View file include/ban.php

File size: 5.79Kb
<?php
if( !in_array($status, array('admin', 'moderator')) )
{
	header("Location: index.php");
}
else
{
	if( !isset($_REQUEST['ban']) )
	{
		if($version == "wml")
		{
			header("content-type: text/vnd.wap.wml; charset=utf-8");
			header("Cache-Control: no-cache");
			echo(doctype("Бан-панель") . $tag);
			echo("Имя пользователя:");
			if( isset($_REQUEST['username']) )
			{
				echo(htmlspecialchars($_REQUEST['username']) . "<br/>\r\n");
			}
			else
			{
				echo("<input type='text' name='username'/><br/>\r\n");
			}

			echo('Время: <select name="time">'  .
			'<option value="3600">1 час.</option>' .
			'<option value="21600">6 час.</option>' .
			'<option value="86400">1 день</option>' .
			'<option value="604800">1 неделя</option>' .
			'<option value="2592000">1 месяц</option>' .
			'</select><br />');
			printf("<a href='./?p=26&amp;ban=1&amp;back=" . $_REQUEST['back'] . "&amp;username=%s&amp;time=$(time)&amp;sid=$sid&amp;v=wml'>Заблокировать</a><br />\r\n",
			isset($_REQUEST['username']) ? htmlspecialchars($_REQUEST['username']) : '$(username)');
			echo("- - - -<br/>\r\n" .
			"<a href='" . base64_decode($_REQUEST['back']) . "'>Назад</a>" .
			$tagC . "</p></card></wml>");

		} else
		{
			header("Content-type: text/html; charset=utf-8");
			header("Last-Modified:".gmdate("D, d M Y H:i:s")." GMT");
   			header("Cache-Control: no-cache, must-relative");
			echo('<html>
			<head>
			<title>Бан-панель</title>
			</head>
			<body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
			<form action="./?p=26&amp;ban=1&amp;back=' . $_REQUEST['back'] . '&amp;sid=' . $sid . '&amp;v=xhtml" method="post">
			<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
			<tr><td align="center" bgcolor="'.$style['title'].'" colspan="2">
			<font color="#FFFFFF"><b>Бан-панель</b></font>
			</td></tr>');
			echo('<tr><td bgcolor="'.$style['bottom'].'" colspan="2">'.$tag.'
			' . $tagC . '</td></tr>
			<tr bgcolor="'.$style['text'].'"><td>'.$tag);
			if( isset($_REQUEST['username']) )
			{
				echo("Имя пользователя: </td><td>" . htmlspecialchars($_REQUEST['username']) . "</td></tr>");
				echo("<input type='hidden' name='username' value='" . htmlspecialchars($_REQUEST['username']) . "'/>\r\n");
				echo('<tr bgcolor="'.$style['text'].'"><td>
				Причина:</td><td>
				<input type="text" name="mess"/></td></tr>');
			}
			else
			{
				echo("Имя пользователя: </td><td>" .
				"<input type='text' name='username' /></td></tr>\r\n");
				echo('<tr bgcolor="'.$style['text'].'"><td>
				Причина:</td><td>
				<input type="text" name="mess"/></td></tr>');
			}

			echo('<tr bgcolor="'.$style['text'].'"> <td>
			Время:</td><td>
			<select name="time">
			<option value="3600">1 час.</option>
			<option value="21600">6 час.</option>
			<option value="86400">1 день</option>
			<option value="604800">1 неделя</option>
			<option value="2592000">1 месяц</option>
			</select></td></tr>');

			echo("<tr bgcolor='" . $style['text'] . "'><td align='center' colspan='2'>\r\n" .
			"<input type='submit' value='Заблокировать' />\r\n" .
			"</td></tr>\r\n" .
			"<tr bgcolor='" . $style['bottom'] . "'><td colspan='2'>\r\n" .
			"<a href='" . base64_decode($_REQUEST['back']) . "'>Назад</a>\r\n" .
			"</td></tr>\r\n" .
			"</table></form></body></html>");


		}
	}
	else
	{
		$bUser = sql($_REQUEST['username']);

		$time = (int)$_REQUEST['time'];

		$sql = mysql_query("SELECT id, username, status FROM users WHERE username = '$bUser'");
		$rows = mysql_fetch_assoc($sql);
		$result = mysql_num_rows($sql);
		
		if (!empty($bUser)) // проверка бвна в БД
		$sql_result = mysql_query("SELECT * FROM `ban`
		WHERE `username` = '".$bUser."' LIMIT 1;");
		if (mysql_num_rows($sql_result))
		{
		$rows = mysql_fetch_array($sql_result);
		$print = 'Пользователь уже заблокирован!<br/>Банил: '.$rows['moder'].'';
		}
		
		else if( !$result )
		{
			$print = 'Пользователь не найден!';
		}
		else if($rows['status'] == 'admin' or $rows['status'] == 'moderator')
		{
			$print = 'Недостаточно прав!';
		}
		else
		{
			mysql_query("INSERT INTO ban VALUES(0, '', '', '$bUser', $time + UNIX_TIMESTAMP(), '".$_POST['mess']."', '$username')");
			$print = 'Пользователь заблокирован!';
		}

		if($version == "wml")
		{
			header("content-type: text/vnd.wap.wml; charset=utf-8");
			header("Cache-Control: no-cache");
			echo(doctype("Бан-панель") . $tag);
			echo($print);
			echo("<br />- - - -<br/>\r\n" .
			"<a href='" . base64_decode($_REQUEST['back']) . "'>Назад</a>" .
			$tagC . "</p></card></wml>");

		} else
		{
header("Content-type: text/html; charset=utf-8");
header("Last-Modified:".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-relative");
echo('<html>
<head>
<title>Бан-панель</title>
</head>
<body bgcolor="'.$style['background'].'" link="'.$style['link'].'" vlink="'.$style['link'].'" text="#000000">
<table align="center" border="0" cellspacing="1" cellpadding="5" width="350">
<tr><td align="center" bgcolor="'.$style['title'].'">
<font color="#FFFFFF"><b>Бан-панель</b></font>
</td></tr>');
echo('<tr><td bgcolor="'.$style['bottom'].'">'.$tag.'
' . $tagC . '</td></tr>
<tr bgcolor="'.$style['text'].'"><td>'.$tag);
echo($print);
echo("</td></tr>\r\n" .
"<tr bgcolor='" . $style['bottom'] . "'><td>\r\n" .
"<a href='javascript:history.back()'>Назад</a>\r\n" .
"</td></tr>\r\n" .
"</table></body></html>");
		}
	}
}

?>