'u.group_id, u.username, u.email, u.registration_ip', 'FROM' => 'users AS u', 'WHERE' => 'u.id='.$user_id ); ($hook = get_hook('aba_qr_get_user_by_id')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); if (!$pun_db->num_rows($result)) message($lang_admin['No user id message']); list($group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result); } else // Otherwise the username is in POST { $ban_user = trim($_POST['new_ban_user']); ($hook = get_hook('aba_add_ban_form_submitted')) ? eval($hook) : null; if ($ban_user != '') { $query = array( 'SELECT' => 'u.id, u.group_id, u.username, u.email, u.registration_ip', 'FROM' => 'users AS u', 'WHERE' => 'u.username=\''.$pun_db->escape($ban_user).'\' AND u.id>1' ); ($hook = get_hook('aba_qr_get_user_by_username')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); if (!$pun_db->num_rows($result)) message($lang_admin['No user username message']); list($user_id, $group_id, $ban_user, $ban_email, $ban_ip) = $pun_db->fetch_row($result); } } // Make sure we're not banning an admin if (isset($group_id) && $group_id == PUN_ADMIN) message($lang_admin['User is admin message']); // If we have a $user_id, we can try to find the last known IP of that user if (isset($user_id)) { $query = array( 'SELECT' => 'p.poster_ip', 'FROM' => 'posts AS p', 'WHERE' => 'p.poster_id='.$user_id, 'ORDER BY' => 'p.posted DESC', 'LIMIT' => '1' ); ($hook = get_hook('aba_qr_get_last_known_ip')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); $ban_ip = ($pun_db->num_rows($result)) ? $pun_db->result($result) : $ban_ip; } $mode = 'add'; } else // We are editing a ban { $ban_id = intval($_GET['edit_ban']); if ($ban_id < 1) message($lang_common['Bad request']); ($hook = get_hook('aba_edit_ban_selected')) ? eval($hook) : null; $query = array( 'SELECT' => 'b.username, b.ip, b.email, b.message, b.expire', 'FROM' => 'bans AS b', 'WHERE' => 'b.id='.$ban_id ); ($hook = get_hook('aba_qr_get_ban_data')) ? eval($hook) : null; $result = $pun_db->query_build($query) or error(__FILE__, __LINE__); if ($pun_db->num_rows($result)) list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $pun_db->fetch_row($result); else message($lang_common['Bad request']); // We just use GMT for expire dates, as its a date rather than a day I don't think its worth worrying about $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire) : ''; $mode = 'edit'; } // Setup the form $pun_page['fld_count'] = $pun_page['set_count'] = 0; // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])), array($lang_admin['Bans'], pun_link($pun_url['admin_bans'])), $lang_admin['Ban advanced'] ); ($hook = get_hook('aba_add_edit_ban_pre_header_load')) ? eval($hook) : null; define('PUN_PAGE_SECTION', 'users'); define('PUN_PAGE', 'admin-bans'); require PUN_ROOT.'header.php'; ?>

{ }

1) ? ltrim($octets[$c], "0") : $octets[$c]; if ($c > 3 || !ctype_digit($octets[$c]) || intval($octets[$c]) > 255) message($lang_admin['Invalid IP message']); } $cur_address = implode('.', $octets); $addresses[$i] = $cur_address; } $ban_ip = implode(' ', $addresses); } require PUN_ROOT.'include/email.php'; if ($ban_email != '' && !is_valid_email($ban_email)) { if (!preg_match('/^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/', $ban_email)) message($lang_admin['Invalid e-mail message']); } if ($ban_expire != '' && $ban_expire != 'Never') { $ban_expire = strtotime($ban_expire); if ($ban_expire == -1 || $ban_expire <= time()) message($lang_admin['Invalid expire message']); } else $ban_expire = 'NULL'; $ban_user = ($ban_user != '') ? '\''.$pun_db->escape($ban_user).'\'' : 'NULL'; $ban_ip = ($ban_ip != '') ? '\''.$pun_db->escape($ban_ip).'\'' : 'NULL'; $ban_email = ($ban_email != '') ? '\''.$pun_db->escape($ban_email).'\'' : 'NULL'; $ban_message = ($ban_message != '') ? '\''.$pun_db->escape($ban_message).'\'' : 'NULL'; if ($_POST['mode'] == 'add') { $query = array( 'INSERT' => 'username, ip, email, message, expire, ban_creator', 'INTO' => 'bans', 'VALUES' => $ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.', '.$pun_user['id'] ); ($hook = get_hook('aba_qr_add_ban')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); } else { $query = array( 'UPDATE' => 'bans', 'SET' => 'username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire, 'WHERE' => 'id='.intval($_POST['ban_id']) ); ($hook = get_hook('aba_qr_update_ban')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); } // Regenerate the bans cache require_once PUN_ROOT.'include/cache.php'; generate_bans_cache(); redirect(pun_link($pun_url['admin_bans']), (($_POST['mode'] == 'edit') ? $lang_admin['Ban edited'] : $lang_admin['Ban added']).' '.$lang_admin['Redirect']); } // Remove a ban else if (isset($_GET['del_ban'])) { $ban_id = intval($_GET['del_ban']); if ($ban_id < 1) message($lang_common['Bad request']); // Validate the CSRF token if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('del_ban'.$ban_id))) csrf_confirm_form(); ($hook = get_hook('aba_del_ban_form_submitted2')) ? eval($hook) : null; $query = array( 'DELETE' => 'bans', 'WHERE' => 'id='.$ban_id ); ($hook = get_hook('aba_qr_delete_ban')) ? eval($hook) : null; $pun_db->query_build($query) or error(__FILE__, __LINE__); // Regenerate the bans cache require_once PUN_ROOT.'include/cache.php'; generate_bans_cache(); redirect(pun_link($pun_url['admin_bans']), $lang_admin['Ban removed'].' '. $lang_admin['Redirect']); } // Setup the form $pun_page['part_count'] = $pun_page['fld_count'] = $pun_page['set_count'] = 0; // Setup breadcrumbs $pun_page['crumbs'] = array( array($pun_config['o_board_title'], pun_link($pun_url['index'])), array($lang_admin['Forum administration'], pun_link($pun_url['admin_index'])), $lang_admin['Bans'] ); ($hook = get_hook('aba_pre_header_loaded')) ? eval($hook) : null; define('PUN_PAGE_SECTION', 'users'); define('PUN_PAGE', 'admin-bans'); require PUN_ROOT.'header.php'; ?>

{ }

$cur_ban) { $pun_page['ban_info'] = array(); $pun_page['ban_creator'] = ($cur_ban['ban_creator_username'] != '') ? ''.pun_htmlencode($cur_ban['ban_creator_username']).'' : $lang_admin['Unknown']; if ($cur_ban['username'] != '') $pun_page['ban_info'][] = ''.$lang_admin['Username'].': '.pun_htmlencode($cur_ban['username']).''; if ($cur_ban['email'] != '') $pun_page['ban_info'][] = ''.$lang_admin['E-mail'].': '.$cur_ban['email'].''; if ($cur_ban['ip'] != '') $pun_page['ban_info'][] = ''.$lang_admin['IP-ranges'].': '.$cur_ban['ip'].''; if ($cur_ban['expire'] != '') $pun_page['ban_info'][] = ''.$lang_admin['Expire date'].': '.format_time($cur_ban['expire'], true).''; ($hook = get_hook('aba_view_ban_pre_display')) ? eval($hook) : null; ?>

', $pun_page['ban_info'])."\n" ?>