query('SELECT username, email FROM '.$db->prefix.'users WHERE id='.$ban_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
list($ban_user, $ban_email) = $db->fetch_row($result);
$result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$ban_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$ban_ip = $db->result($result, 0);
}
else
message('No user by that ID registered.');
}
else // Otherwise the username is in POST
{
$ban_user = trim($_POST['new_ban_user']);
if ($ban_user != '')
{
$result = $db->query('SELECT id, username, email FROM '.$db->prefix.'users WHERE username=\''.escape(strtolower($ban_user)).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
list($ban_id, $ban_user, $ban_email) = $db->fetch_row($result);
$result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE poster_id='.$ban_id.' ORDER BY posted DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$ban_ip = $db->result($result, 0);
}
else
message('No user by that username registered. If you want to add a ban not tied to a specific username just leave the username blank.');
}
}
$page_title = htmlspecialchars($options['board_title']).' / Admin / Bans';
$form_name = 'bans2';
$focus_element = 'new_ban_ip';
require 'header.php';
if ($cur_user['status'] > 1)
admin_menu('bans');
else
moderator_menu('bans');
?>
query('INSERT INTO '.$db->prefix.'bans (username, ip, email, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());
redirect('admin_bans.php', 'Ban added. Redirecting ...');
}
// Update a ban
else if (isset($_POST['update']))
{
confirm_referer('admin_bans.php');
$id = key($_POST['update']);
$ban_user = trim($_POST['ban_user'][$id]);
$ban_ip = trim($_POST['ban_ip'][$id]);
$ban_email = trim($_POST['ban_email'][$id]);
$ban_expire = trim($_POST['ban_expire'][$id]);
if ($ban_user == '' && $ban_ip == '' && $ban_email == '')
message('You must enter eighter a username, an IP address or an e-mail address (at least).');
require_once 'include/email.php';
if ($ban_email != '' && !is_valid_email($ban_email))
{
if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email))
message('The e-mail address (e.g. user@domain.com) or partial e-mail address domain (e.g. domain.com) you entered is invalid.');
}
if ($ban_expire != '' && $ban_expire != 'Never')
{
$ban_expire = strtotime($ban_expire);
if ($ban_expire == -1 || $ban_expire <= time())
message('You entered an invalid expire date. The format should be yyyy-mm-dd and the date must be at least one day forward from today.');
}
else
$ban_expire = 'NULL';
$ban_user = ($ban_user != '') ? '\''.escape($ban_user).'\'' : 'NULL';
$ban_ip = ($ban_ip != '') ? '\''.escape($ban_ip).'\'' : 'NULL';
$ban_email = ($ban_email != '') ? '\''.escape($ban_email).'\'' : 'NULL';
$db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', expire='.$ban_expire.' WHERE id='.$id) or error('Unable to update ban', __FILE__, __LINE__, $db->error());
redirect('admin_bans.php', 'Ban updated. Redirecting ...');
}
// Remove a ban
else if (isset($_POST['remove']))
{
confirm_referer('admin_bans.php');
$id = key($_POST['remove']);
$db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());
redirect('admin_bans.php', 'Ban removed. Redirecting ...');
}
$page_title = htmlspecialchars($options['board_title']).' / Admin / Bans';
$form_name = 'bans';
$focus_element = 'new_ban_user';
require 'header.php';
if ($cur_user['status'] > 1)
admin_menu('bans');
else
moderator_menu('bans');
?>