A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html

377 lines
13 KiB

  1. <?php
  2. /**
  3. * @package uForum
  4. * @file admin/banlist.php
  5. * @version $Id$
  6. * @copyright 2009(c) PioDer <pioder@wp.pl>
  7. * @link http://pioder.gim2przemysl.int.pl/
  8. * @license GNU GPL v3
  9. **/
  10. define('IN_uF', true);
  11. //include files
  12. include('./../config.php');
  13. include('./../includes/constants.php');
  14. include('./../includes/db.php');
  15. include('./../includes/errors.php');
  16. include('./../includes/classes/class_pms.php');
  17. //connect to database
  18. DataBase::db_connect();
  19. include('./../includes/sessions.php');
  20. include('./../includes/classes/class_user.php');
  21. include('./../common.php');
  22. include('./../includes/admin/class_main.php');
  23. include('./../includes/classes/class_forum.php');
  24. include('./../includes/admin/class_forum.php');
  25. include('./../includes/classes/secure.php');
  26. include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');
  27. SessDelInvalid();
  28. SessRegister();
  29. SessDeleteOld();
  30. if (User::UserInformation($_SESSION['uid'],'rank')!=2)
  31. {
  32. admin_message_forum($lng['yournotadmin'],'../index.php');
  33. }
  34. if (!isset($_GET['mode']))
  35. {
  36. header('Location: banlist.php?mode=view');
  37. }
  38. switch($_GET['mode'])
  39. {
  40. case 'add':
  41. {
  42. switch($_GET['submode'])
  43. {
  44. //ban for user id only
  45. case 'user':
  46. {
  47. if (isset($_POST['u_id'],$_POST['motive']))
  48. {
  49. $ban_ip = '0.0.0.0';
  50. $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
  51. : strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));
  52. if ($ban_uid==$_SESSION['uid'])
  53. {
  54. admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  55. }
  56. else
  57. {
  58. if (User::UserInformation($ban_uid,'rank')==2)
  59. {
  60. admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  61. }
  62. }
  63. if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  64. {
  65. message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  66. }
  67. $ban_motive = strip_tags($_POST['motive']);
  68. $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid', '$ban_ip', '$ban_motive')";
  69. DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
  70. admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  71. }
  72. else
  73. {
  74. $_POST['motive'] = '';
  75. $_POST['u_id'] = 'No profile';
  76. $skin = array(
  77. 'L.banlist'=>$lng['admin_banlist'],
  78. 'action'=>'banlist.php?mode=add&amp;submode=user',
  79. 'L.edit_ban'=>$lng['banlist_add_user'],
  80. 'L.user_name'=>$lng['user_name'],
  81. 'L.motive' => $lng['motive'],
  82. 'L.save'=>$lng['submit'],
  83. 'L.reset'=>$lng['reset'],
  84. 'L.user_name.HELP' => $lng['banlist_info_1']
  85. );
  86. Admin_Over::GenerateHeader();
  87. include('./template/banlist_add_user_body.tpl');
  88. include('./template/overall_footer.tpl');
  89. }
  90. break;
  91. }
  92. //ban for ip only
  93. case 'ip':
  94. {
  95. if (isset($_POST['ip'],$_POST['motive']))
  96. {
  97. $ban_ip = strip_tags($_POST['ip']);
  98. $ban_uid = '-2';
  99. $ban_motive = strip_tags($_POST['motive']);
  100. if ($ban_uid==$_SESSION['uid'])
  101. {
  102. admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  103. }
  104. else
  105. {
  106. if (User::UserInformation($ban_uid,'rank')==2)
  107. {
  108. admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  109. }
  110. }
  111. if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  112. {
  113. message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  114. }
  115. $bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT
  116. `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
  117. 'Could not obtain last ban id'));
  118. $bid = $bid['b_id'];
  119. $bid = $bid +1;
  120. $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
  121. DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
  122. admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  123. }
  124. else
  125. {
  126. $_POST['ip']='0.0.0.0';
  127. $_POST['motive'] = '';
  128. $skin = array(
  129. 'L.banlist'=>$lng['admin_banlist'],
  130. 'action'=>'banlist.php?mode=add&amp;submode=ip',
  131. 'L.edit_ban'=>$lng['banlist_add_ip'],
  132. 'L.user_name'=>$lng['user_name'],
  133. 'L.motive' => $lng['motive'],
  134. 'L.save'=>$lng['submit'],
  135. 'L.reset'=>$lng['reset'],
  136. 'L.ip.HELP' => $lng['banlist_info_2'],
  137. 'L.user_name.HELP' => $lng['banlist_info_1']
  138. );
  139. Admin_Over::GenerateHeader();
  140. include('./template/banlist_add_ip_body.tpl');
  141. include('./template/overall_footer.tpl');
  142. }
  143. break;
  144. }
  145. //ban for ip & user id
  146. case 'all':
  147. {
  148. if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))
  149. {
  150. $ban_ip = strip_tags($_POST['ip']);
  151. $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
  152. : User::UserIdByNick(strip_tags($_POST['u_id']));
  153. $ban_motive = strip_tags($_POST['motive']);
  154. if ($ban_uid==$_SESSION['uid'])
  155. {
  156. admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  157. }
  158. else
  159. {
  160. if (User::UserInformation($ban_uid,'rank')==2)
  161. {
  162. admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  163. }
  164. }
  165. if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  166. {
  167. message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  168. }
  169. $bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT
  170. `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
  171. 'Could not obtain last ban id'));
  172. $bid = $bid['b_id'];
  173. $bid = $bid +1;
  174. $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
  175. DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
  176. admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  177. }
  178. else
  179. {
  180. $_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';
  181. $_POST['motive'] = '';
  182. $_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';
  183. $skin = array(
  184. 'L.banlist'=>$lng['admin_banlist'],
  185. 'action'=>'banlist.php?mode=add&amp;submode=all',
  186. 'L.main_beam'=>$lng['edit_word'],
  187. 'L.edit_ban'=>$lng['banlist_add_all'],
  188. 'L.user_name'=>$lng['user_name'],
  189. 'L.motive' => $lng['motive'],
  190. 'L.save'=>$lng['submit'],
  191. 'L.reset'=>$lng['reset'],
  192. 'L.ip.HELP' => $lng['banlist_info_2'],
  193. 'L.user_name.HELP' => $lng['banlist_info_1']
  194. );
  195. Admin_Over::GenerateHeader();
  196. include('./template/banlist_edit_body.tpl');
  197. include('./template/overall_footer.tpl');
  198. }
  199. break;
  200. }
  201. //ban with file
  202. case 'file':
  203. {
  204. if (isset($_FILES['file'],$_POST['motive']))
  205. {
  206. $ban_uid = '-2';
  207. $ban_motive = strip_tags($_POST['motive']);
  208. $catalog = '../tmp/';
  209. if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))
  210. {
  211. message_die(GENERAL,'Could not upload file.','');
  212. }
  213. $open = fopen($catalog.$_FILES['file']['name'],'r');
  214. $file = fread($open, filesize($catalog.$_FILES['file']['name']));
  215. $item = @explode("\n",$file);
  216. $bid = $bid = DataBase::fetch(DataBase::sql_query("SELECT
  217. `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
  218. 'Could not obtain last ban id'));
  219. $bid = $bid['b_id'];
  220. $bid = $bid +1;
  221. for($i=0;$i<count($item);$i++)
  222. {
  223. $ban_ip = $item[$i];
  224. $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
  225. DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
  226. $bid = $bid +1;
  227. }
  228. admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  229. }
  230. else
  231. {
  232. $_POST['motive'] = '';
  233. $skin = array(
  234. 'L.banlist'=>$lng['admin_banlist'],
  235. 'action'=>'banlist.php?mode=add&amp;submode=file',
  236. 'L.main_beam'=>$lng['edit_word'],
  237. 'L.edit_ban'=>$lng['banlist_add_from_file'],
  238. 'L.file_name'=>$lng['file_name'],
  239. 'L.motive' => $lng['motive'],
  240. 'L.save'=>$lng['submit'],
  241. 'L.reset'=>$lng['reset'],
  242. 'L.file.HELP' => $lng['banlist_info_3']
  243. );
  244. Admin_Over::GenerateHeader();
  245. include('./template/banlist_add_file_body.tpl');
  246. include('./template/overall_footer.tpl');
  247. }
  248. break;
  249. }
  250. }
  251. break;
  252. }
  253. case 'delete':
  254. {
  255. $bid = $_GET['id'];
  256. $sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
  257. DataBase::sql_query($sql,GENERAL,'Could not delete banlist item.');
  258. admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');
  259. break;
  260. }
  261. case 'edit':
  262. {
  263. if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))
  264. {
  265. $ban_ip = strip_tags($_POST['ip']);
  266. $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2'
  267. : User::UserIdByNick(strip_tags($_POST['u_id']));
  268. $ban_motive = $_POST['motive'];
  269. if ($ban_uid==$_SESSION['uid'])
  270. {
  271. admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  272. }
  273. else
  274. {
  275. if (User::UserInformation($ban_uid,'rank')==2)
  276. {
  277. admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  278. }
  279. }
  280. if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  281. {
  282. message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  283. }
  284. $bid = intval($_GET['id']);
  285. $sql = "UPDATE ".BANLIST_TABLE." SET
  286. `IP`='$ban_ip',
  287. `u_id`='$ban_uid',
  288. `motive`='$ban_motive'
  289. WHERE `b_id`='$bid'";
  290. DataBase::sql_query($sql,GENERAL,'Could not update ban.');
  291. admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');
  292. }
  293. else
  294. {
  295. $bid = $_GET['id'];
  296. $sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
  297. $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist item information');
  298. $result = DataBase::fetch($query);
  299. $_POST['ip']=$result['IP'];
  300. $_POST['motive'] = $result['motive'];
  301. $_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';
  302. $skin = array(
  303. 'L.banlist'=>$lng['admin_banlist'],
  304. 'action'=>'banlist.php?mode=edit&id='.$bid,
  305. 'L.main_beam'=>$lng['edit_word'],
  306. 'L.edit_ban'=>$lng['banlist_edit_ban'],
  307. 'L.user_name'=>$lng['user_name'],
  308. 'L.motive' => $lng['motive'],
  309. 'L.reset'=>$lng['reset'],
  310. 'L.save'=>$lng['submit'],
  311. 'L.ip.HELP' => $lng['banlist_info_2'],
  312. 'L.user_name.HELP' => $lng['banlist_info_1']
  313. );
  314. Admin_Over::GenerateHeader();
  315. include('./template/banlist_edit_body.tpl');
  316. include('./template/overall_footer.tpl');
  317. }
  318. break;
  319. }
  320. case 'clear':
  321. {
  322. $sql = "TRUNCATE `".BANLIST_TABLE."`";
  323. DataBase::sql_query($sql, GENERAL,'Could not empty banlist');
  324. admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');
  325. }
  326. case 'view':
  327. {
  328. $query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,GENERAL,'Could not obtain user information');
  329. while($result = DataBase::fetch($query))
  330. {
  331. $user[$result['u_id']]['nick'] = $result['nick'];
  332. }
  333. $sql = "SELECT * FROM ".BANLIST_TABLE."";
  334. $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist items');
  335. $skin=array(
  336. 'L.banlist'=>$lng['admin_banlist'],
  337. 'L.select_mode'=>$lng['what_do_you_want'],
  338. 'L.add_user'=>$lng['banlist_add_user'],
  339. 'L.add_ip'=>$lng['banlist_add_ip'],
  340. 'L.add_all'=>$lng['banlist_add_all'],
  341. 'L.add_file'=>$lng['banlist_add_from_file'],
  342. 'L.clean_banlist' => $lng['banlist_clean']
  343. );
  344. Admin_Over::GenerateHeader();
  345. include('./template/banlist_view_body.tpl');
  346. if (DataBase::num_rows($query)<1)
  347. {
  348. echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"
  349. class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';
  350. }
  351. else
  352. {
  353. while($item = DataBase::fetch($query))
  354. {
  355. $skin = array(
  356. 'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',
  357. 'ip'=> $item['IP'],
  358. 'motive' => $item['motive'],
  359. 'b_id'=>$item['b_id'],
  360. 'L.delete'=>$lng['delete'],
  361. 'L.edit'=>$lng['edit']
  362. );
  363. include('./template/banlist_item_add.tpl');
  364. }
  365. }
  366. echo '</table>';
  367. include('./template/overall_footer.tpl');
  368. break;
  369. }
  370. default:
  371. {
  372. header('Location: banlist.php?mode=view');
  373. break;
  374. }
  375. }
  376. ?>