function processNormal($id, $action)
{
global $user, $table;
$my = (int) $id == (int) $user->id;
if (!$my && !$user->isAdmin()) {
invalid();
}
if ($action == 'comment') {
$comment = get($_POST, 'comment');
if (strlen($comment) > 10000) {
$comment = substr($comment, 0, 10000);
}
query("update {$table['user']} set comment = ? where id = ?", $comment, $id);
} else {
if ($action == 'password') {
if (!$my) {
invalid();
}
$oldp = md5(get($_POST, 'oldp'));
$newp = md5(get($_POST, 'newp'));
$q = query("update {$table['user']} set password = ? where id = ? and password = ?", $newp, $id, $oldp);
if (!$q->num_rows) {
error(2);
}
} else {
if (!$user->isAdmin()) {
invalid();
}
if ($action == 'admin_comment') {
$comment = get($_POST, 'admin_comment');
query("update {$table['user']} set admin_comment = ? where id = ?", $comment, $id);
} else {
if ($action == 'ban') {
$ban_date = strtotime(get($_POST, 'ban_date'));
if (!$ban_date || $ban_date <= time()) {
error(3);
}
$revert = get($_POST, 'ban_revert_all') == '1';
$ban_ips = get($_POST, 'ban_ips') == '1';
$ban_reason = get($_POST, 'ban_reason');
query("update {$table['user']} set ban_date = from_unixtime(?), banned_by = ?, ban_reason = ? where id = ?", $ban_date, $user->id, $ban_reason, $id);
if ($revert && !$ban_ips) {
revertUserChanges("main.user_id = '{$id}'", $ban_reason);
}
if ($ban_ips) {
$q = query("select distinct user_ip from translation where user_id = ?", $id);
$ips = $q->fetchAll();
foreach ($ips as $ip) {
banIp($ip[0], $ban_date, $ban_reason, $revert, false);
}
}
} else {
if ($action == 'unban') {
$unban_reason = get($_POST, 'ban_reason');
query("update {$table['user']} set ban_date = from_unixtime(1), banned_by = ?, ban_reason = ? where id = ?", $user->id, $unban_reason, $id);
} else {
if ($action == 'promote') {
query("update {$table['user']} set role = 'admin' where id = ? and id != 1", $id);
} else {
if ($action == 'demote') {
query("update {$table['user']} set role = 'user' where id = ? and id != 1", $id);
} else {
invalid();
}
}
}
}
}
}
}
}
avert('Le message ne peut pas être vide !');
}
}
$req_sujet = $connexion->prepare('SELECT * FROM sujets WHERE id = ' . $_GET['id']);
$req_sujet->execute();
$don_sujet = $req_sujet->fetch(PDO::FETCH_OBJ);
if ($_GET['action'] == 'ban' and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) {
$reponse = ban($_GET['banId'], $_GET['token'], $connexion);
if ($reponse) {
info('Le membre a bien été banni !');
} else {
avert('Une erreur s\'est produite !');
}
}
if ($_GET['action'] == 'banIp' and isset($_GET['banIp']) and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) {
$reponse = banIp($_GET['banIp'], $_GET['banId'], $_GET['token'], $connexion);
if ($reponse) {
info('Le membre a bien été banni !');
} else {
avert('Une erreur s\'est produite !');
}
}
if ($_GET['action'] == 'listeNoire' and isset($_GET['listeNoireIp']) and isset($_GET['listeNoireId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] == 90) {
$reponse = listeNoire($_GET['listeNoireIp'], $_GET['listeNoirId'], $_GET['token'], $connexion);
if ($reponse) {
info('Le membre a bien été blacklisté !');
} else {
avert('Une erreur s\'est produite !');
}
}
if ($_GET['action'] == 'epingler' and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 50) {
