pioder
/
uf
1
0
Fork 0
Code Releases 0 Activity
A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
524 KiB
Tree: f14ed3c798
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f14ed3c798'
${ noResults }
uf/admin/banlist.php

377 lines
13 KiB
Raw Normal View History

Added files - test git-svn-id: https://svn.pioder.pl/uf-svn/uF@11 72ec579a-5ced-4fa4-82f3-afba5d98df2f
15 years ago
Updated head in all files. git-svn-id: https://svn.pioder.pl/uf-svn/uF@14 72ec579a-5ced-4fa4-82f3-afba5d98df2f
15 years ago
Added files - test git-svn-id: https://svn.pioder.pl/uf-svn/uF@11 72ec579a-5ced-4fa4-82f3-afba5d98df2f
15 years ago
Updated head in all files. git-svn-id: https://svn.pioder.pl/uf-svn/uF@14 72ec579a-5ced-4fa4-82f3-afba5d98df2f
15 years ago
Added files - test git-svn-id: https://svn.pioder.pl/uf-svn/uF@11 72ec579a-5ced-4fa4-82f3-afba5d98df2f
15 years ago
 
  1. <?php
  2. /** 
  3. * @package	uForum 
  4. * @file		admin/banlist.php
  5. * @version	$Id$ 
  6. * @copyright	2009(c) PioDer <pioder@wp.pl>
  7. * @link 	http://pioder.gim2przemysl.int.pl/
  8. * @license	GNU GPL v3
  9. **/
  10. define('IN_uF', true);
  11. //include files

  12. include('./../config.php');
  13. include('./../includes/constants.php');
  14. include('./../includes/class_db.php');
  15. include('./../includes/class_error.php');
  16. include('./../includes/classes/class_pms.php');
  17. //connect to database

  18. DataBase::db_connect();
  19. include('./../includes/sessions.php');
  20. include('./../includes/class_user.php');
  21. include('./../common.php');
  22. include('./../includes/admin/class_main.php');
  23. include('./../includes/class_forum.php');
  24. include('./../includes/admin/class_forum.php');
  25. include('./../includes/classes/secure.php');
  26. include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');
  27. sess_del_invalid($_SESSION['uid']);	
  28. sess_register($_SESSION['uid']);
  29. sess_delete_old();
  30. if (User::UserInformation($_SESSION['uid'],'rank')!=2)
  31. {
  32. 	admin_message_forum($lng['yournotadmin'],'../index.php');
  33. }
  34. if (!isset($_GET['mode']))
  35. {
  36. 	header('Location: banlist.php?mode=view');	
  37. }
  38. 

  39. switch($_GET['mode'])
  40. {
  41. 	case 'add':
  42. 	{
  43. 		switch($_GET['submode'])
  44. 		{
  45. 			//ban for user id only

  46. 			case 'user':
  47.     			{
  48. 	        		if (isset($_POST['u_id'],$_POST['motive']))
  49. 				{
  50. 	    				$ban_ip = '0.0.0.0';
  51. 	    				$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' 
  52. 					: strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));
  53. 					if ($ban_uid==$_SESSION['uid'])
  54. 					{
  55. 						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  56. 					}
  57. 					else
  58. 					{
  59. 						if (User::UserInformation($ban_uid,'rank')==2)
  60. 						{
  61. 							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  62. 						}
  63. 					}
  64. 					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  65. 					{
  66. 						message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  67. 					}
  68. 	    				$ban_motive = strip_tags($_POST['motive']);    
  69. 			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid',  '$ban_ip', '$ban_motive')";
  70. 					DataBase::sql_query($sql,'GENERAL','Could not update add ban.');	
  71. 					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  72. 				}
  73. 				else
  74. 				{
  75. 					$_POST['motive'] = '';
  76. 					$_POST['u_id'] = 'No profile';
  77. 					$skin = array(
  78. 	    				'L.banlist'=>$lng['admin_banlist'],
  79. 					'action'=>'banlist.php?mode=add&amp;submode=user',
  80. 					'L.edit_ban'=>$lng['banlist_add_user'],
  81. 		    			'L.user_name'=>$lng['user_name'],
  82. 					'L.motive' => $lng['motive'],
  83. 					'L.save'=>$lng['submit'],
  84. 					'L.reset'=>$lng['reset'],
  85. 					'L.user_name.HELP' => $lng['banlist_info_1']
  86. 					);
  87. 					Admin_Over::GenerateHeader();
  88. 					include('./template/banlist_add_user_body.tpl');
  89. 					include('./template/overall_footer.tpl');
  90. 				}
  91. 				break;
  92. 			}
  93. 			//ban for ip only 

  94. 			case 'ip':
  95. 			{
  96. 	        		if (isset($_POST['ip'],$_POST['motive']))
  97. 				{
  98. 					$ban_ip = strip_tags($_POST['ip']);
  99. 					$ban_uid = '-2';
  100. 					$ban_motive = strip_tags($_POST['motive']);
  101. 					if ($ban_uid==$_SESSION['uid'])
  102. 					{
  103. 						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  104. 					}
  105. 					else
  106. 					{
  107. 						if (User::UserInformation($ban_uid,'rank')==2)
  108. 						{
  109. 							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  110. 						}
  111. 					}
  112. 					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  113. 					{
  114. 						message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  115. 					}
  116. 					$bid =$bid = @mysql_fetch_array(DataBase::sql_query("SELECT 

  117. 					  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',

  118. 				  	     'Could not obtain last ban id'));
  119. 					$bid = $bid['b_id'];
  120. 					$bid = $bid +1;     
  121. 			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";
  122. 					DataBase::sql_query($sql,'GENERAL','Could not update add ban.');	
  123. 					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  124. 				}
  125. 				else
  126. 				{
  127. 					$_POST['ip']='0.0.0.0';
  128. 					$_POST['motive'] = '';
  129. 					$skin = array(
  130. 					'L.banlist'=>$lng['admin_banlist'],
  131. 					'action'=>'banlist.php?mode=add&amp;submode=ip',
  132.     					'L.edit_ban'=>$lng['banlist_add_ip'],
  133. 		    			'L.user_name'=>$lng['user_name'],
  134. 					'L.motive' => $lng['motive'],
  135. 					'L.save'=>$lng['submit'],
  136. 					'L.reset'=>$lng['reset'],
  137. 					'L.ip.HELP' => $lng['banlist_info_2'],
  138. 					'L.user_name.HELP' => $lng['banlist_info_1']
  139. 					);
  140. 					Admin_Over::GenerateHeader();
  141. 					include('./template/banlist_add_ip_body.tpl');
  142. 					include('./template/overall_footer.tpl');
  143. 				}
  144. 				break;
  145. 			}
  146. 			//ban for ip & user id

  147. 			case 'all':
  148.     			{
  149. 	        		if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))
  150. 				{
  151. 	    				$ban_ip = strip_tags($_POST['ip']);
  152. 	    				$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' 
  153.   					: User::UserIdByNick(strip_tags($_POST['u_id']));
  154. 	    				$ban_motive = strip_tags($_POST['motive']);
  155. 	    				if ($ban_uid==$_SESSION['uid'])
  156. 					{
  157. 						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  158. 					}
  159. 					else
  160. 					{
  161. 						if (User::UserInformation($ban_uid,'rank')==2)
  162. 						{
  163. 							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  164. 						}
  165. 					}
  166. 					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  167. 					{
  168. 						message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  169. 					}
  170. 	    				$bid =$bid = @mysql_fetch_array(DataBase::sql_query("SELECT 

  171. 		    			  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',

  172. 	     			  	     'Could not obtain last ban id'));
  173. 					$bid = $bid['b_id'];
  174. 					$bid = $bid +1;     
  175. 			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";
  176. 					DataBase::sql_query($sql,'GENERAL','Could not update add ban.');	
  177. 					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  178. 				}
  179. 				else
  180. 				{
  181. 					$_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';
  182. 					$_POST['motive'] = '';
  183. 					$_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';
  184. 					$skin = array(
  185. 	    				'L.banlist'=>$lng['admin_banlist'],
  186. 					'action'=>'banlist.php?mode=add&amp;submode=all',
  187.     					'L.main_beam'=>$lng['edit_word'],
  188.     					'L.edit_ban'=>$lng['banlist_add_all'],
  189. 		    			'L.user_name'=>$lng['user_name'],
  190. 					'L.motive' => $lng['motive'],
  191. 					'L.save'=>$lng['submit'],
  192. 					'L.reset'=>$lng['reset'],
  193. 					'L.ip.HELP' => $lng['banlist_info_2'],
  194. 					'L.user_name.HELP' => $lng['banlist_info_1']
  195. 					);
  196. 					Admin_Over::GenerateHeader();
  197. 					include('./template/banlist_edit_body.tpl');
  198. 					include('./template/overall_footer.tpl');
  199. 				}
  200. 				break;
  201. 			}
  202. 			//ban with file

  203. 			case 'file':
  204. 			{
  205. 	        		if (isset($_FILES['file'],$_POST['motive']))
  206. 				{
  207. 	    				$ban_uid = '-2'; 
  208. 	    				$ban_motive = strip_tags($_POST['motive']);
  209. 	    				$catalog = '../tmp/';
  210. 					if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))
  211. 					{
  212. 						message_die('GENERAL','Could not upload file.','');
  213. 					}
  214. 					$open = fopen($catalog.$_FILES['file']['name'],'r');
  215. 					$file = fread($open, filesize($catalog.$_FILES['file']['name']));
  216. 					$item = @explode("\n",$file);
  217. 	    				$bid = $bid = @mysql_fetch_array(DataBase::sql_query("SELECT 

  218. 		    			  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',

  219. 	     			  	     'Could not obtain last ban id'));
  220. 					$bid = $bid['b_id'];
  221. 					$bid = $bid +1; 
  222. 					for($i=0;$i<count($item);$i++)
  223. 					{    
  224. 						$ban_ip = $item[$i];
  225. 						$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";
  226. 						DataBase::sql_query($sql,'GENERAL','Could not update add ban.');
  227. 						$bid = $bid +1;
  228. 					}	
  229. 					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
  230. 				}
  231. 				else
  232. 				{
  233. 					$_POST['motive'] = '';
  234. 					$skin = array(
  235. 	    				'L.banlist'=>$lng['admin_banlist'],
  236. 					'action'=>'banlist.php?mode=add&amp;submode=file',
  237.     					'L.main_beam'=>$lng['edit_word'],
  238.     					'L.edit_ban'=>$lng['banlist_add_from_file'],
  239. 		    			'L.file_name'=>$lng['file_name'],
  240. 					'L.motive' => $lng['motive'],
  241. 					'L.save'=>$lng['submit'],
  242. 					'L.reset'=>$lng['reset'],
  243. 					'L.file.HELP' => $lng['banlist_info_3']
  244. 					);
  245. 					Admin_Over::GenerateHeader();
  246. 					include('./template/banlist_add_file_body.tpl');
  247. 					include('./template/overall_footer.tpl');
  248. 				}
  249. 				break;
  250. 			}
  251. 		}
  252. 		break;
  253. 	}
  254. 	case 'delete':
  255. 	{
  256.    		$bid = $_GET['id'];
  257.    		$sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
  258.    		DataBase::sql_query($sql,'GENERAL','Could not delete banlist item.');
  259.    		admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');
  260.    		break;
  261. 	}
  262. 	case 'edit':
  263. 	{
  264. 		if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))
  265. 		{
  266. 	    		$ban_ip = strip_tags($_POST['ip']);
  267. 	    		$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2' 
  268.   			: User::UserIdByNick(strip_tags($_POST['u_id']));
  269. 	    		$ban_motive = $_POST['motive'];
  270. 	    		if ($ban_uid==$_SESSION['uid'])
  271. 			{
  272. 				admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  273. 			}
  274. 			else
  275. 			{
  276. 				if (User::UserInformation($ban_uid,'rank')==2)
  277. 				{
  278. 					admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
  279. 				}
  280. 			}
  281. 			if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
  282. 			{
  283. 				message_forum($lng['no_ban_me'],'banlist.php?mode=view');
  284. 			}
  285. 	    		$bid = intval($_GET['id']);
  286. 	    		$sql = "UPDATE ".BANLIST_TABLE." SET

  287. 		     	`IP`='$ban_ip', 
  288. 		     	`u_id`='$ban_uid', 
  289. 		     	`motive`='$ban_motive' 
  290. 			WHERE `b_id`='$bid'";

  291. 			DataBase::sql_query($sql,'GENERAL','Could not update ban.');	
  292. 			admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');
  293. 		}
  294. 		else
  295. 		{
  296.     			$bid = $_GET['id'];
  297. 			$sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
  298.     			$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain banlist item information');
  299. 			$result = @mysql_fetch_array($query);
  300. 			$_POST['ip']=$result['IP'];
  301. 			$_POST['motive'] = $result['motive'];
  302. 			$_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';
  303. 			$skin = array(
  304.     			'L.banlist'=>$lng['admin_banlist'],
  305. 			'action'=>'banlist.php?mode=edit&id='.$bid,
  306.     			'L.main_beam'=>$lng['edit_word'],
  307.     			'L.edit_ban'=>$lng['banlist_edit_ban'],
  308.     			'L.user_name'=>$lng['user_name'],
  309. 			'L.motive' => $lng['motive'],
  310. 			'L.reset'=>$lng['reset'],
  311. 			'L.save'=>$lng['submit'],
  312. 			'L.ip.HELP' => $lng['banlist_info_2'],
  313. 			'L.user_name.HELP' => $lng['banlist_info_1']
  314. 			);
  315. 			Admin_Over::GenerateHeader();
  316. 			include('./template/banlist_edit_body.tpl');
  317. 			include('./template/overall_footer.tpl');
  318. 		}
  319. 		break;
  320. 	}
  321. 	case 'clear':
  322. 	{
  323.    		$sql = "TRUNCATE `".BANLIST_TABLE."`";
  324.    		DataBase::sql_query($sql, 'GENERAL','Could not empty banlist');
  325.    		admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');
  326. 	}	
  327.  	case 'view':
  328.  	{
  329.     		$query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,'GENERAL','Could not obtain user information');
  330. 		while($result = @mysql_fetch_array($query))
  331. 		{
  332.     			$user[$result['u_id']]['nick'] = $result['nick'];
  333. 		}
  334. 		$sql = "SELECT * FROM ".BANLIST_TABLE."";
  335.     		$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain banlist items');
  336.     		$skin=array(
  337. 		'L.banlist'=>$lng['admin_banlist'],
  338. 		'L.select_mode'=>$lng['what_do_you_want'],
  339. 		'L.add_user'=>$lng['banlist_add_user'],
  340. 		'L.add_ip'=>$lng['banlist_add_ip'],
  341. 		'L.add_all'=>$lng['banlist_add_all'],
  342. 		'L.add_file'=>$lng['banlist_add_from_file'],
  343. 		'L.clean_banlist' => $lng['banlist_clean']
  344. 		);
  345. 		Admin_Over::GenerateHeader();
  346.     		include('./template/banlist_view_body.tpl');
  347. 		if (@mysql_num_rows($query)<1)
  348. 		{
  349.     			echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"

  350. 			     class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';
  351. 		}
  352. 		else
  353. 		{
  354. 			while($item = @mysql_fetch_array($query))
  355.     			{
  356. 				$skin = array(
  357. 				'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',
  358. 				'ip'=> $item['IP'],
  359. 				'motive' => $item['motive'],
  360. 				'b_id'=>$item['b_id'],
  361. 				'L.delete'=>$lng['delete'],
  362. 				'L.edit'=>$lng['edit']
  363. 				); 
  364. 				include('./template/banlist_item_add.tpl');
  365. 			}
  366. 		}
  367. 		echo '</table>';
  368. 		include('./template/overall_footer.tpl');
  369. 		break;
  370. 	}
  371. 	default:
  372. 	{
  373. 		header('Location: banlist.php?mode=view');	
  374. 		break;
  375. 	}
  376. }
  377. ?>