View file ilichat/kick.php

File size: 16.44Kb
<?php
error_reporting(0);

include("config.php");
include("./includes/".$ver."/banned");

list($msec, $sec) = explode(chr(32), microtime()); 
$headtime = $sec + $msec;

$nocache = rand(10000, 99999);

switch($ver)
{
////////////////////////////////////////////////////////
//WML VERSION
////////////////////////////////////////////////////////
case 'wml':
header("Content-type: text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");

//AUTH
$id = intval($_GET['id']);
$password = mysql_escape_string($_GET['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".$password."';");
if(mysql_num_rows($q) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"index.php?ver=wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Ошибка авторизации!<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}
//END AUTH

$level = mysql_result($q, 0);

if($level == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"menu.php?ver=wml&amp;id=$id&amp;password=$password\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Доступ запрещен<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}

$uid = intval($_GET['uid']);

$sql = mysql_query("SELECT `level`, `nickname` FROM `chat_users` WHERE `id` = '".$uid."';");

if(mysql_num_rows($sql) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"menu.php?ver=wml&amp;id=$id&amp;password=$password\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Пользователь не найден<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}
else
{
$lev = mysql_result($sql, 0, 'level');
$nick = mysql_result($sql, 0, 'nickname');
}

if($lev > $level or $uid == 1)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card id=\"error\" title=\"ERROR\" ontimer=\"menu.php?ver=wml&amp;id=$id&amp;password=$password\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Вы не можете блокировать данного пользователя. Нет прав.<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small></p></card></wml>";
exit();
}

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"$nick\"><p align=\"left\">\n";

if(isset($_POST['action']))
{
$reason = trim(mysql_escape_string(htmlspecialchars($_POST['reason'])));
$reason = str_replace('$', '$$', $reason);
$kick = intval($_POST['time']);

if($level == 1 or $level == 2)
{
	if($kick != 60 && $kick != 90 && $kick != 300 && $kick != 43200 && $kick != 86400 && $kick != 172800)
	{
	echo "Вы попытались выбрать некорретное значение переключателя \"Время пинка\"!<br/>\n";
	echo "<a href=\"rules/moder_rules.php?id=$id&amp;password=$password&amp;ver=wml\">Правила модераторов</a><br/>\n";
	break;
	}
}
if($kick == 0)
{
echo "Нельзя выкидывать из чата на 0 секунд!<br/>\n";
break;
}
if(empty($reason))
{
echo "Вы не указали причину пинка!<br/>\n";
break;
}
$q = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `id` = '".$id."';");
$moder = mysql_result($q, 0);
$q = mysql_query("UPDATE `chat_users` SET `kick` = '".($kick + time())."', `reason` = '".$reason."', `moder` = '".$moder."' WHERE `id` = '".$uid."';");
echo "$nick успешно выпнут(а) на $kick секунд!<br/>\n";

$date = date("d-m-y H:i:s");
$query = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `id` = '".$id."';");
$moder = mysql_result($query, 0);
$q = mysql_query("INSERT INTO `chat_logs` VALUES(0, '".$moder."', 1, '".$nick."', '".$reason."', '".$date."', ".time().");"); 
}
else
{
echo "Никнейм:<br/>\n";
echo "[$nick]<br/>\n";
echo "Время пинка (сек):<br/>\n";
if($level == 1 or $level == 2)
{
echo "<select name=\"time$nocache\" value=\"60\">\n";
echo "<option value=\"60\">60</option>\n";
echo "<option value=\"90\">90</option>\n";
echo "<option value=\"300\">300</option>\n";
echo "<option value=\"43200\">43200</option>\n";
echo "<option value=\"86400\">86400</option>\n";
echo "<option value=\"172800\">172800</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<input name=\"time$nocache\" maxlength=\"6\" format=\"*N\"/><br/>\n";
}
echo "Причина:<br/>\n";
echo "<input name=\"reason$nocache\" maxlength=\"200\" title=\"reason\"/><br/>\n";
if(isset($_GET['rid'])) echo "<anchor>[Пнуть]<go href=\"kick.php?nocache=$nocache&amp;ver=wml&amp;id=$id&amp;password=$password&amp;mod=kick&amp;uid=$uid&amp;rid=".$_GET['rid']."\" method=\"post\">\n";
if(isset($_GET['key'])) echo "<anchor>[Пнуть]<go href=\"kick.php?nocache=$nocache&amp;ver=wml&amp;id=$id&amp;password=$password&amp;mod=kick&amp;uid=$uid&amp;key=".$_GET['key']."\" method=\"post\">\n";
echo "<postfield name=\"reason\" value=\"$(reason$nocache)\"/>\n";
echo "<postfield name=\"time\" value=\"$(time$nocache)\"/>\n";
echo "<postfield name=\"time\" value=\"$(time$nocache)\"/>\n";
echo "<postfield name=\"action\" value=\"kick\"/>\n";
echo "</go></anchor><br/>\n";
}

if(!empty($_GET['rid'])) echo "<a href=\"room.php?id=$id&amp;password=$password&amp;ver=wml&amp;rid=".intval($_GET['rid'])."\">В чат</a><br/>\n";
if(!empty($_GET['key'])) echo "<a href=\"intim.php?id=$id&amp;password=$password&amp;ver=wml&amp;key=".$_GET['key']."\">В чат</a><br/>\n";
echo "<a href=\"menu.php?id=$id&amp;password=$password&amp;ver=wml\">Меню чата</a><br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec)-$headtime,5)."] sec</small><br/>\n";
echo "</p></card></wml>";
break;

////////////////////////////////////////////////////////
//HTML VERSION
////////////////////////////////////////////////////////
case 'html':
header("Content-type: text/html; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");

//AUTH
$id = intval($_GET['id']);
$password = mysql_escape_string($_GET['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".$password."';");
if(mysql_num_rows($q) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html><head>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n";
echo "<link rel=\"shortcut icon\" href=\"$icon\" /><title>".$title."</title>\n";
echo "<style type=\"text/css\">
body { font-weight: normal; font-size: normal; font-family: ".$font."; color: ".$color."; background-color: ".$background." }
a:link,a:active,a:visited { text-decoration: underline; color : ".$links." }
</style></head><body>\n";
echo "Ошибка авторизации!<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</body></html>";
exit();
}
//END AUTH

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0 WHERE `id` = '".$id."';");
//END ONLINE

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html><head>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n";
echo "<link rel=\"shortcut icon\" href=\"$icon\" /><title>".$title."</title>\n";
echo "<style type=\"text/css\">
body { font-weight: normal; font-size: normal; font-family: ".$font."; color: ".$color."; background-color: ".$background." }
a:link,a:active,a:visited { text-decoration: underline; color : ".$links." }
div.form { background-color: ".$form_color."; text-align: left }
</style></head><body><div style=\"text-align: left\">\n";

$level = mysql_result($q, 0);

if($level == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html><head>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n";
echo "<link rel=\"shortcut icon\" href=\"$icon\" /><title>".$title."</title>\n";
echo "<style type=\"text/css\">
body { font-weight: normal; font-size: normal; font-family: ".$font."; color: ".$color."; background-color: ".$background." }
a:link,a:active,a:visited { text-decoration: underline; color : ".$links." }
div.form { background-color: ".$form_color."; text-align: left }
</style></head><body><div style=\"text-align: left\">\n";
echo "Доступ запрещен<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec)-$headtime,5)."] sec</small><br/>\n";
echo "</div></body></html>";
exit();
}

$uid = intval($_GET['uid']);

$sql = mysql_query("SELECT `level`, `nickname` FROM `chat_users` WHERE `id` = '".$uid."';");

if(mysql_num_rows($sql) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html><head>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n";
echo "<link rel=\"shortcut icon\" href=\"$icon\" /><title>ERROR</title>\n";
echo "<style type=\"text/css\">
body { font-weight: normal; font-size: normal; font-family: ".$font."; color: ".$color."; background-color: ".$background." }
a:link,a:active,a:visited { text-decoration: underline; color : ".$links." }
div.form { background-color: ".$form_color."; text-align: left }
</style></head><body><div style=\"text-align: left\">\n";
echo "Пользователь не найден в базе данных.<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec)-$headtime,5)."] sec</small><br/>\n";
echo "</div></body></html>";
exit();
}
else
{
$lev = mysql_result($sql, 0, 'level');
$nick = mysql_result($sql, 0, 'nickname');
}

if($lev > $level or $uid == 1)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html><head>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n";
echo "<link rel=\"shortcut icon\" href=\"$icon\" /><title>ERROR</title>\n";
echo "<style type=\"text/css\">
body { font-weight: normal; font-size: normal; font-family: ".$font."; color: ".$color."; background-color: ".$background." }
a:link,a:active,a:visited { text-decoration: underline; color : ".$links." }
div.form { background-color: ".$form_color."; text-align: left }
</style></head><body><div style=\"text-align: left\">\n";
echo "Вы не можете блокировать данного пользователя. Нет прав.<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec)-$headtime,5)."] sec</small><br/>\n";
echo "</div></body></html>";
exit();
}

//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo "<html><head>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n";
echo "<link rel=\"shortcut icon\" href=\"$icon\" /><title>".$nick."</title>\n";
echo "<style type=\"text/css\">
body { font-weight: normal; font-size: normal; font-family: ".$font."; color: ".$color."; background-color: ".$background." }
a:link,a:active,a:visited { text-decoration: underline; color : ".$links." }
div { margin: 1px 0px 1px 0px; padding: 4px 4px 4px 4px }
div.form { background-color: ".$form_color."; text-align: left }
</style></head><body>\n";

if(isset($_POST['action']))
{
$reason = trim(mysql_escape_string(htmlspecialchars($_POST['reason'])));
$reason = str_replace('$', '$$', $reason);
$kick = intval($_POST['time']);

if($level == 1 or $level == 2)
{
	if($kick != 60 && $kick != 90 && $kick != 300 && $kick != 43200 && $kick != 86400 && $kick != 172800)
	{
	echo "Вы попытались выбрать некорретное значение переключателя \"Время пинка\"!<br/>\n";
	echo "<a href=\"rules/moder_rules.php?id=$id&amp;password=$password&amp;ver=html\">Правила модераторов</a><br/>\n";
	break;
	}
}
if($kick == 0)
{
echo "Нельзя выкидывать из чата на 0 секунд!<br/>\n";
break;
}
if(empty($reason))
{
echo "Вы не указали причину пинка!<br/>\n";
break;
}
$q = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `id` = '".$id."';");
$moder = mysql_result($q, 0);
$q = mysql_query("UPDATE `chat_users` SET `kick` = '".($kick + time())."', `reason` = '".$reason."', `moder` = '".$moder."' WHERE `id` = '".$uid."';");
echo "$nick успешно выпнут(а) на $kick секунд!<br/>\n";

$date = date("d-m-y H:i:s");
$query = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `id` = '".$id."';");
$moder = mysql_result($query, 0);
$q = mysql_query("INSERT INTO `chat_logs` VALUES(0, '".$moder."', 1, '".$nick."', '".$reason."', '".$date."', ".time().");"); 
}
else
{
echo "<div class=\"form\">\n";
if(!empty($_GET['rid'])) echo "<form method=\"post\" action=\"kick.php?nocache=$nocache&amp;ver=html&amp;id=$id&amp;password=$password&amp;uid=$uid&amp;rid=$rid\">\n";
if(!empty($_GET['key'])) echo "<form method=\"post\" action=\"kick.php?nocache=$nocache&amp;ver=html&amp;id=$id&amp;password=$password&amp;uid=$uid&amp;key=$key\">\n";
echo "Никнейм:<br/>\n";
echo "[$nick]<br/>\n";
echo "Время пинка (сек):<br/>\n";
if($level == 1 or $level == 2)
{
echo "<select name=\"time\">\n";
echo "<option value=\"60\" selected=\"selected\">60</option>\n";
echo "<option value=\"90\">90</option>\n";
echo "<option value=\"300\">300</option>\n";
echo "<option value=\"43200\">43200</option>\n";
echo "<option value=\"86400\">86400</option>\n";
echo "<option value=\"172800\">172800</option>\n";
echo "</select><br/>\n";
}
else
{
echo "<input type=\"text\" name=\"time\" maxlength=\"6\"/><br/>\n";
}
echo "Причина:<br/>\n";
echo "<input type=\"hidden\" name=\"action\" value=\"kick\"/>\n";
echo "<input type=\"text\" name=\"reason\" maxlength=\"200\"/><br/>\n";
echo "<input type=\"submit\" value=\"OK\"/></form></div><br/>\n";}

if(!empty($_GET['rid'])) echo "<a href=\"room.php?id=$id&amp;password=$password&amp;ver=html&amp;rid=".intval($_GET['rid'])."\">В чат</a><br/>\n";
if(!empty($_GET['key'])) echo "<a href=\"intim.php?id=$id&amp;password=$password&amp;ver=html&amp;key=".$_GET['key']."\">В чат</a><br/>\n";
echo "<a href=\"menu.php?id=$id&amp;password=$password&amp;ver=html\">Меню чата</a><br/>";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec)-$headtime,5)."] sec</small><br/>\n";
echo "</div></body></html>";
break;
}
?>