<?php
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
message_die(GENERAL_ERROR, 'Invalid_session');
}
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//
// session id check
if ($sid != $userdata['session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}
//
// Start auth check
//
$is_auth = auth(AUTH_ALL, $forum_id, $userdata);
if ( $userdata['user_level'] !=MOD && $userdata['user_level'] !=ADMIN )
{
message_die(GENERAL_MESSAGE, $lang['Not_Moderator'], $lang['Not_Authorised']);
}
//
// End Auth Check
//
//
// Obtain initial var settings
//
$post_id = intval($HTTP_GET_VARS[POST_POST_URL]) ? intval($HTTP_GET_VARS[POST_POST_URL]) : false;
$confirm = $HTTP_POST_VARS['confirm'] == $lang['Yes'] ? true : false;
$cancel = $HTTP_POST_VARS['cancel'] == $lang['No'] ? true : false;
//
// Do major work ...
//
$sql = "SELECT p.topic_id, p.poster_id, p.poster_ip, u.username
FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u
WHERE p.post_id = " . $post_id . "
AND u.user_id = p.poster_id
AND u.user_level = " . USER;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
if ( !($user_ban = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, 'No_post_selected');
}
$db->sql_freeresult($result);
if ( !$confirm && !$cancel )
{
//
// Output confirmation page
//
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'confirm_body' => 'confirm_body.tpl')
);
if ( $user_ban['poster_id'] != ANONYMOUS )
{
$message = $lang['user_ban'] . " (<b>" . $user_ban['username'] . "</b>) ?";
}
elseif ( $user_ban['poster_id'] == ANONYMOUS )
{
$message = $lang['ip_ban'] . " (" . decode_ip($user_ban['poster_ip']) . ") ?";
}
$template->assign_vars(array(
'MESSAGE_TITLE' => $user_ban['username'],
'MESSAGE_TEXT' => $message,
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => "ban.$phpEx?" . POST_POST_URL . "=" . $post_id . "&sid=" . $userdata['session_id'],
'S_HIDDEN_FIELDS' => '')
);
$template->pparse('confirm_body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
elseif ( $confirm && !$cancel )
{
if ( $user_ban['poster_id'] == ANONYMOUS )
{
$sql = "SELECT ban_ip
FROM " . BANLIST_TABLE . "
WHERE ban_ip = '" . $user_ban['poster_ip'] . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
if ( !($db->sql_fetchrow($result)) )
{
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
VALUES ('" . $user_ban['poster_ip'] . "')";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update ban information', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_ip = '" . $user_ban['poster_ip'] . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update session information', '', __LINE__, __FILE__, $sql);
}
$message = $lang['user_banned'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
else
{
$db->sql_freeresult($result);
}
$message = $lang['ban_error'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
message_die(GENERAL_ERROR, $message);
}
else
{
$sql = "SELECT ban_userid
FROM " . BANLIST_TABLE . "
WHERE ban_userid = " . $user_ban['poster_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
if ( !($db->sql_fetchrow($result)) )
{
$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
VALUES (" . $user_ban['poster_id'] . ")";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update ban information', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_user_id =" . $user_ban['poster_id'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update session information', '', __LINE__, __FILE__, $sql);
}
$message = $lang['user_banned'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
else
{
$db->sql_freeresult($result);
}
$message = $lang['ban_error'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
message_die(GENERAL_ERROR, $message);
}
}
elseif (!$confirm && $cancel)
{
$redirect = "viewtopic.$phpEx?" . POST_POST_URL . "=$post_id";
$post_append = "#$post_id";
redirect(append_sid($redirect, true) . $post_append);
}
?>