[ Index ]

PHP Cross Reference of MyBB 1.8.30

title

Body

[close]

/admin/modules/user/ -> banning.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  $page->add_breadcrumb_item($lang->banning, "index.php?module=user-banning");
  18  
  19  
  20  $sub_tabs['ips'] = array(
  21      'title' => $lang->banned_ips,
  22      'link' => "index.php?module=config-banning",
  23  );
  24  
  25  $sub_tabs['bans'] = array(
  26      'title' => $lang->banned_accounts,
  27      'link' => "index.php?module=user-banning",
  28      'description' => $lang->banned_accounts_desc
  29  );
  30  
  31  $sub_tabs['usernames'] = array(
  32      'title' => $lang->disallowed_usernames,
  33      'link' => "index.php?module=config-banning&amp;type=usernames",
  34  );
  35  
  36  $sub_tabs['emails'] = array(
  37      'title' => $lang->disallowed_email_addresses,
  38      'link' => "index.php?module=config-banning&amp;type=emails",
  39  );
  40  
  41  // Fetch banned groups
  42  $query = $db->simple_select("usergroups", "gid,title", "isbannedgroup=1", array('order_by' => 'title'));
  43  $banned_groups = array();
  44  while($group = $db->fetch_array($query))
  45  {
  46      $banned_groups[$group['gid']] = $group['title'];
  47  }
  48  
  49  // Fetch ban times
  50  $ban_times = fetch_ban_times();
  51  
  52  $plugins->run_hooks("admin_user_banning_begin");
  53  
  54  if($mybb->input['action'] == "prune")
  55  {
  56      // User clicked no
  57      if($mybb->get_input('no'))
  58      {
  59          admin_redirect("index.php?module=user-banning");
  60      }
  61  
  62      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
  63      $ban = $db->fetch_array($query);
  64  
  65      if(!$ban['uid'])
  66      {
  67          flash_message($lang->error_invalid_ban, 'error');
  68          admin_redirect("index.php?module=user-banning");
  69      }
  70  
  71      $user = get_user($ban['uid']);
  72  
  73      if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
  74      {
  75          flash_message($lang->cannot_perform_action_super_admin_general, 'error');
  76          admin_redirect("index.php?module=user-banning");
  77      }
  78  
  79      $plugins->run_hooks("admin_user_banning_prune");
  80  
  81      if($mybb->request_method == "post")
  82      {
  83          require_once  MYBB_ROOT."inc/class_moderation.php";
  84          $moderation = new Moderation();
  85  
  86          $query = $db->simple_select("threads", "tid", "uid='{$user['uid']}'");
  87          while($thread = $db->fetch_array($query))
  88          {
  89              $moderation->delete_thread($thread['tid']);
  90          }
  91  
  92          $query = $db->simple_select("posts", "pid", "uid='{$user['uid']}'");
  93          while($post = $db->fetch_array($query))
  94          {
  95              $moderation->delete_post($post['pid']);
  96          }
  97  
  98          $plugins->run_hooks("admin_user_banning_prune_commit");
  99  
 100          $cache->update_reportedcontent();
 101  
 102          // Log admin action
 103          log_admin_action($user['uid'], $user['username']);
 104  
 105          flash_message($lang->success_pruned, 'success');
 106          admin_redirect("index.php?module=user-banning");
 107      }
 108      else
 109      {
 110          $page->output_confirm_action("index.php?module=user-banning&amp;action=prune&amp;uid={$user['uid']}", $lang->confirm_prune);
 111      }
 112  }
 113  
 114  if($mybb->input['action'] == "lift")
 115  {
 116      // User clicked no
 117      if($mybb->get_input('no'))
 118      {
 119          admin_redirect("index.php?module=user-banning");
 120      }
 121  
 122      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
 123      $ban = $db->fetch_array($query);
 124  
 125      if(!$ban['uid'])
 126      {
 127          flash_message($lang->error_invalid_ban, 'error');
 128          admin_redirect("index.php?module=user-banning");
 129      }
 130  
 131      $user = get_user($ban['uid']);
 132  
 133      if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
 134      {
 135          flash_message($lang->cannot_perform_action_super_admin_general, 'error');
 136          admin_redirect("index.php?module=user-banning");
 137      }
 138  
 139      $plugins->run_hooks("admin_user_banning_lift");
 140  
 141      if($mybb->request_method == "post")
 142      {
 143          $updated_group = array(
 144              'usergroup' => $ban['oldgroup'],
 145              'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']),
 146              'displaygroup' => $ban['olddisplaygroup']
 147          );
 148          $db->delete_query("banned", "uid='{$ban['uid']}'");
 149  
 150          $plugins->run_hooks("admin_user_banning_lift_commit");
 151  
 152          $db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
 153  
 154          $cache->update_moderators();
 155  
 156          // Log admin action
 157          log_admin_action($ban['uid'], $user['username']);
 158  
 159          flash_message($lang->success_ban_lifted, 'success');
 160          admin_redirect("index.php?module=user-banning");
 161      }
 162      else
 163      {
 164          $page->output_confirm_action("index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}", $lang->confirm_lift_ban);
 165      }
 166  }
 167  
 168  if($mybb->input['action'] == "edit")
 169  {
 170      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
 171      $ban = $db->fetch_array($query);
 172  
 173      if(empty($ban['uid']))
 174      {
 175          flash_message($lang->error_invalid_ban, 'error');
 176          admin_redirect("index.php?module=user-banning");
 177      }
 178  
 179      $user = get_user($ban['uid']);
 180  
 181      $plugins->run_hooks("admin_user_banning_edit");
 182  
 183      if($mybb->request_method == "post")
 184      {
 185          if(!$ban['uid'])
 186          {
 187              $errors[] = $lang->error_invalid_username;
 188          }
 189          // Is the user we're trying to ban a super admin and we're not?
 190          else if(is_super_admin($ban['uid']) && !is_super_admin($ban['uid']))
 191          {
 192              $errors[] = $lang->error_no_perm_to_ban;
 193          }
 194  
 195          if($ban['uid'] == $mybb->user['uid'])
 196          {
 197              $errors[] = $lang->error_ban_self;
 198          }
 199  
 200          // No errors? Update
 201          if(!$errors)
 202          {
 203              // Ban the user
 204              if($mybb->input['bantime'] == '---')
 205              {
 206                  $lifted = 0;
 207              }
 208              else
 209              {
 210                  $lifted = ban_date2timestamp($mybb->input['bantime'], $ban['dateline']);
 211              }
 212  
 213              $reason = my_substr($mybb->input['reason'], 0, 255);
 214  
 215              if(count($banned_groups) == 1)
 216              {
 217                  $group = array_keys($banned_groups);
 218                  $mybb->input['usergroup'] = $group[0];
 219              }
 220  
 221              $update_array = array(
 222                  'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 223                  'dateline' => TIME_NOW,
 224                  'bantime' => $db->escape_string($mybb->input['bantime']),
 225                  'lifted' => $db->escape_string($lifted),
 226                  'reason' => $db->escape_string($reason)
 227              );
 228  
 229              $db->update_query('banned', $update_array, "uid='{$ban['uid']}'");
 230  
 231              // Move the user to the banned group
 232              $update_array = array(
 233                  'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 234                  'displaygroup' => 0,
 235                  'additionalgroups' => '',
 236              );
 237              $db->update_query('users', $update_array, "uid = {$ban['uid']}");
 238  
 239              $plugins->run_hooks("admin_user_banning_edit_commit");
 240  
 241              // Log admin action
 242              log_admin_action($ban['uid'], $user['username']);
 243  
 244              flash_message($lang->success_ban_updated, 'success');
 245              admin_redirect("index.php?module=user-banning");
 246          }
 247      }
 248      $page->add_breadcrumb_item($lang->edit_ban);
 249      $page->output_header($lang->edit_ban);
 250  
 251      $sub_tabs = array();
 252      $sub_tabs['edit'] = array(
 253          'title' => $lang->edit_ban,
 254          'description' => $lang->edit_ban_desc
 255      );
 256      $page->output_nav_tabs($sub_tabs, "edit");
 257  
 258      $form = new Form("index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}", "post");
 259      if($errors)
 260      {
 261          $page->output_inline_error($errors);
 262      }
 263      else
 264      {
 265          $mybb->input = array_merge($mybb->input, $ban);
 266      }
 267  
 268      $form_container = new FormContainer($lang->edit_ban);
 269      $form_container->output_row($lang->ban_username, "", htmlspecialchars_uni($user['username']));
 270      $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
 271      if(count($banned_groups) > 1)
 272      {
 273          $form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 274      }
 275  
 276      if($mybb->input['bantime'] == 'perm' || $mybb->input['bantime'] == '' || $mybb->input['lifted'] == 'perm' ||$mybb->input['lifted'] == '')
 277      {
 278          $mybb->input['bantime'] = '---';
 279          $mybb->input['lifted'] = '---';
 280      }
 281  
 282      foreach($ban_times as $time => $period)
 283      {
 284          if($time != '---')
 285          {
 286              $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
 287              $period = "{$period} ({$friendly_time})";
 288          }
 289          $length_list[$time] = $period;
 290      }
 291      $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
 292  
 293      $form_container->end();
 294  
 295      $buttons[] = $form->generate_submit_button($lang->update_ban);
 296      $form->output_submit_wrapper($buttons);
 297      $form->end();
 298  
 299      $page->output_footer();
 300  }
 301  
 302  if(!$mybb->input['action'])
 303  {
 304      $where_sql_full = $where_sql = '';
 305  
 306      $plugins->run_hooks("admin_user_banning_start");
 307  
 308      if($mybb->request_method == "post")
 309      {
 310          $options = array(
 311              'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup')
 312          );
 313  
 314          $user = get_user_by_username($mybb->input['username'], $options);
 315  
 316          // Are we searching a user?
 317          if(is_array($user) && isset($mybb->input['search']))
 318          {
 319              $where_sql = 'uid=\''.(int)$user['uid'].'\'';
 320              $where_sql_full = 'WHERE b.uid=\''.(int)$user['uid'].'\'';
 321          }
 322          else
 323          {
 324              if(empty($user['uid']))
 325              {
 326                  $errors[] = $lang->error_invalid_username;
 327              }
 328              // Is the user we're trying to ban a super admin and we're not?
 329              else if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
 330              {
 331                  $errors[] = $lang->error_no_perm_to_ban;
 332              }
 333              else
 334              {
 335                  $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'");
 336                  if($db->fetch_field($query, "uid"))
 337                  {
 338                      $errors[] = $lang->error_already_banned;
 339                  }
 340  
 341                  // Get PRIMARY usergroup information
 342                  $usergroups = $cache->read("usergroups");
 343                  if(!empty($usergroups[$user['usergroup']]) && $usergroups[$user['usergroup']]['isbannedgroup'] == 1)
 344                  {
 345                      $errors[] = $lang->error_already_banned;
 346                  }
 347  
 348                  if($user['uid'] == $mybb->user['uid'])
 349                  {
 350                      $errors[] = $lang->error_ban_self;
 351                  }
 352              }
 353  
 354              // No errors? Insert
 355              if(!$errors)
 356              {
 357                  // Ban the user
 358                  if($mybb->input['bantime'] == '---')
 359                  {
 360                      $lifted = 0;
 361                  }
 362                  else
 363                  {
 364                      $lifted = ban_date2timestamp($mybb->input['bantime']);
 365                  }
 366  
 367                  $reason = my_substr($mybb->input['reason'], 0, 255);
 368  
 369                  if(count($banned_groups) == 1)
 370                  {
 371                      $group = array_keys($banned_groups);
 372                      $mybb->input['usergroup'] = $group[0];
 373                  }
 374  
 375                  $insert_array = array(
 376                      'uid' => $user['uid'],
 377                      'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 378                      'oldgroup' => $user['usergroup'],
 379                      'oldadditionalgroups' => $db->escape_string($user['additionalgroups']),
 380                      'olddisplaygroup' => $user['displaygroup'],
 381                      'admin' => (int)$mybb->user['uid'],
 382                      'dateline' => TIME_NOW,
 383                      'bantime' => $db->escape_string($mybb->input['bantime']),
 384                      'lifted' => $db->escape_string($lifted),
 385                      'reason' => $db->escape_string($reason)
 386                  );
 387                  $db->insert_query('banned', $insert_array);
 388  
 389                  // Move the user to the banned group
 390                  $update_array = array(
 391                      'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
 392                      'displaygroup' => 0,
 393                      'additionalgroups' => '',
 394                  );
 395  
 396                  $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
 397                  $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
 398  
 399                  $plugins->run_hooks("admin_user_banning_start_commit");
 400  
 401                  $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
 402  
 403                  // Log admin action
 404                  log_admin_action($user['uid'], $user['username'], $lifted);
 405  
 406                  flash_message($lang->success_banned, 'success');
 407                  admin_redirect("index.php?module=user-banning");
 408              }
 409          }
 410      }
 411  
 412      $page->output_header($lang->banned_accounts);
 413  
 414      $page->output_nav_tabs($sub_tabs, "bans");
 415  
 416      $query = $db->simple_select("banned", "COUNT(*) AS ban_count", $where_sql);
 417      $ban_count = $db->fetch_field($query, "ban_count");
 418  
 419      $per_page = 20;
 420  
 421      $mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT);
 422      if($mybb->input['page'] > 0)
 423      {
 424          $current_page = $mybb->input['page'];
 425          $start = ($current_page-1)*$per_page;
 426          $pages = $ban_count / $per_page;
 427          $pages = ceil($pages);
 428          if($current_page > $pages)
 429          {
 430              $start = 0;
 431              $current_page = 1;
 432          }
 433      }
 434      else
 435      {
 436          $start = 0;
 437          $current_page = 1;
 438      }
 439  
 440      $pagination = draw_admin_pagination($current_page, $per_page, $ban_count, "index.php?module=user-banning&amp;page={page}");
 441  
 442      $form = new Form("index.php?module=user-banning", "post");
 443      if($errors)
 444      {
 445          $page->output_inline_error($errors);
 446      }
 447  
 448      $mybb->input['username'] = $mybb->get_input('username');
 449      $mybb->input['reason'] = $mybb->get_input('reason');
 450      $mybb->input['bantime'] = $mybb->get_input('bantime');
 451  
 452      if(isset($mybb->input['uid']) && empty($mybb->input['username']))
 453      {
 454          $user = get_user($mybb->input['uid']);
 455          $mybb->input['username'] = $user['username'];
 456      }
 457  
 458      $form_container = new FormContainer($lang->ban_a_user);
 459      $form_container->output_row($lang->ban_username, $lang->autocomplete_enabled, $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
 460      $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
 461      if(count($banned_groups) > 1)
 462      {
 463          $form_container->output_row($lang->ban_group, $lang->add_ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 464      }
 465      foreach($ban_times as $time => $period)
 466      {
 467          if($time != "---")
 468          {
 469              $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
 470              $period = "{$period} ({$friendly_time})";
 471          }
 472          $length_list[$time] = $period;
 473      }
 474      $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
 475  
 476      $form_container->end();
 477  
 478      // Autocompletion for usernames
 479      echo '
 480      <link rel="stylesheet" href="../jscripts/select2/select2.css">
 481      <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script>
 482      <script type="text/javascript">
 483      <!--
 484      $("#username").select2({
 485          placeholder: "'.$lang->search_for_a_user.'",
 486          minimumInputLength: 2,
 487          multiple: false,
 488          ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
 489              url: "../xmlhttp.php?action=get_users",
 490              dataType: \'json\',
 491              data: function (term, page) {
 492                  return {
 493                      query: term, // search term
 494                  };
 495              },
 496              results: function (data, page) { // parse the results into the format expected by Select2.
 497                  // since we are using custom formatting functions we do not need to alter remote JSON data
 498                  return {results: data};
 499              }
 500          },
 501          initSelection: function(element, callback) {
 502              var query = $(element).val();
 503              if (query !== "") {
 504                  $.ajax("../xmlhttp.php?action=get_users&getone=1", {
 505                      data: {
 506                          query: query
 507                      },
 508                      dataType: "json"
 509                  }).done(function(data) { callback(data); });
 510              }
 511          },
 512      });
 513  
 514        $(\'[for=username]\').on(\'click\', function(){
 515          $("#username").select2(\'open\');
 516          return false;
 517      });
 518      // -->
 519      </script>';
 520  
 521      $buttons[] = $form->generate_submit_button($lang->ban_user);
 522      $buttons[] = $form->generate_submit_button($lang->search_for_a_user, array('name' => 'search'));
 523      $form->output_submit_wrapper($buttons);
 524      $form->end();
 525  
 526      echo '<br />';
 527  
 528      $table = new Table;
 529      $table->construct_header($lang->user);
 530      $table->construct_header($lang->ban_lifts_on, array("class" => "align_center", "width" => 150));
 531      $table->construct_header($lang->time_left, array("class" => "align_center", "width" => 150));
 532      $table->construct_header($lang->controls, array("class" => "align_center", "colspan" => 2, "width" => 200));
 533      $table->construct_header($lang->moderation, array("class" => "align_center", "colspan" => 1, "width" => 200));
 534  
 535      // Fetch bans
 536      $query = $db->query("
 537          SELECT b.*, a.username AS adminuser, u.username
 538          FROM ".TABLE_PREFIX."banned b
 539          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
 540          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
 541          {$where_sql_full}
 542          ORDER BY dateline DESC
 543          LIMIT {$start}, {$per_page}
 544      ");
 545  
 546      // Get the banned users
 547      while($ban = $db->fetch_array($query))
 548      {
 549          $profile_link = build_profile_link(htmlspecialchars_uni($ban['username']), $ban['uid'], "_blank");
 550          $ban_date = my_date($mybb->settings['dateformat'], $ban['dateline']);
 551          if($ban['lifted'] == 'perm' || $ban['lifted'] == '' || $ban['bantime'] == 'perm' || $ban['bantime'] == '---')
 552          {
 553              $ban_period = $lang->permenantly;
 554              $time_remaining = $lifts_on = $lang->na;
 555          }
 556          else
 557          {
 558              $ban_period = $lang->for." ".$ban_times[$ban['bantime']];
 559  
 560              $remaining = $ban['lifted']-TIME_NOW;
 561              $time_remaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
 562  
 563              if($remaining < 3600)
 564              {
 565                  $time_remaining = "<span style=\"color: red;\">{$time_remaining}</span>";
 566              }
 567              else if($remaining < 86400)
 568              {
 569                  $time_remaining = "<span style=\"color: maroon;\">{$time_remaining}</span>";
 570              }
 571              else if($remaining < 604800)
 572              {
 573                  $time_remaining = "<span style=\"color: green;\">{$time_remaining}</span>";
 574              }
 575  
 576              $lifts_on = my_date($mybb->settings['dateformat'], $ban['lifted']);
 577          }
 578  
 579          if(!$ban['adminuser'])
 580          {
 581              if($ban['admin'] == 0)
 582              {
 583                  $ban['adminuser'] = $lang->mybb_engine;
 584              }
 585              else
 586              {
 587                  $ban['adminuser'] = $ban['admin'];
 588              }
 589          }
 590  
 591          $table->construct_cell($lang->sprintf($lang->bannedby_x_on_x, $profile_link, htmlspecialchars_uni($ban['adminuser']), $ban_date, $ban_period));
 592          $table->construct_cell($lifts_on, array("class" => "align_center"));
 593          $table->construct_cell($time_remaining, array("class" => "align_center"));
 594          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}\">{$lang->edit}</a>", array("class" => "align_center"));
 595          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_lift_ban}');\">{$lang->lift}</a>", array("class" => "align_center"));
 596          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=prune&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_prune}');\">{$lang->prune_threads_and_posts}</a>", array("class" => "align_center"));
 597          $table->construct_row();
 598      }
 599  
 600      if($table->num_rows() == 0)
 601      {
 602          $table->construct_cell($lang->no_banned_users, array("colspan" => "6"));
 603          $table->construct_row();
 604      }
 605      $table->output($lang->banned_accounts);
 606      echo $pagination;
 607  
 608      $page->output_footer();
 609  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref