user_id_ary[] = (int) $row['user_id']; | |
$bot_name_ary[] = $row['bot_name']; | |
} | |
$db->sql_freeresult($result); | |
$db->sql_transaction('begin'); | |
$sql = 'DELETE FROM ' . BOTS_TABLE . " | |
WHERE bot_id $sql_id"; | |
$db->sql_query($sql); | |
if (count($user_id_ary)) | |
{ | |
$_tables = array(USERS_TABLE, USER_GROUP_TABLE); | |
foreach ($_tables as $table) | |
{ | |
$sql = "DELETE FROM $table | |
WHERE " . $db->sql_in_set('user_id', $user_id_ary); | |
$db->sql_query($sql); | |
} | |
} | |
$db->sql_transaction('commit'); | |
$cache->destroy('_bots'); | |
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BOT_DELETE', false, array(implode(', ', $bot_name_ary))); | |
trigger_error($user->lang['BOT_DELETED'] . adm_back_link($this->u_action)); | |
} | |
else | |
{ | |
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( | |
'mark' => $mark, | |
'id' => $bot_id, | |
'mode' => $mode, | |
'action' => $action)) | |
); | |
} | |
} | |
break; | |
case 'edit': | |
case 'add': | |
if (!function_exists('user_update_name')) | |
{ | |
include($phpbb_root_path . 'includes/functions_user.' . $phpEx); | |
} | |
$bot_row = array( | |
'bot_name' => $request->variable('bot_name', '', true), | |
'bot_agent' => $request->variable('bot_agent', ''), | |
'bot_ip' => $request->variable('bot_ip', ''), | |
'bot_active' => $request->variable('bot_active', true), | |
'bot_lang' => $request->variable('bot_lang', $config['default_lang']), | |
'bot_style' => $request->variable('bot_style' , $config['default_style']), | |
); | |
if ($submit) | |
{ | |
if (!$bot_row['bot_agent'] && !$bot_row['bot_ip']) | |
{ | |
$error[] = $user->lang['ERR_BOT_NO_MATCHES']; | |
} | |
if ($bot_row['bot_ip'] && !preg_match('#^[\d\.,:]+$#', $bot_row['bot_ip'])) | |
{ | |
if (!$ip_list = gethostbynamel($bot_row['bot_ip'])) | |
{ | |
$error[] = $user->lang['ERR_BOT_NO_IP']; | |
} | |
else | |
{ | |
$bot_row['bot_ip'] = implode(',', $ip_list); | |
} | |
} | |
$bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']); | |
// Make sure the admin is not adding a bot with an user agent similar to his one | |
if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent'], 0, 149)) | |
{ | |
$error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA']; | |
} | |
$bot_name = false; | |
if ($bot_id) | |
{ | |
$sql = 'SELECT u.username_clean | |
FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u | |
WHERE b.bot_id = $bot_id | |
AND u.user_id = b.user_id"; | |
$result = $db->sql_query($sql); | |
$row = $db->sql_fetchrow($result); | |
$db->sql_freeresult($result); | |
if (!$bot_row) | |
{ | |
$error[] = $user->lang['NO_BOT']; | |
} | |
else | |
{ | |
$bot_name = $row['username_clean']; | |
} | |
} | |
if (!$this->validate_botname($bot_row['bot_name'], $bot_name)) | |
{ | |
$error[] = $user->lang['BOT_NAME_TAKEN']; | |
} | |
if (!count($error)) | |
{ | |
// New bot? Create a new user and group entry | |
if ($action == 'add') | |
{ | |
$sql = 'SELECT group_id, group_colour | |
FROM ' . GROUPS_TABLE . " | |
WHERE group_name = 'BOTS' | |
AND group_type = " . GROUP_SPECIAL; | |
$result = $db->sql_query($sql); | |
$group_row = $db->sql_fetchrow($result); | |
$db->sql_freeresult($result); | |
if (!$group_row) | |
{ | |
trigger_error($user->lang['NO_BOT_GROUP'] . adm_back_link($this->u_action . "&id=$bot_id&action=$action"), E_USER_WARNING); | |
} | |
$user_id = user_add(array( | |
'user_type' => (int) USER_IGNORE, | |
'group_id' => (int) $group_row['group_id'], | |
'username' => (string) $bot_row['bot_name'], | |
'user_regdate' => time(), | |
'user_password' => '', | |
'user_colour' => (string) $group_row['group_colour'], | |
'user_email' => '', | |
'user_lang' => (string) $bot_row['bot_lang'], | |
'user_style' => (int) $bot_row['bot_style'], | |
'user_allow_massemail' => 0, | |
)); | |
$sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( | |
'user_id' => (int) $user_id, | |
'bot_name' => (string) $bot_row['bot_name'], | |
'bot_active' => (int) $bot_row['bot_active'], | |
'bot_agent' => (string) $bot_row['bot_agent'], | |
'bot_ip' => (string) $bot_row['bot_ip']) | |
); | |
$db->sql_query($sql); | |
$log = 'ADDED'; | |
} | |
else if ($bot_id) | |
{ | |
$sql = 'SELECT user_id, bot_name | |
FROM ' . BOTS_TABLE . " | |
WHERE bot_id = $bot_id"; | |
$result = $db->sql_query($sql); | |
$row = $db->sql_fetchrow($result); | |
$db->sql_freeresult($result); | |
if (!$row) | |
{ | |
trigger_error($user->lang['NO_BOT'] . adm_back_link($this->u_action . "&id=$bot_id&action=$action"), E_USER_WARNING); | |
} | |
$sql_ary = array( | |
'user_style' => (int) $bot_row['bot_style'], | |
'user_lang' => (string) $bot_row['bot_lang'], | |
); | |
if ($bot_row['bot_name'] !== $row['bot_name']) | |
{ | |
$sql_ary['username'] = (string) $bot_row['bot_name']; | |
$sql_ary['username_clean'] = (string) utf8_clean_string($bot_row['bot_name']); | |
} | |
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = {$row['user_id']}"; | |
$db->sql_query($sql); | |
$sql = 'UPDATE ' . BOTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array( | |
'bot_name' => (string) $bot_row['bot_name'], | |
'bot_active' => (int) $bot_row['bot_active'], | |
'bot_agent' => (string) $bot_row['bot_agent'], | |
'bot_ip' => (string) $bot_row['bot_ip']) | |
) . " WHERE bot_id = $bot_id"; | |
$db->sql_query($sql); | |
// Updated username? | |
if ($bot_row['bot_name'] !== $row['bot_name']) | |
{ | |
user_update_name($row['bot_name'], $bot_row['bot_name']); | |
} | |
$log = 'UPDATED'; | |
} | |
$cache->destroy('_bots'); | |
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BOT_' . $log, false, array($bot_row['bot_name'])); | |
trigger_error($user->lang['BOT_' . $log] . adm_back_link($this->u_action)); | |
} | |
} | |
else if ($bot_id) | |
{ | |
$sql = 'SELECT b.*, u.user_lang, u.user_style | |
FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u | |
WHERE b.bot_id = $bot_id | |
AND u.user_id = b.user_id"; | |
$result = $db->sql_query($sql); | |
$bot_row = $db->sql_fetchrow($result); | |
$db->sql_freeresult($result); | |
if (!$bot_row) | |
{ | |
trigger_error($user->lang['NO_BOT'] . adm_back_link($this->u_action . "&id=$bot_id&action=$action"), E_USER_WARNING); | |
} | |
$bot_row['bot_lang'] = $bot_row['user_lang']; | |
$bot_row['bot_style'] = $bot_row['user_style']; | |
unset($bot_row['user_lang'], $bot_row['user_style']); | |
} | |
$s_active_options = ''; | |
$_options = array('0' => 'NO', '1' => 'YES'); | |
foreach ($_options as $value => $lang) | |
{ | |
$selected = ($bot_row['bot_active'] == $value) ? ' selected="selected"' : ''; | |
$s_active_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$lang] . '</option>'; | |
} | |
$style_select = style_select($bot_row['bot_style'], true); | |
$lang_select = language_select($bot_row['bot_lang']); | |
$l_title = ($action == 'edit') ? 'EDIT' : 'ADD'; | |
$template->assign_vars(array( | |
'L_TITLE' => $user->lang['BOT_' . $l_title], | |
'U_ACTION' => $this->u_action . "&id=$bot_id&action=$action", | |
'U_BACK' => $this->u_action, | |
'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '', | |
'BOT_NAME' => $bot_row['bot_name'], | |
'BOT_IP' => $bot_row['bot_ip'], | |
'BOT_AGENT' => $bot_row['bot_agent'], | |
'S_EDIT_BOT' => true, | |
'S_ACTIVE_OPTIONS' => $s_active_options, | |
'S_STYLE_OPTIONS' => $style_select, | |
'S_LANG_OPTIONS' => $lang_select, | |
'S_ERROR' => (count($error)) ? true : false, | |
) | |
); | |
return; | |
break; | |
} | |
if ($request->is_ajax() && ($action == 'activate' || $action == 'deactivate')) | |
{ | |
$json_response = new \phpbb\json_response; | |
$json_response->send(array( | |
'text' => $user->lang['BOT_' . (($action == 'activate') ? 'DE' : '') . 'ACTIVATE'], | |
)); | |
} | |
$s_options = ''; | |
$_options = array('activate' => 'BOT_ACTIVATE', 'deactivate' => 'BOT_DEACTIVATE', 'delete' => 'DELETE'); | |
foreach ($_options as $value => $lang) | |
{ | |
$s_options .= '<option value="' . $value . '">' . $user->lang[$lang] . '</option>'; | |
} | |
$template->assign_vars(array( | |
'U_ACTION' => $this->u_action, | |
'S_BOT_OPTIONS' => $s_options) | |
); | |
$sql = 'SELECT b.bot_id, b.bot_name, b.bot_active, u.user_lastvisit | |
FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . ' u | |
WHERE u.user_id = b.user_id | |
ORDER BY u.user_lastvisit DESC, b.bot_name ASC'; | |
$result = $db->sql_query($sql); | |
while ($row = $db->sql_fetchrow($result)) | |
{ | |
$active_lang = (!$row['bot_active']) ? 'BOT_ACTIVATE' : 'BOT_DEACTIVATE'; | |
$active_value = (!$row['bot_active']) ? 'activate' : 'deactivate'; | |
$template->assign_block_vars('bots', array( | |
'BOT_NAME' => $row['bot_name'], | |
'BOT_ID' => $row['bot_id'], | |
'LAST_VISIT' => ($row['user_lastvisit']) ? $user->format_date($row['user_lastvisit']) : $user->lang['BOT_NEVER'], | |
'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&id={$row['bot_id']}&action=$active_value", | |
'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang], | |
'U_EDIT' => $this->u_action . "&id={$row['bot_id']}&action=edit", | |
'U_DELETE' => $this->u_action . "&id={$row['bot_id']}&action=delete") | |
); | |
} | |
$db->sql_freeresult($result); | |
} | |
/** | |
* Validate bot name against username table | |
*/ | |
function validate_botname($newname, $oldname = false) | |
{ | |
global $db; | |
if ($oldname && utf8_clean_string($newname) === $oldname) | |
{ | |
return true; | |
} | |
// Admins might want to use names otherwise forbidden, thus we only check for duplicates. | |
$sql = 'SELECT username | |
FROM ' . USERS_TABLE . " | |
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($newname)) . "'"; | |
$result = $db->sql_query($sql); | |
$row = $db->sql_fetchrow($result); | |
$db->sql_freeresult($result); | |
return ($row) ? false : true; | |
} | |
} |