Location: PHPKode > projects > TBsource PHP/MySql Bit-Torrent tracker > tbsource/modtask.php
<?

require "include/bittorrent.php";

dbconn(false);

loggedinorreturn();

function puke($text = "w00t")
{
  stderr("w00t", $text);
}

if (get_user_class() < UC_MODERATOR)
  puke();

$action = $_POST["action"];

if ($action == "edituser")
{
  $userid = $_POST["userid"];
  $title = $_POST["title"];
  $avatar = $_POST["avatar"];
  $enabled = $_POST["enabled"];
  $warned = $_POST["warned"];
  $warnlength = 0 + $_POST["warnlength"];
  $warnpm = $_POST["warnpm"];
  $donor = $_POST["donor"];
  $modcomment = $_POST["modcomment"];
  if ($_POST['resetpasskey']) $updateset[] = "passkey=''";

  $class = 0 + $_POST["class"];
  if (!is_valid_id($userid) || !is_valid_user_class($class))
    stderr("Error", "Bad user ID or class ID.");
  // check target user class
  $res = mysql_query("SELECT warned, enabled, username, class FROM users WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
  $arr = mysql_fetch_assoc($res) or puke();
  $curenabled = $arr["enabled"];
  $curclass = $arr["class"];
  $curwarned = $arr["warned"];
  // User may not edit someone with same or higher class than himself!
  if ($curclass >= get_user_class())
    puke();

  if ($curclass != $class)
  {
    // Notify user
    $what = ($class > $curclass ? "promoted" : "demoted");
    $msg = sqlesc("You have been $what to '" . get_user_class_name($class) . "' by $CURUSER[username].");
    $added = sqlesc(get_date_time());
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
    $updateset[] = "class = $class";
    $what = ($class > $curclass ? "Promoted" : "Demoted");
 		$modcomment = gmdate("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by $CURUSER[username].\n". $modcomment;
  }

  // some Helshad fun
  $fun = ($CURUSER['id'] == 277) ? " Tremble in fear, mortal." : "";

  if ($warned && $curwarned != $warned)
  {
		$updateset[] = "warned = " . sqlesc($warned);
		$updateset[] = "warneduntil = '0000-00-00 00:00:00'";
    if ($warned == 'no')
    {
			$modcomment = gmdate("Y-m-d") . " - Warning removed by " . $CURUSER['username'] . ".\n". $modcomment;
      $msg = sqlesc("Your warning has been removed by " . $CURUSER['username'] . ".");
    }
		$added = sqlesc(get_date_time());
		mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  }
	elseif ($warnlength)
  {
    if ($warnlength == 255)
    {
			$modcomment = gmdate("Y-m-d") . " - Warned by " . $CURUSER['username'] . ".\nReason: $warnpm\n" . $modcomment;
      $msg = sqlesc("You have received a [url=rules.php#warning]warning[/url] from $CURUSER[username].$fun" . ($warnpm ? "\n\nReason: $warnpm" : ""));
			$updateset[] = "warneduntil = '0000-00-00 00:00:00'";
    }
    else
    {
	    $warneduntil = get_date_time(gmtime() + $warnlength * 604800);
	    $dur = $warnlength . " week" . ($warnlength > 1 ? "s" : "");
	    $msg = sqlesc("You have received a $dur [url=rules.php#warning]warning[/url] from " . $CURUSER['username'] . ".$fun" . ($warnpm ? "\n\nReason: $warnpm" : ""));
	    $modcomment = gmdate("Y-m-d") . " - Warned for $dur by " . $CURUSER['username'] .  ".\nReason: $warnpm\n" . $modcomment;
	    $updateset[] = "warneduntil = '$warneduntil'";
		}
 		$added = sqlesc(get_date_time());
		mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
    $updateset[] = "warned = 'yes'";
	}

  if ($enabled != $curenabled)
  {
  	if ($enabled == 'yes')
  		$modcomment = gmdate("Y-m-d") . " - Enabled by " . $CURUSER['username'] . ".\n" . $modcomment;
  	else
  		$modcomment = gmdate("Y-m-d") . " - Disabled by " . $CURUSER['username'] . ".\n" . $modcomment;
  }

  $updateset[] = "enabled = " . sqlesc($enabled);
  $updateset[] = "donor = " . sqlesc($donor);
  $updateset[] = "avatar = " . sqlesc($avatar);
  $updateset[] = "title = " . sqlesc($title);
  $updateset[] = "modcomment = " . sqlesc($modcomment);
  mysql_query("UPDATE users SET  " . implode(", ", $updateset) . " WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
  $returnto = $_POST["returnto"];

  header("Location: $DEFAULTBASEURL/$returnto");
  die;
}

puke();

?>
Return current item: TBsource PHP/MySql Bit-Torrent tracker