<?php
/***************************************************************************
admin_users.php - description
-------------------
begin : Wed July 19 2000
copyright : (C) 2001 The phpBB Group
email : hide@address.com
$Id: admin_users.php,v 1.26 2001/04/03 21:56:55 thefinn Exp $
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
include('../extention.inc');
include('../functions.'.$phpEx);
include('../config.'.$phpEx);
require('../auth.'.$phpEx);
if($login) {
if ($username == '') {
die("You have to enter your username. Go back and do so.");
}
if ($password == '') {
die("You have to enter your password. Go back and do so.");
}
if (!check_username($username, $db)) {
die("Invalid username \"$username\". Go back and try again.");
}
if (!check_user_pw($username, $password, $db)) {
die("Invalid password. Go back and try again.");
}
$userdata = get_userdata($username, $db);
$sessid = new_session($userdata[user_id], $REMOTE_ADDR, $sesscookietime, $db);
set_session_cookie($sessid, $sesscookietime, $sesscookiename, $cookiepath, $cookiedomain, $cookiesecure);
if (defined('USE_IIS_LOGIN_HACK') && USE_IIS_LOGIN_HACK)
{
echo "<META HTTP-EQUIV=\"refresh\" content=\"1;URL=$url_admin_index\">";
}
else
{
header("Location: $url_admin_index");
}
}
else if(!$user_logged_in) {
$pagetitle = "Forum Administration";
$pagetype = "admin";
include('../page_header.'.$phpEx);
?>
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="<?php echo $TableWidth?>">
<TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD><P><BR><FONT FACE="<?php echo $FontFace?>" SIZE="<? echo $FontSize2?>" COLOR="<?php echo $textcolor?>">
Please enter your username and password to login.<BR>
<i>(NOTE: You MUST have cookies enabled in order to login to the administration section of this forum)</i><BR>
<UL>
<FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
<b>User Name: </b><INPUT TYPE="TEXT" NAME="username" SIZE="25" MAXLENGTH="40" VALUE="<?php echo $userdata[username]?>"><BR>
<b>Password: </b><INPUT TYPE="PASSWORD" NAME="password" SIZE="25" MAXLENGTH="25"><br><br>
<INPUT TYPE="SUBMIT" NAME="login" VALUE="Submit"> <INPUT TYPE="RESET" VALUE="Clear"></ul>
</FORM>
</TD></TR></TABLE></TD></TR></TABLE>
<?php
include('../page_tail.'.$phpEx);
exit();
}
else if($user_logged_in && $userdata[user_level] == 4) {
$pagetitle = "Forum Administration";
$pagetype = "admin";
include('../page_header.'.$phpEx);
switch($mode) {
case 'moduser':
if($submit && $edit_user_id) {
$sql = "UPDATE users SET username = '$edit_username', user_email = '$email', user_rank = '$rank', user_level = '$level' WHERE user_id = $edit_user_id";
if(!$r = mysql_query($sql, $db))
die("Error could not update the database.");
echo "<TABLE width=\"95%\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\" bordercolor=\"$table_bgcolor\">";
echo "<tr><td align=\"center\" width=\"100%\" bgcolor=\"$color1\"><font face=\"$FontFace\" size=\"$FontSize1\" color=\"$textcolor\"><B>User Information Updated.</B></font></td>";
echo "</tr><TR><TD><TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"><TR>";
echo "<td align=\"center\" width=\"100%\" bgcolor=\"$color2\"><font face=\"$FontFace\" size=\"$FontSize1\" color=\"$textcolor\"><P><BR> Click <a href=\"$url_admin_index\">here</a> to return to the Administration Panel.<P>Click <a href=\"$PHP_SELF?mode=moduser\">here</a> to modify another user.</font><P><BR><P></TD>";
echo "</TR></table></TD></TR></TABLE>";
}
else {
if(!$edit_user_id) {
$sql = "SELECT username, user_id FROM users ORDER BY username";
if(!$r = mysql_query($sql, $db))
die("Error connecting to the database. Please check your config.$phpEx file.");
if(!$m = mysql_fetch_array($r))
die("No users in the database.");
?>
<FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="95%"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="2"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>"><B>Select a User to Modify</B></FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
<TD align="right"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">User:</FONT></TD>
<TD><SELECT NAME="edit_user_id">
<?php
do {
echo "<OPTION VALUE=\"$m[user_id]\">$m[username]</OPTION>\n";
} while($m = mysql_fetch_array($r));
?>
</SELECT>
</TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="2">
<INPUT TYPE="HIDDEN" NAME="mode" VALUE="moduser">
<INPUT TYPE="SUBMIT" NAME="modify" VALUE="Modify User">
<INPUT TYPE="RESET" VALUE="Clear">
</TD>
</TR>
</TR>
</TABLE></TD></TR></TABLE>
<?php
}
else {
$moduserdata = get_userdata_from_id($edit_user_id, $db);
if($moduserdata[user_rank] != 0) {
$sql = "SELECT rank_id, rank_title FROM ranks WHERE rank_min < " . $moduserdata[user_posts] . " AND rank_max > " . $moduserdata[user_posts] . " AND rank_special = 0";
if(!$r = mysql_query($sql, $db))
die("Error connecting to the database. Please check your config.$phpEx file.");
list($rank_id, $rank) = @mysql_fetch_array($r);
}
else {
$sql = "SELECT rank_title FROM ranks WHERE rank_id = '$moduserdata[user_rank]'";
if(!$r = mysql_query($sql, $db))
die("Error connecting to the database. Please check your config.$phpEx file.");
list($rank) = @mysql_fetch_array($r);
}
?>
<FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="95%"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="2"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Modifying <b><?php echo $moduserdata[username]?></b></FONT></TD>
</TR>
<TR ALIGN="LEFT">
<TD ALIGN="LEFT" BGCOLOR="<?php echo $color1?>"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">User Name:</FONT></TD>
<TD BGCOLOR="<?php echo $color2?>"><INPUT TYPE="TEXT" NAME="edit_username" VALUE="<?php echo $moduserdata[username]?>" MAXLENGTH=40 SIZE=25></TD>
</TR>
<TR ALIGN="LEFT">
<TD BGCOLOR="<?php echo $color1?>"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Email Address:</FONT></TD>
<TD BGCOLOR="<?php echo $color2?>"><INPUT TYPE="TEXT" NAME="email" VALUE="<?php echo $moduserdata[user_email]?>" MAXLENGTH=50 SIZE=30></TD>
</TR>
<TR ALIGN="LEFT">
<TD BGCOLOR="<?php echo $color1?>"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Rank:</FONT></TD>
<TD BGCOLOR="<?php echo $color2?>"><SELECT NAME="rank">
<?php
$sql = "SELECT rank_id, rank_title FROM ranks WHERE rank_special = 1";
$r = mysql_query($sql, $db);
if($m = mysql_fetch_array($r)) {
echo "<OPTION VALUE=\"0\">No Special Rank Assigned</OPTION>";
echo "<OPTION VALUE=\"0\">------------------------</OPTION>";
do {
unset($selected);
if($moduserdata[user_rank] == $m[rank_id])
$selected = "SELECTED";
echo "<OPTION VALUE=\"$m[rank_id]\" $selected>$m[rank_title]</OPTION>\n";
} while($m = mysql_fetch_array($r));
echo "</SELECT>\n";
}
else {
echo "<OPTION VALUE=\"0\">No Special Ranks in Database</OPTION></SELECT>\n";
echo "<BR><FONT FACE=\"$FontFace\" SIZE=\"$FontSize2\" COLOR=\"$textcolor\">Click <a href=\"admin_board.$phpEx?mode=rankadmin\">here</a> to add Ranks.</FONT>";
}
?>
</TD>
</TR>
<TR ALIGN="LEFT">
<TD BGCOLOR="<?php echo $color1?>"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">User Level:</FONT></TD>
<TD BGCOLOR="<?php echo $color2?>"><SELECT NAME="level">
<?php
$sql = "SELECT access_id, access_title FROM access ORDER BY access_id";
$r = mysql_query($sql, $db);
if($m = mysql_fetch_array($r)) {
do {
unset($selected);
if($moduserdata[user_level] == $m[access_id])
$selected = "SELECTED";
echo "<OPTION VALUE=\"$m[access_id]\" $selected>$m[access_title]</OPTION>\n";
} while($m = mysql_fetch_array($r));
}
?>
</SELECT>
</TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="2">
<INPUT TYPE="HIDDEN" NAME="mode" VALUE="moduser">
<INPUT TYPE="HIDDEN" NAME="edit_user_id" VALUE="<?php echo $edit_user_id?>">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Modify User">
<INPUT TYPE="RESET" VALUE="Clear">
</TD>
</TR>
</TR>
</TABLE></TD></TR></TABLE>
<?php
}
}
break;
case 'badwords':
if($action) {
switch($action) {
case 'Add':
if($bad_word != '' && $replacement != '') {
$bad_word = addslashes($bad_word);
$replacement = addslashes($replacement);
$sql = "INSERT INTO words (word, replacement) VALUES ('$bad_word', '$replacement')";
if(!$r = mysql_query($sql, $db)) {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Error. Could not insert into the DB</FONT></CENTER><BR>";
break;
}
else {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Word Censor Added!</FONT></CENTER><BR>";
}
}
else {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Error. You did not fill out all areas of the form!</CENTER><BR>";
}
break;
case 'Delete':
$sql = "DELETE FROM words WHERE word_id = '$word_id'";
if(!$r = mysql_query($sql, $db)) {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Error. Could not delete from the DB</FONT></CENTER><BR>";
break;
}
else {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Word Censor Removed!</FONT></CENTER><BR>";
}
break;
case 'Edit':
$bad_word = addslashes($bad_word);
$replacement = addslashes($replacement);
$sql = "UPDATE words SET word = '$bad_word', replacement = '$replacement' WHERE word_id = '$word_id'";
if(!$r = mysql_query($sql, $db)) {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Error. Could not update the DB</FONT></CENTER><BR>";
break;
}
else {
echo "<CENTER><FONT FACE=\"$FontFace\" SIZE=\"$FontSize4\" COLOR=\"$textcolor\">Word Censor Updated!</FONT></CENTER><BR>";
}
break;
}
}
?>
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="95%"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="4"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Current Word Censors<BR>To modify a word and/or its replacement text simply change the values in the text boxes and click the Edit button.<BR>
To remove a censored word simply click on the 'Delete' button next to the word.</FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Word</FONT></TD>
<TD ALIGN="CENTER"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Replacement</FONT></TD>
<TD ALIGN="CENTER"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Edit</FONT></TD>
<TD ALIGN="CENTER"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Delete</FONT></TD>
</TR>
<?php
$sql = "SELECT * FROM words";
if(!$r = mysql_query($sql, $db)) {
echo "<TD ALIGN=\"CENTER\" COLSPAN=\"6\"><FONT FACE=\"$FontFace\" SIZE=\"$FontSize\" COLOR=\"$textcolor\">Error connecting to the database.</FONT></TD></TR></TABLE></TABLE>";
include('../page_tail.'.$phpEx);
exit();
}
if($m = mysql_fetch_array($r)) {
do {
echo "<FORM ACTION=\"$PHP_SELF\" METHOD=\"POST\">\n";
echo "<TR BGCOLOR=\"$color2\" ALIGN=\"CENTER\">\n";
echo "<TD><INPUT TYPE=\"TEXT\" NAME=\"bad_word\" VALUE=\"" . stripslashes($m[word]) . "\" MAXLENGTH=\"50\" SIZE=\"25\"></TD>\n";
echo "<TD><INPUT TYPE=\"TEXT\" NAME=\"replacement\" VALUE=\"" . stripslashes($m[replacement]) . "\" MAXLENGTH=\"50\" SIZE=\"25\"></TD>\n";
echo "<TD><INPUT TYPE=\"HIDDEN\" NAME=\"word_id\" VALUE=\"$m[word_id]\">\n";
echo "<INPUT TYPE=\"HIDDEN\" NAME=\"mode\" VALUE=\"$mode\">\n";
echo "<INPUT TYPE=\"SUBMIT\" NAME=\"action\" VALUE=\"Edit\"></TD>\n";
echo "<TD><BR><INPUT TYPE=\"SUBMIT\" NAME=\"action\" VALUE=\"Delete\"></FORM></TD>\n";
echo "</TR>";
} while($m = mysql_fetch_array($r));
}
else {
echo "<TR BGCOLOR=\"$color1\" ALIGN=\"CENTER\"><TD COLSPAN=\"4\"><FONT FACE=\"$FontFace\" SIZE=\"$FontSize\" COLOR=\"$textcolor\">No censored words in the database. You can enter one using the form below</FONT></TD></TR>";
}
?>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="4"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Add a Word<BR>Use this form to add a word censor to the database.</FONT>
</TD><FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="CENTER">
<TD colspan="2"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Word</font></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Replacement</font></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Action</font></TD>
</TR>
<TR BGCOLOR="<?php echo $color2?>" ALIGN="CENTER">
<TD colspan="2"><INPUT TYPE="TEXT" NAME="bad_word" MAXLENGTH="50" SIZE="25"></TD>
<TD><INPUT TYPE="TEXT" NAME="replacement" MAXLENGTH="50" SIZE="25"></TD>
<TD><INPUT TYPE="HIDDEN" NAME="mode" VALUE="<?php echo $mode?>">
<INPUT TYPE="SUBMIT" NAME="action" VALUE="Add"></TD>
</FORM>
</TR>
<?php
echo "</TABLE></TABLE>\n";
break;
case 'badusernames':
if($edit || $add || $delete) {
if($add) {
$dis_username = addslashes($dis_username);
$sql = "INSERT INTO disallow (disallow_username) VALUES ('$dis_username')";
if(!$r = mysql_query($sql, $db))
echo "<CENTER><font size=+1>Error - Could not add username. Please try again.</font></center>";
else
echo "<CENTER><font size=+1>Username Added</font></center>";
}
else if($delete) {
$sql = "DELETE FROM disallow WHERE disallow_id = '$id'";
if(!$$r = mysql_query($sql, $db))
echo "<CENTER><font size=+1>Error - Could not remove username. Please try again.</font></center>";
else
echo "<CENTER><font size=+1>Username Removed</font></center>";
}
else if($edit) {
$dis_username = addslashes($dis_username);
$sql = "UPDATE disallow SET disallow_username = '$dis_username' WHERE disallow_id = '$id'";
if(!$r = mysql_query($sql, $db))
echo "<CENTER><font size=+1>Error - Could not update the database. Please try again.</font></center>";
else
echo "<CENTER><font size=+1>Username Updated</font></center>";
}
}
?>
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="95%"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="3"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Current Disallowed Usernames<BR>You can edit an entry by altering the text in the boxes and pressing the 'Edit' button
<BR>You can remove an entry by clicking its 'Delete' button.</FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="CENTER">
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Disallowed Username</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Edit</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Delete</FONT></TD>
</TR>
<?php
$sql = "SELECT disallow_id, disallow_username FROM disallow";
if(!$r = mysql_query($sql, $db)) {
echo "<TR BGCOLOR=\"$color1\" ALIGN=\"LEFT\"><TD COLSPAN=\"3\">Error - Could not query the database. Please check your config.$phpEx file.</TD></TR></TABLE></TABLE>";
include('../page_tail.'.$phpEx);
exit();
}
if($m = mysql_fetch_array($r)) {
do {
echo "<TR BGCOLOR=\"$color2\" ALIGN=\"CENTER\">\n";
echo "<TD><FORM ACTION=\"$PHP_SELF\" METHOD=\"POST\"><INPUT TYPE=\"TEXT\" NAME=\"dis_username\" VALUE=\"" . stripslashes($m[disallow_username]) . "\" MAXLENGTH=\"40\" SIZE=\"25\"></TD>\n";
echo "<TD><INPUT TYPE=\"HIDDEN\" NAME=\"mode\" VALUE=\"$mode\"><INPUT TYPE=\"HIDDEN\" NAME=\"id\" VALUE=\"$m[disallow_id]\">";
echo "<INPUT TYPE=\"SUBMIT\" NAME=\"edit\" VALUE=\"Edit\"></TD>\n";
echo "<TD><INPUT TYPE=\"SUBMIT\" NAME=\"delete\" VALUE=\"Delete\"></FORM></TD></TR>\n";
} while($m = mysql_fetch_array($r));
}
else
echo "<TR BGCOLOR=\"$color2\" ALIGN=\"CENTER\"><TD COLSPAN=\"3\">No Disallowed usernames in the database, use the form below to add one.</TD></TR>";
?>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="CENTER">
<TD COLSPAN="3"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Disallow a Username<BR>Use the following form to add usernames to the disallowed list.</FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color2?>" ALIGN="CENTER">
<TD><FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
<INPUT TYPE="TEXT" NAME="dis_username" MAXLENGTH="50" SIZE="25">
</TD>
<TD COLSPAN="2"><INPUT TYPE="HIDDEN" NAME="mode" VALUE="<?php echo $mode?>">
<INPUT TYPE="SUBMIT" NAME="add" VALUE="Add Username"></FORM>
</TD>
</TR>
</TABLE>
</TABLE>
<?php
break;
case 'remuser':
if($submit) {
if($type == "hard") {
$deluserdata = get_userdata_from_id($user_id, $db);
if($deluserdata[user_posts] > 0) {
echo "Error. This use has posted messages on the forums, therefor he/she cannot be hard deleted. Please go back and 'soft delete' this user if you want to remove them.";
include('../page_tail.'.$phpEx);
exit();
}
$sql = "DELETE FROM users WHERE user_id = '$user_id'";
}
else
$sql = "UPDATE users SET user_level = -1 WHERE user_id = '$user_id'";
if(!$r = mysql_query($sql, $db)) {
echo "Error - Could not remove user from the database.";
include('../page_tail.'.$phpEx);
exit();
}
$sql = "DELETE FROM forum_mods WHERE user_id = '$user_id'";
if(!$r = mysql_query($sql, $db)) {
echo "Error - Could not remove user from the database.";
include('../page_tail.'.$phpEx);
exit();
}
echo "<TABLE width=\"95%\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\" bordercolor=\"$table_bgcolor\">";
echo "<tr><td align=\"center\" width=\"100%\" bgcolor=\"$color1\"><font face=\"$FontFace\" size=\"$FontSize1\" color=\"$textcolor\"><B>User Removed.</B></font></td>";
echo "</tr><TR><TD><TABLE width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"><TR>";
echo "<td align=\"center\" width=\"100%\" bgcolor=\"$color2\"><font face=\"$FontFace\" size=\"$FontSize1\" color=\"$textcolor\"><P><BR> Click <a href=\"$url_admin_index\">here</a> to return to the Administration Panel.<P>Click <a href=\"$url_phpbb_index\">here</a> to return to the forum index.</font><P><BR><P></TD>";
echo "</TR></table></TD></TR></TABLE>";
}
else {
$sql = "SELECT username, user_id FROM users WHERE user_id != -1 ORDER BY username";
if(!$r = mysql_query($sql, $db))
die("Error connecting to the database. Please check your config.$phpEx file.");
if(!$m = mysql_fetch_array($r))
die("No users in the database.");
?>
<FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="95%"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="2"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>"><B>Select a User to Remove from the Database</B></FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
<TD align="right"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">User:</FONT></TD>
<TD><SELECT NAME="user_id">
<?php
do {
echo "<OPTION VALUE=\"$m[user_id]\">$m[username]</OPTION>\n";
} while($m = mysql_fetch_array($r));
?>
</SELECT>
</TD>
</TR>
<TR BGCOLOR="<?php echo $color2?>" ALIGN="LEFT">
<TD ALIGN="right"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Deletion Type:</FONT></TD>
<TD><INPUT TYPE="RADIO" NAME="type" VALUE="hard"> Hard Delete <i>(Remove the users record from the users database, you may not hard delete users who have posted messages!)</i><BR>
<INPUT TYPE="RADIO" NAME="type" VALUE="soft" CHECKED> Soft Delete <i>(The users record remains but they cannot login, post, reply etc etc. This is safer)</i></TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="2">
<INPUT TYPE="HIDDEN" NAME="mode" VALUE="remuser">
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Delete User">
<INPUT TYPE="RESET" VALUE="Clear">
</TD>
</TR>
</TR>
</TABLE></TD></TR></TABLE>
<?php
}
break;
case 'banuser':
if($add) {
$starttime = mktime (date("H"), date("i"), date("s"), date("m"), date("d"), date("Y"));
switch($durtype) {
case 1:
$type = 1;
break;
case 2:
$type = 60;
break;
case 3:
$type = 3600;
break;
case 4:
$type = 86400;
break;
case 5:
$type = 31536000;
break;
}
if(!isset($duration))
$duration = 0;
if($duration != 0)
$endtime = $starttime + ($duration * $type);
else
$endtime = 0;
if($banby == 1) {
$sql = "INSERT INTO banlist (ban_ip, ban_start, ban_end, ban_time_type) VALUES ('$ipuser', '$starttime', '$endtime', '$durtype')";
if(!$r = mysql_query($sql, $db))
echo "<font size=\"$FontSize4\"><center>Error. Could not add ban!</center></font><br>";
echo "<font size=\"$FontSize4\"><center>Ban Added</center></font><br>";
}
else {
$banuserdata = get_userdata($ipuser, $db);
if($banuserdata[user_id]) {
$sql = "INSERT INTO banlist (ban_userid, ban_start, ban_end, ban_time_type) VALUES ('$banuserdata[user_id]', '$starttime', '$endtime', '$durtype')";
if(!$r = mysql_query($sql, $db))
echo "<font size=\"$FontSize4\"><center>Error. Could not add ban!</center></font><br>";
echo "<font size=\"$FontSize4\"><center>Ban Added</center></font><br>";
}
else
echo "<font size=\"$FontSize4\"><center>Error. No such user!</center></font>";
}
}
else if($del) {
$sql = "DELETE FROM banlist WHERE ban_id = '$ban_id'";
if(!$r = mysql_query($sql, $db))
echo "<font size=\"$FontSize4\"><center>Error. Could not remove ban!</center></font><br>";
echo "<font size=\"$FontSize4\"><center>Ban Removed</center></font><br>";
}
else if($edit) {
$starttime = mktime (date("H"), date("i"), date("s"), date("m"), date("d"), date("Y"));
switch($unit) {
case 1:
$type = 1;
break;
case 2:
$type = 60;
break;
case 3:
$type = 3600;
break;
case 4:
$type = 86400;
break;
case 5:
$type = 31536000;
break;
}
if(!isset($dur))
$dur = 0;
if($dur != 0)
$endtime = $starttime + ($dur * $type);
else
$endtime = 0;
if(isset($ipaddy))
$sql = "UPDATE banlist SET ban_ip = '$ipaddy', ban_start = '$starttime', ban_end = '$endtime', ban_time_type = '$unit' WHERE ban_id = '$ban_id'";
else {
$banneduserdata = get_userdata($user_name, $db);
$sql = "UPDATE banlist SET ban_userid = '$banneduserdata[user_id]', ban_start = '$starttime', ban_end = '$endtime', ban_time_type = '$unit' WHERE ban_id = '$ban_id'";
}
if(!$r = mysql_query($sql, $db))
echo "<font size=\"$FontSize4\"><center>Error. Ban could not be updated</center></font>";
echo "<center><font size=\"$FontSize4\">Ban Modified</font></center>";
}
?>
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="95%"><TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="4"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Current Banned IPs<BR>You can edit an entry by altering the text in the boxes and pressing the 'Edit' button
<BR>You can remove an entry by clicking its 'Delete' button.</FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="CENTER">
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">IP Address</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Duration</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Edit</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Delete</FONT></TD>
</TR>
<?php
$sql = "SELECT * FROM banlist WHERE ban_ip";
if(!$r = mysql_query($sql, $db))
echo "<tr bgcolor=\"$color2\" align=\"center\"><td colspan=\"4\"><b>Error quering the database!</b></td></tr>";
while($banlist = mysql_fetch_array($r)) {
unset($dur);
unset($unit);
echo "<tr bgcolor=\"$color2\" align=\"center\"><td><form action=\"$PHP_SELF\" method=\"POST\"><input type=\"text\" name=\"ipaddy\" value=\"$banlist[ban_ip]\" size=\"32\"></td>\n";
$type = $banlist[ban_time_type];
if($banlist[ban_end] == 0) {
$dur = "Parmanent";
$unit = "Ban";
}
else {
switch($type) {
case 1:
$dur = ($banlist[ban_end] - $banlist[ban_start]);
$unit = "Seconds";
$s = "SELECTED";
break;
case 2:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 60;
$unit = "Minutes";
$m = "SELECTED";
break;
case 3:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 3600;
$unit = "Hours";
$h = "SELECTED";
break;
case 4:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 86400;
$unit = "Days";
$d = "SELECTED";
break;
case 5:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 31536000;
$unit = "Years";
$y = "SELECTED";
break;
}
}
if($unit != "Ban") {
echo "<td align=\"center\"><input type=\"text\" name=\"dur\" size=\"".strlen($dur)."\" maxlengh=\"25\" value=\"$dur\">\n";
echo "<select name=\"unit\"><option value=\"1\" $s>Seconds</option>
<option value=\"2\" $m>Minutes</option>
<option value=\"3\" $h>Hours</option>
<option value=\"4\" $d>Days</option>
<option value=\"5\" $y>Years</option></select></td>";
}
else {
echo "<td align=\"center\">$dur $unit</td>";
}
echo "<td><input type=\"HIDDEN\" name=\"ban_id\" value=\"$banlist[ban_id]\">";
echo "<input type=\"hidden\" name=\"mode\" value=\"$mode\">";
echo "<input type=\"submit\" name=\"edit\" value=\"Edit\"></td>";
echo "<td><br><input type=\"submit\" name=\"del\" value=\"Delete\"></form></td>";
echo "</tr>";
}
?>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="LEFT">
<TD ALIGN="CENTER" COLSPAN="4"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Current Banned Usernames<BR>You can edit an entry by altering the text in the boxes and pressing the 'Edit' button
<BR>You can remove an entry by clicking its 'Delete' button.</FONT></TD>
</TR>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="CENTER">
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Username</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Duration</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Edit</FONT></TD>
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Delete</FONT></TD>
</TR>
<?php
unset($banlist);
unset($dur);
unset($unit);
$sql = "SELECT * FROM banlist WHERE ban_userid";
if(!$r = mysql_query($sql, $db))
echo "<tr bgcolor=\"$color2\"><td colspan=\"4\"><b>Error quering the database!</b></td></tr>";
while($banlist = mysql_fetch_array($r)) {
$banuserdata = get_userdata_from_id($banlist[ban_userid], $db);
echo "<tr bgcolor=\"$color2\" align=\"center\"><td align=\"center\"><form action=\"$PHP_SELF\" method=\"POST\"><input type=\"text\" name=\"user_name\" value=\"$banuserdata[username]\" maxlenght=\"35\" size=\"25\"></td>\n";
$type = $banlist[ban_time_type];
if($banlist[ban_end] == 0) {
$dur = "Permanent";
$unit = "Ban";
}
else {
switch($type) {
case 1:
$dur = ($banlist[ban_end] - $banlist[ban_start]);
$unit = "Seconds";
$s = "SELECTED";
break;
case 2:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 60;
$unit = "Minutes";
$m = "SELECTED";
break;
case 3:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 3600;
$unit = "Hours";
$h = "SELECTED";
break;
case 4:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 86400;
$unit = "Days";
$d = "SELECTED";
break;
case 5:
$dur = ($banlist[ban_end] - $banlist[ban_start]) / 31536000;
$unit = "Years";
$y = "SELECTED";
break;
}
}
if($unit != "Ban") {
echo "<td align=\"center\"><input type=\"text\" name=\"dur\" size=\"".strlen($dur)."\" maxlengh=\"25\" value=\"$dur\">\n";
echo "<select name=\"unit\"><option value=\"1\" $s>Seconds</option>
<option value=\"2\" $m>Minutes</option>
<option value=\"3\" $h>Hours</option>
<option value=\"4\" $d>Days</option>
<option value=\"5\" $y>Years</option></select></td>";
}
else {
echo "<td align=\"center\">$dur $unit</td>";
}
echo "<td align=\"center\"><input type=\"HIDDEN\" name=\"ban_id\" value=\"$banlist[ban_id]\">";
echo "<input type=\"submit\" name=\"edit\" value=\"Edit\"></td>";
echo "<input type=\"hidden\" name=\"mode\" value=\"$mode\">";
echo "<td align=\"center\"><br><input type=\"submit\" name=\"del\" value=\"Delete\"></form></td>";
echo "</tr>";
}
?>
<TR BGCOLOR="<?php echo $color1?>" ALIGN="CENTER">
<TD COLSPAN="4"><FONT FACE="<?php echo $FontFace?>" SIZE="<?php echo $FontSize2?>" COLOR="<?php echo $textcolor?>">Add a ban<BR>Use the following form to add IPs or Usernames to the banlist.<br>
To ban a range of IPs simply do not enter the final IP number ie: 192.168.1. Will ban 192.168.1.0-255<br>
Bans will be automaticly removed from the database when they expire, to create a perminant ban simply enter nothing in the duration field.</FONT></TD>
</TR>
<tr bgcolor="<?php echo $color1?>" ALIGN="CENTER">
<td>IP/Username</td>
<td>Duration</td>
<td colspan="2">Add</td>
</tr>
<TR BGCOLOR="<?php echo $color2?>" ALIGN="CENTER">
<TD><FORM ACTION="<?php echo $PHP_SELF?>" METHOD="POST">
<INPUT TYPE="TEXT" NAME="ipuser" MAXLENGTH="50" SIZE="25">
<select name="banby"><option value="1">IP address</option><option value="2">Username</option></select>
</TD>
<td><input type="text" name="duration" maxlength="32" size="15">
<select name="durtype"><option value="1">Seconds</option>
<option value="2">Minutes</option>
<option value="3">Hours</option>
<option value="4">Days</option>
<option value="5">Years</option></select>
</td>
<TD COLSPAN="2"><INPUT TYPE="HIDDEN" NAME="mode" VALUE="<?php echo $mode?>">
<br><INPUT TYPE="SUBMIT" NAME="add" VALUE="Add Ban"></FORM>
</TD>
</TR>
</TABLE>
</TABLE>
<?php
break;
}
}
else {
$pagetype = "admin";
$pagetitle = "Access Denied!";
include('../page_header.'.$phpEx);
?>
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0" ALIGN="CENTER" VALIGN="TOP" WIDTH="<?php echo $TableWidth?>">
<TR><TD BGCOLOR="<?php echo $table_bgcolor?>">
<TABLE BORDER="0" CELLPADDING="1" CELLSPACING="1" WIDTH="100%">
<TR BGCOLOR="<?php echo $color1?>" ALIGN="center" VALIGN="TOP">
<TD><FONT FACE="<?php echo $FontFace?>" SIZE="<? echo $FontSize2?>" COLOR="<?php echo $textcolor?>">
<B>You do not have acess to this area!</b><BR>
Go <a href="<?php echo $url_phpbb_index?>">Back</a>
</TD></TR></TABLE></TD></TR></TABLE>
<?php
}
include('../page_tail.'.$phpEx);
?>