pioder
/
uf2
1
0
Fork 0
Code Releases 0 Activity
A new, object-oriented, better vesion of μForum
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
392 KiB
Tree: 5899fffb29
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5899fffb29'
${ noResults }
uf2/inc/controllers/AdminController.class.php

611 lines
19 KiB
Raw Normal View History

initial commit with snapshot 20140213
10 years ago
implemented buildURL() function (and fixed redirecting on https page) added comments block (file description) in each PHP file
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
improved password generating method (salt + SHA-256)
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
deleted avatars fixed deleting avatars while user deleting
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
replaced strip_tags() by htmlspecialchars() in most of POST variables added stripslashes() to POST variables while form is not sent
10 years ago
initial commit with snapshot 20140213
10 years ago
 
  1. <?php
  2. /** 
  3. * @package		uForum2
  4. * @file		inc/controllers/AdminController.class.php
  5. * @copyright	2007-2015 (c) PioDer <piotrek@pioder.pl>
  6. * @link    		http://www.pioder.pl/
  7. * @license		see LICENSE.txt
  8. **/
  9. 

  10. require ('./inc/controller.class.php');
  11. 

  12. class AdminController extends Controller
  13. {
  14. 

  15. 	public function loadDefault()
  16. 	{
  17. 		$this->main();
  18. 	}
  19. 	
  20. 	private function loadDependencies() // zależności (sesje itp)

  21. 	{
  22. 		$this->loadModel('SessionModel'); //aktywacja sesji

  23. 		$this->loadModel('ConfigModel'); //konfiguracja ogólna skryptu

  24. 		$this->loadView('MainView');
  25. 		$this->getView('MainView')->putExistingModel('SessionModel', $this->getModel('SessionModel'));
  26. 		$this->getView('MainView')->putExistingModel('ConfigModel', $this->getModel('ConfigModel'));
  27. 		
  28. 		if ($_SERVER['REQUEST_SCHEME'] == 'http')
  29. 			$this->forward(buildURL($_SERVER['REQUEST_URI']));
  30. 		
  31. 		if (!$this->getModel('SessionModel')->isLogged())
  32. 		{
  33. 			$this->getView('MainView')->forum_message('You are not logged.', 'index.php?mode=login', true);
  34. 			$lockv = true;
  35. 		}
  36. 		
  37. 		if ($this->getModel('SessionModel')->getRank() == RANK_USER && !isset($lockv))
  38. 		{
  39. 			$this->getView('MainView')->forum_message('You are not admin', 'index.php');
  40. 			$lockv = true;
  41. 		}
  42. 		
  43. 		if (!isset($lockv))
  44. 			return true;
  45. 		else
  46. 			return false;
  47. 	} 
  48. 		
  49. 	public function main()
  50. 	{
  51. 		if ($this->loadDependencies())
  52. 		{
  53. 			$this->getView('MainView')->admin_main();
  54. 		}
  55. 	}
  56. 	
  57. 	public function eduser()
  58. 	{
  59. 		if ($this->loadDependencies())
  60. 		{
  61. 			$this->loadModel('UsersModel');
  62. 			$user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id'], true);
  63. 		
  64. 			if ($user_info == null)
  65. 			{
  66. 				$this->getView('MainView')->forum_message('User does not exist!', 'index.php?mode=admin&amp;submode=users'); 
  67. 				$lockv = true;
  68. 			}
  69. 			else
  70. 			{
  71. 				$msg = '';
  72. 				if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
  73. 				{
  74. 					//secure pools

  75. 					$_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
  76. 					$_POST['passwd'] = trim($_POST['passwd']);
  77. 					$_POST['passwd_confirm'] = trim($_POST['passwd_confirm']);
  78. 					$_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
  79. 					$_POST['location'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['location'])));
  80. 					$_POST['signature'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['signature'])));
  81. 					$_POST['user_rank'] = trim(strip_tags($this->db->real_escape_string($_POST['user_rank'])));
  82. 		
  83. 					if ($_POST['passwd'] != '')
  84. 					{
  85. 						if (strlen($_POST['passwd']) < 8)
  86. 							$msg .= 'Password is too short (min 8 characters)<br>';	
  87. 						
  88. 						if ($_POST['passwd'] != $_POST['passwd_confirm'])
  89. 							$msg .= 'Password do not match!<br>';
  90. 					}
  91. 					
  92. 					if ($_GET['id'] == $this->getModel('SessionModel')->getID() && $_POST['user_rank'] != RANK_ADMIN)
  93. 					{
  94. 						$msg .= 'You cannot set rank for your profile<br>';
  95. 						$_POST['user_rank'] = RANK_ADMIN;
  96. 					}
  97. 					
  98. 					if ($this->getModel('UsersModel')->nickExists($_POST['nick']) == true && $_POST['nick'] != $user_info['nick'])
  99. 						$msg .= 'Nick is in use. Type another one.<br>';
  100. 						
  101. 					if (strlen($_POST['nick']) < 3)
  102. 						$msg .= 'Nick is too short (min 3 characters)<br>';	
  103. 					
  104. 					if ($_POST['user_rank'] > RANK_ADMIN || $_POST['user_rank'] < RANK_USER)
  105. 						$msg .= 'Rank is not valid!<br>';
  106. 					
  107. 					//check if avatar is uploaded

  108. 					if ($_FILES['avatar']['tmp_name'] != null)
  109. 					{
  110. 						global $allowed_avatars;
  111. 						$image_size = @getimagesize($_FILES['avatar']['tmp_name']);
  112. 

  113. 						if ($image_size == null)
  114. 							$msg .= 'Type of uploaded file are not allowed.<br>';
  115. 						else
  116. 							if (!in_array($image_size['mime'], $allowed_avatars))
  117. 								$msg .= 'Type of uploaded avatar is not supported.<br>';
  118. 							else
  119. 								if ($image_size[0] > 120 || $image_size[1] > 150)
  120. 									$msg .= 'Uploaded avatar is too big (maximum 120x150 px).<br>';
  121. 					}
  122. 				
  123. 					if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  124. 						$msg .= 'Email is incorrect<br>';
  125. 				
  126. 					if ($msg == '')
  127. 					{
  128. 						if ($_FILES['avatar']['tmp_name'] != null && !isset($_POST['delete_avatar'])) //change an avatar

  129. 						{
  130. 							if ($user_info['avatar'] != '')
  131. 								unlink('./'.$user_info['avatar']);
  132. 							
  133. 							$ext = pathinfo($_FILES['avatar']['name'], PATHINFO_EXTENSION);
  134. 							$av = 'images/avatars/'.$this->getModel('SessionModel')->getID().'.'.$ext;
  135. 							move_uploaded_file($_FILES['avatar']['tmp_name'], './'.$av); 
  136. 						}
  137. 						else
  138. 							if (isset($_POST['delete_avatar']))
  139. 							{
  140. 								unlink('./'.$user_info['avatar']);
  141. 								$av = '';
  142. 							}
  143. 							else
  144. 								$av = $user_info['avatar']; //if new avatar is not set

  145. 					
  146. 						if ($_POST['passwd'] != '')
  147. 							$this->getModel('UsersModel')->changeUserPassword($_GET['id'], $user_info['nick'], $_POST['passwd']);
  148. 						
  149. 						$this->getModel('UsersModel')->changeUserRank($_GET['id'], $_POST['user_rank']);
  150. 						$this->getModel('UsersModel')->updateUserProfile($_GET['id'], $_POST['nick'], $_POST['email'], $_POST['location'], $_POST['signature'], $av);
  151. 						$this->getView('MainView')->forum_message('User profile has changed.', 'index.php?mode=admin&amp;submode=users');
  152. 						$lockv = true;
  153. 

  154. 					}
  155. 				}			
  156. 			
  157. 				$_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : $user_info['nick'];
  158. 				$_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : $user_info['email'];
  159. 				$_POST['location'] = (isset($_POST['location'])) ? stripslashes($_POST['location']) : $user_info['location'];
  160. 				$_POST['signature'] = (isset($_POST['signature'])) ? stripslashes($_POST['signature']) : $user_info['signature'];
  161. 				$_POST['user_rank'] = (isset($_POST['user_rank'])) ? $_POST['user_rank'] : $user_info['rank'];
  162. 	
  163. 				$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
  164. 		
  165. 				if (!isset($lockv))
  166. 					$this->getView('MainView')->edprofile_form($msg, true);
  167. 			}
  168. 		}
  169. 	}
  170. 	
  171. 	public function users()
  172. 	{
  173. 		if ($this->loadDependencies())
  174. 		{
  175. 			if (isset($_GET['rank']))
  176. 			{
  177. 				switch ($_GET['rank'])
  178. 				{
  179. 					case 'admin':
  180. 						$_GET['rank'] = RANK_ADMIN;
  181. 						break;
  182. 					case 'mod':
  183. 						$_GET['rank'] = RANK_MOD;
  184. 						break;
  185. 					case 'user':
  186. 						$_GET['rank'] = RANK_USER;
  187. 						break;
  188. 					default:
  189. 						$_GET['rank'] = '';
  190. 						break;
  191. 				}
  192. 			}
  193. 			else
  194. 				$_GET['rank'] = '';	
  195. 				
  196. 			$_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate';
  197. 			$allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count');
  198. 			if (!in_array($_POST['sort_type'], $allowed_sorting))
  199. 				$_POST['sort_type'] = '';
  200. 			$_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC';
  201. 		
  202. 			$this->getView('MainView')->admin_userlist();
  203. 		}
  204. 		
  205. 	}
  206. 	
  207. 	public function deluser()
  208. 	{
  209. 		if ($this->loadDependencies())
  210. 		{
  211. 			$this->loadModel('UsersModel');
  212. 			$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
  213. 		
  214. 			$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  215. 		
  216. 			$user_info = $this->getModel('UsersModel')->getUserInformation($_GET['id']);
  217. 			if ($user_info == null)
  218. 			{
  219. 				$this->getView('MainView')->forum_message('User does not exist!', 'index.php?mode=admin&amp;submode=users'); 
  220. 				$lockv = true;
  221. 			}
  222. 			else
  223. 			{
  224. 				if ($_GET['id'] == $this->getModel('SessionModel')->getID())
  225. 				{
  226. 					$this->getView('MainView')->forum_message('You cannot delete own profile!', 'index.php?mode=admin&amp;submode=users'); 
  227. 					$lockv = true;
  228. 				}
  229. 			}
  230. 			
  231. 

  232. 			if (isset($_POST['confirmed']) && !isset($lockv))
  233. 			{
  234. 				if (!isset($_POST['rejected']))
  235. 				{ 
  236. 					$this->getModel('UsersModel')->deleteUser($_GET['id']);
  237. 					if ($user_info['avatar'] != null) //delete user's avatar

  238. 						unlink('./'.$user_info['avatar']);
  239. 					$this->getView('MainView')->forum_message('Profile deleted. Redirecting to users list...', 'index.php?mode=admin&amp;submode=users'); 
  240. 					$lockv = true;
  241. 				}
  242. 				else
  243. 				{
  244. 					$this->forward('index.php?mode=admin&submode=users');
  245. 				}
  246. 			}
  247. 			
  248. 			if (!isset($lockv))
  249. 				$this->getView('MainView')->confirm_action('Do you want delete user <span style="font-weight: bold">'.$user_info['nick'].'</span>? This operation cannot undone.');
  250. 		}
  251. 	}
  252. 	
  253. 	public function config()
  254. 	{
  255. 		if ($this->loadDependencies())
  256. 		{
  257. 			$msg = '';
  258. 			
  259. 			if (isset($_POST['forum_name'], $_POST['forum_desc']))
  260. 			{
  261. 				$_POST['forum_name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['forum_name'])));
  262. 				$_POST['forum_desc'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['forum_desc'])));
  263. 				
  264. 				if (strlen($_POST['forum_name']) < 3)
  265. 				{
  266. 					$msg .= 'Forum name is too short (min 3 characters)!<br>';
  267. 				}
  268. 				
  269. 				if (strlen($_POST['forum_name']) > 30)
  270. 				{
  271. 					$msg .= 'Forum name is too long (max 30 characters)!<br>';
  272. 				}
  273. 				
  274. 				if (strlen($_POST['forum_desc']) > 50)
  275. 				{
  276. 					$msg .= 'Forum description is too long (max 50 characters)!<br>';
  277. 				}
  278. 				
  279. 				if ($msg == '')
  280. 				{
  281. 					if ($_POST['forum_name'] !=  $this->getModel('ConfigModel')->getConf('forum_name'))
  282. 						$this->getModel('ConfigModel')->updateConf('forum_name', $_POST['forum_name']);
  283. 						
  284. 					if ($_POST['forum_desc'] !=  $this->getModel('ConfigModel')->getConf('forum_desc'))
  285. 						$this->getModel('ConfigModel')->updateConf('forum_desc', $_POST['forum_desc']);
  286. 					
  287. 					$this->getView('MainView')->forum_message('Forum configuration updated. Redirecting...', 'index.php?mode=admin&amp;submode=config'); 
  288. 					$lockv = true;
  289. 				}
  290. 			}
  291. 			
  292. 			$_POST['forum_name'] = (isset($_POST['forum_name'])) ? stripslashes($_POST['forum_name']) : $this->getModel('ConfigModel')->getConf('forum_name');
  293. 			$_POST['forum_desc'] = (isset($_POST['forum_desc'])) ? stripslashes($_POST['forum_desc']) : $this->getModel('ConfigModel')->getConf('forum_desc');
  294. 			if (!isset($lockv))
  295. 			{
  296. 				$this->getView('MainView')->admin_config($msg);
  297. 			}
  298. 		}
  299. 	}
  300. 	
  301. 	public function forums()
  302. 	{
  303. 		if ($this->loadDependencies())
  304. 		{
  305. 			$this->getView('MainView')->admin_forums();
  306. 		}
  307. 	}
  308. 	
  309. 	public function addcat()
  310. 	{
  311. 		if ($this->loadDependencies())
  312. 		{
  313. 			$this->modify_cat('add');
  314. 		}
  315. 	}
  316. 	
  317. 	public function edcat()
  318. 	{
  319. 		if ($this->loadDependencies())
  320. 		{
  321. 			$this->modify_cat('edit');
  322. 		}
  323. 	}
  324. 	
  325. 	public function addforum()
  326. 	{
  327. 		if ($this->loadDependencies())
  328. 		{
  329. 			$this->modify_forum('add');
  330. 		}
  331. 	}
  332. 	
  333. 	public function edforum()
  334. 	{
  335. 		if ($this->loadDependencies())
  336. 		{
  337. 			$this->modify_forum('edit');
  338. 		}
  339. 	}
  340. 	
  341. 	public function delforum()
  342. 	{
  343. 		if ($this->loadDependencies())
  344. 		{
  345. 			$this->loadModel('ForumsModel');
  346. 			$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  347. 			$forum_info = $this->getModel('ForumsModel')->getForum($_GET['id']);
  348. 			
  349. 			if ($forum_info == null)
  350. 			{
  351. 				$this->getView('MainView')->forum_message('Forum does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
  352. 				$lockv = true;
  353. 			}
  354. 

  355. 			if (isset($_POST['confirmed']) && !isset($lockv))
  356. 			{
  357. 				if (!isset($_POST['rejected']))
  358. 				{
  359. 					$this->getModel('ForumsModel')->deleteForum($_GET['id']);
  360. 					$this->getView('MainView')->forum_message('Forum deleted. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  361. 					$lockv = true;		
  362. 				}
  363. 				else
  364. 					$this->forward('index.php?mode=admin&submode=forums');
  365. 			}
  366. 			
  367. 			if (!isset($lockv))
  368. 				$this->getView('MainView')->confirm_action('Do you REALLY want delete forum <span style="font-weight: bold">'.$forum_info['name'].'</span> with ALL CONTENT? <span style="text-decoration: underline">This operation cannot undone!</span>');
  369. 		}
  370. 		
  371. 	}
  372. 	
  373. 	public function delcat()
  374. 	{
  375. 		if ($this->loadDependencies())
  376. 		{
  377. 			$this->loadModel('ForumsModel');
  378. 			$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  379. 			$cat_info = $this->getModel('ForumsModel')->getCat($_GET['id']);
  380. 			
  381. 			if ($cat_info == null)
  382. 			{
  383. 				$this->getView('MainView')->forum_message('Category does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
  384. 				$lockv = true;
  385. 			}
  386. 

  387. 			if (isset($_POST['confirmed']) && !isset($lockv))
  388. 			{
  389. 				if (!isset($_POST['rejected']))
  390. 				{
  391. 					$this->getModel('ForumsModel')->deleteCat($_GET['id']);
  392. 					$this->getView('MainView')->forum_message('Category deleted. Redirecting...', 'index.php?mode=admin&amp;submode=forums');
  393. 					$lockv = true;		
  394. 				}
  395. 				else
  396. 					$this->forward('index.php?mode=admin&submode=forums');
  397. 			}
  398. 			
  399. 			if (!isset($lockv))
  400. 				$this->getView('MainView')->confirm_action('Do you REALLY want delete category <span style="font-weight: bold">'.$cat_info['name'].'</span> with ALL FORUMS AND CONTENT? <span style="text-decoration: underline">This operation cannot undone!</span>');
  401. 		}
  402. 		
  403. 	}
  404. 	
  405. 	private function modify_cat($m)
  406. 	{
  407. 		$msg = '';
  408. 		
  409. 		$this->loadModel('ForumsModel');
  410. 		
  411. 		if ($m == 'edit')
  412. 		{
  413. 			$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  414. 			$cat_info = $this->getModel('ForumsModel')->getCat($_GET['id']);
  415. 			
  416. 			if ($cat_info == null)
  417. 			{
  418. 				$this->getView('MainView')->forum_message('Category does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
  419. 				$lockv = true;
  420. 			}
  421. 		}
  422. 		
  423. 		
  424. 		if (isset($_POST['name']) && !isset($lockv))
  425. 		{
  426. 			$_POST['name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['name'])));
  427. 			if (strlen($_POST['name']) < 3)
  428. 				$msg .= 'Category name is too short (min 3 characters)!<br>';
  429. 			
  430. 			if ($msg == '')
  431. 			{
  432. 				if ($m == 'add')
  433. 				{
  434. 					$this->getModel('ForumsModel')->addCat($_POST['name']);
  435. 					$this->getView('MainView')->forum_message('Category added. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
  436. 					$lockv = true;
  437. 				}	
  438. 				else
  439. 				{
  440. 					$this->getModel('ForumsModel')->changeCat($_GET['id'], $_POST['name']);
  441. 					$this->getView('MainView')->forum_message('Category updated. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
  442. 					$lockv = true;
  443. 				}
  444. 			}
  445. 		}
  446. 		
  447. 		if (!isset($lockv))
  448. 		{
  449. 			if ($m == 'add')
  450. 				$_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : '';
  451. 			else
  452. 				$_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : $cat_info['name'];
  453. 				
  454. 			$this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
  455. 			$this->getView('MainView')->admin_cat_form($msg, $m);
  456. 		}
  457. 	}
  458. 	
  459. 	private function modify_forum($m)
  460. 	{
  461. 		$msg = '';
  462. 		
  463. 		$this->loadModel('ForumsModel');
  464. 		
  465. 		if ($m == 'edit')
  466. 		{
  467. 			$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  468. 			$forum_info = $this->getModel('ForumsModel')->getForum($_GET['id']);
  469. 			
  470. 			if ($forum_info == null)
  471. 			{
  472. 				$this->getView('MainView')->forum_message('Forum does not exist!', 'index.php?mode=admin&amp;submode=forums'); 
  473. 				$lockv = true;
  474. 			}
  475. 		}
  476. 		
  477. 		
  478. 		if (isset($_POST['name']) && !isset($lockv))
  479. 		{
  480. 			$_POST['name'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['name'])));
  481. 			$_POST['desc'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['desc'])));
  482. 			$_POST['category_id'] = trim(strip_tags($this->db->real_escape_string($_POST['category_id'])));
  483. 			$_POST['locked'] = trim(strip_tags($this->db->real_escape_string($_POST['locked'])));
  484. 			$_POST['locked'] = ($_POST['locked'] == true) ? true : false;
  485. 			
  486. 			if (strlen($_POST['name']) < 3)
  487. 				$msg .= 'Forum name is too short (min 3 characters)!<br>';
  488. 			
  489. 			$c = $this->getModel('ForumsModel')->getCat($_POST['category_id']);
  490. 			
  491. 			if ($c == null)
  492. 				$msg .= 'Category does not exist!<br>';
  493. 			
  494. 			if ($msg == '')
  495. 			{
  496. 				if ($m == 'add')
  497. 				{
  498. 					$this->getModel('ForumsModel')->addForum($_POST['name'], $_POST['desc'], $_POST['category_id'], $_POST['locked']);
  499. 					$this->getView('MainView')->forum_message('Forum added. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
  500. 					$lockv = true;
  501. 				}	
  502. 				else
  503. 				{
  504. 					$this->getModel('ForumsModel')->changeForum($_GET['id'], $_POST['name'], $_POST['desc'], $_POST['category_id'], $_POST['locked']);
  505. 					$this->getView('MainView')->forum_message('Forum updated. Redirecting...', 'index.php?mode=admin&amp;submode=forums'); 
  506. 					$lockv = true;
  507. 				}
  508. 			}
  509. 		}
  510. 		
  511. 		if (!isset($lockv))
  512. 		{
  513. 			if ($m == 'add')
  514. 			{
  515. 				$_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : '';
  516. 				$_POST['desc'] = (isset($_POST['desc'])) ? stripslashes($_POST['desc']) : '';
  517. 				$_POST['category_id'] = (isset($_POST['category_id'])) ? $_POST['category_id'] : '';
  518. 				$_POST['locked'] = (isset($_POST['locked'])) ? $_POST['locked'] : '';
  519. 			}
  520. 			else
  521. 			{
  522. 				$_POST['name'] = (isset($_POST['name'])) ? stripslashes($_POST['name']) : $forum_info['name'];
  523. 				$_POST['desc'] = (isset($_POST['desc'])) ? stripslashes($_POST['desc']) : $forum_info['desc'];
  524. 				$_POST['category_id'] = (isset($_POST['category_id'])) ? $_POST['category_id'] : $forum_info['category_id'];
  525. 				$_POST['locked'] = (isset($_POST['locked'])) ? $_POST['locked'] : $forum_info['locked'];
  526. 			}
  527. 				
  528. 			$this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
  529. 			$this->getView('MainView')->admin_forum_form($msg, $m);
  530. 		}
  531. 	}
  532. 	
  533. 	public function banlist()
  534. 	{
  535. 		if ($this->loadDependencies())
  536. 			$this->getView('MainView')->admin_banlist();
  537. 	}
  538. 	
  539. 	public function delban()
  540. 	{
  541. 		if ($this->loadDependencies())
  542. 		{
  543. 			$this->loadModel('BansModel');
  544. 			$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  545. 			$ban_info = $this->getModel('BansModel')->getBan($_GET['id']);
  546. 			
  547. 			if ($ban_info == null)
  548. 			{
  549. 				$this->getView('MainView')->forum_message('Ban does not exist!', 'index.php?mode=admin&amp;submode=banlist'); 
  550. 				$lockv = true;
  551. 			}
  552. 

  553. 			if (isset($_POST['confirmed']) && !isset($lockv))
  554. 			{
  555. 				if (!isset($_POST['rejected']))
  556. 				{
  557. 					$this->getModel('BansModel')->deleteBan($_GET['id']);
  558. 					$this->getView('MainView')->forum_message('Ban deleted. Redirecting...', 'index.php?mode=admin&amp;submode=banlist');
  559. 					$lockv = true;		
  560. 				}
  561. 				else
  562. 					$this->forward('index.php?mode=admin&submode=banlist');
  563. 			}
  564. 			
  565. 			if (!isset($lockv))
  566. 				$this->getView('MainView')->confirm_action('Do you want delete ban for user <span style="font-weight: bold">'.$ban_info['nick'].'</span>?');
  567. 		}
  568. 		
  569. 	}
  570. 	
  571. 	public function addban()
  572. 	{
  573. 		if ($this->loadDependencies())
  574. 		{
  575. 			$msg = '';
  576. 		
  577. 			$this->loadModel('BansModel');
  578. 			$this->loadModel('UsersModel');
  579. 		
  580. 			if (isset($_POST['user_id'], $_POST['reason']))
  581. 			{
  582. 				$_POST['user_id'] = trim(strip_tags($this->db->real_escape_string($_POST['user_id'])));
  583. 				$_POST['reason'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['reason'])));
  584. 

  585. 				if ($_POST['user_id'] == $this->getModel('SessionModel')->getID())
  586. 					$msg .= 'You cannot ban your profile!<br>';
  587. 				
  588. 				if ($this->getModel('BansModel')->getUserBan($_POST['user_id']) != null)
  589. 					$msg .= 'This user has already been banned!<br>';
  590. 					
  591. 				if ($this->getModel('UsersModel')->getUserInformation($_POST['user_id']) == null)
  592. 					$msg .= 'User does not exist!<br>';
  593. 			
  594. 				if ($msg == '')
  595. 				{
  596. 					$this->getModel('BansModel')->addBan($_POST['user_id'], $_POST['reason']);
  597. 					$this->getView('MainView')->forum_message('Ban added. Redirecting...', 'index.php?mode=admin&amp;submode=banlist'); 
  598. 					$lockv = true;
  599. 				}
  600. 			}
  601. 		
  602. 			if (!isset($lockv))
  603. 			{
  604. 				$_POST['user_id'] = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
  605. 				$_POST['reason'] = (isset($_POST['reason'])) ? stripslashes($_POST['reason']) : '';
  606. 					
  607. 				$this->getView('MainView')->admin_ban_form($msg);
  608. 			}
  609. 		}
  610. 	}
  611. }
  612. ?>