<?php
/** 
* @package	uForum 
* @file		admin/banlist.php
* @version	$Id$ 
* @copyright	2009(c) PioDer <pioder@wp.pl>
* @link 	http://pioder.gim2przemysl.int.pl/
* @license	GNU GPL v3
**/
define('IN_uF', true);
//include files
include('./../config.php');
include('./../includes/constants.php');
include('./../includes/db.php');
include('./../includes/errors.php');
include('./../includes/classes/class_pms.php');
//connect to database
DataBase::db_connect();
include('./../includes/sessions.php');
include('./../includes/classes/class_user.php');
include('./../common.php');
include('./../includes/admin/class_main.php');
include('./../includes/classes/class_forum.php');
include('./../includes/admin/class_forum.php');
include('./../includes/classes/secure.php');
include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');
SessDelInvalid();	
SessRegister();
SessDeleteOld();
if (User::UserInformation($_SESSION['uid'],'rank')!=2)
{
	admin_message_forum($lng['yournotadmin'],'../index.php');
}
if (!isset($_GET['mode']))
{
	header('Location: banlist.php?mode=view');	
}

switch($_GET['mode'])
{
	case 'add':
	{
		switch($_GET['submode'])
		{
			//ban for user id only
			case 'user':
    			{
	        		if (isset($_POST['u_id'],$_POST['motive']))
				{
	    				$ban_ip = '0.0.0.0';
	    				$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' 
					: strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));
					if ($ban_uid==$_SESSION['uid'])
					{
						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
					}
					else
					{
						if (User::UserInformation($ban_uid,'rank')==2)
						{
							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
						}
					}
					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
					{
						message_forum($lng['no_ban_me'],'banlist.php?mode=view');
					}
	    				$ban_motive = strip_tags($_POST['motive']);    
			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid',  '$ban_ip', '$ban_motive')";
					DataBase::sql_query($sql,'GENERAL','Could not update add ban.');	
					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
				}
				else
				{
					$_POST['motive'] = '';
					$_POST['u_id'] = 'No profile';
					$skin = array(
	    				'L.banlist'=>$lng['admin_banlist'],
					'action'=>'banlist.php?mode=add&amp;submode=user',
					'L.edit_ban'=>$lng['banlist_add_user'],
		    			'L.user_name'=>$lng['user_name'],
					'L.motive' => $lng['motive'],
					'L.save'=>$lng['submit'],
					'L.reset'=>$lng['reset'],
					'L.user_name.HELP' => $lng['banlist_info_1']
					);
					Admin_Over::GenerateHeader();
					include('./template/banlist_add_user_body.tpl');
					include('./template/overall_footer.tpl');
				}
				break;
			}
			//ban for ip only 
			case 'ip':
			{
	        		if (isset($_POST['ip'],$_POST['motive']))
				{
					$ban_ip = strip_tags($_POST['ip']);
					$ban_uid = '-2';
					$ban_motive = strip_tags($_POST['motive']);
					if ($ban_uid==$_SESSION['uid'])
					{
						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
					}
					else
					{
						if (User::UserInformation($ban_uid,'rank')==2)
						{
							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
						}
					}
					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
					{
						message_forum($lng['no_ban_me'],'banlist.php?mode=view');
					}
					$bid =$bid = @mysql_fetch_array(DataBase::sql_query("SELECT 
					  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',
				  	     'Could not obtain last ban id'));
					$bid = $bid['b_id'];
					$bid = $bid +1;     
			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";
					DataBase::sql_query($sql,'GENERAL','Could not update add ban.');	
					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
				}
				else
				{
					$_POST['ip']='0.0.0.0';
					$_POST['motive'] = '';
					$skin = array(
					'L.banlist'=>$lng['admin_banlist'],
					'action'=>'banlist.php?mode=add&amp;submode=ip',
    					'L.edit_ban'=>$lng['banlist_add_ip'],
		    			'L.user_name'=>$lng['user_name'],
					'L.motive' => $lng['motive'],
					'L.save'=>$lng['submit'],
					'L.reset'=>$lng['reset'],
					'L.ip.HELP' => $lng['banlist_info_2'],
					'L.user_name.HELP' => $lng['banlist_info_1']
					);
					Admin_Over::GenerateHeader();
					include('./template/banlist_add_ip_body.tpl');
					include('./template/overall_footer.tpl');
				}
				break;
			}
			//ban for ip & user id
			case 'all':
    			{
	        		if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))
				{
	    				$ban_ip = strip_tags($_POST['ip']);
	    				$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2' 
  					: User::UserIdByNick(strip_tags($_POST['u_id']));
	    				$ban_motive = strip_tags($_POST['motive']);
	    				if ($ban_uid==$_SESSION['uid'])
					{
						admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
					}
					else
					{
						if (User::UserInformation($ban_uid,'rank')==2)
						{
							admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
						}
					}
					if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
					{
						message_forum($lng['no_ban_me'],'banlist.php?mode=view');
					}
	    				$bid =$bid = @mysql_fetch_array(DataBase::sql_query("SELECT 
		    			  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',
	     			  	     'Could not obtain last ban id'));
					$bid = $bid['b_id'];
					$bid = $bid +1;     
			    		$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";
					DataBase::sql_query($sql,'GENERAL','Could not update add ban.');	
					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
				}
				else
				{
					$_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';
					$_POST['motive'] = '';
					$_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';
					$skin = array(
	    				'L.banlist'=>$lng['admin_banlist'],
					'action'=>'banlist.php?mode=add&amp;submode=all',
    					'L.main_beam'=>$lng['edit_word'],
    					'L.edit_ban'=>$lng['banlist_add_all'],
		    			'L.user_name'=>$lng['user_name'],
					'L.motive' => $lng['motive'],
					'L.save'=>$lng['submit'],
					'L.reset'=>$lng['reset'],
					'L.ip.HELP' => $lng['banlist_info_2'],
					'L.user_name.HELP' => $lng['banlist_info_1']
					);
					Admin_Over::GenerateHeader();
					include('./template/banlist_edit_body.tpl');
					include('./template/overall_footer.tpl');
				}
				break;
			}
			//ban with file
			case 'file':
			{
	        		if (isset($_FILES['file'],$_POST['motive']))
				{
	    				$ban_uid = '-2'; 
	    				$ban_motive = strip_tags($_POST['motive']);
	    				$catalog = '../tmp/';
					if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))
					{
						message_die('GENERAL','Could not upload file.','');
					}
					$open = fopen($catalog.$_FILES['file']['name'],'r');
					$file = fread($open, filesize($catalog.$_FILES['file']['name']));
					$item = @explode("\n",$file);
	    				$bid = $bid = @mysql_fetch_array(DataBase::sql_query("SELECT 
		    			  `b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',
	     			  	     'Could not obtain last ban id'));
					$bid = $bid['b_id'];
					$bid = $bid +1; 
					for($i=0;$i<count($item);$i++)
					{    
						$ban_ip = $item[$i];
						$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid',  '$ban_ip', '$ban_motive')";
						DataBase::sql_query($sql,'GENERAL','Could not update add ban.');
						$bid = $bid +1;
					}	
					admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
				}
				else
				{
					$_POST['motive'] = '';
					$skin = array(
	    				'L.banlist'=>$lng['admin_banlist'],
					'action'=>'banlist.php?mode=add&amp;submode=file',
    					'L.main_beam'=>$lng['edit_word'],
    					'L.edit_ban'=>$lng['banlist_add_from_file'],
		    			'L.file_name'=>$lng['file_name'],
					'L.motive' => $lng['motive'],
					'L.save'=>$lng['submit'],
					'L.reset'=>$lng['reset'],
					'L.file.HELP' => $lng['banlist_info_3']
					);
					Admin_Over::GenerateHeader();
					include('./template/banlist_add_file_body.tpl');
					include('./template/overall_footer.tpl');
				}
				break;
			}
		}
		break;
	}
	case 'delete':
	{
   		$bid = $_GET['id'];
   		$sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
   		DataBase::sql_query($sql,'GENERAL','Could not delete banlist item.');
   		admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');
   		break;
	}
	case 'edit':
	{
		if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))
		{
	    		$ban_ip = strip_tags($_POST['ip']);
	    		$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2' 
  			: User::UserIdByNick(strip_tags($_POST['u_id']));
	    		$ban_motive = $_POST['motive'];
	    		if ($ban_uid==$_SESSION['uid'])
			{
				admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
			}
			else
			{
				if (User::UserInformation($ban_uid,'rank')==2)
				{
					admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
				}
			}
			if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
			{
				message_forum($lng['no_ban_me'],'banlist.php?mode=view');
			}
	    		$bid = intval($_GET['id']);
	    		$sql = "UPDATE ".BANLIST_TABLE." SET
		     	`IP`='$ban_ip', 
		     	`u_id`='$ban_uid', 
		     	`motive`='$ban_motive' 
			WHERE `b_id`='$bid'";
			DataBase::sql_query($sql,'GENERAL','Could not update ban.');	
			admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');
		}
		else
		{
    			$bid = $_GET['id'];
			$sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
    			$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain banlist item information');
			$result = @mysql_fetch_array($query);
			$_POST['ip']=$result['IP'];
			$_POST['motive'] = $result['motive'];
			$_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';
			$skin = array(
    			'L.banlist'=>$lng['admin_banlist'],
			'action'=>'banlist.php?mode=edit&id='.$bid,
    			'L.main_beam'=>$lng['edit_word'],
    			'L.edit_ban'=>$lng['banlist_edit_ban'],
    			'L.user_name'=>$lng['user_name'],
			'L.motive' => $lng['motive'],
			'L.reset'=>$lng['reset'],
			'L.save'=>$lng['submit'],
			'L.ip.HELP' => $lng['banlist_info_2'],
			'L.user_name.HELP' => $lng['banlist_info_1']
			);
			Admin_Over::GenerateHeader();
			include('./template/banlist_edit_body.tpl');
			include('./template/overall_footer.tpl');
		}
		break;
	}
	case 'clear':
	{
   		$sql = "TRUNCATE `".BANLIST_TABLE."`";
   		DataBase::sql_query($sql, 'GENERAL','Could not empty banlist');
   		admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');
	}	
 	case 'view':
 	{
    		$query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,'GENERAL','Could not obtain user information');
		while($result = @mysql_fetch_array($query))
		{
    			$user[$result['u_id']]['nick'] = $result['nick'];
		}
		$sql = "SELECT * FROM ".BANLIST_TABLE."";
    		$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain banlist items');
    		$skin=array(
		'L.banlist'=>$lng['admin_banlist'],
		'L.select_mode'=>$lng['what_do_you_want'],
		'L.add_user'=>$lng['banlist_add_user'],
		'L.add_ip'=>$lng['banlist_add_ip'],
		'L.add_all'=>$lng['banlist_add_all'],
		'L.add_file'=>$lng['banlist_add_from_file'],
		'L.clean_banlist' => $lng['banlist_clean']
		);
		Admin_Over::GenerateHeader();
    		include('./template/banlist_view_body.tpl');
		if (@mysql_num_rows($query)<1)
		{
    			echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"
			     class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';
		}
		else
		{
			while($item = @mysql_fetch_array($query))
    			{
				$skin = array(
				'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',
				'ip'=> $item['IP'],
				'motive' => $item['motive'],
				'b_id'=>$item['b_id'],
				'L.delete'=>$lng['delete'],
				'L.edit'=>$lng['edit']
				); 
				include('./template/banlist_item_add.tpl');
			}
		}
		echo '</table>';
		include('./template/overall_footer.tpl');
		break;
	}
	default:
	{
		header('Location: banlist.php?mode=view');	
		break;
	}
}
?>