thurdata
/
blacklister


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
							<?php
error_reporting(E_ALL);
class db extends mysqli {
    private $host = 'localhost';
    private $user = 'ban';
    private $pass = 'Blubb123-';
    private $db   = 'ban';

    public function __construct() {
        @parent::__construct($this->host, $this->user, $this->pass, $this->db);
        if($this->connect_errno){
            die($this->connect_error);
        }
        $this->set_charset('utf8');
    }
}

class token {
    private $db = null;

    public function __construct() {
        $this->db = new db();
    }

    private function getRole($token) {
        $dbAction = $this->db->prepare("SELECT role FROM clients WHERE token = ?");
        $dbAction->bind_param('s',$token);
        $dbAction->execute();
        $dbAction->store_result();
        $dbAction->bind_result($role);
        $dbAction->fetch();
        if ($dbAction->num_rows() == 1){
            return $role;
        }
        return false;
    }

    public function isAdmin($token) {
        if($this->getRole($token) == 'admin') {
            return true;
        }
        return false;
    }

    public function isClient($token) {
        if($this->getRole($token) == 'client') {
            return true;
        }
        return false;
    }
}

class action {

    public function __construct() {
        $this->db = new db();
    }

    private function isListed($ip) {
        $dbAction = $this->db->prepare("SELECT ip FROM list WHERE ip = ?");
        $dbAction->bind_param('i',$ip);
        $dbAction->execute();
        $dbAction->store_result();
        if($dbAction->num_rows() == 0) {
            return false;
        }
        return true;
    }

    private function deListCount($ip) {
        $dbAction = $this->db->prepare("SELECT count FROM delist WHERE ip = ?");
        $dbAction->bind_param('i',$ip);
        $dbAction->execute();
        $dbAction->store_result();
        $dbAction->bind_result($count);
        $dbAction->fetch();
        return $count;
    }

    public function list($ip) {
        $dbAction = $this->db->prepare("INSERT IGNORE INTO list VALUES (?)");
        $dbAction->bind_param('i',$ip);
        return $dbAction->execute();
    }

    public function deList($ip) {
        if(!$this->isListed($ip)) {         //set true to avoid discovering
            return true;
        }
        //check delisting count
        if ($this->delistCount($ip) > 3){
            echo "Fatal: ". long2ip($ip) . " delisted to often!\n";
            return false;
        }
        //delist ip
        $dbAction = $this->db->prepare("DELETE FROM list WHERE ip = ?");
        $dbAction->bind_param('i',$ip);
        $dbAction->execute();
        //update delist count
        $dbAction = $this->db->prepare("INSERT INTO delist (ip) VALUES (?) ON DUPLICATE KEY UPDATE count = count + 1");
        $dbAction->bind_param('i',$ip);
        $dbAction->execute();
        return true;
    }

    public function blackList($ip) {
        $this->deWhiteList($ip);
        $dbAction = $this->db->prepare("INSERT IGNORE INTO blacklist VALUES (?)");
        $dbAction->bind_param('i',$ip);
        return $dbAction->execute();
    }

    public function deBlackList($ip) {
        $dbAction = $this->db->prepare("DELETE FROM blacklist WHERE ip = (?)");
        $dbAction->bind_param('i',$ip);
        return $dbAction->execute();
    }

    public function whiteList($ip) {
        $this->deBlackList($ip);
        $dbAction = $this->db->prepare("INSERT IGNORE INTO whitelist VALUES (?)");
        $dbAction->bind_param('i',$ip);
        return $dbAction->execute();
    }

    public function deWhiteList($ip) {
        $dbAction = $this->db->prepare("DELETE FROM whitelist WHERE ip = (?)");
        $dbAction->bind_param('i',$ip);
        return $dbAction->execute();
    }
}

$ip = ip2long(substr(trim($_GET['ip']),0,15));
$token = substr(trim($_GET['token']),0,25);
$action = substr(trim($_GET['action']),0,9);

switch($action) {
    case 'delist':
        if(!(new token)->isClient($token)) {
            echo "access denied\n";
            break;
        }
        if((new action)->delist($ip)){
            echo long2ip($ip) . " delisted\n";
        } else {
            echo long2ip($ip) . " not delisted\n";
        };
        break;
    case 'blacklist':
        if ((new token)->isAdmin($token)){
            if((new action)->blackList($ip)){
                echo " blacklisted " . long2ip($ip) ."\n";
            } else {
                echo " fehler\n";
            };
        } else {
            echo "no admin permissions\n";
        };
        break;
    case 'whitelist':
        if ((new token)->isAdmin($token)){
            if((new action)->whiteList($ip)){
                echo " whitelisted " . long2ip($ip) ."\n";
            } else {
                echo " fehler\n";
            };
        } else {
            echo "no admin permissions\n";
        };
        break;
    default:
        if ((new token)->isClient($token)){
            if((new action)->list($ip)){
                echo " inserted " . long2ip($ip) ."\n";
            } else {
                echo " fehler\n";
            };
        } else {
            echo "Client token " . $token . " not registered\n";
        };
}