View file phpBB-WAP/phpBB-WAP_by_chel/ban.php

File size: 5.81Kb
<?php
/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
	message_die(GENERAL_ERROR, 'Invalid_session');
}

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//

// session id check
if ($sid != $userdata['session_id'])
{
	message_die(GENERAL_ERROR, 'Invalid_session');
}

//
// Start auth check
//
$is_auth = auth(AUTH_ALL, $forum_id, $userdata);

if ( $userdata['user_level'] !=MOD && $userdata['user_level'] !=ADMIN )
{
	message_die(GENERAL_MESSAGE, $lang['Not_Moderator'], $lang['Not_Authorised']);
}
//
// End Auth Check
//

//
// Obtain initial var settings
//
$post_id = intval($HTTP_GET_VARS[POST_POST_URL]) ? intval($HTTP_GET_VARS[POST_POST_URL]) : false;

$confirm = $HTTP_POST_VARS['confirm'] == $lang['Yes'] ? true : false;
$cancel = $HTTP_POST_VARS['cancel'] == $lang['No'] ? true : false;

//
// Do major work ...
//

$sql = "SELECT p.topic_id, p.poster_id, p.poster_ip, u.username
	FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u
	WHERE p.post_id = " . $post_id . "
		AND u.user_id = p.poster_id
		AND u.user_level = " . USER;
if ( !($result = $db->sql_query($sql)) )
{
	message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
}
if ( !($user_ban = $db->sql_fetchrow($result)) )
{
	message_die(GENERAL_MESSAGE, 'No_post_selected');
}
$db->sql_freeresult($result);

if ( !$confirm && !$cancel )
{
	//
	// Output confirmation page
	//
	include($phpbb_root_path . 'includes/page_header.'.$phpEx);

	$template->set_filenames(array(
		'confirm_body' => 'confirm_body.tpl')
	);

	if ( $user_ban['poster_id'] != ANONYMOUS )
	{
		$message = $lang['user_ban'] . " (<b>" . $user_ban['username'] . "</b>) ?";
	}
	elseif ( $user_ban['poster_id'] == ANONYMOUS )
	{
		$message = $lang['ip_ban'] . " (" . decode_ip($user_ban['poster_ip']) . ") ?";
	}

	$template->assign_vars(array(
		'MESSAGE_TITLE' => $user_ban['username'],
		'MESSAGE_TEXT' => $message,

		'L_YES' => $lang['Yes'],
		'L_NO' => $lang['No'],

		'S_CONFIRM_ACTION' => "ban.$phpEx?" . POST_POST_URL . "=" . $post_id . "&amp;sid=" . $userdata['session_id'],
		'S_HIDDEN_FIELDS' => '')
	);

	$template->pparse('confirm_body');

	include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
elseif ( $confirm && !$cancel )
{
	if ( $user_ban['poster_id'] == ANONYMOUS )
	{
		$sql = "SELECT ban_ip
			FROM " . BANLIST_TABLE . "
			WHERE ban_ip = '" . $user_ban['poster_ip'] . "'";
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
		}
		if ( !($db->sql_fetchrow($result)) )
		{
			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
				VALUES ('" . $user_ban['poster_ip'] . "')";
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not update ban information', '', __LINE__, __FILE__, $sql);
			}
			$sql = "DELETE FROM " . SESSIONS_TABLE . "
				WHERE session_ip = '" . $user_ban['poster_ip'] . "'";
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not update session information', '', __LINE__, __FILE__, $sql);
			}
			$message = $lang['user_banned'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
			message_die(GENERAL_MESSAGE, $message);
		}
		else
		{
			$db->sql_freeresult($result);
		}
		$message = $lang['ban_error'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
		message_die(GENERAL_ERROR, $message);
	}
	else
	{
		$sql = "SELECT ban_userid
			FROM " . BANLIST_TABLE . "
			WHERE ban_userid = " . $user_ban['poster_id'];
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain user information', '', __LINE__, __FILE__, $sql);
		}
		if ( !($db->sql_fetchrow($result)) )
		{
			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
				VALUES (" . $user_ban['poster_id'] . ")";
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not update ban information', '', __LINE__, __FILE__, $sql);
			}
			$sql = "DELETE FROM " . SESSIONS_TABLE . "
				WHERE session_user_id =" . $user_ban['poster_id'];
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not update session information', '', __LINE__, __FILE__, $sql);
			}
			$message = $lang['user_banned'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
			message_die(GENERAL_MESSAGE, $message);
		}
		else
		{
			$db->sql_freeresult($result);
		}
		$message = $lang['ban_error'] . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=$post_id") . "#$post_id" . '">', '</a>');
		message_die(GENERAL_ERROR, $message);
	}
}
elseif (!$confirm && $cancel)
{
	$redirect = "viewtopic.$phpEx?" . POST_POST_URL . "=$post_id";
	$post_append = "#$post_id";
	redirect(append_sid($redirect, true) . $post_append);
}
?>