PHPXRef 0.7.1 : MyBB : /admin/modules/user/banning.php source

[Summary view] [Print] [Text view]
   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id: banning.php 5453 2011-04-21 23:58:33Z jammerx2 $
  10   */
  11  
  12  // Disallow direct access to this file for security reasons
  13  if(!defined("IN_MYBB"))
  14  {
  15      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  16  }
  17  
  18  $page->add_breadcrumb_item($lang->banning, "index.php?module=user-banning");
  19  
  20  
  21  $sub_tabs['ips'] = array(
  22      'title' => $lang->banned_ips,
  23      'link' => "index.php?module=config-banning",
  24  );
  25      
  26  $sub_tabs['bans'] = array(
  27      'title' => $lang->banned_accounts,
  28      'link' => "index.php?module=user-banning",
  29      'description' => $lang->banned_accounts_desc
  30  );
  31      
  32  $sub_tabs['usernames'] = array(
  33      'title' => $lang->disallowed_usernames,
  34      'link' => "index.php?module=config-banning&amp;type=usernames",
  35  );
  36      
  37  $sub_tabs['emails'] = array(
  38      'title' => $lang->disallowed_email_addresses,
  39      'link' => "index.php?module=config-banning&amp;type=emails",
  40  );
  41  
  42  // Fetch banned groups
  43  $query = $db->simple_select("usergroups", "gid,title", "isbannedgroup=1", array('order_by' => 'title'));
  44  while($group = $db->fetch_array($query))
  45  {
  46      $banned_groups[$group['gid']] = $group['title'];
  47  }
  48  
  49  // Fetch ban times
  50  $ban_times = fetch_ban_times();
  51  
  52  $plugins->run_hooks("admin_user_banning_begin");
  53  
  54  if($mybb->input['action'] == "prune")
  55  {
  56      $plugins->run_hooks("admin_user_banning_prune");
  57      
  58      // User clicked no
  59      if($mybb->input['no'])
  60      {
  61          admin_redirect("index.php?module=user-banning");
  62      }
  63      
  64      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
  65      $ban = $db->fetch_array($query);
  66  
  67      if(!$ban['uid'])
  68      {
  69          flash_message($lang->error_invalid_ban, 'error');
  70          admin_redirect("index.php?module=user-banning");
  71      }
  72      
  73      $user = get_user($ban['uid']);
  74      
  75      if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
  76      {
  77          flash_message($lang->cannot_perform_action_super_admin_general, 'error');
  78          admin_redirect("index.php?module=user-banning");
  79      }
  80  
  81      if($mybb->request_method == "post")
  82      {
  83          require_once  MYBB_ROOT."inc/class_moderation.php";
  84          $moderation = new Moderation();
  85  
  86          $query = $db->simple_select("threads", "tid", "uid='{$user['uid']}'");
  87          while($thread = $db->fetch_array($query))
  88          {
  89              $moderation->delete_thread($thread['tid']);
  90          }
  91  
  92          $query = $db->simple_select("posts", "pid", "uid='{$user['uid']}'");
  93          while($post = $db->fetch_array($query))
  94          {
  95              $moderation->delete_post($post['pid']);
  96          }
  97          $cache->update_reportedposts();
  98          
  99          $plugins->run_hooks("admin_user_banning_prune_commit");
 100  
 101          // Log admin action
 102          log_admin_action($mybb->input['uid'], $user['username']);
 103  
 104          flash_message($lang->success_pruned, 'success');
 105          admin_redirect("index.php?module=user-banning");
 106      }
 107      else
 108      {
 109          $page->output_confirm_action("index.php?module=user-banning&amp;action=prune&amp;uid={$user['uid']}", $lang->confirm_prune);
 110      }
 111  }
 112  
 113  if($mybb->input['action'] == "lift")
 114  {
 115      $plugins->run_hooks("admin_user_banning_lift");
 116      
 117      // User clicked no
 118      if($mybb->input['no'])
 119      {
 120          admin_redirect("index.php?module=user-banning");
 121      }
 122      
 123      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
 124      $ban = $db->fetch_array($query);
 125  
 126      if(!$ban['uid'])
 127      {
 128          flash_message($lang->error_invalid_ban, 'error');
 129          admin_redirect("index.php?module=user-banning");
 130      }
 131      
 132      $user = get_user($ban['uid']);
 133      
 134      if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
 135      {
 136          flash_message($lang->cannot_perform_action_super_admin_general, 'error');
 137          admin_redirect("index.php?module=user-banning");
 138      }
 139  
 140      if($mybb->request_method == "post")
 141      {
 142          $updated_group = array(
 143              'usergroup' => $ban['oldgroup'],
 144              'additionalgroups' => $ban['oldadditionalgroups'],
 145              'displaygroup' => $ban['olddisplaygroup']
 146          );
 147          $db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
 148          $db->delete_query("banned", "uid='{$ban['uid']}'");
 149          
 150          $cache->update_banned();
 151          $cache->update_moderators();
 152          
 153          $plugins->run_hooks("admin_user_banning_lift_commit");
 154          
 155          // Log admin action
 156          log_admin_action($mybb->input['uid'], $user['username']);
 157  
 158          flash_message($lang->success_ban_lifted, 'success');
 159          admin_redirect("index.php?module=user-banning");
 160      }
 161      else
 162      {
 163          $page->output_confirm_action("index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}", $lang->confirm_lift_ban);
 164      }
 165  }
 166  
 167  if($mybb->input['action'] == "edit")
 168  {
 169      $plugins->run_hooks("admin_user_banning_edit");
 170      
 171      $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
 172      $ban = $db->fetch_array($query);
 173  
 174      $user = get_user($ban['uid']);
 175  
 176      if(!$ban['uid'])
 177      {
 178          flash_message($lang->error_invalid_ban, 'error');
 179          admin_redirect("index.php?module=user-banning");
 180      }
 181  
 182      if($mybb->request_method == "post")
 183      {
 184          if(!$ban['uid'])
 185          {
 186              $errors[] = $lang->error_invalid_username;
 187          }
 188          // Is the user we're trying to ban a super admin and we're not?
 189          else if(is_super_admin($ban['uid']) && !is_super_admin($ban['uid']))
 190          {
 191              $errors[] = $lang->error_no_perm_to_ban;
 192          }
 193  
 194          if($ban['uid'] == $mybb->user['uid'])
 195          {
 196              $errors[] = $lang->error_ban_self;
 197          }
 198          
 199          // No errors? Update
 200          if(!$errors)
 201          {
 202              // Ban the user
 203              if($mybb->input['bantime'] == '---')
 204              {
 205                  $lifted = 0;
 206              }
 207              else
 208              {
 209                  $lifted = ban_date2timestamp($mybb->input['bantime'], $ban['dateline']);
 210              }
 211  
 212              if(count($banned_groups) == 1)
 213              {
 214                  $group = array_keys($banned_groups);
 215                  $mybb->input['usergroup'] = $group[0];
 216              }
 217  
 218              $update_array = array(
 219                  'gid' => intval($mybb->input['usergroup']),
 220                  'dateline' => TIME_NOW,
 221                  'bantime' => $db->escape_string($mybb->input['bantime']),
 222                  'lifted' => $db->escape_string($lifted),
 223                  'reason' => $db->escape_string($mybb->input['reason'])
 224              );
 225          
 226              $db->update_query('banned', $update_array, "uid='{$ban['uid']}'");
 227          
 228              // Move the user to the banned group
 229              $update_array = array(
 230                  'usergroup' => intval($mybb->input['usergroup']),
 231                  'displaygroup' => 0,
 232                  'additionalgroups' => '',
 233              );
 234              $db->update_query('users', $update_array, "uid = {$ban['uid']}");
 235              
 236              $cache->update_banned();
 237              
 238              $plugins->run_hooks("admin_user_banning_edit_commit");
 239  
 240              // Log admin action
 241              log_admin_action($mybb->input['uid'], $user['username']);
 242  
 243              flash_message($lang->success_ban_updated, 'success');
 244              admin_redirect("index.php?module=user-banning");
 245          }
 246      }
 247      $page->add_breadcrumb_item($lang->edit_ban);
 248      $page->output_header($lang->edit_ban);
 249  
 250      $sub_tabs = array();
 251      $sub_tabs['edit'] = array(
 252          'title' => $lang->edit_ban,
 253          'description' => $lang->edit_ban_desc
 254      );
 255      $page->output_nav_tabs($sub_tabs, "edit");
 256  
 257      $form = new Form("index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}", "post");
 258      if($errors)
 259      {
 260          $page->output_inline_error($errors);
 261      }
 262      else
 263      {
 264          $mybb->input = $ban;
 265      }
 266      
 267      $form_container = new FormContainer($lang->edit_ban);
 268      $form_container->output_row($lang->ban_username, "", $user['username']);
 269      $form_container->output_row($lang->ban_reason, "", $form->generate_text_box('reason', $mybb->input['reason'], array('id' => 'reason')), 'reason');
 270      if(count($banned_groups) > 1)
 271      {
 272          $form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 273      }
 274      
 275      if($mybb->input['bantime'] == 'perm' || $mybb->input['bantime'] == '' || $mybb->input['lifted'] == 'perm' ||$mybb->input['lifted'] == '')
 276      {
 277          $mybb->input['bantime'] = '---';
 278          $mybb->input['lifted'] = '---';
 279      }
 280      
 281      foreach($ban_times as $time => $period)
 282      {
 283          if($time != '---')
 284          {
 285              $friendly_time = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time));
 286              $period = "{$period} ({$friendly_time})";
 287          }
 288          $length_list[$time] = $period;
 289      }
 290      $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');    
 291  
 292      $form_container->end();
 293  
 294      $buttons[] = $form->generate_submit_button($lang->update_ban);
 295      $form->output_submit_wrapper($buttons);
 296      $form->end();
 297  
 298      $page->output_footer();
 299  }
 300  
 301  if(!$mybb->input['action'])
 302  {
 303      $plugins->run_hooks("admin_user_banning_start");
 304      
 305      if($mybb->request_method == "post")
 306      {
 307          $query = $db->simple_select("users", "uid, usergroup, additionalgroups, displaygroup, username", "LOWER(username)='".$db->escape_string(my_strtolower($mybb->input['username']))."'", array('limit' => 1));
 308          $user = $db->fetch_array($query);
 309  
 310          if(!$user['uid'])
 311          {
 312              $errors[] = $lang->error_invalid_username;
 313          }
 314          // Is the user we're trying to ban a super admin and we're not?
 315          else if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
 316          {
 317              $errors[] = $lang->error_no_perm_to_ban;
 318          }
 319          else
 320          {
 321              $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'");
 322              if($db->fetch_field($query, "uid"))
 323              {
 324                  $errors[] = $lang->error_already_banned;
 325              }
 326          }
 327  
 328          if($user['uid'] == $mybb->user['uid'])
 329          {
 330              $errors[] = $lang->error_ban_self;
 331          }
 332  
 333          // No errors? Insert
 334          if(!$errors)
 335          {
 336              // Ban the user
 337              if($mybb->input['bantime'] == '---')
 338              {
 339                  $lifted = 0;
 340              }
 341              else
 342              {
 343                  $lifted = ban_date2timestamp($mybb->input['bantime']);
 344              }
 345  
 346              if(count($banned_groups) == 1)
 347              {
 348                  $group = array_keys($banned_groups);
 349                  $mybb->input['usergroup'] = $group[0];
 350              }
 351                              
 352              $insert_array = array(
 353                  'uid' => $user['uid'],
 354                  'gid' => intval($mybb->input['usergroup']),
 355                  'oldgroup' => $user['usergroup'],
 356                  'oldadditionalgroups' => $user['additionalgroups'],
 357                  'olddisplaygroup' => $user['displaygroup'],
 358                  'admin' => intval($mybb->user['uid']),
 359                  'dateline' => TIME_NOW,
 360                  'bantime' => $db->escape_string($mybb->input['bantime']),
 361                  'lifted' => $db->escape_string($lifted),
 362                  'reason' => $db->escape_string($mybb->input['reason'])
 363              );
 364              $db->insert_query('banned', $insert_array);
 365              
 366              // Move the user to the banned group
 367              $update_array = array(
 368                  'usergroup' => intval($mybb->input['usergroup']),
 369                  'displaygroup' => 0,
 370                  'additionalgroups' => '',
 371              );
 372              $db->update_query('users', $update_array, "uid = '{$user['uid']}'");
 373              
 374              $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
 375              $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
 376              
 377              $cache->update_banned();
 378              
 379              $plugins->run_hooks("admin_user_banning_start_commit");
 380  
 381              // Log admin action
 382              log_admin_action($user['uid'], $user['username'], $lifted);
 383  
 384              flash_message($lang->success_banned, 'success');
 385              admin_redirect("index.php?module=user-banning");
 386          }
 387      }
 388      
 389      $page->output_header($lang->banned_accounts);
 390  
 391      $page->output_nav_tabs($sub_tabs, "bans");
 392  
 393      $query = $db->simple_select("banned", "COUNT(*) AS ban_count");
 394      $ban_count = $db->fetch_field($query, "ban_count");
 395  
 396      $per_page = 20;
 397  
 398      if($mybb->input['page'] > 0)
 399      {
 400          $current_page = intval($mybb->input['page']);
 401          $start = ($current_page-1)*$per_page;
 402          $pages = $ban_count / $per_page;
 403          $pages = ceil($pages);
 404          if($current_page > $pages)
 405          {
 406              $start = 0;
 407              $current_page = 1;
 408          }
 409      }
 410      else
 411      {
 412          $start = 0;
 413          $current_page = 1;
 414      }
 415  
 416      $pagination = draw_admin_pagination($current_page, $per_page, $ban_count, "index.php?module=user-banning&amp;page={page}");
 417  
 418      $table = new Table;
 419      $table->construct_header($lang->user);
 420      $table->construct_header($lang->ban_lifts_on, array("class" => "align_center", "width" => 150));
 421      $table->construct_header($lang->time_left, array("class" => "align_center", "width" => 150));
 422      $table->construct_header($lang->controls, array("class" => "align_center", "colspan" => 2, "width" => 200));
 423      $table->construct_header($lang->moderation, array("class" => "align_center", "colspan" => 1, "width" => 200));
 424  
 425      // Fetch bans
 426      $query = $db->query("
 427          SELECT b.*, a.username AS adminuser, u.username
 428          FROM ".TABLE_PREFIX."banned b
 429          LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 
 430          LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 
 431          ORDER BY lifted ASC
 432          LIMIT {$start}, {$per_page}
 433      ");
 434      
 435      // Get the banned users
 436      while($ban = $db->fetch_array($query))
 437      {
 438          $profile_link = build_profile_link($ban['username'], $ban['uid'], "_blank");
 439          $ban_date = my_date($mybb->settings['dateformat'], $ban['dateline']);
 440          if($ban['lifted'] == 'perm' || $ban['lifted'] == '' || $ban['bantime'] == 'perm' || $ban['bantime'] == '---')
 441          {
 442              $ban_period = $lang->permenantly;
 443              $time_remaining = $lifts_on = $lang->na;
 444          }
 445          else
 446          {
 447              $ban_period = $lang->for." ".$ban_times[$ban['bantime']];
 448  
 449              $remaining = $ban['lifted']-TIME_NOW;
 450              $time_remaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
 451  
 452              if($remaining < 3600)
 453              {
 454                  $time_remaining = "<span style=\"color: red;\">{$time_remaining}</span>";
 455              }
 456              else if($remaining < 86400)
 457              {
 458                  $time_remaining = "<span style=\"color: maroon;\">{$time_remaining}</span>";
 459              }
 460              else if($remaining < 604800)
 461              {
 462                  $time_remaining = "<span style=\"color: green;\">{$time_remaining}</span>";
 463              }
 464              else
 465              {
 466                  $time_remaining = "{$time_remaining}";
 467              }
 468              $lifts_on = my_date($mybb->settings['dateformat'], $ban['lifted']);
 469          }
 470          
 471          if(!$ban['adminuser'])
 472          {
 473              if($ban['admin'] == 0)
 474              {
 475                  $ban['adminuser'] = "MyBB System";
 476              }
 477              else
 478              {
 479                  $ban['adminuser'] = $ban['admin'];
 480              }
 481          }
 482  
 483          $table->construct_cell($lang->sprintf($lang->bannedby_x_on_x, $profile_link, htmlspecialchars_uni($ban['adminuser']), $ban_date, $ban_period));
 484          $table->construct_cell($lifts_on, array("class" => "align_center"));
 485          $table->construct_cell($time_remaining, array("class" => "align_center"));
 486          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}\">{$lang->edit}</a>", array("class" => "align_center"));
 487          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_lift_ban}');\">{$lang->lift}</a>", array("class" => "align_center"));
 488          $table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=prune&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_prune}');\">{$lang->prune_threads_and_posts}</a>", array("class" => "align_center"));
 489          $table->construct_row();
 490      }
 491  
 492      if($table->num_rows() == 0)
 493      {
 494          $table->construct_cell($lang->no_banned_users, array("colspan" => "6"));
 495          $table->construct_row();
 496      }
 497      $table->output($lang->banned_accounts);
 498      echo $pagination;
 499      
 500      $form = new Form("index.php?module=user-banning", "post");
 501      if($errors)
 502      {
 503          $page->output_inline_error($errors);
 504      }
 505      
 506      if($mybb->input['uid'] && !$mybb->input['username'])
 507      {
 508          $user = get_user($mybb->input['uid']);
 509          $mybb->input['username'] = $user['username'];
 510      }
 511      
 512      $form_container = new FormContainer($lang->ban_a_user);
 513      $form_container->output_row($lang->ban_username, $lang->autocomplete_enabled, $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
 514      $form_container->output_row($lang->ban_reason, "", $form->generate_text_box('reason', $mybb->input['reason'], array('id' => 'reason')), 'reason');
 515      if(count($banned_groups) > 1)
 516      {
 517          $form_container->output_row($lang->ban_group, $lang->add_ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
 518      }
 519      foreach($ban_times as $time => $period)
 520      {
 521          if($time != "---")
 522          {
 523              $friendly_time = my_date("D, jS M Y @ g:ia", ban_date2timestamp($time));
 524              $period = "{$period} ({$friendly_time})";
 525          }
 526          $length_list[$time] = $period;
 527      }
 528      $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');    
 529  
 530      $form_container->end();
 531  
 532      // Autocompletion for usernames
 533      echo '
 534      <script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script>
 535      <script type="text/javascript">
 536      <!--
 537          new autoComplete("username", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
 538      // -->
 539      </script>';
 540  
 541      $buttons[] = $form->generate_submit_button($lang->ban_user);
 542      $form->output_submit_wrapper($buttons);
 543      $form->end();
 544  
 545      $page->output_footer();
 546  }
 547  ?>
PHP Cross Reference of MyBB

/admin/modules/user/ -> banning.php (source)
