24 |
24 |
25 |
25 |
26 // Tell header.php to use the admin template |
26 // Tell header.php to use the admin template |
27 define('PUN_ADMIN_CONSOLE', 1); |
27 define('PUN_ADMIN_CONSOLE', 1); |
28 |
28 |
29 define('PUN_ROOT', './'); |
29 //define('PUN_ROOT', './'); |
30 require PUN_ROOT.'include/common.php'; |
30 //require PUN_ROOT.'include/common.php'; |
|
31 |
|
32 global $pun_db, $pun_user, $pun_config, $lang_common; |
|
33 |
31 require PUN_ROOT.'include/common_admin.php'; |
34 require PUN_ROOT.'include/common_admin.php'; |
32 |
35 |
33 |
36 |
34 if ($pun_user['g_id'] > PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0')) |
37 if ($pun_user['g_id'] < PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0')) |
35 message($lang_common['No permission']); |
38 message($lang_common['No permission']); |
36 |
39 |
37 |
40 |
38 // Add/edit a ban (stage 1) |
41 // Add/edit a ban (stage 1) |
39 if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban'])) |
42 if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban'])) |
47 if ($add_ban < 2) |
50 if ($add_ban < 2) |
48 message($lang_common['Bad request']); |
51 message($lang_common['Bad request']); |
49 |
52 |
50 $user_id = $add_ban; |
53 $user_id = $add_ban; |
51 |
54 |
52 $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
55 $result = $pun_db->query('SELECT group_id, username, email FROM '.$pun_db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
53 if ($db->num_rows($result)) |
56 if ($pun_db->num_rows($result)) |
54 list($group_id, $ban_user, $ban_email) = $db->fetch_row($result); |
57 list($group_id, $ban_user, $ban_email) = $pun_db->fetch_row($result); |
55 else |
58 else |
56 message('No user by that ID registered.'); |
59 message('No user by that ID registered.'); |
57 } |
60 } |
58 else // Otherwise the username is in POST |
61 else // Otherwise the username is in POST |
59 { |
62 { |
60 $ban_user = trim($_POST['new_ban_user']); |
63 $ban_user = trim($_POST['new_ban_user']); |
61 |
64 |
62 if ($ban_user != '') |
65 if ($ban_user != '') |
63 { |
66 { |
64 $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
67 $result = $pun_db->query('SELECT id, group_id, username, email FROM '.$pun_db->prefix.'users WHERE username=\''.$pun_db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $pun_db->error()); |
65 if ($db->num_rows($result)) |
68 if ($pun_db->num_rows($result)) |
66 list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result); |
69 list($user_id, $group_id, $ban_user, $ban_email) = $pun_db->fetch_row($result); |
67 else |
70 else |
68 message('No user by that username registered. If you want to add a ban not tied to a specific username just leave the username blank.'); |
71 message('No user by that username registered. If you want to add a ban not tied to a specific username just leave the username blank.'); |
69 } |
72 } |
70 } |
73 } |
71 |
74 |
74 message('The user '.pun_htmlspecialchars($ban_user).' is an administrator and can\'t be banned. If you want to ban an administrator, you must first demote him/her to moderator or user.'); |
77 message('The user '.pun_htmlspecialchars($ban_user).' is an administrator and can\'t be banned. If you want to ban an administrator, you must first demote him/her to moderator or user.'); |
75 |
78 |
76 // If we have a $user_id, we can try to find the last known IP of that user |
79 // If we have a $user_id, we can try to find the last known IP of that user |
77 if (isset($user_id)) |
80 if (isset($user_id)) |
78 { |
81 { |
79 $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
82 $result = $pun_db->query('SELECT poster_ip FROM '.$pun_db->prefix.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $pun_db->error()); |
80 $ban_ip = ($db->num_rows($result)) ? $db->result($result) : ''; |
83 $ban_ip = ($pun_db->num_rows($result)) ? $pun_db->result($result) : ''; |
81 } |
84 } |
82 |
85 |
83 $mode = 'add'; |
86 $mode = 'add'; |
84 } |
87 } |
85 else // We are editing a ban |
88 else // We are editing a ban |
86 { |
89 { |
87 $ban_id = intval($_GET['edit_ban']); |
90 $ban_id = intval($_GET['edit_ban']); |
88 if ($ban_id < 1) |
91 if ($ban_id < 1) |
89 message($lang_common['Bad request']); |
92 message($lang_common['Bad request']); |
90 |
93 |
91 $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error()); |
94 $result = $pun_db->query('SELECT username, ip, email, message, expire FROM '.$pun_db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $pun_db->error()); |
92 if ($db->num_rows($result)) |
95 if ($pun_db->num_rows($result)) |
93 list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result); |
96 list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $pun_db->fetch_row($result); |
94 else |
97 else |
95 message($lang_common['Bad request']); |
98 message($lang_common['Bad request']); |
96 |
99 |
97 $ban_expire = ($ban_expire != '') ? date('Y-m-d', $ban_expire) : ''; |
100 $ban_expire = ($ban_expire != '') ? date('Y-m-d', $ban_expire) : ''; |
98 |
101 |
236 message('You entered an invalid expire date. The format should be YYYY-MM-DD and the date must be at least one day in the future.'); |
239 message('You entered an invalid expire date. The format should be YYYY-MM-DD and the date must be at least one day in the future.'); |
237 } |
240 } |
238 else |
241 else |
239 $ban_expire = 'NULL'; |
242 $ban_expire = 'NULL'; |
240 |
243 |
241 $ban_user = ($ban_user != '') ? '\''.$db->escape($ban_user).'\'' : 'NULL'; |
244 $ban_user = ($ban_user != '') ? '\''.$pun_db->escape($ban_user).'\'' : 'NULL'; |
242 $ban_ip = ($ban_ip != '') ? '\''.$db->escape($ban_ip).'\'' : 'NULL'; |
245 $ban_ip = ($ban_ip != '') ? '\''.$pun_db->escape($ban_ip).'\'' : 'NULL'; |
243 $ban_email = ($ban_email != '') ? '\''.$db->escape($ban_email).'\'' : 'NULL'; |
246 $ban_email = ($ban_email != '') ? '\''.$pun_db->escape($ban_email).'\'' : 'NULL'; |
244 $ban_message = ($ban_message != '') ? '\''.$db->escape($ban_message).'\'' : 'NULL'; |
247 $ban_message = ($ban_message != '') ? '\''.$pun_db->escape($ban_message).'\'' : 'NULL'; |
245 |
248 |
246 if ($_POST['mode'] == 'add') |
249 if ($_POST['mode'] == 'add') |
247 $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error()); |
250 $pun_db->query('INSERT INTO '.$pun_db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $pun_db->error()); |
248 else |
251 else |
249 $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); |
252 $pun_db->query('UPDATE '.$pun_db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $pun_db->error()); |
250 |
253 |
251 // Regenerate the bans cache |
254 // Regenerate the bans cache |
252 require_once PUN_ROOT.'include/cache.php'; |
255 require_once PUN_ROOT.'include/cache.php'; |
253 generate_bans_cache(); |
256 generate_bans_cache(); |
254 |
257 |
255 redirect('admin_bans.php', 'Ban '.(($_POST['mode'] == 'edit') ? 'edited' : 'added').'. Redirecting …'); |
258 pun_redirect('admin_bans.php', 'Ban '.(($_POST['mode'] == 'edit') ? 'edited' : 'added').'. Redirecting …'); |
256 } |
259 } |
257 |
260 |
258 |
261 |
259 // Remove a ban |
262 // Remove a ban |
260 else if (isset($_GET['del_ban'])) |
263 else if (isset($_GET['del_ban'])) |
263 |
266 |
264 $ban_id = intval($_GET['del_ban']); |
267 $ban_id = intval($_GET['del_ban']); |
265 if ($ban_id < 1) |
268 if ($ban_id < 1) |
266 message($lang_common['Bad request']); |
269 message($lang_common['Bad request']); |
267 |
270 |
268 $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error()); |
271 $pun_db->query('DELETE FROM '.$pun_db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $pun_db->error()); |
269 |
272 |
270 // Regenerate the bans cache |
273 // Regenerate the bans cache |
271 require_once PUN_ROOT.'include/cache.php'; |
274 require_once PUN_ROOT.'include/cache.php'; |
272 generate_bans_cache(); |
275 generate_bans_cache(); |
273 |
276 |
274 redirect('admin_bans.php', 'Ban removed. Redirecting …'); |
277 pun_redirect('admin_bans.php', 'Ban removed. Redirecting …'); |
275 } |
278 } |
276 |
279 |
277 |
280 |
278 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans'; |
281 $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans'; |
279 $focus_element = array('bans', 'new_ban_user'); |
282 $focus_element = array('bans', 'new_ban_user'); |
308 <h2 class="block2"><span>Existing bans</span></h2> |
311 <h2 class="block2"><span>Existing bans</span></h2> |
309 <div class="box"> |
312 <div class="box"> |
310 <div class="fakeform"> |
313 <div class="fakeform"> |
311 <?php |
314 <?php |
312 |
315 |
313 $result = $db->query('SELECT id, username, ip, email, message, expire FROM '.$db->prefix.'bans ORDER BY id') or error('Unable to fetch ban list', __FILE__, __LINE__, $db->error()); |
316 $result = $pun_db->query('SELECT id, username, ip, email, message, expire FROM '.$pun_db->prefix.'bans ORDER BY id') or error('Unable to fetch ban list', __FILE__, __LINE__, $pun_db->error()); |
314 if ($db->num_rows($result)) |
317 if ($pun_db->num_rows($result)) |
315 { |
318 { |
316 while ($cur_ban = $db->fetch_assoc($result)) |
319 while ($cur_ban = $pun_db->fetch_assoc($result)) |
317 { |
320 { |
318 $expire = format_time($cur_ban['expire'], true); |
321 $expire = format_time($cur_ban['expire'], true); |
319 |
322 |
320 ?> |
323 ?> |
321 <div class="inform"> |
324 <div class="inform"> |