- <?php
- /**
- * @package uForum
- * @file admin/banlist.php
- * @version $Id$
- * @copyright 2007-2010 (c) PioDer <pioder@wp.pl>
- * @link http://www.pioder.pl/
- * @license see LICENSE.txt
- **/
- define('IN_uF', true);
- //include files
- include('./../config.php');
- include('./../includes/constants.php');
- include('./../includes/db.php');
- include('./../includes/errors.php');
- include('./../includes/classes/class_pms.php');
- //connect to database
- DataBase::db_connect();
- include('./../includes/sessions.php');
- include('./../includes/classes/class_user.php');
- include('./../common.php');
- include('./../includes/admin/class_main.php');
- include('./../includes/classes/class_forum.php');
- include('./../includes/admin/class_forum.php');
- include('./../includes/classes/secure.php');
- include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');
- SessDelInvalid();
- SessRegister();
- SessDeleteOld();
- if (User::UserInformation($_SESSION['uid'],'rank')!=2)
- {
- admin_message_forum($lng['yournotadmin'],'../index.php');
- }
- if (!isset($_GET['mode']))
- {
- header('Location: banlist.php?mode=view');
- }
-
- switch($_GET['mode'])
- {
- case 'add':
- {
- switch($_GET['submode'])
- {
- //ban for user id only
- case 'user':
- {
- if (isset($_POST['u_id'],$_POST['motive']))
- {
- $ban_ip = '0.0.0.0';
- $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
- : strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));
- if ($ban_uid==$_SESSION['uid'])
- {
- admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- else
- {
- if (User::UserInformation($ban_uid,'rank')==2)
- {
- admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
- }
- }
- if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
- {
- message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- $ban_motive = strip_tags($_POST['motive']);
- $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid', '$ban_ip', '$ban_motive')";
- DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
- admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
- }
- else
- {
- $_POST['motive'] = '';
- $_POST['u_id'] = 'No profile';
- $skin = array(
- 'L.banlist'=>$lng['admin_banlist'],
- 'action'=>'banlist.php?mode=add&submode=user',
- 'L.edit_ban'=>$lng['banlist_add_user'],
- 'L.user_name'=>$lng['user_name'],
- 'L.motive' => $lng['motive'],
- 'L.save'=>$lng['submit'],
- 'L.reset'=>$lng['reset'],
- 'L.user_name.HELP' => $lng['banlist_info_1']
- );
- Admin_Over::GenerateHeader();
- include('./template/banlist_add_user_body.tpl');
- include('./template/overall_footer.tpl');
- }
- break;
- }
- //ban for ip only
- case 'ip':
- {
- if (isset($_POST['ip'],$_POST['motive']))
- {
- $ban_ip = strip_tags($_POST['ip']);
- $ban_uid = '-2';
- $ban_motive = strip_tags($_POST['motive']);
- if ($ban_uid==$_SESSION['uid'])
- {
- admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- else
- {
- if (User::UserInformation($ban_uid,'rank')==2)
- {
- admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
- }
- }
- if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
- {
- message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- $bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT
- `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
- 'Could not obtain last ban id'));
- $bid = $bid['b_id'];
- $bid = $bid +1;
- $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
- DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
- admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
- }
- else
- {
- $_POST['ip']='0.0.0.0';
- $_POST['motive'] = '';
- $skin = array(
- 'L.banlist'=>$lng['admin_banlist'],
- 'action'=>'banlist.php?mode=add&submode=ip',
- 'L.edit_ban'=>$lng['banlist_add_ip'],
- 'L.user_name'=>$lng['user_name'],
- 'L.motive' => $lng['motive'],
- 'L.save'=>$lng['submit'],
- 'L.reset'=>$lng['reset'],
- 'L.ip.HELP' => $lng['banlist_info_2'],
- 'L.user_name.HELP' => $lng['banlist_info_1']
- );
- Admin_Over::GenerateHeader();
- include('./template/banlist_add_ip_body.tpl');
- include('./template/overall_footer.tpl');
- }
- break;
- }
- //ban for ip & user id
- case 'all':
- {
- if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))
- {
- $ban_ip = strip_tags($_POST['ip']);
- $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
- : User::UserIdByNick(strip_tags($_POST['u_id']));
- $ban_motive = strip_tags($_POST['motive']);
- if ($ban_uid==$_SESSION['uid'])
- {
- admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- else
- {
- if (User::UserInformation($ban_uid,'rank')==2)
- {
- admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
- }
- }
- if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
- {
- message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- $bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT
- `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
- 'Could not obtain last ban id'));
- $bid = $bid['b_id'];
- $bid = $bid +1;
- $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
- DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
- admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
- }
- else
- {
- $_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';
- $_POST['motive'] = '';
- $_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';
- $skin = array(
- 'L.banlist'=>$lng['admin_banlist'],
- 'action'=>'banlist.php?mode=add&submode=all',
- 'L.main_beam'=>$lng['edit_word'],
- 'L.edit_ban'=>$lng['banlist_add_all'],
- 'L.user_name'=>$lng['user_name'],
- 'L.motive' => $lng['motive'],
- 'L.save'=>$lng['submit'],
- 'L.reset'=>$lng['reset'],
- 'L.ip.HELP' => $lng['banlist_info_2'],
- 'L.user_name.HELP' => $lng['banlist_info_1']
- );
- Admin_Over::GenerateHeader();
- include('./template/banlist_edit_body.tpl');
- include('./template/overall_footer.tpl');
- }
- break;
- }
- //ban with file
- case 'file':
- {
- if (isset($_FILES['file'],$_POST['motive']))
- {
- $ban_uid = '-2';
- $ban_motive = strip_tags($_POST['motive']);
- $catalog = '../tmp/';
- if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))
- {
- message_die(GENERAL,'Could not upload file.','');
- }
- $open = fopen($catalog.$_FILES['file']['name'],'r');
- $file = fread($open, filesize($catalog.$_FILES['file']['name']));
- $item = @explode("\n",$file);
- $bid = $bid = DataBase::fetch(DataBase::sql_query("SELECT
- `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
- 'Could not obtain last ban id'));
- $bid = $bid['b_id'];
- $bid = $bid +1;
- for($i=0;$i<count($item);$i++)
- {
- $ban_ip = $item[$i];
- $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
- DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
- $bid = $bid +1;
- }
- admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
- }
- else
- {
- $_POST['motive'] = '';
- $skin = array(
- 'L.banlist'=>$lng['admin_banlist'],
- 'action'=>'banlist.php?mode=add&submode=file',
- 'L.main_beam'=>$lng['edit_word'],
- 'L.edit_ban'=>$lng['banlist_add_from_file'],
- 'L.file_name'=>$lng['file_name'],
- 'L.motive' => $lng['motive'],
- 'L.save'=>$lng['submit'],
- 'L.reset'=>$lng['reset'],
- 'L.file.HELP' => $lng['banlist_info_3']
- );
- Admin_Over::GenerateHeader();
- include('./template/banlist_add_file_body.tpl');
- include('./template/overall_footer.tpl');
- }
- break;
- }
- }
- break;
- }
- case 'delete':
- {
- $bid = $_GET['id'];
- $sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
- DataBase::sql_query($sql,GENERAL,'Could not delete banlist item.');
- admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');
- break;
- }
- case 'edit':
- {
- if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))
- {
- $ban_ip = strip_tags($_POST['ip']);
- $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2'
- : User::UserIdByNick(strip_tags($_POST['u_id']));
- $ban_motive = $_POST['motive'];
- if ($ban_uid==$_SESSION['uid'])
- {
- admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- else
- {
- if (User::UserInformation($ban_uid,'rank')==2)
- {
- admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
- }
- }
- if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
- {
- message_forum($lng['no_ban_me'],'banlist.php?mode=view');
- }
- $bid = intval($_GET['id']);
- $sql = "UPDATE ".BANLIST_TABLE." SET
- `IP`='$ban_ip',
- `u_id`='$ban_uid',
- `motive`='$ban_motive'
- WHERE `b_id`='$bid'";
- DataBase::sql_query($sql,GENERAL,'Could not update ban.');
- admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');
- }
- else
- {
- $bid = $_GET['id'];
- $sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
- $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist item information');
- $result = DataBase::fetch($query);
- $_POST['ip']=$result['IP'];
- $_POST['motive'] = $result['motive'];
- $_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';
- $skin = array(
- 'L.banlist'=>$lng['admin_banlist'],
- 'action'=>'banlist.php?mode=edit&id='.$bid,
- 'L.main_beam'=>$lng['edit_word'],
- 'L.edit_ban'=>$lng['banlist_edit_ban'],
- 'L.user_name'=>$lng['user_name'],
- 'L.motive' => $lng['motive'],
- 'L.reset'=>$lng['reset'],
- 'L.save'=>$lng['submit'],
- 'L.ip.HELP' => $lng['banlist_info_2'],
- 'L.user_name.HELP' => $lng['banlist_info_1']
- );
- Admin_Over::GenerateHeader();
- include('./template/banlist_edit_body.tpl');
- include('./template/overall_footer.tpl');
- }
- break;
- }
- case 'clear':
- {
- $sql = "TRUNCATE `".BANLIST_TABLE."`";
- DataBase::sql_query($sql, GENERAL,'Could not empty banlist');
- admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');
- }
- case 'view':
- {
- $query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,GENERAL,'Could not obtain user information');
- while($result = DataBase::fetch($query))
- {
- $user[$result['u_id']]['nick'] = $result['nick'];
- }
- $sql = "SELECT * FROM ".BANLIST_TABLE."";
- $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist items');
- $skin=array(
- 'L.banlist'=>$lng['admin_banlist'],
- 'L.select_mode'=>$lng['what_do_you_want'],
- 'L.add_user'=>$lng['banlist_add_user'],
- 'L.add_ip'=>$lng['banlist_add_ip'],
- 'L.add_all'=>$lng['banlist_add_all'],
- 'L.add_file'=>$lng['banlist_add_from_file'],
- 'L.clean_banlist' => $lng['banlist_clean']
- );
- Admin_Over::GenerateHeader();
- include('./template/banlist_view_body.tpl');
- if (DataBase::num_rows($query)<1)
- {
- echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"
- class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';
- }
- else
- {
- while($item = DataBase::fetch($query))
- {
- $skin = array(
- 'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',
- 'ip'=> $item['IP'],
- 'motive' => $item['motive'],
- 'b_id'=>$item['b_id'],
- 'L.delete'=>$lng['delete'],
- 'L.edit'=>$lng['edit']
- );
- include('./template/banlist_item_add.tpl');
- }
- }
- echo '</table>';
- include('./template/overall_footer.tpl');
- break;
- }
- default:
- {
- header('Location: banlist.php?mode=view');
- break;
- }
- }
- ?>
|