1<?php
2/**
3 * MyBB 1.8
4 * Copyright 2014 MyBB Group, All Rights Reserved
5 *
6 * Website: http://www.mybb.com
7 * License: http://www.mybb.com/about/license
8 *
9 */
10
11// Disallow direct access to this file for security reasons
12if(!defined("IN_MYBB"))
13{
14	die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
15}
16
17$page->add_breadcrumb_item($lang->banning, "index.php?module=user-banning");
18
19
20$sub_tabs['ips'] = array(
21	'title' => $lang->banned_ips,
22	'link' => "index.php?module=config-banning",
23);
24
25$sub_tabs['bans'] = array(
26	'title' => $lang->banned_accounts,
27	'link' => "index.php?module=user-banning",
28	'description' => $lang->banned_accounts_desc
29);
30
31$sub_tabs['usernames'] = array(
32	'title' => $lang->disallowed_usernames,
33	'link' => "index.php?module=config-banning&amp;type=usernames",
34);
35
36$sub_tabs['emails'] = array(
37	'title' => $lang->disallowed_email_addresses,
38	'link' => "index.php?module=config-banning&amp;type=emails",
39);
40
41// Fetch banned groups
42$query = $db->simple_select("usergroups", "gid,title", "isbannedgroup=1", array('order_by' => 'title'));
43$banned_groups = array();
44while($group = $db->fetch_array($query))
45{
46	$banned_groups[$group['gid']] = $group['title'];
47}
48
49// Fetch ban times
50$ban_times = fetch_ban_times();
51
52$plugins->run_hooks("admin_user_banning_begin");
53
54if($mybb->input['action'] == "prune")
55{
56	// User clicked no
57	if($mybb->get_input('no'))
58	{
59		admin_redirect("index.php?module=user-banning");
60	}
61
62	$query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
63	$ban = $db->fetch_array($query);
64
65	if(!$ban['uid'])
66	{
67		flash_message($lang->error_invalid_ban, 'error');
68		admin_redirect("index.php?module=user-banning");
69	}
70
71	$user = get_user($ban['uid']);
72
73	if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
74	{
75		flash_message($lang->cannot_perform_action_super_admin_general, 'error');
76		admin_redirect("index.php?module=user-banning");
77	}
78
79	$plugins->run_hooks("admin_user_banning_prune");
80
81	if($mybb->request_method == "post")
82	{
83		require_once MYBB_ROOT."inc/class_moderation.php";
84		$moderation = new Moderation();
85
86		$query = $db->simple_select("threads", "tid", "uid='{$user['uid']}'");
87		while($thread = $db->fetch_array($query))
88		{
89			$moderation->delete_thread($thread['tid']);
90		}
91
92		$query = $db->simple_select("posts", "pid", "uid='{$user['uid']}'");
93		while($post = $db->fetch_array($query))
94		{
95			$moderation->delete_post($post['pid']);
96		}
97
98		$plugins->run_hooks("admin_user_banning_prune_commit");
99
100		$cache->update_reportedcontent();
101
102		// Log admin action
103		log_admin_action($user['uid'], $user['username']);
104
105		flash_message($lang->success_pruned, 'success');
106		admin_redirect("index.php?module=user-banning");
107	}
108	else
109	{
110		$page->output_confirm_action("index.php?module=user-banning&amp;action=prune&amp;uid={$user['uid']}", $lang->confirm_prune);
111	}
112}
113
114if($mybb->input['action'] == "lift")
115{
116	// User clicked no
117	if($mybb->get_input('no'))
118	{
119		admin_redirect("index.php?module=user-banning");
120	}
121
122	$query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
123	$ban = $db->fetch_array($query);
124
125	if(!$ban['uid'])
126	{
127		flash_message($lang->error_invalid_ban, 'error');
128		admin_redirect("index.php?module=user-banning");
129	}
130
131	$user = get_user($ban['uid']);
132
133	if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid'])))
134	{
135		flash_message($lang->cannot_perform_action_super_admin_general, 'error');
136		admin_redirect("index.php?module=user-banning");
137	}
138
139	$plugins->run_hooks("admin_user_banning_lift");
140
141	if($mybb->request_method == "post")
142	{
143		$updated_group = array(
144			'usergroup' => $ban['oldgroup'],
145			'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']),
146			'displaygroup' => $ban['olddisplaygroup']
147		);
148		$db->delete_query("banned", "uid='{$ban['uid']}'");
149
150		$plugins->run_hooks("admin_user_banning_lift_commit");
151
152		$db->update_query("users", $updated_group, "uid='{$ban['uid']}'");
153
154		$cache->update_moderators();
155
156		// Log admin action
157		log_admin_action($ban['uid'], $user['username']);
158
159		flash_message($lang->success_ban_lifted, 'success');
160		admin_redirect("index.php?module=user-banning");
161	}
162	else
163	{
164		$page->output_confirm_action("index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}", $lang->confirm_lift_ban);
165	}
166}
167
168if($mybb->input['action'] == "edit")
169{
170	$query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'");
171	$ban = $db->fetch_array($query);
172
173	if(empty($ban['uid']))
174	{
175		flash_message($lang->error_invalid_ban, 'error');
176		admin_redirect("index.php?module=user-banning");
177	}
178
179	$user = get_user($ban['uid']);
180
181	$plugins->run_hooks("admin_user_banning_edit");
182
183	if($mybb->request_method == "post")
184	{
185		if(!$ban['uid'])
186		{
187			$errors[] = $lang->error_invalid_username;
188		}
189		// Is the user we're trying to ban a super admin and we're not?
190		else if(is_super_admin($ban['uid']) && !is_super_admin($ban['uid']))
191		{
192			$errors[] = $lang->error_no_perm_to_ban;
193		}
194
195		if($ban['uid'] == $mybb->user['uid'])
196		{
197			$errors[] = $lang->error_ban_self;
198		}
199
200		// No errors? Update
201		if(!$errors)
202		{
203			// Ban the user
204			if($mybb->input['bantime'] == '---')
205			{
206				$lifted = 0;
207			}
208			else
209			{
210				$lifted = ban_date2timestamp($mybb->input['bantime'], $ban['dateline']);
211			}
212
213			$reason = my_substr($mybb->input['reason'], 0, 255);
214
215			if(count($banned_groups) == 1)
216			{
217				$group = array_keys($banned_groups);
218				$mybb->input['usergroup'] = $group[0];
219			}
220
221			$update_array = array(
222				'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
223				'dateline' => TIME_NOW,
224				'bantime' => $db->escape_string($mybb->input['bantime']),
225				'lifted' => $db->escape_string($lifted),
226				'reason' => $db->escape_string($reason)
227			);
228
229			$db->update_query('banned', $update_array, "uid='{$ban['uid']}'");
230
231			// Move the user to the banned group
232			$update_array = array(
233				'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
234				'displaygroup' => 0,
235				'additionalgroups' => '',
236			);
237			$db->update_query('users', $update_array, "uid = {$ban['uid']}");
238
239			$plugins->run_hooks("admin_user_banning_edit_commit");
240
241			// Log admin action
242			log_admin_action($ban['uid'], $user['username']);
243
244			flash_message($lang->success_ban_updated, 'success');
245			admin_redirect("index.php?module=user-banning");
246		}
247	}
248	$page->add_breadcrumb_item($lang->edit_ban);
249	$page->output_header($lang->edit_ban);
250
251	$sub_tabs = array();
252	$sub_tabs['edit'] = array(
253		'title' => $lang->edit_ban,
254		'description' => $lang->edit_ban_desc
255	);
256	$page->output_nav_tabs($sub_tabs, "edit");
257
258	$form = new Form("index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}", "post");
259	if($errors)
260	{
261		$page->output_inline_error($errors);
262	}
263	else
264	{
265		$mybb->input = array_merge($mybb->input, $ban);
266	}
267
268	$form_container = new FormContainer($lang->edit_ban);
269	$form_container->output_row($lang->ban_username, "", htmlspecialchars_uni($user['username']));
270	$form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
271	if(count($banned_groups) > 1)
272	{
273		$form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
274	}
275
276	if($mybb->input['bantime'] == 'perm' || $mybb->input['bantime'] == '' || $mybb->input['lifted'] == 'perm' ||$mybb->input['lifted'] == '')
277	{
278		$mybb->input['bantime'] = '---';
279		$mybb->input['lifted'] = '---';
280	}
281
282	foreach($ban_times as $time => $period)
283	{
284		if($time != '---')
285		{
286			$friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
287			$period = "{$period} ({$friendly_time})";
288		}
289		$length_list[$time] = $period;
290	}
291	$form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
292
293	$form_container->end();
294
295	$buttons[] = $form->generate_submit_button($lang->update_ban);
296	$form->output_submit_wrapper($buttons);
297	$form->end();
298
299	$page->output_footer();
300}
301
302if(!$mybb->input['action'])
303{
304	$where_sql_full = $where_sql = '';
305
306	$plugins->run_hooks("admin_user_banning_start");
307
308	if($mybb->request_method == "post")
309	{
310		$options = array(
311			'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup')
312		);
313
314		$user = get_user_by_username($mybb->input['username'], $options);
315
316		// Are we searching a user?
317		if(is_array($user) && isset($mybb->input['search']))
318		{
319			$where_sql = 'uid=\''.(int)$user['uid'].'\'';
320			$where_sql_full = 'WHERE b.uid=\''.(int)$user['uid'].'\'';
321		}
322		else
323		{
324			if(empty($user['uid']))
325			{
326				$errors[] = $lang->error_invalid_username;
327			}
328			// Is the user we're trying to ban a super admin and we're not?
329			else if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid']))
330			{
331				$errors[] = $lang->error_no_perm_to_ban;
332			}
333			else
334			{
335				$query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'");
336				if($db->fetch_field($query, "uid"))
337				{
338					$errors[] = $lang->error_already_banned;
339				}
340
341				// Get PRIMARY usergroup information
342				$usergroups = $cache->read("usergroups");
343				if(!empty($usergroups[$user['usergroup']]) && $usergroups[$user['usergroup']]['isbannedgroup'] == 1)
344				{
345					$errors[] = $lang->error_already_banned;
346				}
347
348				if($user['uid'] == $mybb->user['uid'])
349				{
350					$errors[] = $lang->error_ban_self;
351				}
352			}
353
354			// No errors? Insert
355			if(!$errors)
356			{
357				// Ban the user
358				if($mybb->input['bantime'] == '---')
359				{
360					$lifted = 0;
361				}
362				else
363				{
364					$lifted = ban_date2timestamp($mybb->input['bantime']);
365				}
366
367				$reason = my_substr($mybb->input['reason'], 0, 255);
368
369				if(count($banned_groups) == 1)
370				{
371					$group = array_keys($banned_groups);
372					$mybb->input['usergroup'] = $group[0];
373				}
374
375				$insert_array = array(
376					'uid' => $user['uid'],
377					'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
378					'oldgroup' => $user['usergroup'],
379					'oldadditionalgroups' => $db->escape_string($user['additionalgroups']),
380					'olddisplaygroup' => $user['displaygroup'],
381					'admin' => (int)$mybb->user['uid'],
382					'dateline' => TIME_NOW,
383					'bantime' => $db->escape_string($mybb->input['bantime']),
384					'lifted' => $db->escape_string($lifted),
385					'reason' => $db->escape_string($reason)
386				);
387				$db->insert_query('banned', $insert_array);
388
389				// Move the user to the banned group
390				$update_array = array(
391					'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT),
392					'displaygroup' => 0,
393					'additionalgroups' => '',
394				);
395
396				$db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'");
397				$db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'");
398
399				$plugins->run_hooks("admin_user_banning_start_commit");
400
401				$db->update_query('users', $update_array, "uid = '{$user['uid']}'");
402
403				// Log admin action
404				log_admin_action($user['uid'], $user['username'], $lifted);
405
406				flash_message($lang->success_banned, 'success');
407				admin_redirect("index.php?module=user-banning");
408			}
409		}
410	}
411
412	$page->output_header($lang->banned_accounts);
413
414	$page->output_nav_tabs($sub_tabs, "bans");
415
416	$query = $db->simple_select("banned", "COUNT(*) AS ban_count", $where_sql);
417	$ban_count = $db->fetch_field($query, "ban_count");
418
419	$per_page = 20;
420
421	$mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT);
422	if($mybb->input['page'] > 0)
423	{
424		$current_page = $mybb->input['page'];
425		$start = ($current_page-1)*$per_page;
426		$pages = $ban_count / $per_page;
427		$pages = ceil($pages);
428		if($current_page > $pages)
429		{
430			$start = 0;
431			$current_page = 1;
432		}
433	}
434	else
435	{
436		$start = 0;
437		$current_page = 1;
438	}
439
440	$pagination = draw_admin_pagination($current_page, $per_page, $ban_count, "index.php?module=user-banning&amp;page={page}");
441
442	$form = new Form("index.php?module=user-banning", "post");
443	if($errors)
444	{
445		$page->output_inline_error($errors);
446	}
447
448	$mybb->input['username'] = $mybb->get_input('username');
449	$mybb->input['reason'] = $mybb->get_input('reason');
450	$mybb->input['bantime'] = $mybb->get_input('bantime');
451
452	if(isset($mybb->input['uid']) && empty($mybb->input['username']))
453	{
454		$user = get_user($mybb->input['uid']);
455		$mybb->input['username'] = $user['username'];
456	}
457
458	$form_container = new FormContainer($lang->ban_a_user);
459	$form_container->output_row($lang->ban_username, $lang->autocomplete_enabled, $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username');
460	$form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason');
461	if(count($banned_groups) > 1)
462	{
463		$form_container->output_row($lang->ban_group, $lang->add_ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup');
464	}
465	foreach($ban_times as $time => $period)
466	{
467		if($time != "---")
468		{
469			$friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time));
470			$period = "{$period} ({$friendly_time})";
471		}
472		$length_list[$time] = $period;
473	}
474	$form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime');
475
476	$form_container->end();
477
478	// Autocompletion for usernames
479	echo '
480	<link rel="stylesheet" href="../jscripts/select2/select2.css">
481	<script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script>
482	<script type="text/javascript">
483	<!--
484	$("#username").select2({
485		placeholder: "'.$lang->search_for_a_user.'",
486		minimumInputLength: 2,
487		multiple: false,
488		ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper
489			url: "../xmlhttp.php?action=get_users",
490			dataType: \'json\',
491			data: function (term, page) {
492				return {
493					query: term, // search term
494				};
495			},
496			results: function (data, page) { // parse the results into the format expected by Select2.
497				// since we are using custom formatting functions we do not need to alter remote JSON data
498				return {results: data};
499			}
500		},
501		initSelection: function(element, callback) {
502			var query = $(element).val();
503			if (query !== "") {
504				$.ajax("../xmlhttp.php?action=get_users&getone=1", {
505					data: {
506						query: query
507					},
508					dataType: "json"
509				}).done(function(data) { callback(data); });
510			}
511		},
512	});
513
514  	$(\'[for=username]\').on(\'click\', function(){
515		$("#username").select2(\'open\');
516		return false;
517	});
518	// -->
519	</script>';
520
521	$buttons[] = $form->generate_submit_button($lang->ban_user);
522	$buttons[] = $form->generate_submit_button($lang->search_for_a_user, array('name' => 'search'));
523	$form->output_submit_wrapper($buttons);
524	$form->end();
525
526	echo '<br />';
527
528	$table = new Table;
529	$table->construct_header($lang->user);
530	$table->construct_header($lang->ban_lifts_on, array("class" => "align_center", "width" => 150));
531	$table->construct_header($lang->time_left, array("class" => "align_center", "width" => 150));
532	$table->construct_header($lang->controls, array("class" => "align_center", "colspan" => 2, "width" => 200));
533	$table->construct_header($lang->moderation, array("class" => "align_center", "colspan" => 1, "width" => 200));
534
535	// Fetch bans
536	$query = $db->query("
537		SELECT b.*, a.username AS adminuser, u.username
538		FROM ".TABLE_PREFIX."banned b
539		LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid)
540		LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid)
541		{$where_sql_full}
542		ORDER BY dateline DESC
543		LIMIT {$start}, {$per_page}
544	");
545
546	// Get the banned users
547	while($ban = $db->fetch_array($query))
548	{
549		$profile_link = build_profile_link(htmlspecialchars_uni($ban['username']), $ban['uid'], "_blank");
550		$ban_date = my_date($mybb->settings['dateformat'], $ban['dateline']);
551		if($ban['lifted'] == 'perm' || $ban['lifted'] == '' || $ban['bantime'] == 'perm' || $ban['bantime'] == '---')
552		{
553			$ban_period = $lang->permenantly;
554			$time_remaining = $lifts_on = $lang->na;
555		}
556		else
557		{
558			$ban_period = $lang->for." ".$ban_times[$ban['bantime']];
559
560			$remaining = $ban['lifted']-TIME_NOW;
561			$time_remaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
562
563			if($remaining < 3600)
564			{
565				$time_remaining = "<span style=\"color: red;\">{$time_remaining}</span>";
566			}
567			else if($remaining < 86400)
568			{
569				$time_remaining = "<span style=\"color: maroon;\">{$time_remaining}</span>";
570			}
571			else if($remaining < 604800)
572			{
573				$time_remaining = "<span style=\"color: green;\">{$time_remaining}</span>";
574			}
575
576			$lifts_on = my_date($mybb->settings['dateformat'], $ban['lifted']);
577		}
578
579		if(!$ban['adminuser'])
580		{
581			if($ban['admin'] == 0)
582			{
583				$ban['adminuser'] = $lang->mybb_engine;
584			}
585			else
586			{
587				$ban['adminuser'] = $ban['admin'];
588			}
589		}
590
591		$table->construct_cell($lang->sprintf($lang->bannedby_x_on_x, $profile_link, htmlspecialchars_uni($ban['adminuser']), $ban_date, $ban_period));
592		$table->construct_cell($lifts_on, array("class" => "align_center"));
593		$table->construct_cell($time_remaining, array("class" => "align_center"));
594		$table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=edit&amp;uid={$ban['uid']}\">{$lang->edit}</a>", array("class" => "align_center"));
595		$table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=lift&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_lift_ban}');\">{$lang->lift}</a>", array("class" => "align_center"));
596		$table->construct_cell("<a href=\"index.php?module=user-banning&amp;action=prune&amp;uid={$ban['uid']}&amp;my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_prune}');\">{$lang->prune_threads_and_posts}</a>", array("class" => "align_center"));
597		$table->construct_row();
598	}
599
600	if($table->num_rows() == 0)
601	{
602		$table->construct_cell($lang->no_banned_users, array("colspan" => "6"));
603		$table->construct_row();
604	}
605	$table->output($lang->banned_accounts);
606	echo $pagination;
607
608	$page->output_footer();
609}
610