* @link http://www.pioder.pl/ * @license see LICENSE.txt **/ define('IN_uF', true); //include files include('./../config.php'); include('./../includes/constants.php'); include('./../includes/db.php'); include('./../includes/errors.php'); include('./../includes/classes/class_pms.php'); //connect to database DataBase::db_connect(); include('./../includes/sessions.php'); include('./../includes/classes/class_user.php'); include('./../common.php'); include('./../includes/admin/class_main.php'); include('./../includes/classes/class_forum.php'); include('./../includes/admin/class_forum.php'); include('./../includes/classes/secure.php'); include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php'); SessDelInvalid(); SessRegister(); SessDeleteOld(); if (User::UserInformation($_SESSION['uid'],'rank')!=2) { admin_message_forum($lng['yournotadmin'],'../index.php'); } if (!isset($_GET['mode'])) { header('Location: banlist.php?mode=view'); } switch($_GET['mode']) { case 'add': { switch($_GET['submode']) { //ban for user id only case 'user': { if (isset($_POST['u_id'],$_POST['motive'])) { $ban_ip = '0.0.0.0'; $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' : strip_tags(User::UserIdByNick(strip_tags($_POST['u_id']))); if ($ban_uid==$_SESSION['uid']) { admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } else { if (User::UserInformation($ban_uid,'rank')==2) { admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view'); } } if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI'])) { message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } $ban_motive = strip_tags($_POST['motive']); $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid', '$ban_ip', '$ban_motive')"; DataBase::sql_query($sql,GENERAL,'Could not update add ban.'); admin_message_forum($lng['ban_added'],'banlist.php?mode=view'); } else { $_POST['motive'] = ''; $_POST['u_id'] = 'No profile'; $skin = array( 'L.banlist'=>$lng['admin_banlist'], 'action'=>'banlist.php?mode=add&submode=user', 'L.edit_ban'=>$lng['banlist_add_user'], 'L.user_name'=>$lng['user_name'], 'L.motive' => $lng['motive'], 'L.save'=>$lng['submit'], 'L.reset'=>$lng['reset'], 'L.user_name.HELP' => $lng['banlist_info_1'] ); Admin_Over::GenerateHeader(); include('./template/banlist_add_user_body.tpl'); include('./template/overall_footer.tpl'); } break; } //ban for ip only case 'ip': { if (isset($_POST['ip'],$_POST['motive'])) { $ban_ip = strip_tags($_POST['ip']); $ban_uid = '-2'; $ban_motive = strip_tags($_POST['motive']); if ($ban_uid==$_SESSION['uid']) { admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } else { if (User::UserInformation($ban_uid,'rank')==2) { admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view'); } } if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI'])) { message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } $bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL, 'Could not obtain last ban id')); $bid = $bid['b_id']; $bid = $bid +1; $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')"; DataBase::sql_query($sql,GENERAL,'Could not update add ban.'); admin_message_forum($lng['ban_added'],'banlist.php?mode=view'); } else { $_POST['ip']='0.0.0.0'; $_POST['motive'] = ''; $skin = array( 'L.banlist'=>$lng['admin_banlist'], 'action'=>'banlist.php?mode=add&submode=ip', 'L.edit_ban'=>$lng['banlist_add_ip'], 'L.user_name'=>$lng['user_name'], 'L.motive' => $lng['motive'], 'L.save'=>$lng['submit'], 'L.reset'=>$lng['reset'], 'L.ip.HELP' => $lng['banlist_info_2'], 'L.user_name.HELP' => $lng['banlist_info_1'] ); Admin_Over::GenerateHeader(); include('./template/banlist_add_ip_body.tpl'); include('./template/overall_footer.tpl'); } break; } //ban for ip & user id case 'all': { if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'])) { $ban_ip = strip_tags($_POST['ip']); $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' : User::UserIdByNick(strip_tags($_POST['u_id'])); $ban_motive = strip_tags($_POST['motive']); if ($ban_uid==$_SESSION['uid']) { admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } else { if (User::UserInformation($ban_uid,'rank')==2) { admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view'); } } if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI'])) { message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } $bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL, 'Could not obtain last ban id')); $bid = $bid['b_id']; $bid = $bid +1; $sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')"; DataBase::sql_query($sql,GENERAL,'Could not update add ban.'); admin_message_forum($lng['ban_added'],'banlist.php?mode=view'); } else { $_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0'; $_POST['motive'] = ''; $_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile'; $skin = array( 'L.banlist'=>$lng['admin_banlist'], 'action'=>'banlist.php?mode=add&submode=all', 'L.main_beam'=>$lng['edit_word'], 'L.edit_ban'=>$lng['banlist_add_all'], 'L.user_name'=>$lng['user_name'], 'L.motive' => $lng['motive'], 'L.save'=>$lng['submit'], 'L.reset'=>$lng['reset'], 'L.ip.HELP' => $lng['banlist_info_2'], 'L.user_name.HELP' => $lng['banlist_info_1'] ); Admin_Over::GenerateHeader(); include('./template/banlist_edit_body.tpl'); include('./template/overall_footer.tpl'); } break; } //ban with file case 'file': { if (isset($_FILES['file'],$_POST['motive'])) { $ban_uid = '-2'; $ban_motive = strip_tags($_POST['motive']); $catalog = '../tmp/'; if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name'])) { message_die(GENERAL,'Could not upload file.',''); } $open = fopen($catalog.$_FILES['file']['name'],'r'); $file = fread($open, filesize($catalog.$_FILES['file']['name'])); $item = @explode("\n",$file); $bid = $bid = DataBase::fetch(DataBase::sql_query("SELECT `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL, 'Could not obtain last ban id')); $bid = $bid['b_id']; $bid = $bid +1; for($i=0;$i$lng['admin_banlist'], 'action'=>'banlist.php?mode=add&submode=file', 'L.main_beam'=>$lng['edit_word'], 'L.edit_ban'=>$lng['banlist_add_from_file'], 'L.file_name'=>$lng['file_name'], 'L.motive' => $lng['motive'], 'L.save'=>$lng['submit'], 'L.reset'=>$lng['reset'], 'L.file.HELP' => $lng['banlist_info_3'] ); Admin_Over::GenerateHeader(); include('./template/banlist_add_file_body.tpl'); include('./template/overall_footer.tpl'); } break; } } break; } case 'delete': { $bid = $_GET['id']; $sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'"; DataBase::sql_query($sql,GENERAL,'Could not delete banlist item.'); admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view'); break; } case 'edit': { if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id'])) { $ban_ip = strip_tags($_POST['ip']); $ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2' : User::UserIdByNick(strip_tags($_POST['u_id'])); $ban_motive = $_POST['motive']; if ($ban_uid==$_SESSION['uid']) { admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } else { if (User::UserInformation($ban_uid,'rank')==2) { admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view'); } } if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI'])) { message_forum($lng['no_ban_me'],'banlist.php?mode=view'); } $bid = intval($_GET['id']); $sql = "UPDATE ".BANLIST_TABLE." SET `IP`='$ban_ip', `u_id`='$ban_uid', `motive`='$ban_motive' WHERE `b_id`='$bid'"; DataBase::sql_query($sql,GENERAL,'Could not update ban.'); admin_message_forum($lng['ban_edited'],'banlist.php?mode=view'); } else { $bid = $_GET['id']; $sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'"; $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist item information'); $result = DataBase::fetch($query); $_POST['ip']=$result['IP']; $_POST['motive'] = $result['motive']; $_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile'; $skin = array( 'L.banlist'=>$lng['admin_banlist'], 'action'=>'banlist.php?mode=edit&id='.$bid, 'L.main_beam'=>$lng['edit_word'], 'L.edit_ban'=>$lng['banlist_edit_ban'], 'L.user_name'=>$lng['user_name'], 'L.motive' => $lng['motive'], 'L.reset'=>$lng['reset'], 'L.save'=>$lng['submit'], 'L.ip.HELP' => $lng['banlist_info_2'], 'L.user_name.HELP' => $lng['banlist_info_1'] ); Admin_Over::GenerateHeader(); include('./template/banlist_edit_body.tpl'); include('./template/overall_footer.tpl'); } break; } case 'clear': { $sql = "TRUNCATE `".BANLIST_TABLE."`"; DataBase::sql_query($sql, GENERAL,'Could not empty banlist'); admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view'); } case 'view': { $query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,GENERAL,'Could not obtain user information'); while($result = DataBase::fetch($query)) { $user[$result['u_id']]['nick'] = $result['nick']; } $sql = "SELECT * FROM ".BANLIST_TABLE.""; $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist items'); $skin=array( 'L.banlist'=>$lng['admin_banlist'], 'L.select_mode'=>$lng['what_do_you_want'], 'L.add_user'=>$lng['banlist_add_user'], 'L.add_ip'=>$lng['banlist_add_ip'], 'L.add_all'=>$lng['banlist_add_all'], 'L.add_file'=>$lng['banlist_add_from_file'], 'L.clean_banlist' => $lng['banlist_clean'] ); Admin_Over::GenerateHeader(); include('./template/banlist_view_body.tpl'); if (DataBase::num_rows($query)<1) { echo '

'.$lng['banlist_no_items'].'!

'; } else { while($item = DataBase::fetch($query)) { $skin = array( 'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile', 'ip'=> $item['IP'], 'motive' => $item['motive'], 'b_id'=>$item['b_id'], 'L.delete'=>$lng['delete'], 'L.edit'=>$lng['edit'] ); include('./template/banlist_item_add.tpl'); } } echo ''; include('./template/overall_footer.tpl'); break; } default: { header('Location: banlist.php?mode=view'); break; } } ?>