From 26887979e171f97d7c0c9c605ac12e5ce7862f22 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Wed, 24 Sep 2014 23:48:00 -0400
Subject: [PATCH] #29 Now IP ranges and emails can be added to the banned
 tables thru the settings page

---
 admin/admin_settings.php      | 48 +++++++++++++++++------------------
 admin/admin_settings_save.php | 32 +++++++++++++++++++++++
 2 files changed, 56 insertions(+), 24 deletions(-)

diff --git a/admin/admin_settings.php b/admin/admin_settings.php
index 879f19b1..8f3a2642 100644
--- a/admin/admin_settings.php
+++ b/admin/admin_settings.php
@@ -2156,7 +2156,7 @@ if ( defined('HESK_DEMO') )
                       </div>
                   </div>
               </div>
-              <!-- NuMods: Denied Parties -->
+              <!-- NuMods: IP/Email Bans -->
               <div class="tab-pane fade in" id="ipEmailBans">
                   <h6 style="font-weight: bold"><?php echo $hesklang['ip_bans']; ?></h6>
                   <div class="footerWithBorder blankSpace"></div>
@@ -2174,9 +2174,9 @@ if ( defined('HESK_DEMO') )
                           $ipRs= hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
                           while ($row = $ipRs->fetch_assoc()) {
                               echo '<tr id="trIp'.$row['ID'].'">';
-                              echo '<td><input type="checkbox" name="ipDelete'.$row['ID'].'" onclick="toggleRow(\'trIp'.$row['ID'].'\')"></td>';
-                              echo '<td><input type="text" name="ipFrom'.$row['ID'].'" placeholder="'.$hesklang['from'].'" class="form-control" value="'.$row['RangeStart'].'"></td>';
-                              echo '<td><input type="text" name="ipTo'.$row['ID'].'" placeholder="'.$hesklang['ip_to'].'" class="form-control" value="'.$row['RangeEnd'].'"></td>';
+                              echo '<td><input type="checkbox" name="ipDelete['.$row['ID'].']" onclick="toggleRow(\'trIp'.$row['ID'].'\')"></td>';
+                              echo '<td><input type="text" name="ipFrom['.$row['ID'].']" placeholder="'.$hesklang['from'].'" class="form-control" value="'.$row['RangeStart'].'"></td>';
+                              echo '<td><input type="text" name="ipTo['.$row['ID'].']" placeholder="'.$hesklang['ip_to'].'" class="form-control" value="'.$row['RangeEnd'].'"></td>';
                               echo '</tr>';
                           }
 
@@ -2200,29 +2200,29 @@ if ( defined('HESK_DEMO') )
                   <div class="table-responsive">
                       <table class="table table-hover">
                           <thead>
-                            <tr>
-                                <th><?php echo $hesklang['delete']; ?></th>
-                                <th><?php echo $hesklang['email']; ?></th>
-                            </tr>
+                              <tr>
+                                  <th><?php echo $hesklang['delete']; ?></th>
+                                  <th><?php echo $hesklang['email']; ?></th>
+                              </tr>
                           </thead>
                           <tbody>
-                          <?php
-                          $emailRs = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_emails`');
-                          while ($row = $emailRs->fetch_assoc()) {
-                              echo '<tr id="trEmail'.$row['ID'].'">';
-                              echo '<td><input type="checkbox" name="emailDelete'.$row['ID'].'" onclick="toggleRow(\'trEmail'.$row['ID'].'\')"></td>';
-                              echo '<td><input type="text" name="email'.$row['ID'].'" class="form-control" placeholder="'.$hesklang['email'].'" value="'.$row['Email'].'"></td>';
-                              echo '</tr>';
-                          }
-                          ?>
+                              <?php
+                              $emailRs = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_emails`');
+                              while ($row = $emailRs->fetch_assoc()) {
+                                  echo '<tr id="trEmail'.$row['ID'].'">';
+                                  echo '<td><input type="checkbox" name="emailDelete['.$row['ID'].']" onclick="toggleRow(\'trEmail'.$row['ID'].'\')"></td>';
+                                  echo '<td><input type="text" name="email['.$row['ID'].']" class="form-control" placeholder="'.$hesklang['email'].'" value="'.$row['Email'].'"></td>';
+                                  echo '</tr>';
+                              }
+                              ?>
 
-                          <!-- Add new email -->
-                          <tr class="info">
-                              <td><b><?php echo $hesklang['addNew']; ?></b></td>
-                              <td>
-                                  <input type="text" name="addEmail" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
-                              </td>
-                          </tr>
+                              <!-- Add new email -->
+                              <tr class="info">
+                                  <td><b><?php echo $hesklang['addNew']; ?></b></td>
+                                  <td>
+                                      <input type="text" name="addEmail" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
+                                  </td>
+                              </tr>
                           </tbody>
                       </table>
                   </div>
diff --git a/admin/admin_settings_save.php b/admin/admin_settings_save.php
index fc9aa288..faa6d158 100644
--- a/admin/admin_settings_save.php
+++ b/admin/admin_settings_save.php
@@ -497,6 +497,38 @@ $stmt = hesk_dbConnect()->prepare($updateQuery);
 $stmt->bind_param('i', $_POST['lockedTicketStatus']);
 $stmt->execute();
 
+//-- IP Bans
+$ipBanSql = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix'].'denied_ips`');
+while ($row = $ipBanSql->fetch_assoc()) {
+    if (isset($_POST['ipDelete'][$row['ID']])) {
+        hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` WHERE ID = '.hesk_dbEscape($row['ID']));
+    } else {
+        hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips`
+            SET `RangeStart` = \''.hesk_dbEscape($_POST['ipFrom'][$row['ID']]).'\',
+                `RangeEnd` = \''.hesk_dbEscape($_POST['ipTo'][$row['ID']]).'\'
+            WHERE ID = '.hesk_dbEscape($row['ID']));
+    }
+}
+if (!empty($_POST['addIpFrom']) && !empty($_POST['addIpTo'])) {
+    hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_ips` (`RangeStart`, `RangeEnd`)
+        VALUES (\''.hesk_dbEscape($_POST['addIpFrom']).'\', \''.hesk_dbEscape($_POST['addIpTo']).'\')');
+}
+
+//-- Email Bans
+$emailBanSql = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`');
+while ($row = $emailBanSql->fetch_assoc()) {
+    if (isset($_POST['emailDelete'][$row['ID']])) {
+        hesk_dbQuery('DELETE FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` WHERE ID = '.hesk_dbEscape($row['ID']));
+    } else {
+        hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails`
+            SET Email = \''.hesk_dbEscape($_POST['email'][$row['ID']]).'\'
+            WHERE ID = '.hesk_dbEscape($row['ID']));
+    }
+}
+if (!empty($_POST['addEmail'])) {
+    hesk_dbQuery('INSERT INTO `'.hesk_dbEscape($hesk_settings['db_pfix']).'denied_emails` (Email) VALUES (\''.hesk_dbEscape($_POST['addEmail']).'\')');
+}
+
 $set['hesk_version'] = $hesk_settings['hesk_version'];
 
 // Save the nuMods_settings.inc.php file