<?php
    error_reporting(E_ALL ^ E_DEPRECATED);
    mysqli_report(MYSQLI_REPORT_OFF);
    include_once "../include/variables.php";
    include_once "../include/functions.php";
    include_once "../include/errors.php";
    include_once "../include/getip.php";    
    if (!function_exists("getinfo")) {
        function getinfo() {
            global $ip, $host;
            return "[".date("Y-m-d H:i:s")." $ip".(!empty($host)?" $host":"")."]";
        }
    }    
    $PHP_SELF=$_SERVER['PHP_SELF'];
    if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
        if (ob_get_length()) ob_end_clean();
        ob_start("ob_gzhandler");
    }
    //else ob_start();
    if (!empty($_SERVER['HTTPS'])) {
        $session_options = array(
            "secure" => true,
            "SameSite" => "None"
        );
        session_set_cookie_params($session_options);
    }
    session_start();
    if (!file_exists("../include/db.php")) die("No database config file");
    include "../include/badbots.php";        
    include "../include/lang.php";
    include "../include/auth.php";
    header("Content-Type: text/html; charset=UTF-8");
    ob_start();
    
    function abuseipdbreportip($ip,$categories,$comment) {
        global $abuseipdb_apikey;
        $data = array(
            "ip" => $ip,
            "categories" => $categories,
            "comment" => $comment
        );
        $headers =  array(
            'Key: '.$abuseipdb_apikey,
            'Accept: application/json'
        );
        $curlObj = curl_init('https://api.abuseipdb.com/api/v2/report'); 
        curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curlObj, CURLOPT_POST, true);
        curl_setopt($curlObj, CURLOPT_POSTFIELDS, $data);
        curl_setopt($curlObj, CURLOPT_HTTPHEADER, $headers);
        $curl_response = curl_exec($curlObj);
        //var_dump($curl_response);
        curl_close($curlObj);
    }

    function abuseipdbcheckip($ip) {
        global $abuseipdb_apikey;
        $headers = array(
            'Key: ' . $abuseipdb_apikey,
            'Accept: application/json'
        );
        $curlObj = curl_init('https://api.abuseipdb.com/api/v2/check?ipAddress='.$ip.'&maxAgeInDays=7');
        curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curlObj, CURLOPT_HTTPGET, 1);
        curl_setopt($curlObj, CURLOPT_HTTPHEADER, $headers);
        $curl_response = curl_exec($curlObj);
        $ret = print_r($curl_response,true);
        curl_close($curlObj);
        return $ret;
    }
?>
<html>
<head>
<style type="text/css">
<!--
        body { 
            margin: 0px; 
            padding: 5px;
            background: #697795;
            color:#eeebf5; 
            font-size:11pt; 
            font-family: Georgia, Palatino, "Palatino Linotype", Times, "Times New Roman", serif;
            text-align:center;
        }
        p {
            margin: 0px;
            text-indent:1.27cm;
            text-align: justify;
        } 
        a:link {
            text-decoration:none;
            color: #BDFFD6;
        }
        a:hover {
            text-decoration:underline;
            color: #FBFAD0;    
        }
        a:visited {
            text-decoration:none;
            color: #C2E4EF;
        }
        a:visited:hover {
            text-decoration:underline;
            color: #E5ECD9;    
        }            
        table { 
            border-collapse: collapse; 
            margin: 0px auto 0px auto;
        }
        th { 
            background: #8590AC;
                        white-space: nowrap;
        }
        td { 
            vertical-align:top;
            background: #6D789B;
            text-align:left;
            padding: 1px 2px;
            white-space: nowrap;
        }
        h2, h3 {
            text-align:center; 
            margin-top:15px;
            margin-bottom: 12px;
        }
        img {
            border: 0px;
            padding: 0px;
            margin: 0px;
        }
        form, pre {
            padding: 0px;
            margin: 0px;
        }
        pre {
            white-space: pre-wrap;
            word-wrap: break-word;
            overflow:auto;
            text-align:left;
        }
        input {
        }
        hr {
            border-color: #8cb3d9;
        }
        *:focus {
            outline: none;
        }
-->
</style>

<?php
include "../include/db.php";
if($db_link){
    mysqli_select_db($db_link,$db);
    $table="bans";
    $result=mysqli_query($db_link,"desc $table");
    //create ban list table
    if(!$result){ 
        $result=mysqli_query($db_link,"create table $table (id int not null auto_increment primary key, ip varchar(48) not null default '', timestamp int not null default 0, expires int not null default 0, exclude int not null default 0, comment text not null) default charset=utf8mb4 collate=utf8mb4_bin") or die(mysqli_error($db_link));
    }
    //create abuseipdb table
    $table2="abuseipdb";
    if (!mysqli_query($db_link,"desc $table2")){
        mysqli_query($db_link, "create table $table2 (id int not null auto_increment primary key, ip text not null, lastcheck int not null default 0, result text not null) default charset=utf8mb4 collate=utf8mb4_bin") or die (mysqli_error($db_link));
    } 
    
    //are you banned?
    $banned=false;
    $unban=true;
    $result=mysqli_query($db_link,"select * from $table where ip='$ip'") or die(mysqli_error($db_link));
    if (mysqli_num_rows($result) > 0) {
        if($arr=mysqli_fetch_assoc($result)){
            if ($arr['expires'] == -1 || $arr['expires'] > time()) $banned=true;
            if ($arr['exclude'] == 1) {
                if ($admin) $admin_notice=true;
                else $unban = false;
            }
        }
    }
?>
<title><?php echo $banned?("Your Status: ".($unban?"Banned":"Perma-Banned")):("Tools".($admin?",":" &")." Banned IP's".($admin?" & IP Filter Configuration ":""));?></title>
<meta name="" >
</head>
<body>
<?php
    
    include "../include/page.php";
    if (!isset($_GET['unban'])) {
        echo "<h3>Your Info</h3><b>Your IP:</b> $ip".((!empty($host))?" <b>Host:</b> $host":"");
        if (!$banned) echo " (<a href=\"/source.php?file=include/getip.php\">IP Detection Example Here</a>)";
        if (!empty($proxy)) echo "<br><b>Proxy IP:</b> $proxy";
        echo "<br><b>Banned:</b> ";    
        if ($banned) {
            echo "Yes";
            echo "<br><b>Can Unban:</b> ";
            if ($unban) {
                if (!isset($_GET['unban'])) echo "<a href=\"$PHP_SELF?unban\">Yes</a>";
            } else echo "No";
            if (isset($admin_notice)) echo ", perma-ban disabled (admin login)";
        } elseif (!isset($_GET['unban'])) {
            echo "No";
            echo "<hr>";
            if ($admin) {
                echo "<a name=\"files\"></a><a href=\"#files\"><h3>File List (Admin)</h3></a>";
                $file_ex[]="index.php";
                $dir=scandir(".");
                foreach($dir as $item) {
                    if(strpos($item, ".")!==0) {
                        if(!is_dir($item)) {
                              if(!isset($file_ex) || !in_array($item, $file_ex)) {
                                  echo "<a href=\"$item\">$item</a> (<a href=\"/source.php?file=tools/$item\">Source</a>)<br>\n";
                              }
                        }
                    }
                }
            } else { echo "<a name=\"tools\"></a><a href=\"#tools\"><h3>Misc Tools</h3></a>
    <a href=\"test.php\">Test File</a> (<a href=\"/source.php?file=tools/test.php\">Source</a>)<br>
    <a href=\"compare.php\">Compare Text</a> (<a href=\"/source.php?file=tools/compare.php\">Source</a>)<br>
    <a href=\"randimg.php\">Random Image for Capcha</a> (<a href=\"/source.php?file=tools/randimg.php\">Source</a>)<br>
    <a href=\"error.php?error=404\" rel=\"nofollow\">Error Handler</a> (<a href=\"/source.php?file=tools/error.php\">Source</a>)<br>
    <a href=\"iplist.php\">List of Bad IP's</a> (<a href=\"/source.php?file=tools/iplist.php\">Source</a>)<br>
    <a href=\"/source.php?file=tools/dumpsql.php\">Dababase Backup Script (Source only)</a>";
    }
            echo "<hr>";
        }
    }                                    
    mysqli_close($db_link);
}

//initial config
$update = 0;
$perma = true;
$exclude = true;

//add new ban
if ($admin) {
    echo "<a name=\"bans\"></a><a href=\"#bans\"><h3>Ban Management</h3></a>";
    if (isset($_GET['list']) && $_GET['list'] == "bans") {
        if (isset($_GET['clear'])){
            include "../include/db.php";
            if($db_link){
                $table = "bans";
                mysqli_select_db($db_link,$db);
                mysqli_query($db_link,"drop table $table") or die(mysqli_error($db_link));
                mysqli_close($db_link);
                $update = 1;
            }
        }
        elseif (!empty($_POST)){
            //add new ban
            if (!empty ($_POST['ip'])) {
                if (preg_match('/^\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b$/',$_POST['ip'])) { 
                    $perma=(isset($_POST['perma'])&&($_POST['perma']=='on'))?true:false;
                    $exclude=(isset($_POST['exclude'])&&($_POST['exclude']=='on'))?true:false;
                    include "../include/db.php";
                    if($db_link){
                        mysqli_select_db($db_link,$db);
                        if(mysqli_num_rows(mysqli_query($db_link,"select * from $table where ip='".$_POST['ip']."'")) > 0) {
                            echo "Duplicate ip address detected";
                        } else {
                            $timestamp=time();
                            mysqli_query($db_link,"insert into $table (ip,timestamp,expires,exclude,comment) values ('".$_POST['ip']."','$timestamp.','".(($perma == true)?"-1":($timestamp+60*60*24*2))."','".($exclude == true?1:0)."','')") or die(mysqli_error($db_link));
                            mysqli_close($db_link);
                            $update = 1;
                        }
                    } 
                } else echo "Please provide a valid ip adress";
            } else echo "Please provide an ip adress";
        }
    }
}

include "../include/db.php";
if($db_link){
    mysqli_select_db($db_link,$db);
    $table = "bans";
    if($banned || isset($_GET['unban'])){
        if ($banned){
            if ($unban) {
                $showform = true;
                if (!$admin) {
                    if (!empty($_POST)) {
                        if (empty($_COOKIE)) {
                            echo "Cookies required for this function";
                        } elseif (empty($_SESSION)) {
                            echo "Required session cookie missing";
                        } else {
                            $ver = isset($_POST['ver'])?$_POST['ver']:"";
                            if (isset($_SESSION['data']['unban']['captcha']))
                                $captcha = $_SESSION['data']['unban']['captcha'];
                            elseif (isset ($_SESSION['image_value']))
                                $captcha = $_SESSION['image_value'];
                            else $captcha = "";
                            if (empty($captcha)) {
                                echo "Session captcha hash missing";
                            } elseif (empty($ver)) {
                                echo "You forgot to enter captcha";
                            } elseif (md5($ver) != $captcha) {
                                echo "The captcha you entered is incorrect";
                            } else
                                $showform = false;
                        }
                    }
                } else $showform = false;
                if (!$showform) {
                    if(!$admin) echo "Correct Verification. You may go to <a href=\"/\">Home Page</a>"; 
                    else echo "Admin Login. Automatically Unbanned. Go To <a href=\"/\">Home Page</a> Here";
                    $del=$ip;
                    mysqli_query($db_link,"delete from $table where ip='$ip'") or die(mysqli_error($db_link));
                    $update = true;
                    $showform = false;
                } else {
                    if (!isset($_SESSION['data'])) $_SESSION['data']=Array();
                        $agent=!empty($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"";
                        $_SESSION['data']['unban']=Array("time"=>time(),"ip"=>$ip,"agent"=>$agent);
                        foreach(array_keys($_SESSION['data']) as $value) {
                            if (!isset($_SESSION['data'][$value]['time']) || $_SESSION['data'][$value]['time'] <= time()-5*60) 
                                unset($_SESSION['data'][$value]);
                    }
                    $url="$PHP_SELF?unban";
                    echo "<form action=\"$url\" method=\"post\">Enter Capcha: <img src=\"randimg.php?cid=unban\">
        <input type=\"text\" name=\"ver\">
        <input type=\"submit\" value=\"Submit\"></form>";
                }
            } else {
                echo "You cannot unban. Sorry.";
            }
        } else echo "Not Banned. Nothing to Do. <a href=\"javascript:history.back();\">Go Back</a>\n";
    } else {
        if (isset($_GET['list']) && $_GET['list'] == "bans"){
            $sta=(isset($_GET['sta']) && is_numeric($_GET['sta']))?$_GET['sta']:0;
        } else {
            $sta=0;
        }
        
        if ($admin) {
            echo "<form method=\"post\" action=\"$PHP_SELF?list=bans\">IP Adress: <input type=\"text\" name=\"ip\" value=\"".(isset($addr)?$addr:"")."\">
<input type=\"submit\" value=\"Ban This IP\">
<br><input type=\"checkbox\" ".($perma?"checked ":"")."name=\"perma\" id=\"perma\"><label for=\"perma\">PermaBan</label>
<input type=\"checkbox\" ".($exclude?"checked ":"")."name=\"exclude\" id=\"exclude\"><label for=\"exclude\">Add to Exclude List</label>
<br></form><hr>";
            if (isset ($_GET['del']) && isset($_GET['list']) && $_GET['list'] == "bans") {
                $del = $_GET['del'];
                if (isset($_GET['ok'])) {
                    mysqli_query($db_link,"delete from $table where ip='$del'");
                    $update = true;
                } else {
                    $timestamp=time();
                    $abuseipdb_cached = false;
                    $result = mysqli_query($db_link,"select lastcheck, result from $table2 where ip='".mysqli_real_escape_string($db_link,$del)."'") or die(mysqli_error($db_link));
                    if (!mysqli_num_rows($result)) {
                        $abuseipdb_result = abuseipdbcheckip($del);
                        if ($abuseipdb_result !== false) {
                            mysqli_query($db_link,"insert into $table2 (ip, lastcheck, result) values ('".mysqli_real_escape_string($db_link,$del)."','".time()."','".mysqli_real_escape_string($db_link,$abuseipdb_result)."')") or die (mysqli_error($db_link));
                        }
                    } else {
                        if ($arr2 = mysqli_fetch_assoc($result)) {
                            $abuseipdb_lastcheck = $arr2['lastcheck'];
                            if ($abuseipdb_lastcheck < $timestamp - 60*60*24) {
                                $abuseipdb_result = abuseipdbcheckip($del);
                                if ($abuseipdb_result !== false) {
                                    mysqli_query($db_link,"update $table2 set lastcheck='$timestamp', result='".mysqli_real_escape_string($db_link,$abuseipdb_result)."' where ip='".mysqli_real_escape_string($db_link,$del)."'") or die (mysqli_error($db_link));
                                } 
                            } else {
                                $abuseipdb_cached = true;
                                $abuseipdb_result = $arr2['result'];
                            }
                        }
                    }
                    if ($abuseipdb_result !== false) {
                        //echo $abuseipdb_result;
                        $abuseipdb_data = json_decode($abuseipdb_result,true)['data'];
                        $abuseipdb_reports = $abuseipdb_data['totalReports'];
                        $abuseipdb_distinctusers = $abuseipdb_data['numDistinctUsers'];
                        $abuseipdb_score = $abuseipdb_data['abuseConfidenceScore'];
                        if ($abuseipdb_reports > 0 || $abuseipdb_score > 0) {
                            echo "AbuseIPDB Records: ".$abuseipdb_reports." recent reports";
                            if ($abuseipdb_reports > 0) {
                                echo ", newest ";
                                $timestamp = strtotime($abuseipdb_data['lastReportedAt']);
                                echo date("Y-m-d H:i:s",$timestamp);
                            }
                            echo ", score $abuseipdb_score &percnt;"; 
                            if ($abuseipdb_reports > 0) echo ", $abuseipdb_distinctusers distinct sources";
                            if ($abuseipdb_cached) echo " (Cached, last update ".date("Y-m-d H:i:s",$abuseipdb_lastcheck).")";
                            echo " <a rel=\"noreferrer\" href=\"https://www.abuseipdb.com/check/$del\" target=\"_blank\">[View details on AbuseIPDB]</a>";
                            echo "<br>\n";
                        }
                    }
                    echo "Delete ip ".htmlspecialchars($del)." from banned list? <a href=\"$PHP_SELF?del=$del&list=bans".(($sta > 0)?("&sta=".$sta):"")."&ok#bans\">[Yes]</a> <a href=\"$PHP_SELF".(($sta > 0)?("?list=bans&sta=".$sta):"")."#bans\">[No]</a></a><hr>";
                }
            }
        }
        
        
        if (empty($_GET['list']) || ($_GET['list'] == "bans" && (empty($_GET['sta']) || is_numeric($_GET['sta'])))) {
            $step=25; //items per page
            $next=$end=$sta+$step;
            $prev=$sta-$step;
            
            $query="select * from $table order by timestamp desc limit $sta,$step";
            $result=mysqli_query($db_link,$query);
            $count = mysqli_num_rows($result);
            if ($count > 0) {
                $page = ceil(($sta+$count)/$step);
                echo "<a name=\"bans\"></a>";
                echo "<a href=\"#bans\"><h3>IP Bans (page $page)</h3></a>";
                echo "<table>\n<tr><th>IP Address<th>Detected Host<th>Unique Links<th>Banned since<th>Expires<th>Last Seen<th>Restrictions<th>Actions<th>Notes</tr>\n";
                
                
                
                echo "<div style=\"text-align:center\">";
                    if ($prev >= 0) {
                        if ($prev >= $step) echo "<a href=\"$PHP_SELF?list=bans&sta=$prev#bans\">[Prev Page]</a> ";
                        else echo "<a href=\"$PHP_SELF?list=bans#bans\">[Prev Page]</a> ";
                        echo "<a href=\"$PHP_SELF?list=bans#bans\">[Index]</a> ";
                    } else {
                        echo "[Prev Page] [Index] ";
                    }
                if ($step <= $count) echo "<a href=\"$PHP_SELF?list=bans&sta=$next#bans\">[Next Page]</a> ";
                else echo "[Next Page] ";
                echo "</div><hr>";
                $p=0;
                while($ban=mysqli_fetch_assoc($result)){
                    if ($ban['expires'] > -1 && $ban['expires'] < time()) {
                        mysqli_query($db_link,"delete from $table where ip='".$ban['ip']."'");
                        $update = true;
                    } else {
                        echo "<tr><td>";
                        if ($admin) echo "<a name=\"ip".$p."\"></a>";
                        echo $ban['ip']."<td><div style=\"overflow:hidden;width:220px;word-break:keep-all;text-align:left\">";
                        $res2=mysqli_query($db_link,"select distinct host from accesslog where ip='".$ban['ip']."'") or die(mysqli_error($db_link));
                        if (mysqli_num_rows($res2) > 0) {
                            if($arr=mysqli_fetch_assoc($res2)){
                                $trunc=30;
                                echo ((strlen($arr['host'])>$trunc)?("<a title=\"".$arr['host']."\">".substr($arr['host'], 0, $trunc-3)."...</a>"):$arr['host']);
                            }
                        }
                        echo "</div>";
                        $isproxy=false;
                        $res2=mysqli_query($db_link,"select proxy, max(date) as date, count(url) as count from accesslog where ip='".$ban['ip']."' or proxy='".$ban['ip']."'") or die(mysqli_error($db_link));
                        if (mysqli_num_rows($res2) > 0) {
                            if($arr=mysqli_fetch_assoc($res2)) {
                                echo "<td>";
                                echo $arr['count'];
                                echo "<td>".(($ban['timestamp'] > 0)?date("Y-m-d H:i:s",$ban['timestamp']):"Unknown")."<td>";
                                echo (($ban['expires'] > -1)?(date("Y-m-d H:i:s",$ban['expires'])):"<span title=\"Only Site Manager can Remove the Ban\">Never</span>")."<td>";
                                if (!empty($arr['proxy']) && $ban['ip'] == $arr['proxy']) $isproxy=true;
                                else $isproxy=false;
                                if(is_numeric($arr["date"]) && $arr["date"] > 0) {
                                    if ($admin) {
                                        if ($arr["date"] >= time() - 60*60*24*7) echo "<b title=\"Seen on Last Week\">";
                                        if ($arr["date"] >= time() - 60*60*24) { 
                                            $color="#FFCBCC"; 
                                            $txt="Seen on last 24 Hours"; 
                                        }
                                        elseif ($arr["date"] >= time() - 60*60*24*2) { 
                                            $color="#FFE6CB"; 
                                            $txt="Seen on last 2 Days"; 
                                        } elseif (
                                            $arr["date"] >= time() - 60*60*24*3) { 
                                            $color="#FFFFCB"; 
                                            $txt="Seen on last 3 Days"; 
                                        } elseif (
                                            $arr["date"] >= time() - 60*60*24*4) { 
                                            $color="#CBFFFF"; 
                                            $txt="Seen on last 4 Days"; 
                                        }
                                        if ($arr["date"] >= time() - 60*60*24*4) echo "<span style=\"color:$color;\"; title=\"$txt\">";
                                    }
                                    echo date("Y-m-d H:i:s",$arr["date"]);
                                    if ($admin) {
                                        if($arr["date"] >= time() - 60*60*24*4) echo "</span>";
                                        if ($admin && $arr["date"] >= time() - 60*60*24*7) echo "</b>";
                                    }
                                } else echo "<span title=\"Records of IP Unavailable or Deleted Recently\">No IP Activity Detected</span>";
                            }
                        } else {
                            echo "No Data";
                        }
                    }
                    echo "<td>".(($ban['exclude'] == 1)?"<span title=\"Unbanning by Capcha Not Available for This IP\">Can't Unban</span>":"")."<td>";
                    if ($admin) echo "<a href=\"$PHP_SELF?del=".$ban['ip']."&list=bans".(($sta > 0)?"&sta=$sta":"")."#bans\">[Delete]</a> <a href=\"/index.php?action=showlog&ip=".$ban['ip']."\" target=\"_blank\">[Show Logs]</a> ";
                    echo "<a href=\"https://www.google.com/search?q=".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[Google]</a> <a rel=\"noreferrer\" href=\"https://www.abuseipdb.com/check/".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[AbuseIPDB]</a> <a href=\"http://www.projecthoneypot.org/ip_".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[ProjectHoneyPot]</a> <a href=\"http://www.stopforumspam.com/ipcheck/".$ban['ip']."\" rel=\"nofollow\" target=\"_blank\">[StopForumSpam]</a><td>".($isproxy?"Proxy IP":"")."</tr>\n";
                    $p++;
                    
                    
                }
                echo "</table>";
                
            } else {
                if (isset($_GET['list']) && $_GET['list'] == "bans" && $sta != 0) {
                    $evt="404";
                    header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
                    echo "No entries found for this query";
                }
                else echo "No Entries Present Currently";
            }
        } else {
            echo "No Entries Present Currently";
        }
    }
    //update .htaccess
    if($update) {
        $result=mysqli_query($db_link,"select ip from $table order by ip");
        $bans="";
        if (mysqli_num_rows($result) > 0) {
            while($ban=mysqli_fetch_assoc($result)){
                $bans.= "Deny from ".$ban['ip']."\n";
            }
        }
        $out="$htaccess_header\n$errordoc\n$rewrite_rules\n$badbots\nOrder Allow,Deny\nAllow from all\nDeny from env=bad_bot\n$badips\n$bans";
        $file=fopen("$prefix/.htaccess","w");
        fwrite($file, $out);
        fclose($file);
    }
    mysqli_close($db_link);
}
    
    
    //ipfilter settings
        
        if($admin && !$banned && !isset($_GET['unban'])) {
            include "../include/db.php";
            if($db_link) {
                mysqli_select_db($db_link,$db);
                //ipfilter
                echo "<hr><a name=\"ipfilter\"></a><a href=\"#ipfilter\"><h3>IPFilter Settings</h3></a>";
                $table="ipfilter";
                if (!mysqli_query($db_link,"desc $table")) {
                    $query="create table $table (id int not null auto_increment primary key, rule varchar (128) not null default '', type varchar (32) not null default '', expires int not null default 0)";
                    mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                }
                if (!empty($_POST)) {
                    if (isset($_GET['list']) && $_GET['list'] == "ipfilter") {
                        if(!empty($_POST['type']) && !empty($_POST['rule'])){
                            $type=$_POST['type'];
                            if($type) {
                                $rule=$_POST['rule'];
                                $query="select * from $table where type='$type' and rule='$rule'";
                                $result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                                $count = mysqli_num_rows($result);
                                if($count > 0) {
                                    echo "Entry already exists.<br>\n";
                                } else {
                                    $query="insert into $table (type, rule) values ('$type', '$rule')";
                                    mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                                }
                            }
                        } else {
                            echo "Please provide all information required.<br>\n";
                        }
                    }
                }
                $del=isset($_GET['del'])?$_GET['del']:""; 
                if($del && isset($_GET['list']) && ($_GET['list'] == "ipfilter")) {
                    $query="delete from $table where id='$del'";
                    mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                }
                
                $query="select * from $table";
                $result=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                $count=mysqli_num_rows($result);
                if($count > 0) {
                    
                    echo "<table class=\"form\" width=\"520\">";
                    echo "<tr><th>Type<th>Rule<th>Expires<th>Actions<th>Last Detection</tr>";
                    $table="ipfilter_log";
                    if (!mysqli_query($db_link,"desc $table")) {
                        $query="create table $table (id int not null auto_increment primary key, event varchar(16) not null default '', ip varchar(48) not null default '', host varchar(128) not null default '', value varchar (256) not null default '', date int not null default 0)";
                        mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                    }
                    while($arr=mysqli_fetch_assoc($result)) {
                        
                        echo "<tr><td>".$arr['type'].
                        "<td>".$arr['rule']."<td>".
                        ($arr['expires']>0?date("Y-m-d H:i:s",$arr['expires']):"Never").
                        "<td><a href=\"$PHP_SELF?".($module?"module=$module&amp;":"").
                        "del=".$arr['id']."&amp;list=ipfilter&amp;lang=$lang\">Delete</a>";
                        
                        $search[]="/\%/";
                        $search[]="/\_/";
                        $replace[]="\%";
                        $replace[]="\_";
                        $value=preg_replace($search, $replace, addslashes($arr['rule']));
                        
                        $query="select max(date) as date from $table where event='".$arr['type']."' and value like '%".$value."%'";
                        $res2=mysqli_query($db_link,$query) or die(mysqli_error($db_link));
                        if ($arr2 =mysqli_fetch_assoc($res2)){
                            echo "<td>".(!empty($arr2["date"])?date("Y-m-d H:i:s",$arr2["date"]):"Not Detected Yet");
                        } 
                        unset($search, $replace);
                        echo "</tr>";
                    }
                    echo "</table>";    
                }
                mysqli_close($db_link);
            }
            echo "<hr>";
            echo "<form action=\"$PHP_SELF?list=ipfilter\" method=\"post\">
            Add ip filter rule: <select name=\"type\"><option value=\"\">Select Type</option>
            <option value=\"agent\">User agent</option>
            <option value=\"uri\">Request Uri</option>
            </select><input type=\"text\" name=\"rule\"><input type=\"submit\" value=\"Add Rule\">
            </form>";
        }
        if (!$banned && !isset($_GET['unban'])) {
            echo "<hr><a href=\"/\">[Home]</a>";
            echo " <a href=\"/source.php?file=tools/index.php\">[Source of this page]</a><br>\n";
        }

echo "</body></html>";
include "../include/iplog.php";
ob_end_flush();
saveTranslations();
?>

You can also check other includes below (some files are hidden as they are in exclusion list):
functions.php
errors.php
getip.php
lang.php
auth.php
page.php
iplog.php