| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 // Disallow direct access to this file for security reasons 12 if(!defined("IN_MYBB")) 13 { 14 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 15 } 16 17 $page->add_breadcrumb_item($lang->banning, "index.php?module=user-banning"); 18 19 20 $sub_tabs['ips'] = array( 21 'title' => $lang->banned_ips, 22 'link' => "index.php?module=config-banning", 23 ); 24 25 $sub_tabs['bans'] = array( 26 'title' => $lang->banned_accounts, 27 'link' => "index.php?module=user-banning", 28 'description' => $lang->banned_accounts_desc 29 ); 30 31 $sub_tabs['usernames'] = array( 32 'title' => $lang->disallowed_usernames, 33 'link' => "index.php?module=config-banning&type=usernames", 34 ); 35 36 $sub_tabs['emails'] = array( 37 'title' => $lang->disallowed_email_addresses, 38 'link' => "index.php?module=config-banning&type=emails", 39 ); 40 41 // Fetch banned groups 42 $query = $db->simple_select("usergroups", "gid,title", "isbannedgroup=1", array('order_by' => 'title')); 43 $banned_groups = array(); 44 while($group = $db->fetch_array($query)) 45 { 46 $banned_groups[$group['gid']] = $group['title']; 47 } 48 49 // Fetch ban times 50 $ban_times = fetch_ban_times(); 51 52 $plugins->run_hooks("admin_user_banning_begin"); 53 54 if($mybb->input['action'] == "prune") 55 { 56 // User clicked no 57 if($mybb->get_input('no')) 58 { 59 admin_redirect("index.php?module=user-banning"); 60 } 61 62 $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 63 $ban = $db->fetch_array($query); 64 65 if(!$ban) 66 { 67 flash_message($lang->error_invalid_ban, 'error'); 68 admin_redirect("index.php?module=user-banning"); 69 } 70 71 $user = get_user($ban['uid']); 72 73 if(!$user || (is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))) 74 { 75 flash_message($lang->cannot_perform_action_super_admin_general, 'error'); 76 admin_redirect("index.php?module=user-banning"); 77 } 78 79 $plugins->run_hooks("admin_user_banning_prune"); 80 81 if($mybb->request_method == "post") 82 { 83 require_once MYBB_ROOT."inc/class_moderation.php"; 84 $moderation = new Moderation(); 85 86 $query = $db->simple_select("threads", "tid", "uid='{$user['uid']}'"); 87 while($thread = $db->fetch_array($query)) 88 { 89 $moderation->delete_thread($thread['tid']); 90 } 91 92 $query = $db->simple_select("posts", "pid", "uid='{$user['uid']}'"); 93 while($post = $db->fetch_array($query)) 94 { 95 $moderation->delete_post($post['pid']); 96 } 97 98 $plugins->run_hooks("admin_user_banning_prune_commit"); 99 100 $cache->update_reportedcontent(); 101 102 // Log admin action 103 log_admin_action($user['uid'], $user['username']); 104 105 flash_message($lang->success_pruned, 'success'); 106 admin_redirect("index.php?module=user-banning"); 107 } 108 else 109 { 110 $page->output_confirm_action("index.php?module=user-banning&action=prune&uid={$user['uid']}", $lang->confirm_prune); 111 } 112 } 113 114 if($mybb->input['action'] == "lift") 115 { 116 // User clicked no 117 if($mybb->get_input('no')) 118 { 119 admin_redirect("index.php?module=user-banning"); 120 } 121 122 $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 123 $ban = $db->fetch_array($query); 124 125 if(!$ban) 126 { 127 flash_message($lang->error_invalid_ban, 'error'); 128 admin_redirect("index.php?module=user-banning"); 129 } 130 131 $user = get_user($ban['uid']); 132 133 if(!$user || (is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))) 134 { 135 flash_message($lang->cannot_perform_action_super_admin_general, 'error'); 136 admin_redirect("index.php?module=user-banning"); 137 } 138 139 $plugins->run_hooks("admin_user_banning_lift"); 140 141 if($mybb->request_method == "post") 142 { 143 $updated_group = array( 144 'usergroup' => $ban['oldgroup'], 145 'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']), 146 'displaygroup' => $ban['olddisplaygroup'] 147 ); 148 $db->delete_query("banned", "uid='{$ban['uid']}'"); 149 150 $plugins->run_hooks("admin_user_banning_lift_commit"); 151 152 $db->update_query("users", $updated_group, "uid='{$ban['uid']}'"); 153 154 $cache->update_moderators(); 155 156 $cache->update_awaitingactivation(); 157 158 // Log admin action 159 log_admin_action($ban['uid'], $user['username']); 160 161 flash_message($lang->success_ban_lifted, 'success'); 162 admin_redirect("index.php?module=user-banning"); 163 } 164 else 165 { 166 $page->output_confirm_action("index.php?module=user-banning&action=lift&uid={$ban['uid']}", $lang->confirm_lift_ban); 167 } 168 } 169 170 if($mybb->input['action'] == "edit") 171 { 172 $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 173 $ban = $db->fetch_array($query); 174 175 if(!$ban) 176 { 177 flash_message($lang->error_invalid_ban, 'error'); 178 admin_redirect("index.php?module=user-banning"); 179 } 180 181 $user = get_user($ban['uid']); 182 183 $plugins->run_hooks("admin_user_banning_edit"); 184 185 if($mybb->request_method == "post") 186 { 187 if(empty($ban['uid'])) 188 { 189 $errors[] = $lang->error_invalid_username; 190 } 191 // Is the user we're trying to ban a super admin and we're not? 192 else if(is_super_admin($ban['uid']) && !is_super_admin($ban['uid'])) 193 { 194 $errors[] = $lang->error_no_perm_to_ban; 195 } 196 197 if($ban['uid'] == $mybb->user['uid']) 198 { 199 $errors[] = $lang->error_ban_self; 200 } 201 202 // No errors? Update 203 if(!$errors) 204 { 205 // Ban the user 206 if($mybb->input['bantime'] == '---') 207 { 208 $lifted = 0; 209 } 210 else 211 { 212 $lifted = ban_date2timestamp($mybb->input['bantime'], $ban['dateline']); 213 } 214 215 $reason = my_substr($mybb->input['reason'], 0, 255); 216 217 if(count($banned_groups) == 1) 218 { 219 $group = array_keys($banned_groups); 220 $mybb->input['usergroup'] = $group[0]; 221 } 222 223 $update_array = array( 224 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 225 'dateline' => TIME_NOW, 226 'bantime' => $db->escape_string($mybb->input['bantime']), 227 'lifted' => $db->escape_string($lifted), 228 'reason' => $db->escape_string($reason) 229 ); 230 231 $db->update_query('banned', $update_array, "uid='{$ban['uid']}'"); 232 233 // Move the user to the banned group 234 $update_array = array( 235 'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 236 'displaygroup' => 0, 237 'additionalgroups' => '', 238 ); 239 $db->update_query('users', $update_array, "uid = {$ban['uid']}"); 240 241 $plugins->run_hooks("admin_user_banning_edit_commit"); 242 243 $cache->update_awaitingactivation(); 244 245 // Log admin action 246 log_admin_action($ban['uid'], $user['username']); 247 248 flash_message($lang->success_ban_updated, 'success'); 249 admin_redirect("index.php?module=user-banning"); 250 } 251 } 252 $page->add_breadcrumb_item($lang->edit_ban); 253 $page->output_header($lang->edit_ban); 254 255 $sub_tabs = array(); 256 $sub_tabs['edit'] = array( 257 'title' => $lang->edit_ban, 258 'description' => $lang->edit_ban_desc 259 ); 260 $page->output_nav_tabs($sub_tabs, "edit"); 261 262 $form = new Form("index.php?module=user-banning&action=edit&uid={$ban['uid']}", "post"); 263 if($errors) 264 { 265 $page->output_inline_error($errors); 266 } 267 else 268 { 269 $mybb->input = array_merge($mybb->input, $ban); 270 } 271 272 if(!empty($ban['gid'])) 273 { 274 $mybb->input['usergroup'] = $ban['gid']; 275 } 276 else if(!empty($user['usergroup'])) 277 { 278 $mybb->input['usergroup'] = $user['usergroup']; 279 } 280 else 281 { 282 $mybb->input['usergroup'] = 0; 283 } 284 285 $form_container = new FormContainer($lang->edit_ban); 286 $form_container->output_row($lang->ban_username, "", htmlspecialchars_uni($user['username'])); 287 $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason'); 288 if(count($banned_groups) > 1) 289 { 290 $form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 291 } 292 293 if($mybb->input['bantime'] == 'perm' || $mybb->input['bantime'] == '' || $mybb->input['lifted'] == 'perm' ||$mybb->input['lifted'] == '') 294 { 295 $mybb->input['bantime'] = '---'; 296 $mybb->input['lifted'] = '---'; 297 } 298 299 foreach($ban_times as $time => $period) 300 { 301 if($time != '---') 302 { 303 $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time)); 304 $period = "{$period} ({$friendly_time})"; 305 } 306 $length_list[$time] = $period; 307 } 308 $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime'); 309 310 $form_container->end(); 311 312 $buttons[] = $form->generate_submit_button($lang->update_ban); 313 $form->output_submit_wrapper($buttons); 314 $form->end(); 315 316 $page->output_footer(); 317 } 318 319 if(!$mybb->input['action']) 320 { 321 $where_sql_full = $where_sql = ''; 322 323 $plugins->run_hooks("admin_user_banning_start"); 324 325 if($mybb->request_method == "post") 326 { 327 $options = array( 328 'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup') 329 ); 330 331 $user = get_user_by_username($mybb->input['username'], $options); 332 333 // Are we searching a user? 334 if(is_array($user) && isset($mybb->input['search'])) 335 { 336 $where_sql = 'uid=\''.(int)$user['uid'].'\''; 337 $where_sql_full = 'WHERE b.uid=\''.(int)$user['uid'].'\''; 338 } 339 else 340 { 341 if(!$user) 342 { 343 $errors[] = $lang->error_invalid_username; 344 } 345 // Is the user we're trying to ban a super admin and we're not? 346 else if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid'])) 347 { 348 $errors[] = $lang->error_no_perm_to_ban; 349 } 350 else 351 { 352 $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'"); 353 if($db->fetch_field($query, "uid")) 354 { 355 $errors[] = $lang->error_already_banned; 356 } 357 358 // Get PRIMARY usergroup information 359 $usergroups = $cache->read("usergroups"); 360 if(!empty($usergroups[$user['usergroup']]) && $usergroups[$user['usergroup']]['isbannedgroup'] == 1) 361 { 362 $errors[] = $lang->error_already_banned; 363 } 364 365 if($user['uid'] == $mybb->user['uid']) 366 { 367 $errors[] = $lang->error_ban_self; 368 } 369 } 370 371 // No errors? Insert 372 if(!$errors) 373 { 374 // Ban the user 375 if($mybb->input['bantime'] == '---') 376 { 377 $lifted = 0; 378 } 379 else 380 { 381 $lifted = ban_date2timestamp($mybb->input['bantime']); 382 } 383 384 $reason = my_substr($mybb->input['reason'], 0, 255); 385 386 if(count($banned_groups) == 1) 387 { 388 $group = array_keys($banned_groups); 389 $mybb->input['usergroup'] = $group[0]; 390 } 391 392 $insert_array = array( 393 'uid' => $user['uid'], 394 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 395 'oldgroup' => $user['usergroup'], 396 'oldadditionalgroups' => $db->escape_string($user['additionalgroups']), 397 'olddisplaygroup' => $user['displaygroup'], 398 'admin' => (int)$mybb->user['uid'], 399 'dateline' => TIME_NOW, 400 'bantime' => $db->escape_string($mybb->input['bantime']), 401 'lifted' => $db->escape_string($lifted), 402 'reason' => $db->escape_string($reason) 403 ); 404 $db->insert_query('banned', $insert_array); 405 406 // Move the user to the banned group 407 $update_array = array( 408 'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 409 'displaygroup' => 0, 410 'additionalgroups' => '', 411 ); 412 413 $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'"); 414 $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'"); 415 416 $plugins->run_hooks("admin_user_banning_start_commit"); 417 418 $db->update_query('users', $update_array, "uid = '{$user['uid']}'"); 419 420 // Log admin action 421 log_admin_action($user['uid'], $user['username'], $lifted); 422 423 flash_message($lang->success_banned, 'success'); 424 admin_redirect("index.php?module=user-banning"); 425 } 426 } 427 } 428 429 $page->output_header($lang->banned_accounts); 430 431 $page->output_nav_tabs($sub_tabs, "bans"); 432 433 $query = $db->simple_select("banned", "COUNT(*) AS ban_count", $where_sql); 434 $ban_count = $db->fetch_field($query, "ban_count"); 435 436 $per_page = 20; 437 438 $mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT); 439 if($mybb->input['page'] > 0) 440 { 441 $current_page = $mybb->input['page']; 442 $start = ($current_page-1)*$per_page; 443 $pages = $ban_count / $per_page; 444 $pages = ceil($pages); 445 if($current_page > $pages) 446 { 447 $start = 0; 448 $current_page = 1; 449 } 450 } 451 else 452 { 453 $start = 0; 454 $current_page = 1; 455 } 456 457 $pagination = draw_admin_pagination($current_page, $per_page, $ban_count, "index.php?module=user-banning&page={page}"); 458 459 $form = new Form("index.php?module=user-banning", "post"); 460 if($errors) 461 { 462 $page->output_inline_error($errors); 463 } 464 465 $mybb->input['username'] = $mybb->get_input('username'); 466 $mybb->input['reason'] = $mybb->get_input('reason'); 467 $mybb->input['bantime'] = $mybb->get_input('bantime'); 468 469 if(isset($mybb->input['uid']) && empty($mybb->input['username'])) 470 { 471 $user = get_user($mybb->input['uid']); 472 $mybb->input['username'] = $user['username']; 473 } 474 475 if(empty($mybb->input['usergroup'])) 476 { 477 if(!empty($mybb->settings['purgespammerbangroup'])) 478 { 479 $mybb->input['usergroup'] = $mybb->settings['purgespammerbangroup']; 480 } 481 else if(count($banned_groups)) 482 { 483 $group = array_keys($banned_groups); 484 $mybb->input['usergroup'] = $group[0]; 485 } 486 else 487 { 488 $mybb->input['usergroup'] = 0; 489 } 490 } 491 492 $form_container = new FormContainer($lang->ban_a_user); 493 $form_container->output_row($lang->ban_username, $lang->autocomplete_enabled, $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username'); 494 $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason'); 495 if(count($banned_groups) > 1) 496 { 497 $form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 498 } 499 foreach($ban_times as $time => $period) 500 { 501 if($time != "---") 502 { 503 $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time)); 504 $period = "{$period} ({$friendly_time})"; 505 } 506 $length_list[$time] = $period; 507 } 508 $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime'); 509 510 $form_container->end(); 511 512 // Autocompletion for usernames 513 echo ' 514 <link rel="stylesheet" href="../jscripts/select2/select2.css"> 515 <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script> 516 <script type="text/javascript"> 517 <!-- 518 $("#username").select2({ 519 placeholder: "'.$lang->search_for_a_user.'", 520 minimumInputLength: 2, 521 multiple: false, 522 ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper 523 url: "../xmlhttp.php?action=get_users", 524 dataType: \'json\', 525 data: function (term, page) { 526 return { 527 query: term, // search term 528 }; 529 }, 530 results: function (data, page) { // parse the results into the format expected by Select2. 531 // since we are using custom formatting functions we do not need to alter remote JSON data 532 return {results: data}; 533 } 534 }, 535 initSelection: function(element, callback) { 536 var query = $(element).val(); 537 if (query !== "") { 538 $.ajax("../xmlhttp.php?action=get_users&getone=1", { 539 data: { 540 query: query 541 }, 542 dataType: "json" 543 }).done(function(data) { callback(data); }); 544 } 545 }, 546 }); 547 548 $(\'[for=username]\').on(\'click\', function(){ 549 $("#username").select2(\'open\'); 550 return false; 551 }); 552 // --> 553 </script>'; 554 555 $buttons[] = $form->generate_submit_button($lang->ban_user); 556 $buttons[] = $form->generate_submit_button($lang->search_for_a_user, array('name' => 'search')); 557 $form->output_submit_wrapper($buttons); 558 $form->end(); 559 560 echo '<br />'; 561 562 $table = new Table; 563 $table->construct_header($lang->user); 564 $table->construct_header($lang->ban_lifts_on, array("class" => "align_center", "width" => 150)); 565 $table->construct_header($lang->time_left, array("class" => "align_center", "width" => 150)); 566 $table->construct_header($lang->controls, array("class" => "align_center", "colspan" => 2, "width" => 200)); 567 $table->construct_header($lang->moderation, array("class" => "align_center", "colspan" => 1, "width" => 200)); 568 569 // Fetch bans 570 $query = $db->query(" 571 SELECT b.*, a.username AS adminuser, u.username 572 FROM ".TABLE_PREFIX."banned b 573 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 574 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 575 {$where_sql_full} 576 ORDER BY dateline DESC 577 LIMIT {$start}, {$per_page} 578 "); 579 580 // Get the banned users 581 while($ban = $db->fetch_array($query)) 582 { 583 $profile_link = build_profile_link(htmlspecialchars_uni($ban['username']), $ban['uid'], "_blank"); 584 $ban_date = my_date($mybb->settings['dateformat'], $ban['dateline']); 585 if($ban['lifted'] == 'perm' || $ban['lifted'] == '' || $ban['bantime'] == 'perm' || $ban['bantime'] == '---') 586 { 587 $ban_period = $lang->permenantly; 588 $time_remaining = $lifts_on = $lang->na; 589 } 590 else 591 { 592 $ban_period = $lang->for." ".$ban_times[$ban['bantime']]; 593 594 $remaining = $ban['lifted']-TIME_NOW; 595 $time_remaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 596 597 if($remaining < 3600) 598 { 599 $time_remaining = "<span style=\"color: red;\">{$time_remaining}</span>"; 600 } 601 else if($remaining < 86400) 602 { 603 $time_remaining = "<span style=\"color: maroon;\">{$time_remaining}</span>"; 604 } 605 else if($remaining < 604800) 606 { 607 $time_remaining = "<span style=\"color: green;\">{$time_remaining}</span>"; 608 } 609 610 $lifts_on = my_date($mybb->settings['dateformat'], $ban['lifted']); 611 } 612 613 if(!$ban['adminuser']) 614 { 615 if($ban['admin'] == 0) 616 { 617 $ban['adminuser'] = $lang->mybb_engine; 618 } 619 else 620 { 621 $ban['adminuser'] = $ban['admin']; 622 } 623 } 624 625 $table->construct_cell($lang->sprintf($lang->bannedby_x_on_x, $profile_link, htmlspecialchars_uni($ban['adminuser']), $ban_date, $ban_period)); 626 $table->construct_cell($lifts_on, array("class" => "align_center")); 627 $table->construct_cell($time_remaining, array("class" => "align_center")); 628 $table->construct_cell("<a href=\"index.php?module=user-banning&action=edit&uid={$ban['uid']}\">{$lang->edit}</a>", array("class" => "align_center")); 629 $table->construct_cell("<a href=\"index.php?module=user-banning&action=lift&uid={$ban['uid']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_lift_ban}');\">{$lang->lift}</a>", array("class" => "align_center")); 630 $table->construct_cell("<a href=\"index.php?module=user-banning&action=prune&uid={$ban['uid']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_prune}');\">{$lang->prune_threads_and_posts}</a>", array("class" => "align_center")); 631 $table->construct_row(); 632 } 633 634 if($table->num_rows() == 0) 635 { 636 $table->construct_cell($lang->no_banned_users, array("colspan" => "6")); 637 $table->construct_row(); 638 } 639 $table->output($lang->banned_accounts); 640 echo $pagination; 641 642 $page->output_footer(); 643 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |