pioder
/
uf

<?php/** * @package	uForum * @file		admin/banlist.php* @version	$Id$ * @copyright	2007-2010 (c) PioDer <pioder@wp.pl>* @link    		http://www.pioder.pl/* @license	see LICENSE.txt**/define('IN_uF', true);//include files
require('./../config.php');require('./../includes/constants.php');require('./../includes/db.php');require('./../includes/errors.php');require('./../includes/classes/class_pms.php');//connect to database
DataBase::db_connect();require('./../includes/sessions.php');require('./../includes/classes/class_user.php');require('./../common.php');require('./../includes/admin/class_main.php');require('./../includes/classes/class_forum.php');require('./../includes/admin/class_forum.php');require('./../includes/classes/secure.php');require('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');SessDelInvalid();	SessRegister();SessDeleteOld();if (User::UserInformation($_SESSION['uid'],'rank')!=2){	admin_message_forum($lng['yournotadmin'],'../index.php');}if (!isset($_GET['mode'])){	header('Location: banlist.php?mode=view');	}
switch($_GET['mode']){	case 'add':	{		switch($_GET['submode'])		{			//ban for user id only
			case 'user':    			{	        		if (isset($_POST['u_id'],$_POST['motive']))				{	    				$ban_ip = '0.0.0.0';	    				$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' 					: strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));					if ($ban_uid==$_SESSION['uid'])					{						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');					}					else					{						if (User::UserInformation($ban_uid,'rank')==2)						{							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');						}					}					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))					{						message_forum($lng['no_ban_me'],'banlist.php?mode=view');					}	    				$ban_motive = strip_tags($_POST['motive']);    			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid',  '$ban_ip', '$ban_motive')";					DataBase::sql_query($sql,GENERAL,'Could not update add ban.');						admin_message_forum($lng['ban_added'],'banlist.php?mode=view');				}				else				{					$_POST['motive'] = '';					$_POST['u_id'] = 'No profile';					$skin = array(	    				'L.banlist'=>$lng['admin_banlist'],					'action'=>'banlist.php?mode=add&amp;submode=user',					'L.edit_ban'=>$lng['banlist_add_user'],		    			'L.user_name'=>$lng['user_name'],					'L.motive' => $lng['motive'],					'L.save'=>$lng['submit'],					'L.reset'=>$lng['reset'],					'L.user_name.HELP' => $lng['banlist_info_1']					);					Admin_Over::GenerateHeader();					require('./template/banlist_add_user_body.tpl');					require('./template/overall_footer.tpl');				}				break;			}			//ban for ip only 
			case 'ip':			{	        		if (isset($_POST['ip'],$_POST['motive']))				{					$ban_ip = strip_tags($_POST['ip']);					$ban_uid = '-2';					$ban_motive = strip_tags($_POST['motive']);					if ($ban_uid==$_SESSION['uid'])					{						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');					}					else					{						if (User::UserInformation($ban_uid,'rank')==2)						{							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');						}					}					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))					{						message_forum($lng['no_ban_me'],'banlist.php?mode=view');					}					$bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT 
					  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
				  	     'Could not obtain last ban id'));					$bid = $bid['b_id'];					$bid = $bid +1;     			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";					DataBase::sql_query($sql,GENERAL,'Could not update add ban.');						admin_message_forum($lng['ban_added'],'banlist.php?mode=view');				}				else				{					$_POST['ip']='0.0.0.0';					$_POST['motive'] = '';					$skin = array(					'L.banlist'=>$lng['admin_banlist'],					'action'=>'banlist.php?mode=add&amp;submode=ip',    					'L.edit_ban'=>$lng['banlist_add_ip'],		    			'L.user_name'=>$lng['user_name'],					'L.motive' => $lng['motive'],					'L.save'=>$lng['submit'],					'L.reset'=>$lng['reset'],					'L.ip.HELP' => $lng['banlist_info_2'],					'L.user_name.HELP' => $lng['banlist_info_1']					);					Admin_Over::GenerateHeader();					require('./template/banlist_add_ip_body.tpl');					require('./template/overall_footer.tpl');				}				break;			}			//ban for ip & user id
			case 'all':    			{	        		if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))				{	    				$ban_ip = strip_tags($_POST['ip']);	    				$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'   					: User::UserIdByNick(strip_tags($_POST['u_id']));	    				$ban_motive = strip_tags($_POST['motive']);	    				if ($ban_uid==$_SESSION['uid'])					{						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');					}					else					{						if (User::UserInformation($ban_uid,'rank')==2)						{							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');						}					}					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))					{						message_forum($lng['no_ban_me'],'banlist.php?mode=view');					}	    				$bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT 
		    			  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
	     			  	     'Could not obtain last ban id'));					$bid = $bid['b_id'];					$bid = $bid +1;     			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";					DataBase::sql_query($sql,GENERAL,'Could not update add ban.');						admin_message_forum($lng['ban_added'],'banlist.php?mode=view');				}				else				{					$_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';					$_POST['motive'] = '';					$_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';					$skin = array(	    				'L.banlist'=>$lng['admin_banlist'],					'action'=>'banlist.php?mode=add&amp;submode=all',    					'L.main_beam'=>$lng['edit_word'],    					'L.edit_ban'=>$lng['banlist_add_all'],		    			'L.user_name'=>$lng['user_name'],					'L.motive' => $lng['motive'],					'L.save'=>$lng['submit'],					'L.reset'=>$lng['reset'],					'L.ip.HELP' => $lng['banlist_info_2'],					'L.user_name.HELP' => $lng['banlist_info_1']					);					Admin_Over::GenerateHeader();					require('./template/banlist_edit_body.tpl');					require('./template/overall_footer.tpl');				}				break;			}			//ban with file
			case 'file':			{	        		if (isset($_FILES['file'],$_POST['motive']))				{	    				$ban_uid = '-2'; 	    				$ban_motive = strip_tags($_POST['motive']);	    				$catalog = '../tmp/';					if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))					{						message_die(GENERAL,'Could not upload file.','');					}					$open = fopen($catalog.$_FILES['file']['name'],'r');					$file = fread($open, filesize($catalog.$_FILES['file']['name']));					$item = @explode("\n",$file);	    				$bid = $bid = DataBase::fetch(DataBase::sql_query("SELECT 
		    			  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
	     			  	     'Could not obtain last ban id'));					$bid = $bid['b_id'];					$bid = $bid +1; 					for($i=0;$i<count($item);$i++)					{    						$ban_ip = $item[$i];						$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";						DataBase::sql_query($sql,GENERAL,'Could not update add ban.');						$bid = $bid +1;					}						admin_message_forum($lng['ban_added'],'banlist.php?mode=view');				}				else				{					$_POST['motive'] = '';					$skin = array(	    				'L.banlist'=>$lng['admin_banlist'],					'action'=>'banlist.php?mode=add&amp;submode=file',    					'L.main_beam'=>$lng['edit_word'],    					'L.edit_ban'=>$lng['banlist_add_from_file'],		    			'L.file_name'=>$lng['file_name'],					'L.motive' => $lng['motive'],					'L.save'=>$lng['submit'],					'L.reset'=>$lng['reset'],					'L.file.HELP' => $lng['banlist_info_3']					);					Admin_Over::GenerateHeader();					require('./template/banlist_add_file_body.tpl');					require('./template/overall_footer.tpl');				}				break;			}		}		break;	}	case 'delete':	{   		$bid = $_GET['id'];   		$sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";   		DataBase::sql_query($sql,GENERAL,'Could not delete banlist item.');   		admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');   		break;	}	case 'edit':	{		if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))		{	    		$ban_ip = strip_tags($_POST['ip']);	    		$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2'   			: User::UserIdByNick(strip_tags($_POST['u_id']));	    		$ban_motive = $_POST['motive'];	    		if ($ban_uid==$_SESSION['uid'])			{				admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');			}			else			{				if (User::UserInformation($ban_uid,'rank')==2)				{					admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');				}			}			if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))			{				message_forum($lng['no_ban_me'],'banlist.php?mode=view');			}	    		$bid = intval($_GET['id']);	    		$sql = "UPDATE ".BANLIST_TABLE." SET
		     	`IP`='$ban_ip', 		     	`u_id`='$ban_uid', 		     	`motive`='$ban_motive' 			WHERE `b_id`='$bid'";
			DataBase::sql_query($sql,GENERAL,'Could not update ban.');				admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');		}		else		{    			$bid = $_GET['id'];			$sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";    			$query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist item information');			$result = DataBase::fetch($query);			$_POST['ip']=$result['IP'];			$_POST['motive'] = $result['motive'];			$_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';			$skin = array(    			'L.banlist'=>$lng['admin_banlist'],			'action'=>'banlist.php?mode=edit&id='.$bid,    			'L.main_beam'=>$lng['edit_word'],    			'L.edit_ban'=>$lng['banlist_edit_ban'],    			'L.user_name'=>$lng['user_name'],			'L.motive' => $lng['motive'],			'L.reset'=>$lng['reset'],			'L.save'=>$lng['submit'],			'L.ip.HELP' => $lng['banlist_info_2'],			'L.user_name.HELP' => $lng['banlist_info_1']			);			Admin_Over::GenerateHeader();			require('./template/banlist_edit_body.tpl');			require('./template/overall_footer.tpl');		}		break;	}	case 'clear':	{   		$sql = "TRUNCATE `".BANLIST_TABLE."`";   		DataBase::sql_query($sql, GENERAL,'Could not empty banlist');   		admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');	}	 	case 'view': 	{    		$query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,GENERAL,'Could not obtain user information');		while($result = DataBase::fetch($query))		{    			$user[$result['u_id']]['nick'] = $result['nick'];		}		$sql = "SELECT * FROM ".BANLIST_TABLE."";    		$query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist items');    		$skin=array(		'L.banlist'=>$lng['admin_banlist'],		'L.select_mode'=>$lng['what_do_you_want'],		'L.add_user'=>$lng['banlist_add_user'],		'L.add_ip'=>$lng['banlist_add_ip'],		'L.add_all'=>$lng['banlist_add_all'],		'L.add_file'=>$lng['banlist_add_from_file'],		'L.clean_banlist' => $lng['banlist_clean']		);		Admin_Over::GenerateHeader();    		require('./template/banlist_view_body.tpl');		if (DataBase::num_rows($query)<1)		{    			echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"
			     class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';		}		else		{			while($item = DataBase::fetch($query))    			{				$skin = array(				'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',				'ip'=> $item['IP'],				'motive' => $item['motive'],				'b_id'=>$item['b_id'],				'L.delete'=>$lng['delete'],				'L.edit'=>$lng['edit']				); 				require('./template/banlist_item_add.tpl');			}		}		echo '</table>';		require('./template/overall_footer.tpl');		break;	}	default:	{		header('Location: banlist.php?mode=view');			break;	}}?>