Howto ban a ip addr from an extension?

Discussion forum for Extension Writers regarding Extension Development.
Post Reply
WHK102
Registered User
Posts: 15
Joined: Tue Nov 14, 2017 7:45 pm

Howto ban a ip addr from an extension?

Post by WHK102 » Tue Nov 14, 2017 7:50 pm

I make a extension to robots detection. Howto ban the ip addr using the phpbb system with the title, reason and expiration time?

In the event class have imported:

Code: Select all

services:
    cspamban.mainlistener:
        class: whk\cspamban\event\main_listener
        arguments:
            - '@auth'
            - '@config'
            - '@user'
            - '@controller.helper'
            - '@log'
            - '@request'
            - '@template'
            - '%core.root_path%'
            - '%core.php_ext%'
        tags:
            - { name: event.listener }
Have the IP Addr from $this->request->server('REMOTE_ADDR').

Thanks.

WHK102
Registered User
Posts: 15
Joined: Tue Nov 14, 2017 7:45 pm

Re: Howto ban a ip addr from an extension?

Post by WHK102 » Tue Nov 14, 2017 10:06 pm

I found file includes/functions_user.php and read the function user_ban and implement in my extension:

Code: Select all

private function ban($mode, $data)
    {
        if (!function_exists('user_ban'))
        {
            include($phpbb_root_path . 'includes/functions_user.php');
        }

        // includes/functions_user.php:879
        user_ban(
            'ip', // $mode Type of ban. One of the following: user, ip, email
            $this->request->server('REMOTE_ADDR'), // $ban Banned entity. Either string or array with usernames, ips or email addresses
            (((1*60)*24)*7), // int $ban_len Ban length in minutes
            false, // string $ban_len_other Ban length as a date (YYYY-MM-DD)
            false, // boolean $ban_exclude Exclude these entities from banning?
            'CSpamBan [mode:'.$mode.'] '.(string)$data, // $ban_reason String describing the reason for this ban
            'Has sido baneado por actividad maliciosa (Spam).' // $ban_give_reason String reason shown to the banned. TODO: change to language extension.
        );

        // TODO: change to language extension.
        trigger_error('
            Lo sentimos, has sido baneado por actividad maliciosa (Spam).
            Si piensas que es un error contactate con el Administrador.
        ');
    }
Can call user_ban function without harcoded the include file?

WHK102
Registered User
Posts: 15
Joined: Tue Nov 14, 2017 7:45 pm

Re: Howto ban a ip addr from an extension?

Post by WHK102 » Wed Nov 15, 2017 9:18 pm

Have a problem, i added the full title and the full post message into $ban_reason but does not work, i shorted using only the title and works fine, have limits?

My code for call the function is:

Code: Select all

                $this->ban(
                    'method_1',
                    implode("\n", array(
                        '',
                        'Post title: '.request_var('subject', 'null'),
                        'Post content:'."\n".request_var('message', 'null'),
                        ''
                    ))
                );
My event is called in core.posting_modify_message_text.

And i found a bug when using newlines (\n) in the $ban_reason, it break the javascript code in administration panel (xss?), example:

Code: Select all

<script type="text/javascript">
// <![CDATA[
....
ban_reason['8'] = 'CSpamBan [mode:method_1] 
Post title: autoremonty
Post content:
[url=http://autoremonty.ru/]??????????????????????[/url]
';
Javascript does not work with newlines in the string quotes, i recommended use escape:

Code: Select all

str_replace(array('+', '%'), array(' ', '\\x'), urlencode($str));
The final code is escaped in hexadecimal include the newlines as \x0a and \x0c.

Please fix it in the new release.

User avatar
posey
Registered User
Posts: 543
Joined: Tue Oct 06, 2009 7:34 pm
Location: The Netherlands
Name: Gijs

Re: Howto ban a ip addr from an extension?

Post by posey » Wed Nov 15, 2017 10:54 pm

Not sure what you're trying to do.. but you're best of using the request, language and helper class.
request_var('subject', 'null') should be $this->request->variable('subject', '', true), dito for the message.
Where $request is injected through a service.

Not sure what the ban message includes, but here you can find some information on parsing text.

For a lot more information, have a look here.
Ultimate Extensions:
Image Ultimate Blog (coming soon)
Image Ultimate Teams

''I'm pretty sure there's a lot more to life than being really, really, ridiculously good looking. And I plan on finding out what that is.''

Post Reply

Return to “Extension Writers Discussion”

Who is online

Users browsing this forum: No registered users and 11 guests