<?php require_once "models/config.php"; if (!isUserLoggedIn()) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die; } if (!isUserMod($id) and !isUserAdmin($id)) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die; } $account = $loggedInUser->display_username; ?> <h1>Ban A user from chat</h1> <form action="" name="banform" method="POST"> <input type="text" name="ban" class="field" /> <input type="submit" value="ban" class="blues" /> </form> <?php if (isset($_POST["ban"])) { $banby = $account; $username = mysql_real_escape_string(strip_tags($_POST["ban"])); mysql_query("UPDATE userCake_Users SET `ChatBanned`='1' WHERE `Username`='{$username}'"); mysql_query("UPDATE userCake_Users SET `BannedBy`='{$banby}' WHERE `Username`='{$username}'"); $message_sys = mysql_real_escape_string(strip_tags("" . $username . " was banned from chat.")); $color_sys = mysql_real_escape_string(strip_tags("#FF0000")); $user_sys = mysql_real_escape_string(strip_tags("system")); mysql_query("INSERT INTO messages (color, username, message) VALUES ('{$color_sys}','{$user_sys}','{$message_sys}')"); } if (isset($_GET["unban"])) { $username = mysql_real_escape_string(strip_tags($_GET["unban"]));
<?php $id = $loggedInUser->user_id; $account = $loggedInUser->display_username; if(!isUserLoggedIn()){ echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; } if(isUserAdmin($id) === true) { echo "<h2>Welcome Admin</h2>"; $sql = mysql_query("SELECT * FROM Tickets"); } if(isUserMod($id) === true) { echo "<h2>Welcome Moderator</h2>"; $sql = mysql_query("SELECT * FROM Tickets"); } if(isUserNormal($id)){ echo "<h2>How may I help you today, <b>".$account."</b> ?</h2>"; echo " <ul class='flatflipbuttons'> <li style='width: 200px !important;' class='square'><a href='index.php?page=newticket'><span>Get Support</span></a></li> </ul> </br>"; $sql = mysql_query("SELECT * FROM Tickets WHERE `user_id`='$id'"); } $num = mysql_num_rows($sql); ?> <div id="page">
<?php require_once 'models/config.php'; include 'models/chat.config.php'; //___ $id = $loggedInUser->user_id; $username = $loggedInUser->display_username; //___ if (isUserCBanned($id)) { die; } else { if (isUserAdmin($id)) { $color = "#0404B4"; } else { if (isUserMod($id)) { $color = "#B43104"; } else { $color = "#000000"; } } $color_ = $db->real_escape_string(htmlentities($color)); $user = $db->real_escape_string(htmlentities($username)); $message = $db->real_escape_string(strip_tags($_POST['message'], '<a>')); $timestamp = $db->real_escape_string(gettime()); $db->Query("INSERT INTO messages (color, username, message, timestamp) VALUES ('{$color_}','{$user}','{$message}','{$timestamp}')"); }
<?php if(!isUserLoggedIn()) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die(); } $id = @mysql_real_escape_string($_GET["id"]); $sql = @mysql_query("SELECT * FROM Tickets WHERE `id`=$id"); $owner = @mysql_result($sql, 0, "user_id"); if ($loggedInUser->user_id == $owner OR isUserAdmin($loggedInUser->user_id) OR isUserMod($loggedInUser->user_id)) { if (isset($_GET["action"])) { if ($_GET["action"] == "closev") { echo "<h3>Are you sure?</h3><br \><a href=\"index.php?page=viewticket&action=closey&id=" . $id . "\"><input type=\"submit\" class=\"blues\" value=\"Yes\"/></a><br /><a href=\"index.php?page=viewticket&id=$id\"><input type=\"submit\" class=\"blues\" value=\"No\"/></a><br />"; } if ($_GET["action"] == "closey") { mysql_query("UPDATE Tickets SET opened=0 WHERE `id`='$id'"); echo "Your ticket has been closed."; echo '<meta http-equiv="refresh" content="0; URL=index.php?page=support">'; } if ($_GET["action"] == "open") { mysql_query("UPDATE Tickets SET opened=1 WHERE `id`='$id'"); echo "Your ticket has been reopened."; echo '<meta http-equiv="refresh" content="0; URL=index.php?page=support">'; } } else { $subject = mysql_result($sql, 0, "subject"); if (isset($_POST["post"])) { $post = mysql_real_escape_string(strip_tags($_POST["post"])); $uid = $loggedInUser->user_id;
if (!isUserMod($idaa) and !isUserAdmin($idaa)) { $color = htmlentities($value['color']); $user = htmlentities($value['username']); $msg = htmlentities($value['message']); echo "<li id='msg_row'><b id='u_name_chat' style='color: " . $color . ";'>" . $user . "</b>: " . $msg . "</li>"; } else { $color = htmlentities($value['color']); $user = htmlentities($value['username']); $msg = htmlentities($value['message']); $todelete = $db->real_escape_string($value['id']); echo "<li id='msg_row'><b id='u_name_chat' style='color: " . $color . ";'>" . $user . "</b>: " . $msg . "<a color='blue' href='#' rel=" . $todelete . " class='delete' onClick='deleteChat(this);'>delete</a></li>"; } } ?> <script> <?php if (isUserMod($idaa) || isUserAdmin($idaa)) { ?> function deleteChat(t) { console.log("Clicked delete"); var toDEL = $(t).parent(); var id = $(t).attr('rel'); console.log(id); $.post('ajaxDEL.php', {id: id}) .done(function(data) { $(toDEL).hide(); }); } /*$('.delete').click(function() {