johnake |
3rd August 2008 23:25 |
Try this one:
PHP Code:
<?
require "include/bittorrent.php";
dbconn(false);
loggedinorreturn();
function puke($text = "You have forgotten here someting?") { global $tracker_lang; newerr($tracker_lang['error'], $text); }
function barf($text = "User removed") { global $tracker_lang; newerr($tracker_lang['success'], $text); }
if (get_user_class() < UC_MODERATOR) puke($tracker_lang['access_denied']);
$action = $_POST["action"];
if ($action == "edituser") { $userid = $_POST["userid"]; $title = $_POST["title"]; $avatar = $_POST["avatar"]; // Check remote avatar size if ($avatar) { if (!preg_match('#^((http)|(ftp):\/\/[a-zA-Z0-9\-]+?\.([a-zA-Z0-9\-]+\.)+[a-zA-Z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar)) newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']); if(!(list($width, $height) = getimagesize($avatar))) newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']); if ($width > $avatar_max_width || $height > $avatar_max_height) newerr($tracker_lang['error'], sprintf($tracker_lang['avatar_is_too_big'], $avatar_max_width, $avatar_max_height)); } // Check remote avatar size $resetb = $_POST["resetb"]; $birthday = ($resetb=='yes'?", birthday = '0000-00-00'":""); $enabled = $_POST["enabled"]; $warned = $_POST["warned"]; $warnlength = 0 + $_POST["warnlength"]; $warnpm = $_POST["warnpm"]; $donor = $_POST["donor"]; $uploadtoadd = $_POST["amountup"]; $downloadtoadd= $_POST["amountdown"]; $formatup = $_POST["formatup"]; $formatdown = $_POST["formatdown"]; $mpup = $_POST["upchange"]; $mpdown = $_POST["downchange"]; $support = $_POST["support"]; $supportfor = htmlspecialchars($_POST["supportfor"]); $modcomm = htmlspecialchars($_POST["modcomm"]); $deluser = $_POST["deluser"];
$class = 0 + $_POST["class"]; if (!is_valid_id($userid) || !is_valid_user_class($class)) newerr($tracker_lang['error'], "Invalid user ID or class."); // check target user class $res = sql_query("SELECT warned, warnedtimes, enabled, username, class, modcomment, uploaded, downloaded FROM ".TABLE_USERS." WHERE id = $userid") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or puke("Error MySQL: " . mysql_error()); $curenabled = $arr["enabled"]; $curclass = $arr["class"]; $curwarned = $arr["warned"]; $warnedtimes = $arr["warnedtimes"]; if (get_user_class() == UC_SYSOP) $modcomment = $_POST["modcomment"]; else $modcomment = $arr["modcomment"]; $chatpost = $_POST["chatpost"]; $updateset[] = "chatpost = " . sqlesc($chatpost); // User may not edit someone with same or higher class than himself!
if ($curclass >= get_user_class() || $class >= get_user_class()) puke('You cant not edit somewith higher class then yourself!... [Logged]');
if($uploadtoadd > 0) { if ($mpup == "plus") $newupload = $arr["uploaded"] + ($formatup == mb ? ($uploadtoadd * 1048576) : ($uploadtoadd * 1073741824)); else $newupload = $arr["uploaded"] - ($formatup == mb ? ($uploadtoadd * 1048576) : ($uploadtoadd * 1073741824)); if ($newupload < 0) newerr($tracker_lang['error'], "You want to take away the users upload ammount more than he has!"); $updateset[] = "uploaded = $newupload"; $modcomment = date("Y-m-d") . " - User $CURUSER[username] ".($mpup == "plus" ? "added " : "subtracted ").$uploadtoadd.($formatup == mb ? " MB" : " GB")." to deal.\n". $modcomment; }
if($downloadtoadd > 0) { if ($mpdown == "plus") $newdownload = $arr["downloaded"] + ($formatdown == mb ? ($downloadtoadd * 1048576) : ($downloadtoadd * 1073741824)); else $newdownload = $arr["downloaded"] - ($formatdown == mb ? ($downloadtoadd * 1048576) : ($downloadtoadd * 1073741824)); if ($newdownload < 0) newerr($tracker_lang['error'], "You want to take away the users download ammount more than he has!"); $updateset[] = "downloaded = $newdownload"; $modcomment = date("Y-m-d") . " - User $CURUSER[username] ".($mpdown == "plus" ? "added " : "subtracted ").$downloadtoadd.($formatdown == mb ? " MB" : " GB")." to deal.\n". $modcomment; }
if ($curclass != $class) { // Notify user $what = ($class > $curclass ? "promoted" : "demoted"); $msg = sqlesc("what you were up to \"" . get_user_class_name($class) . "\" user $CURUSER[username]."); $added = TIMENOW; $subject = sqlesc("what you were"); sql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__); $updateset[] = "class = $class"; $what = ($class > $curclass ? "Promoted" : "Demoted"); $modcomment = date("Y-m-d") . " - $what to class \"" . get_user_class_name($class) . "\" user $CURUSER[username].\n". $modcomment; }
if ($warned && $curwarned != $warned) { $updateset[] = "warned = " . sqlesc($warned); $updateset[] = "warneduntil = '0'"; $subject = sqlesc("Your warning shot"); if ($warned == 'no') { $modcomment = date("Y-m-d") . " - Withdrew user warning " . $CURUSER['username'] . ".\n". $modcomment; $msg = sqlesc("You widthrew users warning " . $CURUSER['username'] . "."); } $added = TIMENOW; sql_query("INSERT INTO ".TABLE_MESSAGES." (sender, receiver, msg, added, subject) VALUES (0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__); } elseif ($warnlength) { if (strlen($warnpm) == 0) newerr($tracker_lang['error'], "You need to specify the reason to give a warning!"); if ($warnlength == 255) { $modcomment = date("Y-m-d") . " - Warned User " . $CURUSER['username'] . ".\Reason: $warnpm\n" . $modcomment; $msg = sqlesc("You have been [url=rules.php#warning]Warning[/url] by $CURUSER[username]" . ($warnpm ? "\n\Reason: $warnpm" : "")); $updateset[] = "warneduntil = '0'"; } else { $warneduntil = get_date_time(gmtime() + $warnlength * 604800); $dur = $warnlength . " week" . ($warnlength > 1 ? "s" : ""); $msg = sqlesc("You have been [url=rules.php#warning]warned[/url] for $dur by " . $CURUSER['username'] . "." . ($warnpm ? "\n\nReason: $warnpm" : "")); $modcomment = gmdate("Y-m-d") . " - Warned for $dur by " . $CURUSER['username'] . ".\nReason: $warnpm.\n". $modcomment; $updateset[] = "warneduntil = '$warneduntil'"; } $added = TIMENOW; $subject = sqlesc("You got a warning"); sql_query("INSERT INTO ".TABLE_MESSAGES." (sender, receiver, msg, added, subject) VALUES (0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__); $updateset[] = "warned = 'yes'"; $updateset[] = "warnedtimes = warnedtimes + 1"; $to_ban = ( $warnedtimes >= $maxwarns ? 1 : 0 ); }
if ($enabled != $curenabled) { $modifier = (int) $CURUSER['id']; if ($enabled == 'yes') { $nowdate = TIMENOW; if (!isset($_POST["enareason"]) || empty($_POST["enareason"])) puke("Enter the reason why you enabled the user!"); $enareason = htmlspecialchars($_POST["enareason"]); $modcomment = date("Y-m-d") . " - Enabled By " . $CURUSER['username'] . ".\Reason: $enareason\n" . $modcomment; $mybb_unban = sql_query("SELECT uid FROM ".TABLE_PREFIX."banned WHERE uid = ".sqlesc($userid)); if (mysql_num_rows($mybb_unban) >= 1) sql_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid = ".sqlesc($userid)); sql_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '".MYBB_USER."' WHERE uid = ".sqlesc($userid)) or sqlerr(__FILE__,__LINE__); } else { $date = TIMENOW; $dateline = TIMENOW; if (!isset($_POST["disreason"]) || empty($_POST["disreason"])) puke("Enter the reason why you disabled the user!"); $disreason = htmlspecialchars($_POST["disreason"]); $modcomment = date("Y-m-d") . " - Disabled by " . $CURUSER['username'] . ".\Reason: $disreason\n" . $modcomment; $mybb_ban = sql_query("SELECT uid FROM ".TABLE_PREFIX."banned WHERE uid = ".sqlesc($userid)); if (mysql_num_rows($mybb_ban) == 0) { sql_query("INSERT INTO ".TABLE_PREFIX."banned (uid, gid, oldgroup, admin, dateline, bantime, lifted, reason) VALUES (".sqlesc($userid).", '0', '2', ".sqlesc($modifier).", $dateline, 'perm', '0', ".sqlesc($disreason).")") or sqlerr(__FILE__,__LINE__); } sql_query("UPDATE ".TABLE_PREFIX."users SET usergroup = '".MYBB_BANNED."' WHERE uid = ".sqlesc($userid)) or sqlerr(__FILE__,__LINE__); } }
$updateset[] = "enabled = " . sqlesc($enabled); if ($to_ban) { $updateset[] = "enabled = 'no'"; $modcomment = date("Y-m-d") . " - Disabled by System because achieving maximum warnings..\n" . $modcomment; } $updateset[] = "donor = " . sqlesc($donor); $updateset[] = "supportfor = " . sqlesc($supportfor); $updateset[] = "support = " . sqlesc($support); $updateset[] = "avatar = " . sqlesc($avatar); $updateset[] = "title = " . sqlesc($title); if (!empty($modcomm)) $modcomment = date("Y-m-d") . " - A note from $CURUSER[username]: $modcomm\n" . $modcomment; $updateset[] = "modcomment = " . sqlesc($modcomment); if ($_POST['resetkey']) { $passkey = md5($CURUSER['username'].TIMENOW.$CURUSER['passhash']); $updateset[] = "passkey = " . sqlesc($passkey); } sql_query("UPDATE users SET " . implode(", ", $updateset) . " $birthday WHERE id = $userid") or sqlerr(__FILE__, __LINE__); if (!empty($_POST["deluser"])) { $res=@sql_query("SELECT * FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__); $user = mysql_fetch_array($res); $username = $user["username"]; $email=$user["email"]; sql_query("DELETE FROM ".TABLE_USERS." WHERE id = $userid") or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM ".TABLE_PREFIX."users WHERE uid = $userid") or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid = $userid") or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE receiver = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_FRIENDS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_FRIENDS." WHERE friendid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_BLOCKS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_BLOCKS." WHERE blockid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_BOOKMARKS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_INVITES." WHERE inviter = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_PEERS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_READTORRENTS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_SIMPATY." WHERE fromuserid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_ADDEDREQUESTS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_CHECKCOMM." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_OFFERVOTES." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__); sql_query("DELETE FROM ".TABLE_SESSIONS." WHERE uid = $userid") or sqlerr(__FILE__,__LINE__); $deluserid=$CURUSER["username"]; write_log("User $username has been removed $deluserid"); barf(); } else { $returnto = htmlentities($_POST["returnto"]); header("Refresh: 0; url=$DEFAULTBASEURL/$returnto"); die; } } elseif ($action == "confirmuser") { $userid = $_POST["userid"]; $confirm = $_POST["confirm"]; if (!is_valid_id($userid)) newerr($tracker_lang['error'], $tracker_lang['invalid_id']); $updateset[] = "status = " . sqlesc($confirm); $updateset[] = "last_login = ".TIMENOW; $updateset[] = "last_access = ".TIMENOW; //print("UPDATE users SET " . implode(", ", $updateset) . " WHERE id=$userid"); sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE id = $userid") or sqlerr(__FILE__, __LINE__); $returnto = htmlentities($_POST["returnto"]);
header("Location: $DEFAULTBASEURL/$returnto"); } elseif ($_GET["action"] == "warn") { $id = 0 + $_GET["id"]; if ($CURUSER["id"] == $id) newerr($tracker_lang['error'], $tracker_lang['invalid_id']); $user = mysql_fetch_array(sql_query("SELECT warnedtimes FROM ".TABLE_USERS." WHERE id = $id")); if (!is_valid_id($id) || !$user) newerr($tracker_lang['error'], $tracker_lang['invalid_id']); $updateset = array(); $warn_type = ($_GET['warn'] == 'plus' ? 1 : 0); if ($warn_type) newerr($tracker_lang['error'], 'Please use lower panel for issuing warnings to the user.'); if ($user["warnedtimes"] == 0) newerr($tracker_lang['error'],"This user has no warnings!"); $modcomment = sqlesc(date("Y-m-d") . " - 1 warning removed from {$CURUSER["username"]}.\n"); $updateset[] = "modcomment = CONCAT($modcomment, modcomment)"; $updateset[] = "warned = 'no'"; $updateset[] = "warneduntil = '0'"; $updateset[] = "warnedtimes = warnedtimes - 1"; sql_query("UPDATE ".TABLE_USERS." SET ".implode(", ", $updateset)." WHERE id = $id") or sqlerr(__FILE__,__LINE__); header("Refresh: 1; userdetails.php?id=$id"); stdhead("Success"); stdmsg("Success", "One warning was successfully removed."); stdfoot(); die; }
puke();
?>
|