<?php
|
|
/**
|
|
* @package uForum
|
|
* @file admin/banlist.php
|
|
* @version $Id$
|
|
* @copyright 2007-2010 (c) PioDer <[email protected]>
|
|
* @link http://www.pioder.pl/
|
|
* @license see LICENSE.txt
|
|
**/
|
|
define('IN_uF', true);
|
|
//include files
|
|
include('./../config.php');
|
|
include('./../includes/constants.php');
|
|
include('./../includes/db.php');
|
|
include('./../includes/errors.php');
|
|
include('./../includes/classes/class_pms.php');
|
|
//connect to database
|
|
DataBase::db_connect();
|
|
include('./../includes/sessions.php');
|
|
include('./../includes/classes/class_user.php');
|
|
include('./../common.php');
|
|
include('./../includes/admin/class_main.php');
|
|
include('./../includes/classes/class_forum.php');
|
|
include('./../includes/admin/class_forum.php');
|
|
include('./../includes/classes/secure.php');
|
|
include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');
|
|
SessDelInvalid();
|
|
SessRegister();
|
|
SessDeleteOld();
|
|
if (User::UserInformation($_SESSION['uid'],'rank')!=2)
|
|
{
|
|
admin_message_forum($lng['yournotadmin'],'../index.php');
|
|
}
|
|
if (!isset($_GET['mode']))
|
|
{
|
|
header('Location: banlist.php?mode=view');
|
|
}
|
|
|
|
switch($_GET['mode'])
|
|
{
|
|
case 'add':
|
|
{
|
|
switch($_GET['submode'])
|
|
{
|
|
//ban for user id only
|
|
case 'user':
|
|
{
|
|
if (isset($_POST['u_id'],$_POST['motive']))
|
|
{
|
|
$ban_ip = '0.0.0.0';
|
|
$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
|
|
: strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));
|
|
if ($ban_uid==$_SESSION['uid'])
|
|
{
|
|
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
if (User::UserInformation($ban_uid,'rank')==2)
|
|
{
|
|
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
|
|
}
|
|
}
|
|
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
|
|
{
|
|
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
$ban_motive = strip_tags($_POST['motive']);
|
|
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid', '$ban_ip', '$ban_motive')";
|
|
DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
|
|
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
$_POST['motive'] = '';
|
|
$_POST['u_id'] = 'No profile';
|
|
$skin = array(
|
|
'L.banlist'=>$lng['admin_banlist'],
|
|
'action'=>'banlist.php?mode=add&submode=user',
|
|
'L.edit_ban'=>$lng['banlist_add_user'],
|
|
'L.user_name'=>$lng['user_name'],
|
|
'L.motive' => $lng['motive'],
|
|
'L.save'=>$lng['submit'],
|
|
'L.reset'=>$lng['reset'],
|
|
'L.user_name.HELP' => $lng['banlist_info_1']
|
|
);
|
|
Admin_Over::GenerateHeader();
|
|
include('./template/banlist_add_user_body.tpl');
|
|
include('./template/overall_footer.tpl');
|
|
}
|
|
break;
|
|
}
|
|
//ban for ip only
|
|
case 'ip':
|
|
{
|
|
if (isset($_POST['ip'],$_POST['motive']))
|
|
{
|
|
$ban_ip = strip_tags($_POST['ip']);
|
|
$ban_uid = '-2';
|
|
$ban_motive = strip_tags($_POST['motive']);
|
|
if ($ban_uid==$_SESSION['uid'])
|
|
{
|
|
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
if (User::UserInformation($ban_uid,'rank')==2)
|
|
{
|
|
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
|
|
}
|
|
}
|
|
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
|
|
{
|
|
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
$bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT
|
|
`b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
|
|
'Could not obtain last ban id'));
|
|
$bid = $bid['b_id'];
|
|
$bid = $bid +1;
|
|
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
|
|
DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
|
|
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
$_POST['ip']='0.0.0.0';
|
|
$_POST['motive'] = '';
|
|
$skin = array(
|
|
'L.banlist'=>$lng['admin_banlist'],
|
|
'action'=>'banlist.php?mode=add&submode=ip',
|
|
'L.edit_ban'=>$lng['banlist_add_ip'],
|
|
'L.user_name'=>$lng['user_name'],
|
|
'L.motive' => $lng['motive'],
|
|
'L.save'=>$lng['submit'],
|
|
'L.reset'=>$lng['reset'],
|
|
'L.ip.HELP' => $lng['banlist_info_2'],
|
|
'L.user_name.HELP' => $lng['banlist_info_1']
|
|
);
|
|
Admin_Over::GenerateHeader();
|
|
include('./template/banlist_add_ip_body.tpl');
|
|
include('./template/overall_footer.tpl');
|
|
}
|
|
break;
|
|
}
|
|
//ban for ip & user id
|
|
case 'all':
|
|
{
|
|
if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))
|
|
{
|
|
$ban_ip = strip_tags($_POST['ip']);
|
|
$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
|
|
: User::UserIdByNick(strip_tags($_POST['u_id']));
|
|
$ban_motive = strip_tags($_POST['motive']);
|
|
if ($ban_uid==$_SESSION['uid'])
|
|
{
|
|
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
if (User::UserInformation($ban_uid,'rank')==2)
|
|
{
|
|
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
|
|
}
|
|
}
|
|
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
|
|
{
|
|
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
$bid =$bid = DataBase::fetch(DataBase::sql_query("SELECT
|
|
`b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
|
|
'Could not obtain last ban id'));
|
|
$bid = $bid['b_id'];
|
|
$bid = $bid +1;
|
|
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
|
|
DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
|
|
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
$_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';
|
|
$_POST['motive'] = '';
|
|
$_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';
|
|
$skin = array(
|
|
'L.banlist'=>$lng['admin_banlist'],
|
|
'action'=>'banlist.php?mode=add&submode=all',
|
|
'L.main_beam'=>$lng['edit_word'],
|
|
'L.edit_ban'=>$lng['banlist_add_all'],
|
|
'L.user_name'=>$lng['user_name'],
|
|
'L.motive' => $lng['motive'],
|
|
'L.save'=>$lng['submit'],
|
|
'L.reset'=>$lng['reset'],
|
|
'L.ip.HELP' => $lng['banlist_info_2'],
|
|
'L.user_name.HELP' => $lng['banlist_info_1']
|
|
);
|
|
Admin_Over::GenerateHeader();
|
|
include('./template/banlist_edit_body.tpl');
|
|
include('./template/overall_footer.tpl');
|
|
}
|
|
break;
|
|
}
|
|
//ban with file
|
|
case 'file':
|
|
{
|
|
if (isset($_FILES['file'],$_POST['motive']))
|
|
{
|
|
$ban_uid = '-2';
|
|
$ban_motive = strip_tags($_POST['motive']);
|
|
$catalog = '../tmp/';
|
|
if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))
|
|
{
|
|
message_die(GENERAL,'Could not upload file.','');
|
|
}
|
|
$open = fopen($catalog.$_FILES['file']['name'],'r');
|
|
$file = fread($open, filesize($catalog.$_FILES['file']['name']));
|
|
$item = @explode("\n",$file);
|
|
$bid = $bid = DataBase::fetch(DataBase::sql_query("SELECT
|
|
`b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",GENERAL,
|
|
'Could not obtain last ban id'));
|
|
$bid = $bid['b_id'];
|
|
$bid = $bid +1;
|
|
for($i=0;$i<count($item);$i++)
|
|
{
|
|
$ban_ip = $item[$i];
|
|
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
|
|
DataBase::sql_query($sql,GENERAL,'Could not update add ban.');
|
|
$bid = $bid +1;
|
|
}
|
|
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
$_POST['motive'] = '';
|
|
$skin = array(
|
|
'L.banlist'=>$lng['admin_banlist'],
|
|
'action'=>'banlist.php?mode=add&submode=file',
|
|
'L.main_beam'=>$lng['edit_word'],
|
|
'L.edit_ban'=>$lng['banlist_add_from_file'],
|
|
'L.file_name'=>$lng['file_name'],
|
|
'L.motive' => $lng['motive'],
|
|
'L.save'=>$lng['submit'],
|
|
'L.reset'=>$lng['reset'],
|
|
'L.file.HELP' => $lng['banlist_info_3']
|
|
);
|
|
Admin_Over::GenerateHeader();
|
|
include('./template/banlist_add_file_body.tpl');
|
|
include('./template/overall_footer.tpl');
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
case 'delete':
|
|
{
|
|
$bid = $_GET['id'];
|
|
$sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
|
|
DataBase::sql_query($sql,GENERAL,'Could not delete banlist item.');
|
|
admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');
|
|
break;
|
|
}
|
|
case 'edit':
|
|
{
|
|
if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))
|
|
{
|
|
$ban_ip = strip_tags($_POST['ip']);
|
|
$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2'
|
|
: User::UserIdByNick(strip_tags($_POST['u_id']));
|
|
$ban_motive = $_POST['motive'];
|
|
if ($ban_uid==$_SESSION['uid'])
|
|
{
|
|
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
if (User::UserInformation($ban_uid,'rank')==2)
|
|
{
|
|
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
|
|
}
|
|
}
|
|
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
|
|
{
|
|
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
|
|
}
|
|
$bid = intval($_GET['id']);
|
|
$sql = "UPDATE ".BANLIST_TABLE." SET
|
|
`IP`='$ban_ip',
|
|
`u_id`='$ban_uid',
|
|
`motive`='$ban_motive'
|
|
WHERE `b_id`='$bid'";
|
|
DataBase::sql_query($sql,GENERAL,'Could not update ban.');
|
|
admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');
|
|
}
|
|
else
|
|
{
|
|
$bid = $_GET['id'];
|
|
$sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
|
|
$query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist item information');
|
|
$result = DataBase::fetch($query);
|
|
$_POST['ip']=$result['IP'];
|
|
$_POST['motive'] = $result['motive'];
|
|
$_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';
|
|
$skin = array(
|
|
'L.banlist'=>$lng['admin_banlist'],
|
|
'action'=>'banlist.php?mode=edit&id='.$bid,
|
|
'L.main_beam'=>$lng['edit_word'],
|
|
'L.edit_ban'=>$lng['banlist_edit_ban'],
|
|
'L.user_name'=>$lng['user_name'],
|
|
'L.motive' => $lng['motive'],
|
|
'L.reset'=>$lng['reset'],
|
|
'L.save'=>$lng['submit'],
|
|
'L.ip.HELP' => $lng['banlist_info_2'],
|
|
'L.user_name.HELP' => $lng['banlist_info_1']
|
|
);
|
|
Admin_Over::GenerateHeader();
|
|
include('./template/banlist_edit_body.tpl');
|
|
include('./template/overall_footer.tpl');
|
|
}
|
|
break;
|
|
}
|
|
case 'clear':
|
|
{
|
|
$sql = "TRUNCATE `".BANLIST_TABLE."`";
|
|
DataBase::sql_query($sql, GENERAL,'Could not empty banlist');
|
|
admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');
|
|
}
|
|
case 'view':
|
|
{
|
|
$query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,GENERAL,'Could not obtain user information');
|
|
while($result = DataBase::fetch($query))
|
|
{
|
|
$user[$result['u_id']]['nick'] = $result['nick'];
|
|
}
|
|
$sql = "SELECT * FROM ".BANLIST_TABLE."";
|
|
$query = DataBase::sql_query($sql,CRITICAL,'Could not obtain banlist items');
|
|
$skin=array(
|
|
'L.banlist'=>$lng['admin_banlist'],
|
|
'L.select_mode'=>$lng['what_do_you_want'],
|
|
'L.add_user'=>$lng['banlist_add_user'],
|
|
'L.add_ip'=>$lng['banlist_add_ip'],
|
|
'L.add_all'=>$lng['banlist_add_all'],
|
|
'L.add_file'=>$lng['banlist_add_from_file'],
|
|
'L.clean_banlist' => $lng['banlist_clean']
|
|
);
|
|
Admin_Over::GenerateHeader();
|
|
include('./template/banlist_view_body.tpl');
|
|
if (DataBase::num_rows($query)<1)
|
|
{
|
|
echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"
|
|
class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';
|
|
}
|
|
else
|
|
{
|
|
while($item = DataBase::fetch($query))
|
|
{
|
|
$skin = array(
|
|
'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',
|
|
'ip'=> $item['IP'],
|
|
'motive' => $item['motive'],
|
|
'b_id'=>$item['b_id'],
|
|
'L.delete'=>$lng['delete'],
|
|
'L.edit'=>$lng['edit']
|
|
);
|
|
include('./template/banlist_item_add.tpl');
|
|
}
|
|
}
|
|
echo '</table>';
|
|
include('./template/overall_footer.tpl');
|
|
break;
|
|
}
|
|
default:
|
|
{
|
|
header('Location: banlist.php?mode=view');
|
|
break;
|
|
}
|
|
}
|
|
?>
|