A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

377 lines
13 KiB

<?php
/**
* @package uForum
* @file admin/banlist.php
* @version $Id$
* @copyright 2009(c) PioDer <[email protected]>
* @link http://pioder.gim2przemysl.int.pl/
* @license GNU GPL v3
**/
define('IN_uF', true);
//include files
include('./../config.php');
include('./../includes/constants.php');
include('./../includes/db.php');
include('./../includes/errors.php');
include('./../includes/classes/class_pms.php');
//connect to database
DataBase::db_connect();
include('./../includes/sessions.php');
include('./../includes/classes/class_user.php');
include('./../common.php');
include('./../includes/admin/class_main.php');
include('./../includes/classes/class_forum.php');
include('./../includes/admin/class_forum.php');
include('./../includes/classes/secure.php');
include('./../lngs/'.Admin_Over::DefaultLang().'/admin.php');
SessDelInvalid();
SessRegister();
SessDeleteOld();
if (User::UserInformation($_SESSION['uid'],'rank')!=2)
{
admin_message_forum($lng['yournotadmin'],'../index.php');
}
if (!isset($_GET['mode']))
{
header('Location: banlist.php?mode=view');
}
switch($_GET['mode'])
{
case 'add':
{
switch($_GET['submode'])
{
//ban for user id only
case 'user':
{
if (isset($_POST['u_id'],$_POST['motive']))
{
$ban_ip = '0.0.0.0';
$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
: strip_tags(User::UserIdByNick(strip_tags($_POST['u_id'])));
if ($ban_uid==$_SESSION['uid'])
{
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
else
{
if (User::UserInformation($ban_uid,'rank')==2)
{
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
}
}
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
{
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
$ban_motive = strip_tags($_POST['motive']);
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('', '$ban_uid', '$ban_ip', '$ban_motive')";
DataBase::sql_query($sql,'GENERAL','Could not update add ban.');
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
}
else
{
$_POST['motive'] = '';
$_POST['u_id'] = 'No profile';
$skin = array(
'L.banlist'=>$lng['admin_banlist'],
'action'=>'banlist.php?mode=add&amp;submode=user',
'L.edit_ban'=>$lng['banlist_add_user'],
'L.user_name'=>$lng['user_name'],
'L.motive' => $lng['motive'],
'L.save'=>$lng['submit'],
'L.reset'=>$lng['reset'],
'L.user_name.HELP' => $lng['banlist_info_1']
);
Admin_Over::GenerateHeader();
include('./template/banlist_add_user_body.tpl');
include('./template/overall_footer.tpl');
}
break;
}
//ban for ip only
case 'ip':
{
if (isset($_POST['ip'],$_POST['motive']))
{
$ban_ip = strip_tags($_POST['ip']);
$ban_uid = '-2';
$ban_motive = strip_tags($_POST['motive']);
if ($ban_uid==$_SESSION['uid'])
{
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
else
{
if (User::UserInformation($ban_uid,'rank')==2)
{
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
}
}
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
{
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
$bid =$bid = @mysql_fetch_array(DataBase::sql_query("SELECT
`b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',
'Could not obtain last ban id'));
$bid = $bid['b_id'];
$bid = $bid +1;
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
DataBase::sql_query($sql,'GENERAL','Could not update add ban.');
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
}
else
{
$_POST['ip']='0.0.0.0';
$_POST['motive'] = '';
$skin = array(
'L.banlist'=>$lng['admin_banlist'],
'action'=>'banlist.php?mode=add&amp;submode=ip',
'L.edit_ban'=>$lng['banlist_add_ip'],
'L.user_name'=>$lng['user_name'],
'L.motive' => $lng['motive'],
'L.save'=>$lng['submit'],
'L.reset'=>$lng['reset'],
'L.ip.HELP' => $lng['banlist_info_2'],
'L.user_name.HELP' => $lng['banlist_info_1']
);
Admin_Over::GenerateHeader();
include('./template/banlist_add_ip_body.tpl');
include('./template/overall_footer.tpl');
}
break;
}
//ban for ip & user id
case 'all':
{
if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive']))
{
$ban_ip = strip_tags($_POST['ip']);
$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']=='No profile') || ($_POST['u_id']=='Guest')) ? '-2'
: User::UserIdByNick(strip_tags($_POST['u_id']));
$ban_motive = strip_tags($_POST['motive']);
if ($ban_uid==$_SESSION['uid'])
{
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
else
{
if (User::UserInformation($ban_uid,'rank')==2)
{
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
}
}
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
{
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
$bid =$bid = @mysql_fetch_array(DataBase::sql_query("SELECT
`b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',
'Could not obtain last ban id'));
$bid = $bid['b_id'];
$bid = $bid +1;
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
DataBase::sql_query($sql,'GENERAL','Could not update add ban.');
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
}
else
{
$_POST['ip']= (isset($_GET['ip'])) ? strip_tags($_GET['ip']) : '0.0.0.0';
$_POST['motive'] = '';
$_POST['u_id'] = (isset($_GET['uid'])) ? User::UserInformation(intval($_GET['uid']),'nick') : 'No profile';
$skin = array(
'L.banlist'=>$lng['admin_banlist'],
'action'=>'banlist.php?mode=add&amp;submode=all',
'L.main_beam'=>$lng['edit_word'],
'L.edit_ban'=>$lng['banlist_add_all'],
'L.user_name'=>$lng['user_name'],
'L.motive' => $lng['motive'],
'L.save'=>$lng['submit'],
'L.reset'=>$lng['reset'],
'L.ip.HELP' => $lng['banlist_info_2'],
'L.user_name.HELP' => $lng['banlist_info_1']
);
Admin_Over::GenerateHeader();
include('./template/banlist_edit_body.tpl');
include('./template/overall_footer.tpl');
}
break;
}
//ban with file
case 'file':
{
if (isset($_FILES['file'],$_POST['motive']))
{
$ban_uid = '-2';
$ban_motive = strip_tags($_POST['motive']);
$catalog = '../tmp/';
if(!move_uploaded_file($_FILES['file']['tmp_name'], $catalog.$_FILES['file']['name']))
{
message_die('GENERAL','Could not upload file.','');
}
$open = fopen($catalog.$_FILES['file']['name'],'r');
$file = fread($open, filesize($catalog.$_FILES['file']['name']));
$item = @explode("\n",$file);
$bid = $bid = @mysql_fetch_array(DataBase::sql_query("SELECT
`b_id` FROM ".BANLIST_TABLE." ORDER BY `b_id` DESC",'GENERAL',
'Could not obtain last ban id'));
$bid = $bid['b_id'];
$bid = $bid +1;
for($i=0;$i<count($item);$i++)
{
$ban_ip = $item[$i];
$sql = "INSERT INTO ".BANLIST_TABLE." VALUES ('$bid', '$ban_uid', '$ban_ip', '$ban_motive')";
DataBase::sql_query($sql,'GENERAL','Could not update add ban.');
$bid = $bid +1;
}
admin_message_forum($lng['ban_added'],'banlist.php?mode=view');
}
else
{
$_POST['motive'] = '';
$skin = array(
'L.banlist'=>$lng['admin_banlist'],
'action'=>'banlist.php?mode=add&amp;submode=file',
'L.main_beam'=>$lng['edit_word'],
'L.edit_ban'=>$lng['banlist_add_from_file'],
'L.file_name'=>$lng['file_name'],
'L.motive' => $lng['motive'],
'L.save'=>$lng['submit'],
'L.reset'=>$lng['reset'],
'L.file.HELP' => $lng['banlist_info_3']
);
Admin_Over::GenerateHeader();
include('./template/banlist_add_file_body.tpl');
include('./template/overall_footer.tpl');
}
break;
}
}
break;
}
case 'delete':
{
$bid = $_GET['id'];
$sql = "DELETE FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
DataBase::sql_query($sql,'GENERAL','Could not delete banlist item.');
admin_message_forum($lng['ban_deleted'],'banlist.php?mode=view');
break;
}
case 'edit':
{
if (isset($_POST['ip'],$_POST['u_id'],$_POST['motive'],$_GET['id']))
{
$ban_ip = strip_tags($_POST['ip']);
$ban_uid = (($_POST['u_id']=='') || ($_POST['u_id']!='No profile') || ($_POST['u_id']!='Guest')) ? '-2'
: User::UserIdByNick(strip_tags($_POST['u_id']));
$ban_motive = $_POST['motive'];
if ($ban_uid==$_SESSION['uid'])
{
admin_message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
else
{
if (User::UserInformation($ban_uid,'rank')==2)
{
admin_message_forum($lng['no_ban_admin'],'banlist.php?mode=view');
}
}
if (($ban_ip=='127.0.0.1') || ($ban_ip==$_SERVER['REQUEST_URI']))
{
message_forum($lng['no_ban_me'],'banlist.php?mode=view');
}
$bid = intval($_GET['id']);
$sql = "UPDATE ".BANLIST_TABLE." SET
`IP`='$ban_ip',
`u_id`='$ban_uid',
`motive`='$ban_motive'
WHERE `b_id`='$bid'";
DataBase::sql_query($sql,'GENERAL','Could not update ban.');
admin_message_forum($lng['ban_edited'],'banlist.php?mode=view');
}
else
{
$bid = $_GET['id'];
$sql = "SELECT * FROM ".BANLIST_TABLE." WHERE `b_id`='$bid'";
$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain banlist item information');
$result = @mysql_fetch_array($query);
$_POST['ip']=$result['IP'];
$_POST['motive'] = $result['motive'];
$_POST['u_id'] = ($result['u_id']>0) ? User::UserInformation($result['u_id'],'nick') : 'No profile';
$skin = array(
'L.banlist'=>$lng['admin_banlist'],
'action'=>'banlist.php?mode=edit&id='.$bid,
'L.main_beam'=>$lng['edit_word'],
'L.edit_ban'=>$lng['banlist_edit_ban'],
'L.user_name'=>$lng['user_name'],
'L.motive' => $lng['motive'],
'L.reset'=>$lng['reset'],
'L.save'=>$lng['submit'],
'L.ip.HELP' => $lng['banlist_info_2'],
'L.user_name.HELP' => $lng['banlist_info_1']
);
Admin_Over::GenerateHeader();
include('./template/banlist_edit_body.tpl');
include('./template/overall_footer.tpl');
}
break;
}
case 'clear':
{
$sql = "TRUNCATE `".BANLIST_TABLE."`";
DataBase::sql_query($sql, 'GENERAL','Could not empty banlist');
admin_message_forum($lng['banlist_cleanout'],'banlist.php?mode=view');
}
case 'view':
{
$query = DataBase::sql_query("SELECT `u_id`, `nick` FROM ".USERS_TABLE,'GENERAL','Could not obtain user information');
while($result = @mysql_fetch_array($query))
{
$user[$result['u_id']]['nick'] = $result['nick'];
}
$sql = "SELECT * FROM ".BANLIST_TABLE."";
$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain banlist items');
$skin=array(
'L.banlist'=>$lng['admin_banlist'],
'L.select_mode'=>$lng['what_do_you_want'],
'L.add_user'=>$lng['banlist_add_user'],
'L.add_ip'=>$lng['banlist_add_ip'],
'L.add_all'=>$lng['banlist_add_all'],
'L.add_file'=>$lng['banlist_add_from_file'],
'L.clean_banlist' => $lng['banlist_clean']
);
Admin_Over::GenerateHeader();
include('./template/banlist_view_body.tpl');
if (@mysql_num_rows($query)<1)
{
echo '<tr><td width="'.TABLES_WIDTH.'" colspan="5" height="19"
class="fitem"><p class="fstandard" align="center">'.$lng['banlist_no_items'].'!</p></td></tr>';
}
else
{
while($item = @mysql_fetch_array($query))
{
$skin = array(
'user_name'=>($item['u_id']>-1) ? $user[$item['u_id']]['nick'] : 'No profile',
'ip'=> $item['IP'],
'motive' => $item['motive'],
'b_id'=>$item['b_id'],
'L.delete'=>$lng['delete'],
'L.edit'=>$lng['edit']
);
include('./template/banlist_item_add.tpl');
}
}
echo '</table>';
include('./template/overall_footer.tpl');
break;
}
default:
{
header('Location: banlist.php?mode=view');
break;
}
}
?>