'u.group_id, u.username, u.email, u.registration_ip', 'FROM' => 'users AS u', 'WHERE' => 'u.id='.$user_id ); ($hook = get_hook('aba_add_ban_qr_get_user_by_id')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_admin_bans['No user id message']); list($group_id, $ban_user, $ban_email, $ban_ip) = $forum_db->fetch_row($result); } else // Otherwise the username is in POST { $ban_user = forum_trim($_POST['new_ban_user']); ($hook = get_hook('aba_add_ban_form_submitted')) ? eval($hook) : null; if ($ban_user != '') { $query = array( 'SELECT' => 'u.id, u.group_id, u.username, u.email, u.registration_ip', 'FROM' => 'users AS u', 'WHERE' => 'u.username=\''.$forum_db->escape($ban_user).'\' AND u.id>1' ); ($hook = get_hook('aba_add_ban_qr_get_user_by_username')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) message($lang_admin_bans['No user username message']); list($user_id, $group_id, $ban_user, $ban_email, $ban_ip) = $forum_db->fetch_row($result); } } // Make sure we're not banning an admin if (isset($group_id) && $group_id == FORUM_ADMIN) message($lang_admin_bans['User is admin message']); // If we have a $user_id, we can try to find the last known IP of that user if (isset($user_id)) { $query = array( 'SELECT' => 'p.poster_ip', 'FROM' => 'posts AS p', 'WHERE' => 'p.poster_id='.$user_id, 'ORDER BY' => 'p.posted DESC', 'LIMIT' => '1' ); ($hook = get_hook('aba_add_ban_qr_get_last_known_ip')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); $ban_ip = ($forum_db->num_rows($result)) ? $forum_db->result($result) : $ban_ip; } $mode = 'add'; } else // We are editing a ban { $ban_id = intval($_GET['edit_ban']); if ($ban_id < 1) message($lang_common['Bad request']); ($hook = get_hook('aba_edit_ban_selected')) ? eval($hook) : null; $query = array( 'SELECT' => 'b.username, b.ip, b.email, b.message, b.expire', 'FROM' => 'bans AS b', 'WHERE' => 'b.id='.$ban_id ); ($hook = get_hook('aba_edit_ban_qr_get_ban_data')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if ($forum_db->num_rows($result)) list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $forum_db->fetch_row($result); else message($lang_common['Bad request']); // We just use GMT for expire dates, as its a date rather than a day I don't think its worth worrying about $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire) : ''; $mode = 'edit'; } // Setup the form $forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0; // Setup breadcrumbs $forum_page['crumbs'] = array( array($forum_config['o_board_title'], forum_link($forum_url['index'])), array($lang_admin_common['Forum administration'], forum_link($forum_url['admin_index'])) ); if ($forum_user['g_id'] == FORUM_ADMIN) $forum_page['crumbs'][] = array($lang_admin_common['Users'], forum_link($forum_url['admin_users'])); $forum_page['crumbs'][] = array($lang_admin_common['Bans'], forum_link($forum_url['admin_bans'])); $forum_page['crumbs'][] = $lang_admin_bans['Ban advanced']; ($hook = get_hook('aba_add_edit_ban_pre_header_load')) ? eval($hook) : null; define('FORUM_PAGE_SECTION', 'users'); define('FORUM_PAGE', 'admin-bans'); require FORUM_ROOT.'header.php'; // START SUBST - ob_start(); ($hook = get_hook('aba_add_edit_ban_output_start')) ? eval($hook) : null; ?>






', $tpl_temp, $tpl_main); ob_end_clean(); // END SUBST - require FORUM_ROOT.'footer.php'; } // Add/edit a ban (stage 2) else if (isset($_POST['add_edit_ban'])) { $ban_user = forum_trim($_POST['ban_user']); $ban_ip = forum_trim($_POST['ban_ip']); $ban_email = strtolower(forum_trim($_POST['ban_email'])); $ban_message = forum_trim($_POST['ban_message']); $ban_expire = forum_trim($_POST['ban_expire']); if ($ban_user == '' && $ban_ip == '' && $ban_email == '') message($lang_admin_bans['Must enter message']); else if (strtolower($ban_user) == 'guest') message($lang_admin_bans['Can\'t ban guest user']); ($hook = get_hook('aba_add_edit_ban_form_submitted')) ? eval($hook) : null; // Validate IP/IP range (it's overkill, I know) if ($ban_ip != '') { $ban_ip = preg_replace('/[\s]{2,}/', ' ', $ban_ip); $addresses = explode(' ', $ban_ip); $addresses = array_map('trim', $addresses); for ($i = 0; $i < count($addresses); ++$i) { if (strpos($addresses[$i], ':') !== false) { $octets = explode(':', $addresses[$i]); for ($c = 0; $c < count($octets); ++$c) { $octets[$c] = ltrim($octets[$c], "0"); if ($c > 7 || (!empty($octets[$c]) && !ctype_xdigit($octets[$c])) || intval($octets[$c], 16) > 65535) message($lang_admin_bans['Invalid IP message']); } $cur_address = implode(':', $octets); $addresses[$i] = $cur_address; } else { $octets = explode('.', $addresses[$i]); for ($c = 0; $c < count($octets); ++$c) { $octets[$c] = (strlen($octets[$c]) > 1) ? ltrim($octets[$c], "0") : $octets[$c]; if ($c > 3 || !ctype_digit($octets[$c]) || intval($octets[$c]) > 255) message($lang_admin_bans['Invalid IP message']); } $cur_address = implode('.', $octets); $addresses[$i] = $cur_address; } } $ban_ip = implode(' ', $addresses); } if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) require FORUM_ROOT.'include/email.php'; if ($ban_email != '' && !is_valid_email($ban_email)) { if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email)) message($lang_admin_bans['Invalid e-mail message']); } if ($ban_expire != '' && $ban_expire != 'Never') { $ban_expire = strtotime($ban_expire); if ($ban_expire == -1 || $ban_expire <= time()) message($lang_admin_bans['Invalid expire message']); } else $ban_expire = 'NULL'; $ban_user = ($ban_user != '') ? '\''.$forum_db->escape($ban_user).'\'' : 'NULL'; $ban_ip = ($ban_ip != '') ? '\''.$forum_db->escape($ban_ip).'\'' : 'NULL'; $ban_email = ($ban_email != '') ? '\''.$forum_db->escape($ban_email).'\'' : 'NULL'; $ban_message = ($ban_message != '') ? '\''.$forum_db->escape($ban_message).'\'' : 'NULL'; if ($_POST['mode'] == 'add') { $query = array( 'INSERT' => 'username, ip, email, message, expire, ban_creator', 'INTO' => 'bans', 'VALUES' => $ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$forum_user['id'] ); ($hook = get_hook('aba_add_edit_ban_qr_add_ban')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } else { $query = array( 'UPDATE' => 'bans', 'SET' => 'username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire, 'WHERE' => 'id='.intval($_POST['ban_id']) ); ($hook = get_hook('aba_qr_update_ban')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } // Regenerate the bans cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) require FORUM_ROOT.'include/cache.php'; generate_bans_cache(); ($hook = get_hook('aba_add_edit_ban_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['admin_bans']), (($_POST['mode'] == 'edit') ? $lang_admin_bans['Ban edited'] : $lang_admin_bans['Ban added']).' '.$lang_admin_common['Redirect']); } // Remove a ban else if (isset($_GET['del_ban'])) { $ban_id = intval($_GET['del_ban']); if ($ban_id < 1) message($lang_common['Bad request']); // Validate the CSRF token if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('del_ban'.$ban_id))) csrf_confirm_form(); ($hook = get_hook('aba_del_ban_form_submitted')) ? eval($hook) : null; $query = array( 'DELETE' => 'bans', 'WHERE' => 'id='.$ban_id ); ($hook = get_hook('aba_del_ban_qr_delete_ban')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Regenerate the bans cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) require FORUM_ROOT.'include/cache.php'; generate_bans_cache(); ($hook = get_hook('aba_del_ban_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['admin_bans']), $lang_admin_bans['Ban removed'].' '. $lang_admin_common['Redirect']); } // Setup the form $forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0; $forum_page['form_action'] = forum_link($forum_url['admin_bans']).'?action=more'; $forum_page['hidden_fields'] = array( 'csrf_token' => '' ); // Setup breadcrumbs $forum_page['crumbs'] = array( array($forum_config['o_board_title'], forum_link($forum_url['index'])), array($lang_admin_common['Forum administration'], forum_link($forum_url['admin_index'])) ); if ($forum_user['g_id'] == FORUM_ADMIN) $forum_page['crumbs'][] = array($lang_admin_common['Users'], forum_link($forum_url['admin_users'])); $forum_page['crumbs'][] = array($lang_admin_common['Bans'], forum_link($forum_url['admin_bans'])); ($hook = get_hook('aba_pre_header_load')) ? eval($hook) : null; define('FORUM_PAGE_SECTION', 'users'); define('FORUM_PAGE', 'admin-bans'); require FORUM_ROOT.'header.php'; // START SUBST - ob_start(); ($hook = get_hook('aba_main_output_start')) ? eval($hook) : null; ?>


$cur_ban) { $forum_page['ban_info'] = array(); $forum_page['ban_creator'] = ($cur_ban['ban_creator_username'] != '') ? ''.forum_htmlencode($cur_ban['ban_creator_username']).'' : $lang_admin_common['Unknown']; if ($cur_ban['username'] != '') $forum_page['ban_info']['username'] = '
  • '.$lang_admin_bans['Username'].' '.forum_htmlencode($cur_ban['username']).'
  • '; if ($cur_ban['email'] != '') $forum_page['ban_info']['email'] = '
  • '.$lang_admin_bans['E-mail'].' '.forum_htmlencode($cur_ban['email']).'
  • '; if ($cur_ban['ip'] != '') $forum_page['ban_info']['ip'] = '
  • '.$lang_admin_bans['IP-ranges'].' '.$cur_ban['ip'].'
  • '; if ($cur_ban['expire'] != '') $forum_page['ban_info']['expire'] = '
  • '.$lang_admin_bans['Expires'].' '.format_time($cur_ban['expire'], 1).'
  • '; if ($cur_ban['message'] != '') $forum_page['ban_info']['message'] ='
  • '.$lang_admin_bans['Message'].' '.forum_htmlencode($cur_ban['message']).'
  • '; ($hook = get_hook('aba_view_ban_pre_display')) ? eval($hook) : null; ?>

    '.$lang_admin_bans['Edit ban'].'', ''.$lang_admin_bans['Remove ban'].'') ?>

    ', $tpl_temp, $tpl_main); ob_end_clean(); // END SUBST - require FORUM_ROOT.'footer.php';