[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/admin/modules/user/ -> banning.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  $page->add_breadcrumb_item($lang->banning, "index.php?module=user-banning");
  18  
  19  
  20  $sub_tabs['ips'] = array(
  21      'title' => $lang->banned_ips,
  22      'link' => "index.php?module=config-banning",
  23  );
  24  
  25  $sub_tabs['bans'] = array(
  26      'title' => $lang->banned_accounts,
  27      'link' => "index.php?module=user-banning",
  28      'description' => $lang->banned_accounts_desc
  29  );
  30  
  31  $sub_tabs['usernames'] = array(
  32      'title' => $lang->disallowed_usernames,
  33      'link' => "index.php?module=config-banning&amp;type=usernames",
  34  );
  35  
  36  $sub_tabs['emails'] = array(
  37      'title' => $lang->disallowed_email_addresses,
  38      'link' => "index.php?module=config-banning&amp;type=emails",
  39  );
  40  
  41  // Fetch banned groups
  42  $query = $db->simple_select("usergroups", "gid,title", "isbannedgroup=1", array('order_by' => 'title'));
  43  $banned_groups = array();
  44  while($group = $db->fetch_array($query))
  45  {
  46      $banned_groups[$group['gid']] = $group['title'];
  47  }
  48  
  49  // Fetch ban times
  50  $ban_times = fetch_ban_times();
  51  
  52  $plugins->run_hooks("admin_user_banning_begin");
  53  
  54  if($mybb->input['action'] == "prune")
  55  {
  56      // User clicked no
  57      if($mybb->input['no'])
  58      {
  59          admin_redirect("index.php?module=user-banning");
  60      }
  61  
  62      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
  63      $ban = $db->fetch_array($query);
  64  
  65      if(!$ban['uid'])
  66      {
  67          flash_message($lang->error_invalid_ban, 'error');
  68          admin_redirect("index.php?module=user-banning");
  69      }
  70  
  71      $user = get_user($ban['uid']);
  72  
  73      if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
  74      {
  75          flash_message($lang->cannot_perform_action_super_admin_general, 'error');
  76          admin_redirect("index.php?module=user-banning");
  77      }
  78  
  79      $plugins->run_hooks("admin_user_banning_prune");
  80  
  81      if($mybb->request_method == "post")
  82      {
  83          require_once  MYBB_ROOT."inc/class_moderation.php";
  84          $moderation = new Moderation();
  85  
  86          $query = $db->simple_select("threads", "tid", "uid='{$user['uid']}'");
  87          while($thread = $db->fetch_array($query))
  88          {
  89              $moderation->delete_thread($thread['tid']);
  90          }
  91  
  92          $query = $db->simple_select("posts", "pid", "uid='{$user['uid']}'");
  93          while($post = $db->fetch_array($query))
  94          {
  95              $moderation->delete_post($post['pid']);
  96          }
  97  
  98          $plugins->run_hooks("admin_user_banning_prune_commit");
  99  
 100          $cache->update_reportedcontent();
 101  
 102          // Log admin action
 103          log_admin_action($user['uid'], $user['username']);
 104  
 105          flash_message($lang->success_pruned, 'success');
 106          admin_redirect("index.php?module=user-banning");
 107      }
 108      else
 109      {
 110          $page->output_confirm_action("index.php?module=user-banning&amp;action=prune&amp;uid={$user['uid']}", $lang->confirm_prune);
 111      }
 112  }
 113  
 114  if($mybb->input['action'] == "lift")
 115  {
 116      // User clicked no
 117      if($mybb->input['no'])
 118      {
 119          admin_redirect("index.php?module=user-banning");
 120      }
 121  
 122      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
 123      $ban = $db->fetch_array($query);
 124  
 125      if(!$ban['uid'])
 126      {
 127          flash_message($lang->error_invalid_ban, 'error');
 128          admin_redirect("index.php?module=user-banning");
 129      }
 130  
 131      $user = get_user($ban['uid']);
 132  
 133      if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
 134      {
 135          flash_message($lang->cannot_perform_action_super_admin_general, 'error');
 136          admin_redirect("index.php?module=user-banning");
 137      }
 138  
 139      $plugins->run_hooks("admin_user_banning_lift");
 140  
 141      if($mybb->request_method == "post")
 142      {
 143          $updated_group = array(
 144              'usergroup' => $ban['oldgroup'],
 145              'additionalgroups' => $ban['oldadditionalgroups'],
 146              'displaygroup' => $ban['olddisplaygroup']
 147          );
 148          $db->delete_query("banned", "uid='{$ban['uid']}'");
 149  
 150          $plugins->run_hooks("admin_user_banning_lift_commit");
 151  
 152          $db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
 153  
 154          $cache->update_banned();
 155          $cache->update_moderators();
 156  
 157          // Log admin action
 158          log_admin_action($ban['uid'], $user['username']);
 159  
 160          flash_message($lang->success_ban_lifted, 'success');
 161          admin_redirect("index.php?module=user-banning");
 162      }
 163      else
 164      {
 165          $page->output_confirm_action("index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}", $lang->confirm_lift_ban);
 166      }
 167  }
 168  
 169  if($mybb->input['action'] == "edit")
 170  {
 171      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
 172      $ban = $db->fetch_array($query);
 173  
 174      $user = get_user($ban['uid']);
 175  
 176      if(!$ban['uid'])
 177      {
 178          flash_message($lang->error_invalid_ban, 'error');
 179          admin_redirect("index.php?module=user-banning");
 180      }
 181  
 182      $plugins->run_hooks("admin_user_banning_edit");
 183  
 184      if($mybb->request_method == "post")
 185      {
 186          if(!$ban['uid'])
 187          {
 188              $errors[] = $lang->error_invalid_username;
 189          }
 190          // Is the user we're trying to ban a super admin and we're not?
 191          else if(is_super_admin($ban['uid']) && !is_super_admin($ban['uid']))
 192          {
 193              $errors[] = $lang->error_no_perm_to_ban;
 194          }
 195  
 196          if($ban['uid'] == $mybb->user['uid'])
 197          {
 198              $errors[] = $lang->error_ban_self;
 199          }
 200  
 201          // No errors? Update
 202          if(!$errors)
 203          {
 204              // Ban the user
 205              if($mybb->input['bantime'] == '---')
 206              {
 207                  $lifted = 0;
 208              }
 209              else
 210              {
 211                  $lifted = ban_date2timestamp($mybb->input['bantime'], $ban['dateline']);
 212              }
 213  
 214              $reason = my_substr($mybb->input['reason'], 0, 255);
 215  
 216              if(count($banned_groups) == 1)
 217              {
 218                  $group = array_keys($banned_groups);
 219                  $mybb->input['usergroup'] = $group[0];
 220              }
 221  
 222              $update_array = array(
 223                  'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 224                  'dateline' => TIME_NOW,
 225                  'bantime' => $db->escape_string($mybb->input['bantime']),
 226                  'lifted' => $db->escape_string($lifted),
 227                  'reason' => $db->escape_string($reason)
 228              );
 229  
 230              $db->update_query('banned', $update_array, "uid='{$ban['uid']}'");
 231  
 232              // Move the user to the banned group
 233              $update_array = array(
 234                  'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 235                  'displaygroup' => 0,
 236                  'additionalgroups' => '',
 237              );
 238              $db->update_query('users', $update_array, "uid = {$ban['uid']}");
 239  
 240              $plugins->run_hooks("admin_user_banning_edit_commit");
 241  
 242              $cache->update_banned();
 243  
 244              // Log admin action
 245              log_admin_action($ban['uid'], $user['username']);
 246  
 247              flash_message($lang->success_ban_updated, 'success');
 248              admin_redirect("index.php?module=user-banning");
 249          }
 250      }
 251      $page->add_breadcrumb_item($lang->edit_ban);
 252      $page->output_header($lang->edit_ban);
 253  
 254      $sub_tabs = array();
 255      $sub_tabs['edit'] = array(
 256          'title' => $lang->edit_ban,
 257          'description' => $lang->edit_ban_desc
 258      );
 259      $page->output_nav_tabs($sub_tabs, "edit");
 260  
 261      $form = new Form("index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}", "post");
 262      if($errors)
 263      {
 264          $page->output_inline_error($errors);
 265      }
 266      else
 267      {
 268          $mybb->input = array_merge($mybb->input, $ban);
 269      }
 270  
 271      $form_container = new FormContainer($lang->edit_ban);
 272      $form_container->output_row($lang->ban_username, "", htmlspecialchars_uni($user['username']));
 273      $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
 274      if(count($banned_groups) > 1)
 275      {
 276          $form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 277      }
 278  
 279      if($mybb->input['bantime'] == 'perm' || $mybb->input['bantime'] == '' || $mybb->input['lifted'] == 'perm' ||$mybb->input['lifted'] == '')
 280      {
 281          $mybb->input['bantime'] = '---';
 282          $mybb->input['lifted'] = '---';
 283      }
 284  
 285      foreach($ban_times as $time => $period)
 286      {
 287          if($time != '---')
 288          {
 289              $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
 290              $period = "{$period} ({$friendly_time})";
 291          }
 292          $length_list[$time] = $period;
 293      }
 294      $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
 295  
 296      $form_container->end();
 297  
 298      $buttons[] = $form->generate_submit_button($lang->update_ban);
 299      $form->output_submit_wrapper($buttons);
 300      $form->end();
 301  
 302      $page->output_footer();
 303  }
 304  
 305  if(!$mybb->input['action'])
 306  {
 307      $where_sql_full = $where_sql = '';
 308  
 309      $plugins->run_hooks("admin_user_banning_start");
 310  
 311      if($mybb->request_method == "post")
 312      {
 313          $options = array(
 314              'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup')
 315          );
 316  
 317          $user = get_user_by_username($mybb->input['username'], $options);
 318  
 319          // Are we searching a user?
 320          if(isset($mybb->input['search']))
 321          {
 322              $where_sql = 'uid=\''.(int)$user['uid'].'\'';
 323              $where_sql_full = 'WHERE b.uid=\''.(int)$user['uid'].'\'';
 324          }
 325          else
 326          {
 327              if(!$user['uid'])
 328              {
 329                  $errors[] = $lang->error_invalid_username;
 330              }
 331              // Is the user we're trying to ban a super admin and we're not?
 332              else if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
 333              {
 334                  $errors[] = $lang->error_no_perm_to_ban;
 335              }
 336              else
 337              {
 338                  $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'");
 339                  if($db->fetch_field($query, "uid"))
 340                  {
 341                      $errors[] = $lang->error_already_banned;
 342                  }
 343  
 344                  // Get PRIMARY usergroup information
 345                  $usergroups = $cache->read("usergroups");
 346                  if(!empty($usergroups[$user['usergroup']]) && $usergroups[$user['usergroup']]['isbannedgroup'] == 1)
 347                  {
 348                      $errors[] = $lang->error_already_banned;
 349                  }
 350              }
 351  
 352              if($user['uid'] == $mybb->user['uid'])
 353              {
 354                  $errors[] = $lang->error_ban_self;
 355              }
 356  
 357              // No errors? Insert
 358              if(!$errors)
 359              {
 360                  // Ban the user
 361                  if($mybb->input['bantime'] == '---')
 362                  {
 363                      $lifted = 0;
 364                  }
 365                  else
 366                  {
 367                      $lifted = ban_date2timestamp($mybb->input['bantime']);
 368                  }
 369  
 370                  $reason = my_substr($mybb->input['reason'], 0, 255);
 371  
 372                  if(count($banned_groups) == 1)
 373                  {
 374                      $group = array_keys($banned_groups);
 375                      $mybb->input['usergroup'] = $group[0];
 376                  }
 377  
 378                  $insert_array = array(
 379                      'uid' => $user['uid'],
 380                      'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 381                      'oldgroup' => $user['usergroup'],
 382                      'oldadditionalgroups' => $user['additionalgroups'],
 383                      'olddisplaygroup' => $user['displaygroup'],
 384                      'admin' => (int)$mybb->user['uid'],
 385                      'dateline' => TIME_NOW,
 386                      'bantime' => $db->escape_string($mybb->input['bantime']),
 387                      'lifted' => $db->escape_string($lifted),
 388                      'reason' => $db->escape_string($reason)
 389                  );
 390                  $db->insert_query('banned', $insert_array);
 391  
 392                  // Move the user to the banned group
 393                  $update_array = array(
 394                      'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 395                      'displaygroup' => 0,
 396                      'additionalgroups' => '',
 397                  );
 398  
 399                  $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
 400                  $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
 401  
 402                  $plugins->run_hooks("admin_user_banning_start_commit");
 403  
 404                  $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
 405  
 406                  $cache->update_banned();
 407  
 408                  // Log admin action
 409                  log_admin_action($user['uid'], $user['username'], $lifted);
 410  
 411                  flash_message($lang->success_banned, 'success');
 412                  admin_redirect("index.php?module=user-banning");
 413              }
 414          }
 415      }
 416  
 417      $page->output_header($lang->banned_accounts);
 418  
 419      $page->output_nav_tabs($sub_tabs, "bans");
 420  
 421      $query = $db->simple_select("banned", "COUNT(*) AS ban_count", $where_sql);
 422      $ban_count = $db->fetch_field($query, "ban_count");
 423  
 424      $per_page = 20;
 425  
 426      if($mybb->input['page'] > 0)
 427      {
 428          $current_page = $mybb->get_input('page', MyBB::INPUT_INT);
 429          $start = ($current_page-1)*$per_page;
 430          $pages = $ban_count / $per_page;
 431          $pages = ceil($pages);
 432          if($current_page > $pages)
 433          {
 434              $start = 0;
 435              $current_page = 1;
 436          }
 437      }
 438      else
 439      {
 440          $start = 0;
 441          $current_page = 1;
 442      }
 443  
 444      $pagination = draw_admin_pagination($current_page, $per_page, $ban_count, "index.php?module=user-banning&amp;page={page}");
 445  
 446      $form = new Form("index.php?module=user-banning", "post");
 447      if($errors)
 448      {
 449          $page->output_inline_error($errors);
 450      }
 451  
 452      if($mybb->input['uid'] && !$mybb->input['username'])
 453      {
 454          $user = get_user($mybb->input['uid']);
 455          $mybb->input['username'] = $user['username'];
 456      }
 457  
 458      $form_container = new FormContainer($lang->ban_a_user);
 459      $form_container->output_row($lang->ban_username, $lang->autocomplete_enabled, $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
 460      $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
 461      if(count($banned_groups) > 1)
 462      {
 463          $form_container->output_row($lang->ban_group, $lang->add_ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 464      }
 465      foreach($ban_times as $time => $period)
 466      {
 467          if($time != "---")
 468          {
 469              $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
 470              $period = "{$period} ({$friendly_time})";
 471          }
 472          $length_list[$time] = $period;
 473      }
 474      $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
 475  
 476      $form_container->end();
 477  
 478      // Autocompletion for usernames
 479      echo '
 480      <link rel="stylesheet" href="../jscripts/select2/select2.css">
 481      <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script>
 482      <script type="text/javascript">
 483      <!--
 484      $("#username").select2({
 485          placeholder: "'.$lang->search_for_a_user.'",
 486          minimumInputLength: 2,
 487          multiple: false,
 488          ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
 489              url: "../xmlhttp.php?action=get_users",
 490              dataType: \'json\',
 491              data: function (term, page) {
 492                  return {
 493                      query: term, // search term
 494                  };
 495              },
 496              results: function (data, page) { // parse the results into the format expected by Select2.
 497                  // since we are using custom formatting functions we do not need to alter remote JSON data
 498                  return {results: data};
 499              }
 500          },
 501          initSelection: function(element, callback) {
 502              var query = $(element).val();
 503              if (query !== "") {
 504                  $.ajax("../xmlhttp.php?action=get_users&getone=1", {
 505                      data: {
 506                          query: query
 507                      },
 508                      dataType: "json"
 509                  }).done(function(data) { callback(data); });
 510              }
 511          },
 512      });
 513  
 514        $(\'[for=username]\').on(\'click\', function(){
 515          $("#username").select2(\'open\');
 516          return false;
 517      });
 518      // -->
 519      </script>';
 520  
 521      $buttons[] = $form->generate_submit_button($lang->ban_user);
 522      $buttons[] = $form->generate_submit_button($lang->search_for_a_user, array('name' => 'search'));
 523      $form->output_submit_wrapper($buttons);
 524      $form->end();
 525  
 526      echo '<br />';
 527  
 528      $table = new Table;
 529      $table->construct_header($lang->user);
 530      $table->construct_header($lang->ban_lifts_on, array("class" => "align_center", "width" => 150));
 531      $table->construct_header($lang->time_left, array("class" => "align_center", "width" => 150));
 532      $table->construct_header($lang->controls, array("class" => "align_center", "colspan" => 2, "width" => 200));
 533      $table->construct_header($lang->moderation, array("class" => "align_center", "colspan" => 1, "width" => 200));
 534  
 535      // Fetch bans
 536      $query = $db->query("
 537          SELECT b.*, a.username AS adminuser, u.username
 538          FROM ".TABLE_PREFIX."banned b
 539          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
 540          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
 541          {$where_sql_full}
 542          ORDER BY dateline DESC
 543          LIMIT {$start}, {$per_page}
 544      ");
 545  
 546      // Get the banned users
 547      while($ban = $db->fetch_array($query))
 548      {
 549          $profile_link = build_profile_link(htmlspecialchars_uni($ban['username']), $ban['uid'], "_blank");
 550          $ban_date = my_date($mybb->settings['dateformat'], $ban['dateline']);
 551          if($ban['lifted'] == 'perm' || $ban['lifted'] == '' || $ban['bantime'] == 'perm' || $ban['bantime'] == '---')
 552          {
 553              $ban_period = $lang->permenantly;
 554              $time_remaining = $lifts_on = $lang->na;
 555          }
 556          else
 557          {
 558              $ban_period = $lang->for." ".$ban_times[$ban['bantime']];
 559  
 560              $remaining = $ban['lifted']-TIME_NOW;
 561              $time_remaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
 562  
 563              if($remaining < 3600)
 564              {
 565                  $time_remaining = "<span style=\"color: red;\">{$time_remaining}</span>";
 566              }
 567              else if($remaining < 86400)
 568              {
 569                  $time_remaining = "<span style=\"color: maroon;\">{$time_remaining}</span>";
 570              }
 571              else if($remaining < 604800)
 572              {
 573                  $time_remaining = "<span style=\"color: green;\">{$time_remaining}</span>";
 574              }
 575  
 576              $lifts_on = my_date($mybb->settings['dateformat'], $ban['lifted']);
 577          }
 578  
 579          if(!$ban['adminuser'])
 580          {
 581              if($ban['admin'] == 0)
 582              {
 583                  $ban['adminuser'] = $lang->mybb_engine;
 584              }
 585              else
 586              {
 587                  $ban['adminuser'] = $ban['admin'];
 588              }
 589          }
 590  
 591          $table->construct_cell($lang->sprintf($lang->bannedby_x_on_x, $profile_link, htmlspecialchars_uni($ban['adminuser']), $ban_date, $ban_period));
 592          $table->construct_cell($lifts_on, array("class" => "align_center"));
 593          $table->construct_cell($time_remaining, array("class" => "align_center"));
 594          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}\">{$lang->edit}</a>", array("class" => "align_center"));
 595          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_lift_ban}');\">{$lang->lift}</a>", array("class" => "align_center"));
 596          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=prune&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_prune}');\">{$lang->prune_threads_and_posts}</a>", array("class" => "align_center"));
 597          $table->construct_row();
 598      }
 599  
 600      if($table->num_rows() == 0)
 601      {
 602          $table->construct_cell($lang->no_banned_users, array("colspan" => "6"));
 603          $table->construct_row();
 604      }
 605      $table->output($lang->banned_accounts);
 606      echo $pagination;
 607  
 608      $page->output_footer();
 609  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1