? statistics.patch
? statistics.patch2
? sites/default/files
? sites/default/settings.php
Index: modules/statistics/statistics.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/statistics/statistics.admin.inc,v
retrieving revision 1.7
diff -u -p -r1.7 statistics.admin.inc
--- modules/statistics/statistics.admin.inc	14 Apr 2008 17:48:41 -0000	1.7
+++ modules/statistics/statistics.admin.inc	6 May 2008 21:45:43 -0000
@@ -82,14 +82,20 @@ function statistics_top_visitors() {
     array('data' => t('Operations'))
   );
 
-  $sql = "SELECT COUNT(a.uid) AS hits, a.uid, u.name, a.hostname, SUM(a.timer) AS total, ac.aid FROM {accesslog} a LEFT JOIN {access} ac ON ac.type = 'host' AND LOWER(a.hostname) LIKE (ac.mask) LEFT JOIN {users} u ON a.uid = u.uid GROUP BY a.hostname, a.uid, u.name, ac.aid" . tablesort_sql($header);
+  $sql = "SELECT COUNT(a.uid) AS hits, a.uid, u.name, a.hostname, SUM(a.timer) AS total, bl.iid FROM {accesslog} a LEFT JOIN {blocked_ips} bl ON a.hostname = bl.ip LEFT JOIN {users} u ON a.uid = u.uid GROUP BY a.hostname, a.uid, u.name, bl.iid" . tablesort_sql($header);
   $sql_cnt = "SELECT COUNT(DISTINCT(CONCAT(uid, hostname))) FROM {accesslog}";
   $result = pager_query($sql, 30, 0, $sql_cnt);
 
   $rows = array();
   while ($account = db_fetch_object($result)) {
     $qs = drupal_get_destination();
-    $ban_link = $account->aid ? l(t('unban'), "admin/user/rules/delete/$account->aid", array('query' => $qs)) : l(t('ban'), "admin/user/rules/add/$account->hostname/host", array('query' => $qs));
+    // Only show the link for blocking IP addresses if the user has the appropriate permission, and if the IP address is not associated with an authenticated user.
+    if (user_access('block IP addresses') && !$account->uid) {
+      $ban_link =  $account->iid ? l(t('unblock IP address'), "admin/settings/ip-blocking/delete/$account->iid", array('query' => $qs)) : l(t('block IP address'), "admin/settings/ip-blocking/$account->hostname", array('query' => $qs));
+    }
+    else {
+      $ban_link = '';
+    }    
     $rows[] = array($account->hits, ($account->uid ? theme('username', $account) : $account->hostname), format_interval(round($account->total / 1000)), $ban_link);
   }
 
Index: modules/statistics/statistics.test
===================================================================
RCS file: modules/statistics/statistics.test
diff -N modules/statistics/statistics.test
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ modules/statistics/statistics.test	6 May 2008 21:45:43 -0000
@@ -0,0 +1,66 @@
+<?php
+// $Id$
+
+class StatisticsBlockVisitorsTestCase extends DrupalWebTestCase {
+  /**
+   * Implementation of getInfo().
+   */
+  function getInfo() {
+    return array(
+      'name' => t('Top visitor blocking'),
+      'description' => t('Tests blocking of IP addresses via the top visitors report.'),
+      'group' => t('Statistics')
+    );
+  }
+  
+  /**
+   * Implementation of setUp().
+   */
+  function setUp() {
+    parent::setUp('statistics');
+
+  // Create users.
+  $this->blocking_user = $this->drupalCreateUser(array('block IP addresses', 'access statistics'));
+
+  // Insert dummy access by anonymous user into accesslog;
+  db_query("INSERT INTO {accesslog} (title, path, url, hostname, uid, sid, timer, timestamp) values('%s', '%s', '%s', '%s', %d, '%s', %d, %d)", 'test', 'node/1', 'http://example.com', '192.168.1.1', '0', '10', '10', time());
+  }  
+
+  /**
+   * Blocks an IP address via the top visitors report then uses the same page to unblock it.
+   */
+  function testIPAddressBlocking() {
+    // IP address for testing.
+    $test_ip_address = '192.168.1.1';
+    // Enable access logging (redundant since we insert the data manually).
+    variable_set('statistics_enable_access_log', 1);
+    
+    // Verify the IP address from accesslog appears on the top visitors page
+    // and that a 'block IP adddress' link is displayed.
+    $this->drupalLogin($this->blocking_user);
+    $this->drupalGet('admin/reports/visitors');
+    $this->assertText($test_ip_address, t('IP address found.'));
+    $this->assertText(t('block IP address'), t('Block IP link displayed'));
+    
+    // Block an IP address.
+    $this->clickLink('block IP address');
+    $this->assertText(t('IP address blocking'), t('IP blocking page displayed.'));
+    $edit = array();
+    $edit['ip'] = $test_ip_address;
+    $this->drupalPost('admin/settings/ip-blocking', $edit, t('Save'));
+    $ip = db_result(db_query("SELECT iid from {blocked_ips} WHERE ip = '%s'", $edit['ip']));
+    $this->assertNotNull($ip, t('IP address found in database'));
+    $this->assertRaw(t('The IP address %ip has been blocked.', array('%ip' => $edit['ip'])), t('IP address was blocked.'));
+    
+    // Verify that the block/unblock link on the top visitors page has been altered.
+    $this->drupalGet('admin/reports/visitors');
+    $this->assertText(t('unblock IP address'), t('Unblock IP address link displayed'));
+    
+    // Unblock the IP address.
+    $this->clickLink('unblock IP address');
+    $this->assertRaw(t('Are you sure you want to delete %ip?', array('%ip' => $test_ip_address)), t('IP address deletion confirmation found.'));
+    $edit = array();
+    $this->drupalPost('admin/settings/ip-blocking/delete/1', NULL, t('Delete'));
+    $this->assertRaw(t('The IP address %ip was deleted.', array('%ip' => $test_ip_address)), t('IP address deleted.'));
+  }
+}
Index: modules/system/system.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v
retrieving revision 1.74
diff -u -p -r1.74 system.admin.inc
--- modules/system/system.admin.inc	5 May 2008 21:10:48 -0000	1.74
+++ modules/system/system.admin.inc	6 May 2008 21:45:44 -0000
@@ -1104,9 +1104,9 @@ function system_ip_blocking() {
     );
   }
 
-  $output .= theme('table', $header, $rows);
-
   $output .= drupal_get_form('system_ip_blocking_form');
+  
+  $output .= theme('table', $header, $rows);
 
   return $output;
 }
@@ -1124,6 +1124,7 @@ function system_ip_blocking_form($form_s
     '#type' => 'textfield',
     '#size' => 64,
     '#maxlength' => 32,
+    '#default_value' => arg(3),
     '#description' => t('Enter a valid IP address.'),
   );
   $form['submit'] = array(
Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.601
diff -u -p -r1.601 system.module
--- modules/system/system.module	6 May 2008 12:18:50 -0000	1.601
+++ modules/system/system.module	6 May 2008 21:45:46 -0000
@@ -495,6 +495,13 @@ function system_menu() {
     'page callback' => 'system_ip_blocking',
     'access arguments' => array('block IP addresses'),
   );
+  $items['admin/settings/ip-blocking/%'] = array(
+    'title' => 'IP address blocking',
+    'description' => 'Manage blocked IP addresses.',
+    'page callback' => 'system_ip_blocking',
+    'access arguments' => array('block IP addresses'),
+    'type' => MENU_CALLBACK,
+  );
   $items['admin/settings/ip-blocking/delete/%blocked_ip'] = array(
     'title' => 'Delete IP address',
     'page callback' => 'drupal_get_form',