Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 12:12 pm EDT

Geeklog Forums

Ban plugin 1.0.1


ironmax

Anonymous
I just installed a new site 1.4.0sr5 and tried to install the ban plugin 1.0.1. I've done just about everything I could think of. I tried it with globals on and still nothing. Nothing in the error log at all on it. Has anyone else had any problems installing it with the latest prodution ver of geeklog? Any help would be great. I know the plugin needs to be updated. Not that good in programming.

Thanks in advance

Michael
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Here's a late reply!

The latest ban plugin I can find is 1.0, where is 1.0.1

Just tried installing this on a new install of geeklog and it didn't work no error message nothing. I checked into it and noticed it accesses form variables directly and not with $_REQUEST so global variables need to be on. This doesn't work in my situation as I like having global variables off. I have been running the ban plugin on other sites for a while now thinking it was working!

Is TomW (ban plugin author around anymore) or has someone updated the ban plugin for registered globals to be off, maybe this is 1.0.1? If not I can do it since it's not very big but I rather release it as a new version of the ban plugin and not as a brand new plugin.
One of the Geeklog Core Developers.
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
The old plugin toolkit required register_globals to install the plugin. Does the rest of the plugin require register_globals or just the install.php? You could enable register_globals just long enough to install it and then turn register_globals back off. (Or as you say, just fix it and rerelease it.)
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
I went ahead and updated the ban plugin. It was failing on any page that required user input (install,adding, logfile). As far as I can tell after a quick look everything else worked. If your ban table contained data before switching to registered globals off it still banned those ips, you just couldn't delete or add new ones.

I'll upload the 1.0.2 ban plugin to geeklog.

jmucchiello, I emailed you back a while ago regarding testing the new version of the autotag plugin, did you get it?
One of the Geeklog Core Developers.
 Quote

ironmax

Anonymous
Quote by: Laugh

I went ahead and updated the ban plugin. It was failing on any page that required user input (install,adding, logfile). As far as I can tell after a quick look everything else worked. If your ban table contained data before switching to registered globals off it still banned those ips, you just couldn't delete or add new ones.

I'll upload the 1.0.2 ban plugin to geeklog.



Laugh, did you ever upload the updated Ban plugin?

 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
jmucchiello, I emailed you back a while ago regarding testing the new version of the autotag plugin, did you get it?[/p]
Yes, it fell off my radar again. I'll get around to it next week some time. I've had a busy couple weeks with no time for personal programming projects.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
No rush, I didn't know if my reply was flagged as spam or something.

Quote by: jmucchiello

jmucchiello, I emailed you back a while ago regarding testing the new version of the autotag plugin, did you get it?

Yes, it fell off my radar again. I'll get around to it next week some time. I've had a busy couple weeks with no time for personal programming projects.[/p][/QUOTE]


IRONMAX - opps, I'll upload the ban plugin now.
One of the Geeklog Core Developers.
 Quote

ironmax

Anonymous
Quote by: Laugh


IRONMAX - opps, I'll upload the ban plugin now.



Thanx for the update...works like its supposed to now.

Michael
 Quote

ironmax

Anonymous
I don't know if this is isolated or not. Anyways, I have noticed in the updated version that the Ban plugin seems to not block the referrals when the site name that it refers to is put in the system. Also the logging does not seem to record that fact either. Anyone else having this issue?

Michael

Update....

Would help if I read the regex better. You have to excape the periods with a backslash.

Example: www.example.com should read as www\.example\.com

 Quote

ironmax

Anonymous
Quote by: ironmax

I don't know if this is isolated or not. Anyways, I have noticed in the updated version that the Ban plugin seems to not block the referrals when the site name that it refers to is put in the system. Also the logging does not seem to record that fact either. Anyone else having this issue?

Michael

Update....

Would help if I read the regex better. You have to excape the periods with a backslash.

Example: www.example.com should read as www.example.com



Okay...so my original message stands. There still seems to be a problem. The referrers that I put in are still coming back to my site and and leaving referral links in the referrer area listed in GUS. Any ideas? Dirk, login and have a look to verify what I mean. Look at the 10:45am entry.



 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
I'll take a closer look when I get a chance. The only code I touched was any form that required user input. The actual code that deals with banning an ip, etc... I had left alone.
One of the Geeklog Core Developers.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Wow, I just took a look at the ban plugin code for banning ips. No way it will work. I double checked Source Forge and this is what they have as well (checked previous versions as well). Not sure how this got released before, Dirk or anyone else have any ideas what happened or does anyone have some older code for when it use to work?

Text Formatted Code

function BAN_check()
{
    global $HTTP_USER_AGENT, $REMOTE_ADDR, $HTTP_REFERER, $_TABLES, $SCRIPT_NAME, $_BAN_log, $_BAN_page;
   
    $result = DB_Query("SELECT * FROM {$_TABLES['ban']}",1);
    $nrows = DB_numRows( $result );
    for( $i = 1; $i <= $nrows; $i++ ) {
        $A = DB_fetchArray($result);
       
        if (eregi($A['data'],$$A['bantype'])) {
            if ($_BAN_log) {
                BAN_Log('Access Banned because ' . $$A['bantype'] . " matches {$A['data']}");
            }
            if ($_BAN_page != '') {
                echo COM_refresh($_BAN_page);
                die();
            } else {
                die();
            }
        }
    }
}
 



The code doesn't even refer to the remote IP plus for some reason it is trying to compare the banned ips in the db with the current records ban type??

Plus the ban type variable has a double $$.
One of the Geeklog Core Developers.
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Quote by: Laugh

Plus the ban type variable has a double $$.


Calm. That is the magic of the code. I have never ever looked at the ban plugin but I will bet that the "bantype" column in the ban table is supposed to contain one of the following strings: HTTP_USER_AGENT, REMOTE_ADDR, HTTP_REFERER, or SCRIPT_NAME.

The magic eregi line look at the variable contained in the variable name by $A['bantype'] and that's why there are 2 dollar signs.

So if the ban table has a record where data = '^192\.168\.' and bantype = 'REMOTE_ADDR' than anyone connecting with a remote_addr starting 192.168 will be stopped by that record.

Get it?
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Ahh, never have run into that before, that makes sense (and I should of figured it out Oops! ). I did attempt to do a search on the subject but couldn't find anything. I've updated the function and set the $REMOTE_ADDR variable, etc.. to use the appropriate $_SERVER variable since they do not work with registered globals off.

I've uploaded Ban Plugin Ver. 1.0.3
One of the Geeklog Core Developers.
 Quote

All times are EDT. The time is now 12:12 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content