Mercurial Mercurial > repos > punbb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
punbb/admin/bans.php
changeset 6 5e1f1e916419
equal deleted inserted replaced
5:e3d7322305bf 6:5e1f1e916419 
       
     1 <?php
 
       
     2 /***********************************************************************
 
       
     3 
       
     4   Copyright (C) 2002-2008  PunBB.org
 
       
     5 
       
     6   This file is part of PunBB.
 
       
     7 
       
     8   PunBB is free software; you can redistribute it and/or modify it
 
       
     9   under the terms of the GNU General Public License as published
 
       
    10   by the Free Software Foundation; either version 2 of the License,
 
       
    11   or (at your option) any later version.
 
       
    12 
       
    13   PunBB is distributed in the hope that it will be useful, but
 
       
    14   WITHOUT ANY WARRANTY; without even the implied warranty of
 
       
    15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
       
    16   GNU General Public License for more details.
 
       
    17 
       
    18   You should have received a copy of the GNU General Public License
 
       
    19   along with this program; if not, write to the Free Software
 
       
    20   Foundation, Inc., 59 Temple Place, Suite 330, Boston,
 
       
    21   MA  02111-1307  USA
 
       
    22 
       
    23 ************************************************************************/
 
       
    24 
       
    25 
       
    26 // if (!defined('PUN_ROOT'))
 
       
    27 // 	define('PUN_ROOT', '../');
 
       
    28 // require PUN_ROOT.'include/common.php';
 
       
    29 require PUN_ROOT.'include/common_admin.php';
 
       
    30 
       
    31 // import globals (I really hope this isn't dangerous)
 
       
    32 foreach ( $GLOBALS as $key => $_ )
 
       
    33 {
 
       
    34   $$key =& $GLOBALS[$key];
 
       
    35 }
 
       
    36 
       
    37 ($hook = get_hook('aba_start')) ? eval($hook) : null;
 
       
    38 
       
    39 if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
 
       
    40 	message($lang_common['No permission']);
 
       
    41 
       
    42 // Load the admin.php language file
 
       
    43 require PUN_ROOT.'lang/'.$pun_user['language'].'/admin.php';
 
       
    44 $GLOBALS['lang_admin'] = $lang_admin;
 
       
    45 
       
    46 
       
    47 // Add/edit a ban (stage 1)
 
       
    48 if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban']))
 
       
    49 {
 
       
    50 	if (isset($_GET['add_ban']) || isset($_POST['add_ban']))
 
       
    51 	{
 
       
    52 		// If the id of the user to ban was provided through GET (a link from profile.php)
 
       
    53 		if (isset($_GET['add_ban']))
 
       
    54 		{
 
       
    55 			$add_ban = intval($_GET['add_ban']);
 
       
    56 			if ($add_ban < 2)
 
       
    57 				message($lang_common['Bad request']);
 
       
    58 
       
    59 			$user_id = $add_ban;
 
       
    60 
       
    61 			($hook = get_hook('aba_add_ban_selected')) ? eval($hook) : null;
 
       
    62 
       
    63 			$query = array(
 
       
    64 				'SELECT'	=> 'u.group_id, u.username, u.email, u.registration_ip',
 
       
    65 				'FROM'		=> 'users AS u',
 
       
    66 				'WHERE'		=> 'u.id='.$user_id
 
       
    67 			);
 
       
    68 
       
    69 			($hook = get_hook('aba_qr_get_user_by_id')) ? eval($hook) : null;
 
       
    70 			$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
    71 			if (!$pun_db->num_rows($result))
 
       
    72 				message($lang_admin['No user id message']);
 
       
    73 
       
    74 			list($group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result);
 
       
    75 		}
 
       
    76 		else	// Otherwise the username is in POST
 
       
    77 		{
 
       
    78 			$ban_user = trim($_POST['new_ban_user']);
 
       
    79 
       
    80 			($hook = get_hook('aba_add_ban_form_submitted')) ? eval($hook) : null;
 
       
    81 
       
    82 			if ($ban_user != '')
 
       
    83 			{
 
       
    84 				$query = array(
 
       
    85 					'SELECT'	=> 'u.id, u.group_id, u.username, u.email, u.registration_ip',
 
       
    86 					'FROM'		=> 'users AS u',
 
       
    87 					'WHERE'		=> 'u.username=\''.$pun_db->escape($ban_user).'\' AND u.id>1'
 
       
    88 				);
 
       
    89 
       
    90 				($hook = get_hook('aba_qr_get_user_by_username')) ? eval($hook) : null;
 
       
    91 				$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
    92 				if (!$pun_db->num_rows($result))
 
       
    93 					message($lang_admin['No user username message']);
 
       
    94 
       
    95 				list($user_id, $group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result);
 
       
    96 			}
 
       
    97 		}
 
       
    98 
       
    99 		// Make sure we're not banning an admin
 
       
   100 		if (isset($group_id) && $group_id == PUN_ADMIN)
 
       
   101 			message($lang_admin['User is admin message']);
 
       
   102 
       
   103 		// If we have a $user_id, we can try to find the last known IP of that user
 
       
   104 		if (isset($user_id))
 
       
   105 		{
 
       
   106 			$query = array(
 
       
   107 				'SELECT'	=> 'p.poster_ip',
 
       
   108 				'FROM'		=> 'posts AS p',
 
       
   109 				'WHERE'		=> 'p.poster_id='.$user_id,
 
       
   110 				'ORDER BY'	=> 'p.posted DESC',
 
       
   111 				'LIMIT'		=> '1'
 
       
   112 			);
 
       
   113 
       
   114 			($hook = get_hook('aba_qr_get_last_known_ip')) ? eval($hook) : null;
 
       
   115 			$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
   116 
       
   117 			$ban_ip = ($pun_db->num_rows($result)) ? $pun_db->result($result) : $ban_ip;
 
       
   118 		}
 
       
   119 
       
   120 		$mode = 'add';
 
       
   121 	}
 
       
   122 	else	// We are editing a ban
 
       
   123 	{
 
       
   124 		$ban_id = intval($_GET['edit_ban']);
 
       
   125 		if ($ban_id < 1)
 
       
   126 			message($lang_common['Bad request']);
 
       
   127 
       
   128 		($hook = get_hook('aba_edit_ban_selected')) ? eval($hook) : null;
 
       
   129 
       
   130 		$query = array(
 
       
   131 			'SELECT'	=> 'b.username, b.ip, b.email, b.message, b.expire',
 
       
   132 			'FROM'		=> 'bans AS b',
 
       
   133 			'WHERE'		=> 'b.id='.$ban_id
 
       
   134 		);
 
       
   135 
       
   136 		($hook = get_hook('aba_qr_get_ban_data')) ? eval($hook) : null;
 
       
   137 		$result = $pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
   138 		if ($pun_db->num_rows($result))
 
       
   139 			list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $pun_db->fetch_row($result);
 
       
   140 		else
 
       
   141 			message($lang_common['Bad request']);
 
       
   142 
       
   143 		// We just use GMT for expire dates, as its a date rather than a day I don't think its worth worrying about
 
       
   144 		$ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire) : '';
 
       
   145 
       
   146 		$mode = 'edit';
 
       
   147 	}
 
       
   148 
       
   149 
       
   150 	// Setup the form
 
       
   151 	$pun_page['fld_count'] = $pun_page['set_count'] = 0;
 
       
   152 
       
   153 	// Setup breadcrumbs
 
       
   154 	$pun_page['crumbs'] = array(
 
       
   155 		array($pun_config['o_board_title'], pun_link($pun_url['index'])),
 
       
   156 		array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])),
 
       
   157 		array($lang_admin['Bans'], pun_link($pun_url['admin_bans'])),
 
       
   158 		$lang_admin['Ban advanced']
 
       
   159 	);
 
       
   160 
       
   161 	($hook = get_hook('aba_add_edit_ban_pre_header_load')) ? eval($hook) : null;
 
       
   162 
       
   163 	define('PUN_PAGE_SECTION', 'users');
 
       
   164 	define('PUN_PAGE', 'admin-bans');
 
       
   165 	require PUN_ROOT.'header.php';
 
       
   166 
       
   167 ?>
 
       
   168 <div id="pun-main" class="main admin sectioned">
 
       
   169 
       
   170 <?php echo generate_admin_menu(); ?>
 
       
   171 
       
   172 	<div class="main-head">
 
       
   173 		<h1><span>{ <?php echo end($pun_page['crumbs']) ?> }</span></h1>
 
       
   174 	</div>
 
       
   175 
       
   176 	<div class="main-content frm">
 
       
   177 		<div class="frm-head">
 
       
   178 			<h2><span><?php echo $lang_admin['Ban advanced heading'] ?></span></h2>
 
       
   179 		</div>
 
       
   180 		<div class="frm-info">
 
       
   181 			<p class="warn"><?php echo $lang_admin['Ban IP warning'] ?></p>
 
       
   182 		</div>
 
       
   183 		<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_bans']) ?>">
 
       
   184 			<div class="hidden">
 
       
   185 				<input type="hidden" name="csrf_token" value="<?php echo generate_form_token(pun_link($pun_url['admin_bans'])) ?>" />
 
       
   186 				<input type="hidden" name="mode" value="<?php echo $mode ?>" />
 
       
   187 <?php if ($mode == 'edit'): ?>				<input type="hidden" name="ban_id" value="<?php echo $ban_id ?>" />
 
       
   188 <?php endif; ?>			</div>
 
       
   189 <?php ($hook = get_hook('aba_add_edit_ban_pre_criteria_fieldset')) ? eval($hook) : null; ?>
 
       
   190 			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
 
       
   191 				<legend class="frm-legend"><span><?php echo $lang_admin['Ban criteria legend'] ?></span></legend>
 
       
   192 <?php ($hook = get_hook('aba_add_edit_ban_pre_username')) ? eval($hook) : null; ?>
 
       
   193 				<div class="frm-fld text">
 
       
   194 					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
 
       
   195 						<span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />
 
       
   196 						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_user" size="25" maxlength="25" value="<?php if (isset($ban_user)) echo htmlspecialchars($ban_user); ?>" /></span>
 
       
   197 					</label>
 
       
   198 				</div>
 
       
   199 				<div class="frm-fld text">
 
       
   200 					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
 
       
   201 						<span class="fld-label"><?php echo $lang_admin['E-mail/domain to ban'] ?></span><br />
 
       
   202 						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo strtolower($ban_email); ?>" /></span>
 
       
   203 						<span class="fld-help"><?php echo $lang_admin['E-mail/domain info'] ?></span>
 
       
   204 					</label>
 
       
   205 				</div>
 
       
   206 				<div class="frm-fld text">
 
       
   207 					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
 
       
   208 						<span class="fld-label"><?php echo $lang_admin['IP-addresses to ban'] ?></span><br />
 
       
   209 						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_ip" size="45" maxlength="255" value="<?php if (isset($ban_ip)) echo $ban_ip; ?>" /></span>
 
       
   210 						<span class="fld-help"><?php echo $lang_admin['IP-addresses info']; if ($ban_user != '' && isset($user_id)) echo ' '.$lang_admin['IP-addresses info 2'].'<a href="'.pun_link($pun_url['admin_users']).'&ip_stats='.$user_id.'">'.$lang_admin['IP-addresses info link'].'</a>' ?></span>
 
       
   211 					</label>
 
       
   212 				</div>
 
       
   213 <?php ($hook = get_hook('aba_add_edit_ban_criteria_end')) ? eval($hook) : null; ?>
 
       
   214 			</fieldset>
 
       
   215 <?php ($hook = get_hook('aba_add_edit_ban_pre_settings_fieldset')) ? eval($hook) : null; ?>
 
       
   216 			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
 
       
   217 				<legend class="frm-legend"><span><?php echo $lang_admin['Ban settings legend'] ?></span></legend>
 
       
   218 <?php ($hook = get_hook('aba_add_edit_ban_pre_message')) ? eval($hook) : null; ?>
 
       
   219 				<div class="frm-fld text">
 
       
   220 					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
 
       
   221 						<span class="fld-label"><?php echo $lang_admin['Ban message'] ?></span><br />
 
       
   222 						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_message" size="50" maxlength="255" value="<?php if (isset($ban_message)) echo htmlspecialchars($ban_message); ?>" /></span>
 
       
   223 						<span class="fld-help"><?php echo $lang_admin['Ban message info'] ?></span>
 
       
   224 					</label>
 
       
   225 				</div>
 
       
   226 				<div class="frm-fld text">
 
       
   227 					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
 
       
   228 						<span class="fld-label"><?php echo $lang_admin['Expire date'] ?></span><br />
 
       
   229 						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="ban_expire" size="17" maxlength="10" value="<?php if (isset($ban_expire)) echo $ban_expire; ?>" /></span>
 
       
   230 						<span class="fld-help"><?php echo $lang_admin['Expire date info'] ?></span>
 
       
   231 					</label>
 
       
   232 				</div>
 
       
   233 <?php ($hook = get_hook('aba_add_edit_ban_settings_end')) ? eval($hook) : null; ?>
 
       
   234 			</fieldset>
 
       
   235 <?php ($hook = get_hook('aba_add_edit_ban_pre_buttons')) ? eval($hook) : null; ?>
 
       
   236 			<div class="frm-buttons">
 
       
   237 				<span class="submit"><input type="submit" class="button" name="add_edit_ban" value=" <?php echo $lang_admin['Save'] ?>" /></span>
 
       
   238 			</div>
 
       
   239 		</form>
 
       
   240 	</div>
 
       
   241 
       
   242 </div>
 
       
   243 <?php
 
       
   244 
       
   245 	require PUN_ROOT.'footer.php';
 
       
   246 }
 
       
   247 
       
   248 
       
   249 // Add/edit a ban (stage 2)
 
       
   250 else if (isset($_POST['add_edit_ban']))
 
       
   251 {
 
       
   252 	$ban_user = trim($_POST['ban_user']);
 
       
   253 	$ban_ip = trim($_POST['ban_ip']);
 
       
   254 	$ban_email = strtolower(trim($_POST['ban_email']));
 
       
   255 	$ban_message = trim($_POST['ban_message']);
 
       
   256 	$ban_expire = trim($_POST['ban_expire']);
 
       
   257 
       
   258 	if ($ban_user == '' && $ban_ip == '' && $ban_email == '')
 
       
   259 		message($lang_admin['Must enter message']);
 
       
   260 	else if (strtolower($ban_user) == 'guest')
 
       
   261 		message($lang_admin['Can\'t ban guest user']);
 
       
   262 
       
   263 	($hook = get_hook('aba_add_edit_ban_form_submitted2')) ? eval($hook) : null;
 
       
   264 
       
   265 	// Validate IP/IP range (it's overkill, I know)
 
       
   266 	if ($ban_ip != '')
 
       
   267 	{
 
       
   268 		$ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip);
 
       
   269 		$addresses = explode(' ', $ban_ip);
 
       
   270 		$addresses = array_map('trim', $addresses);
 
       
   271 
       
   272 		for ($i = 0; $i < count($addresses); ++$i)
 
       
   273 		{
 
       
   274 			$octets = explode('.', $addresses[$i]);
 
       
   275 
       
   276 			for ($c = 0; $c < count($octets); ++$c)
 
       
   277 			{
 
       
   278 				$octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c];
 
       
   279 
       
   280 				if ($c > 3 || !ctype_digit($octets[$c]) || intval($octets[$c]) > 255)
 
       
   281 					message($lang_admin['Invalid IP message']);
 
       
   282 			}
 
       
   283 
       
   284 			$cur_address = implode('.', $octets);
 
       
   285 			$addresses[$i] = $cur_address;
 
       
   286 		}
 
       
   287 
       
   288 		$ban_ip = implode(' ', $addresses);
 
       
   289 	}
 
       
   290 
       
   291 	require PUN_ROOT.'include/email.php';
 
       
   292 	if ($ban_email != '' && !is_valid_email($ban_email))
 
       
   293 	{
 
       
   294 		if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))
 
       
   295 			message($lang_admin['Invalid e-mail message']);
 
       
   296 	}
 
       
   297 
       
   298 	if ($ban_expire != '' && $ban_expire != 'Never')
 
       
   299 	{
 
       
   300 		$ban_expire = strtotime($ban_expire);
 
       
   301 
       
   302 		if ($ban_expire == -1 || $ban_expire <= time())
 
       
   303 			message($lang_admin['Invalid expire message']);
 
       
   304 	}
 
       
   305 	else
 
       
   306 		$ban_expire = 'NULL';
 
       
   307 
       
   308 	$ban_user = ($ban_user != '') ? '\''.$pun_db->escape($ban_user).'\'' : 'NULL';
 
       
   309 	$ban_ip = ($ban_ip != '') ? '\''.$pun_db->escape($ban_ip).'\'' : 'NULL';
 
       
   310 	$ban_email = ($ban_email != '') ? '\''.$pun_db->escape($ban_email).'\'' : 'NULL';
 
       
   311 	$ban_message = ($ban_message != '') ? '\''.$pun_db->escape($ban_message).'\'' : 'NULL';
 
       
   312 
       
   313 	if ($_POST['mode'] == 'add')
 
       
   314 	{
 
       
   315 		$query = array(
 
       
   316 			'INSERT'	=> 'username, ip, email, message, expire, ban_creator',
 
       
   317 			'INTO'		=> 'bans',
 
       
   318 			'VALUES'	=> $ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$pun_user['id']
 
       
   319 		);
 
       
   320 
       
   321 		($hook = get_hook('aba_qr_add_ban')) ? eval($hook) : null;
 
       
   322 		$pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
   323 	}
 
       
   324 	else
 
       
   325 	{
 
       
   326 		$query = array(
 
       
   327 			'UPDATE'	=> 'bans',
 
       
   328 			'SET'		=> 'username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire,
 
       
   329 			'WHERE'		=> 'id='.intval($_POST['ban_id'])
 
       
   330 		);
 
       
   331 
       
   332 		($hook = get_hook('aba_qr_update_ban')) ? eval($hook) : null;
 
       
   333 		$pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
   334 	}
 
       
   335 
       
   336 	// Regenerate the bans cache
 
       
   337 	require_once PUN_ROOT.'include/cache.php';
 
       
   338 	generate_bans_cache();
 
       
   339 
       
   340 	pun_redirect(pun_link($pun_url['admin_bans']), (($_POST['mode'] == 'edit') ? $lang_admin['Ban edited'] : $lang_admin['Ban added']).' '.$lang_admin['Redirect']);
 
       
   341 }
 
       
   342 
       
   343 
       
   344 // Remove a ban
 
       
   345 else if (isset($_GET['del_ban']))
 
       
   346 {
 
       
   347 	$ban_id = intval($_GET['del_ban']);
 
       
   348 	if ($ban_id < 1)
 
       
   349 		message($lang_common['Bad request']);
 
       
   350 
       
   351 	// Validate the CSRF token
 
       
   352 	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('del_ban'.$ban_id)))
 
       
   353 		csrf_confirm_form();
 
       
   354 
       
   355 	($hook = get_hook('aba_del_ban_form_submitted2')) ? eval($hook) : null;
 
       
   356 
       
   357 	$query = array(
 
       
   358 		'DELETE'	=> 'bans',
 
       
   359 		'WHERE'		=> 'id='.$ban_id
 
       
   360 	);
 
       
   361 
       
   362 	($hook = get_hook('aba_qr_delete_ban')) ? eval($hook) : null;
 
       
   363 	$pun_db->query_build($query) or error(__FILE__, __LINE__);
 
       
   364 
       
   365 	// Regenerate the bans cache
 
       
   366 	require_once PUN_ROOT.'include/cache.php';
 
       
   367 	generate_bans_cache();
 
       
   368 
       
   369 	pun_redirect(pun_link($pun_url['admin_bans']), $lang_admin['Ban removed'].' '. $lang_admin['Redirect']);
 
       
   370 }
 
       
   371 
       
   372 
       
   373 // Setup the form
 
       
   374 $pun_page['part_count'] = $pun_page['fld_count'] = $pun_page['set_count'] = 0;
 
       
   375 
       
   376 // Setup breadcrumbs
 
       
   377 $pun_page['crumbs'] = array(
 
       
   378 	array($pun_config['o_board_title'], pun_link($pun_url['index'])),
 
       
   379 	array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])),
 
       
   380 	$lang_admin['Bans']
 
       
   381 );
 
       
   382 
       
   383 ($hook = get_hook('aba_pre_header_loaded')) ? eval($hook) : null;
 
       
   384 
       
   385 define('PUN_PAGE_SECTION', 'users');
 
       
   386 define('PUN_PAGE', 'admin-bans');
 
       
   387 require PUN_ROOT.'header.php';
 
       
   388 
       
   389 ?>
 
       
   390 <div id="pun-main" class="main sectioned admin">
 
       
   391 
       
   392 <?php echo generate_admin_menu(); ?>
 
       
   393 
       
   394 	<div class="main-head">
 
       
   395 		<h1><span>{ <?php echo end($pun_page['crumbs']) ?> }</span></h1>
 
       
   396 	</div>
 
       
   397 
       
   398 	<div class="main-content frm">
 
       
   399 		<div class="frm-head">
 
       
   400 			<h2><span><?php echo $lang_admin['New ban heading'] ?></span></h2>
 
       
   401 		</div>
 
       
   402 		<div class="frm-info">
 
       
   403 			<p><?php echo $lang_admin['Advanced ban info'] ?></p>
 
       
   404 		</div>
 
       
   405 		<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo pun_link($pun_url['admin_bans']) ?>&amp;action=more">
 
       
   406 			<div class="hidden">
 
       
   407 				<input type="hidden" name="csrf_token" value="<?php echo generate_form_token(pun_link($pun_url['admin_bans']).'&action=more') ?>" />
 
       
   408 			</div>
 
       
   409 			<fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
 
       
   410 				<legend class="frm-legend"><strong><?php echo $lang_admin['New ban legend'] ?></strong></legend>
 
       
   411 				<div class="frm-fld text">
 
       
   412 					<label for="fld<?php echo ++$pun_page['fld_count'] ?>">
 
       
   413 						<span class="fld-label"><?php echo $lang_admin['Username to ban'] ?></span><br />
 
       
   414 						<span class="fld-input"><input type="text" id="fld<?php echo $pun_page['fld_count'] ?>" name="new_ban_user" size="25" maxlength="25" /></span>
 
       
   415 					</label>
 
       
   416 				</div>
 
       
   417 			</fieldset>
 
       
   418 			<div class="frm-buttons">
 
       
   419 				<span class="submit"><input type="submit" class="button" name="add_ban" value=" Add " /></span>
 
       
   420 			</div>
 
       
   421 		</form>
 
       
   422 	</div>
 
       
   423 <?php
 
       
   424 
       
   425 // Reset fieldset counter
 
       
   426 $pun_page['set_count'] = 0;
 
       
   427 
       
   428 ?>
 
       
   429 	<div class="main-content frm">
 
       
   430 		<div class="frm-head">
 
       
   431 			<h2><span><?php echo $lang_admin['Existing bans heading'] ?></span></h2>
 
       
   432 		</div>
 
       
   433 <?php
 
       
   434 
       
   435 if (!empty($pun_bans))
 
       
   436 {
 
       
   437 	$pun_page['item_num'] = 0;
 
       
   438 	foreach ($pun_bans as $ban_key => $cur_ban)
 
       
   439 	{
 
       
   440 		$pun_page['ban_info'] = array();
 
       
   441 		$pun_page['ban_creator'] = ($cur_ban['ban_creator_username'] != '') ? '<a href="'.pun_link($pun_url['user'], $cur_ban['ban_creator']).'">'.htmlspecialchars($cur_ban['ban_creator_username']).'</a>' : $lang_admin['Unknown'];
 
       
   442 
       
   443 		if ($cur_ban['username'] != '')
 
       
   444 			$pun_page['ban_info'][] = '<span>'.$lang_admin['Username'].': '.htmlspecialchars($cur_ban['username']).'</span>';
 
       
   445 
       
   446 		if ($cur_ban['email'] != '')
 
       
   447 			$pun_page['ban_info'][] = '<span>'.$lang_admin['E-mail'].': '.$cur_ban['email'].'</span>';
 
       
   448 
       
   449 		if ($cur_ban['ip'] != '')
 
       
   450 			$pun_page['ban_info'][] = '<span>'.$lang_admin['IP-ranges'].': '.$cur_ban['ip'].'</span>';
 
       
   451 
       
   452 		if ($cur_ban['expire'] != '')
 
       
   453 			$pun_page['ban_info'][] = '<span>'.$lang_admin['Expire date'].': '.format_time($cur_ban['expire'], true).'</span>';
 
       
   454 
       
   455 		($hook = get_hook('aba_view_ban_pre_display')) ? eval($hook) : null;
 
       
   456 
       
   457 ?>
 
       
   458 		<div class="ban-item databox db<?php echo ++$pun_page['item_num'] ?>">
 
       
   459 			<h3 class="legend"><span><?php printf($lang_admin['Current ban head'], $pun_page['ban_creator']) ?></span></h3>
 
       
   460 <?php if (!empty($pun_page['ban_info'])): ?>			<p class="data">
 
       
   461 				<?php echo implode('<br />', $pun_page['ban_info'])."\n" ?>
 
       
   462 			</p>
 
       
   463 <?php endif; if ($cur_ban['message'] != ''): ?>			<p><?php echo $lang_admin['Reason'].': '.htmlspecialchars($cur_ban['message']) ?></p>
 
       
   464 <?php endif; ?>		<p class="actions"><a href="<?php echo pun_link($pun_url['admin_bans']).'&edit_ban='.$cur_ban['id'] ?>"><?php echo $lang_admin['Edit'] ?></a> <a href="<?php echo pun_link($pun_url['admin_bans']).'&del_ban='.$cur_ban['id'].'&amp;csrf_token='.generate_form_token('del_ban'.$cur_ban['id']) ?>"><?php echo $lang_admin['Remove'] ?></a></p>
 
       
   465 </div>
 
       
   466 <?php
 
       
   467 
       
   468 	}
 
       
   469 }
 
       
   470 else
 
       
   471 {
 
       
   472 
       
   473 ?>
 
       
   474 		<div class="frm-info">
 
       
   475 			<p><?php echo $lang_admin['No bans'] ?></p>
 
       
   476 		</div>
 
       
   477 <?php
 
       
   478 
       
   479 }
 
       
   480 
       
   481 ?>
 
       
   482 	</div>
 
       
   483 
       
   484 </div>
 
       
   485 <?php
 
       
   486 
       
   487 require PUN_ROOT.'footer.php';
PunBB for Enano