diff -r 000000000000 -r f9ffdbd96607 punbb/admin_bans.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/punbb/admin_bans.php Wed Jul 11 21:01:48 2007 -0400 @@ -0,0 +1,362 @@ + PUN_MOD || ($pun_user['g_id'] == PUN_MOD && $pun_config['p_mod_ban_users'] == '0')) + message($lang_common['No permission']); + + +// Add/edit a ban (stage 1) +if (isset($_REQUEST['add_ban']) || isset($_GET['edit_ban'])) +{ + if (isset($_GET['add_ban']) || isset($_POST['add_ban'])) + { + // If the id of the user to ban was provided through GET (a link from profile.php) + if (isset($_GET['add_ban'])) + { + $add_ban = intval($_GET['add_ban']); + if ($add_ban < 2) + message($lang_common['Bad request']); + + $user_id = $add_ban; + + $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + list($group_id, $ban_user, $ban_email) = $db->fetch_row($result); + else + message('No user by that ID registered.'); + } + else // Otherwise the username is in POST + { + $ban_user = trim($_POST['new_ban_user']); + + if ($ban_user != '') + { + $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result); + else + message('No user by that username registered. If you want to add a ban not tied to a specific username just leave the username blank.'); + } + } + + // Make sure we're not banning an admin + if (isset($group_id) && $group_id == PUN_ADMIN) + message('The user '.pun_htmlspecialchars($ban_user).' is an administrator and can\'t be banned. If you want to ban an administrator, you must first demote him/her to moderator or user.'); + + // If we have a $user_id, we can try to find the last known IP of that user + if (isset($user_id)) + { + $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$user_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); + $ban_ip = ($db->num_rows($result)) ? $db->result($result) : ''; + } + + $mode = 'add'; + } + else // We are editing a ban + { + $ban_id = intval($_GET['edit_ban']); + if ($ban_id < 1) + message($lang_common['Bad request']); + + $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result); + else + message($lang_common['Bad request']); + + $ban_expire = ($ban_expire != '') ? date('Y-m-d', $ban_expire) : ''; + + $mode = 'edit'; + } + + $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Bans'; + $focus_element = array('bans2', 'ban_user'); + require PUN_ROOT.'header.php'; + + generate_admin_menu('bans'); + + +?> +