1<?php 2/** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11// Disallow direct access to this file for security reasons 12if(!defined("IN_MYBB")) 13{ 14 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 15} 16 17$page->add_breadcrumb_item($lang->banning, "index.php?module=user-banning"); 18 19 20$sub_tabs['ips'] = array( 21 'title' => $lang->banned_ips, 22 'link' => "index.php?module=config-banning", 23); 24 25$sub_tabs['bans'] = array( 26 'title' => $lang->banned_accounts, 27 'link' => "index.php?module=user-banning", 28 'description' => $lang->banned_accounts_desc 29); 30 31$sub_tabs['usernames'] = array( 32 'title' => $lang->disallowed_usernames, 33 'link' => "index.php?module=config-banning&type=usernames", 34); 35 36$sub_tabs['emails'] = array( 37 'title' => $lang->disallowed_email_addresses, 38 'link' => "index.php?module=config-banning&type=emails", 39); 40 41// Fetch banned groups 42$query = $db->simple_select("usergroups", "gid,title", "isbannedgroup=1", array('order_by' => 'title')); 43$banned_groups = array(); 44while($group = $db->fetch_array($query)) 45{ 46 $banned_groups[$group['gid']] = $group['title']; 47} 48 49// Fetch ban times 50$ban_times = fetch_ban_times(); 51 52$plugins->run_hooks("admin_user_banning_begin"); 53 54if($mybb->input['action'] == "prune") 55{ 56 // User clicked no 57 if($mybb->get_input('no')) 58 { 59 admin_redirect("index.php?module=user-banning"); 60 } 61 62 $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 63 $ban = $db->fetch_array($query); 64 65 if(!$ban['uid']) 66 { 67 flash_message($lang->error_invalid_ban, 'error'); 68 admin_redirect("index.php?module=user-banning"); 69 } 70 71 $user = get_user($ban['uid']); 72 73 if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid']))) 74 { 75 flash_message($lang->cannot_perform_action_super_admin_general, 'error'); 76 admin_redirect("index.php?module=user-banning"); 77 } 78 79 $plugins->run_hooks("admin_user_banning_prune"); 80 81 if($mybb->request_method == "post") 82 { 83 require_once MYBB_ROOT."inc/class_moderation.php"; 84 $moderation = new Moderation(); 85 86 $query = $db->simple_select("threads", "tid", "uid='{$user['uid']}'"); 87 while($thread = $db->fetch_array($query)) 88 { 89 $moderation->delete_thread($thread['tid']); 90 } 91 92 $query = $db->simple_select("posts", "pid", "uid='{$user['uid']}'"); 93 while($post = $db->fetch_array($query)) 94 { 95 $moderation->delete_post($post['pid']); 96 } 97 98 $plugins->run_hooks("admin_user_banning_prune_commit"); 99 100 $cache->update_reportedcontent(); 101 102 // Log admin action 103 log_admin_action($user['uid'], $user['username']); 104 105 flash_message($lang->success_pruned, 'success'); 106 admin_redirect("index.php?module=user-banning"); 107 } 108 else 109 { 110 $page->output_confirm_action("index.php?module=user-banning&action=prune&uid={$user['uid']}", $lang->confirm_prune); 111 } 112} 113 114if($mybb->input['action'] == "lift") 115{ 116 // User clicked no 117 if($mybb->get_input('no')) 118 { 119 admin_redirect("index.php?module=user-banning"); 120 } 121 122 $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 123 $ban = $db->fetch_array($query); 124 125 if(!$ban['uid']) 126 { 127 flash_message($lang->error_invalid_ban, 'error'); 128 admin_redirect("index.php?module=user-banning"); 129 } 130 131 $user = get_user($ban['uid']); 132 133 if(is_super_admin($user['uid']) && ($mybb->user['uid'] != $user['uid'] && !is_super_admin($mybb->user['uid']))) 134 { 135 flash_message($lang->cannot_perform_action_super_admin_general, 'error'); 136 admin_redirect("index.php?module=user-banning"); 137 } 138 139 $plugins->run_hooks("admin_user_banning_lift"); 140 141 if($mybb->request_method == "post") 142 { 143 $updated_group = array( 144 'usergroup' => $ban['oldgroup'], 145 'additionalgroups' => $db->escape_string($ban['oldadditionalgroups']), 146 'displaygroup' => $ban['olddisplaygroup'] 147 ); 148 $db->delete_query("banned", "uid='{$ban['uid']}'"); 149 150 $plugins->run_hooks("admin_user_banning_lift_commit"); 151 152 $db->update_query("users", $updated_group, "uid='{$ban['uid']}'"); 153 154 $cache->update_moderators(); 155 156 // Log admin action 157 log_admin_action($ban['uid'], $user['username']); 158 159 flash_message($lang->success_ban_lifted, 'success'); 160 admin_redirect("index.php?module=user-banning"); 161 } 162 else 163 { 164 $page->output_confirm_action("index.php?module=user-banning&action=lift&uid={$ban['uid']}", $lang->confirm_lift_ban); 165 } 166} 167 168if($mybb->input['action'] == "edit") 169{ 170 $query = $db->simple_select("banned", "*", "uid='{$mybb->input['uid']}'"); 171 $ban = $db->fetch_array($query); 172 173 if(empty($ban['uid'])) 174 { 175 flash_message($lang->error_invalid_ban, 'error'); 176 admin_redirect("index.php?module=user-banning"); 177 } 178 179 $user = get_user($ban['uid']); 180 181 $plugins->run_hooks("admin_user_banning_edit"); 182 183 if($mybb->request_method == "post") 184 { 185 if(!$ban['uid']) 186 { 187 $errors[] = $lang->error_invalid_username; 188 } 189 // Is the user we're trying to ban a super admin and we're not? 190 else if(is_super_admin($ban['uid']) && !is_super_admin($ban['uid'])) 191 { 192 $errors[] = $lang->error_no_perm_to_ban; 193 } 194 195 if($ban['uid'] == $mybb->user['uid']) 196 { 197 $errors[] = $lang->error_ban_self; 198 } 199 200 // No errors? Update 201 if(!$errors) 202 { 203 // Ban the user 204 if($mybb->input['bantime'] == '---') 205 { 206 $lifted = 0; 207 } 208 else 209 { 210 $lifted = ban_date2timestamp($mybb->input['bantime'], $ban['dateline']); 211 } 212 213 $reason = my_substr($mybb->input['reason'], 0, 255); 214 215 if(count($banned_groups) == 1) 216 { 217 $group = array_keys($banned_groups); 218 $mybb->input['usergroup'] = $group[0]; 219 } 220 221 $update_array = array( 222 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 223 'dateline' => TIME_NOW, 224 'bantime' => $db->escape_string($mybb->input['bantime']), 225 'lifted' => $db->escape_string($lifted), 226 'reason' => $db->escape_string($reason) 227 ); 228 229 $db->update_query('banned', $update_array, "uid='{$ban['uid']}'"); 230 231 // Move the user to the banned group 232 $update_array = array( 233 'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 234 'displaygroup' => 0, 235 'additionalgroups' => '', 236 ); 237 $db->update_query('users', $update_array, "uid = {$ban['uid']}"); 238 239 $plugins->run_hooks("admin_user_banning_edit_commit"); 240 241 // Log admin action 242 log_admin_action($ban['uid'], $user['username']); 243 244 flash_message($lang->success_ban_updated, 'success'); 245 admin_redirect("index.php?module=user-banning"); 246 } 247 } 248 $page->add_breadcrumb_item($lang->edit_ban); 249 $page->output_header($lang->edit_ban); 250 251 $sub_tabs = array(); 252 $sub_tabs['edit'] = array( 253 'title' => $lang->edit_ban, 254 'description' => $lang->edit_ban_desc 255 ); 256 $page->output_nav_tabs($sub_tabs, "edit"); 257 258 $form = new Form("index.php?module=user-banning&action=edit&uid={$ban['uid']}", "post"); 259 if($errors) 260 { 261 $page->output_inline_error($errors); 262 } 263 else 264 { 265 $mybb->input = array_merge($mybb->input, $ban); 266 } 267 268 $form_container = new FormContainer($lang->edit_ban); 269 $form_container->output_row($lang->ban_username, "", htmlspecialchars_uni($user['username'])); 270 $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason'); 271 if(count($banned_groups) > 1) 272 { 273 $form_container->output_row($lang->ban_group, $lang->ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 274 } 275 276 if($mybb->input['bantime'] == 'perm' || $mybb->input['bantime'] == '' || $mybb->input['lifted'] == 'perm' ||$mybb->input['lifted'] == '') 277 { 278 $mybb->input['bantime'] = '---'; 279 $mybb->input['lifted'] = '---'; 280 } 281 282 foreach($ban_times as $time => $period) 283 { 284 if($time != '---') 285 { 286 $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time)); 287 $period = "{$period} ({$friendly_time})"; 288 } 289 $length_list[$time] = $period; 290 } 291 $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime'); 292 293 $form_container->end(); 294 295 $buttons[] = $form->generate_submit_button($lang->update_ban); 296 $form->output_submit_wrapper($buttons); 297 $form->end(); 298 299 $page->output_footer(); 300} 301 302if(!$mybb->input['action']) 303{ 304 $where_sql_full = $where_sql = ''; 305 306 $plugins->run_hooks("admin_user_banning_start"); 307 308 if($mybb->request_method == "post") 309 { 310 $options = array( 311 'fields' => array('username', 'usergroup', 'additionalgroups', 'displaygroup') 312 ); 313 314 $user = get_user_by_username($mybb->input['username'], $options); 315 316 // Are we searching a user? 317 if(is_array($user) && isset($mybb->input['search'])) 318 { 319 $where_sql = 'uid=\''.(int)$user['uid'].'\''; 320 $where_sql_full = 'WHERE b.uid=\''.(int)$user['uid'].'\''; 321 } 322 else 323 { 324 if(empty($user['uid'])) 325 { 326 $errors[] = $lang->error_invalid_username; 327 } 328 // Is the user we're trying to ban a super admin and we're not? 329 else if(is_super_admin($user['uid']) && !is_super_admin($mybb->user['uid'])) 330 { 331 $errors[] = $lang->error_no_perm_to_ban; 332 } 333 else 334 { 335 $query = $db->simple_select("banned", "uid", "uid='{$user['uid']}'"); 336 if($db->fetch_field($query, "uid")) 337 { 338 $errors[] = $lang->error_already_banned; 339 } 340 341 // Get PRIMARY usergroup information 342 $usergroups = $cache->read("usergroups"); 343 if(!empty($usergroups[$user['usergroup']]) && $usergroups[$user['usergroup']]['isbannedgroup'] == 1) 344 { 345 $errors[] = $lang->error_already_banned; 346 } 347 348 if($user['uid'] == $mybb->user['uid']) 349 { 350 $errors[] = $lang->error_ban_self; 351 } 352 } 353 354 // No errors? Insert 355 if(!$errors) 356 { 357 // Ban the user 358 if($mybb->input['bantime'] == '---') 359 { 360 $lifted = 0; 361 } 362 else 363 { 364 $lifted = ban_date2timestamp($mybb->input['bantime']); 365 } 366 367 $reason = my_substr($mybb->input['reason'], 0, 255); 368 369 if(count($banned_groups) == 1) 370 { 371 $group = array_keys($banned_groups); 372 $mybb->input['usergroup'] = $group[0]; 373 } 374 375 $insert_array = array( 376 'uid' => $user['uid'], 377 'gid' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 378 'oldgroup' => $user['usergroup'], 379 'oldadditionalgroups' => $db->escape_string($user['additionalgroups']), 380 'olddisplaygroup' => $user['displaygroup'], 381 'admin' => (int)$mybb->user['uid'], 382 'dateline' => TIME_NOW, 383 'bantime' => $db->escape_string($mybb->input['bantime']), 384 'lifted' => $db->escape_string($lifted), 385 'reason' => $db->escape_string($reason) 386 ); 387 $db->insert_query('banned', $insert_array); 388 389 // Move the user to the banned group 390 $update_array = array( 391 'usergroup' => $mybb->get_input('usergroup', MyBB::INPUT_INT), 392 'displaygroup' => 0, 393 'additionalgroups' => '', 394 ); 395 396 $db->delete_query("forumsubscriptions", "uid = '{$user['uid']}'"); 397 $db->delete_query("threadsubscriptions", "uid = '{$user['uid']}'"); 398 399 $plugins->run_hooks("admin_user_banning_start_commit"); 400 401 $db->update_query('users', $update_array, "uid = '{$user['uid']}'"); 402 403 // Log admin action 404 log_admin_action($user['uid'], $user['username'], $lifted); 405 406 flash_message($lang->success_banned, 'success'); 407 admin_redirect("index.php?module=user-banning"); 408 } 409 } 410 } 411 412 $page->output_header($lang->banned_accounts); 413 414 $page->output_nav_tabs($sub_tabs, "bans"); 415 416 $query = $db->simple_select("banned", "COUNT(*) AS ban_count", $where_sql); 417 $ban_count = $db->fetch_field($query, "ban_count"); 418 419 $per_page = 20; 420 421 $mybb->input['page'] = $mybb->get_input('page', MyBB::INPUT_INT); 422 if($mybb->input['page'] > 0) 423 { 424 $current_page = $mybb->input['page']; 425 $start = ($current_page-1)*$per_page; 426 $pages = $ban_count / $per_page; 427 $pages = ceil($pages); 428 if($current_page > $pages) 429 { 430 $start = 0; 431 $current_page = 1; 432 } 433 } 434 else 435 { 436 $start = 0; 437 $current_page = 1; 438 } 439 440 $pagination = draw_admin_pagination($current_page, $per_page, $ban_count, "index.php?module=user-banning&page={page}"); 441 442 $form = new Form("index.php?module=user-banning", "post"); 443 if($errors) 444 { 445 $page->output_inline_error($errors); 446 } 447 448 $mybb->input['username'] = $mybb->get_input('username'); 449 $mybb->input['reason'] = $mybb->get_input('reason'); 450 $mybb->input['bantime'] = $mybb->get_input('bantime'); 451 452 if(isset($mybb->input['uid']) && empty($mybb->input['username'])) 453 { 454 $user = get_user($mybb->input['uid']); 455 $mybb->input['username'] = $user['username']; 456 } 457 458 $form_container = new FormContainer($lang->ban_a_user); 459 $form_container->output_row($lang->ban_username, $lang->autocomplete_enabled, $form->generate_text_box('username', $mybb->input['username'], array('id' => 'username')), 'username'); 460 $form_container->output_row($lang->ban_reason, "", $form->generate_text_area('reason', $mybb->input['reason'], array('id' => 'reason', 'maxlength' => '255')), 'reason'); 461 if(count($banned_groups) > 1) 462 { 463 $form_container->output_row($lang->ban_group, $lang->add_ban_group_desc, $form->generate_select_box('usergroup', $banned_groups, $mybb->input['usergroup'], array('id' => 'usergroup')), 'usergroup'); 464 } 465 foreach($ban_times as $time => $period) 466 { 467 if($time != "---") 468 { 469 $friendly_time = my_date("D, jS M Y @ {$mybb->settings['timeformat']}", ban_date2timestamp($time)); 470 $period = "{$period} ({$friendly_time})"; 471 } 472 $length_list[$time] = $period; 473 } 474 $form_container->output_row($lang->ban_time, "", $form->generate_select_box('bantime', $length_list, $mybb->input['bantime'], array('id' => 'bantime')), 'bantime'); 475 476 $form_container->end(); 477 478 // Autocompletion for usernames 479 echo ' 480 <link rel="stylesheet" href="../jscripts/select2/select2.css"> 481 <script type="text/javascript" src="../jscripts/select2/select2.min.js?ver=1804"></script> 482 <script type="text/javascript"> 483 <!-- 484 $("#username").select2({ 485 placeholder: "'.$lang->search_for_a_user.'", 486 minimumInputLength: 2, 487 multiple: false, 488 ajax: { // instead of writing the function to execute the request we use Select2\'s convenient helper 489 url: "../xmlhttp.php?action=get_users", 490 dataType: \'json\', 491 data: function (term, page) { 492 return { 493 query: term, // search term 494 }; 495 }, 496 results: function (data, page) { // parse the results into the format expected by Select2. 497 // since we are using custom formatting functions we do not need to alter remote JSON data 498 return {results: data}; 499 } 500 }, 501 initSelection: function(element, callback) { 502 var query = $(element).val(); 503 if (query !== "") { 504 $.ajax("../xmlhttp.php?action=get_users&getone=1", { 505 data: { 506 query: query 507 }, 508 dataType: "json" 509 }).done(function(data) { callback(data); }); 510 } 511 }, 512 }); 513 514 $(\'[for=username]\').on(\'click\', function(){ 515 $("#username").select2(\'open\'); 516 return false; 517 }); 518 // --> 519 </script>'; 520 521 $buttons[] = $form->generate_submit_button($lang->ban_user); 522 $buttons[] = $form->generate_submit_button($lang->search_for_a_user, array('name' => 'search')); 523 $form->output_submit_wrapper($buttons); 524 $form->end(); 525 526 echo '<br />'; 527 528 $table = new Table; 529 $table->construct_header($lang->user); 530 $table->construct_header($lang->ban_lifts_on, array("class" => "align_center", "width" => 150)); 531 $table->construct_header($lang->time_left, array("class" => "align_center", "width" => 150)); 532 $table->construct_header($lang->controls, array("class" => "align_center", "colspan" => 2, "width" => 200)); 533 $table->construct_header($lang->moderation, array("class" => "align_center", "colspan" => 1, "width" => 200)); 534 535 // Fetch bans 536 $query = $db->query(" 537 SELECT b.*, a.username AS adminuser, u.username 538 FROM ".TABLE_PREFIX."banned b 539 LEFT JOIN ".TABLE_PREFIX."users u ON (b.uid=u.uid) 540 LEFT JOIN ".TABLE_PREFIX."users a ON (b.admin=a.uid) 541 {$where_sql_full} 542 ORDER BY dateline DESC 543 LIMIT {$start}, {$per_page} 544 "); 545 546 // Get the banned users 547 while($ban = $db->fetch_array($query)) 548 { 549 $profile_link = build_profile_link(htmlspecialchars_uni($ban['username']), $ban['uid'], "_blank"); 550 $ban_date = my_date($mybb->settings['dateformat'], $ban['dateline']); 551 if($ban['lifted'] == 'perm' || $ban['lifted'] == '' || $ban['bantime'] == 'perm' || $ban['bantime'] == '---') 552 { 553 $ban_period = $lang->permenantly; 554 $time_remaining = $lifts_on = $lang->na; 555 } 556 else 557 { 558 $ban_period = $lang->for." ".$ban_times[$ban['bantime']]; 559 560 $remaining = $ban['lifted']-TIME_NOW; 561 $time_remaining = nice_time($remaining, array('short' => 1, 'seconds' => false)).""; 562 563 if($remaining < 3600) 564 { 565 $time_remaining = "<span style=\"color: red;\">{$time_remaining}</span>"; 566 } 567 else if($remaining < 86400) 568 { 569 $time_remaining = "<span style=\"color: maroon;\">{$time_remaining}</span>"; 570 } 571 else if($remaining < 604800) 572 { 573 $time_remaining = "<span style=\"color: green;\">{$time_remaining}</span>"; 574 } 575 576 $lifts_on = my_date($mybb->settings['dateformat'], $ban['lifted']); 577 } 578 579 if(!$ban['adminuser']) 580 { 581 if($ban['admin'] == 0) 582 { 583 $ban['adminuser'] = $lang->mybb_engine; 584 } 585 else 586 { 587 $ban['adminuser'] = $ban['admin']; 588 } 589 } 590 591 $table->construct_cell($lang->sprintf($lang->bannedby_x_on_x, $profile_link, htmlspecialchars_uni($ban['adminuser']), $ban_date, $ban_period)); 592 $table->construct_cell($lifts_on, array("class" => "align_center")); 593 $table->construct_cell($time_remaining, array("class" => "align_center")); 594 $table->construct_cell("<a href=\"index.php?module=user-banning&action=edit&uid={$ban['uid']}\">{$lang->edit}</a>", array("class" => "align_center")); 595 $table->construct_cell("<a href=\"index.php?module=user-banning&action=lift&uid={$ban['uid']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_lift_ban}');\">{$lang->lift}</a>", array("class" => "align_center")); 596 $table->construct_cell("<a href=\"index.php?module=user-banning&action=prune&uid={$ban['uid']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->confirm_prune}');\">{$lang->prune_threads_and_posts}</a>", array("class" => "align_center")); 597 $table->construct_row(); 598 } 599 600 if($table->num_rows() == 0) 601 { 602 $table->construct_cell($lang->no_banned_users, array("colspan" => "6")); 603 $table->construct_row(); 604 } 605 $table->output($lang->banned_accounts); 606 echo $pagination; 607 608 $page->output_footer(); 609} 610