function processNormal($id, $action) { global $user, $table; $my = (int) $id == (int) $user->id; if (!$my && !$user->isAdmin()) { invalid(); } if ($action == 'comment') { $comment = get($_POST, 'comment'); if (strlen($comment) > 10000) { $comment = substr($comment, 0, 10000); } query("update {$table['user']} set comment = ? where id = ?", $comment, $id); } else { if ($action == 'password') { if (!$my) { invalid(); } $oldp = md5(get($_POST, 'oldp')); $newp = md5(get($_POST, 'newp')); $q = query("update {$table['user']} set password = ? where id = ? and password = ?", $newp, $id, $oldp); if (!$q->num_rows) { error(2); } } else { if (!$user->isAdmin()) { invalid(); } if ($action == 'admin_comment') { $comment = get($_POST, 'admin_comment'); query("update {$table['user']} set admin_comment = ? where id = ?", $comment, $id); } else { if ($action == 'ban') { $ban_date = strtotime(get($_POST, 'ban_date')); if (!$ban_date || $ban_date <= time()) { error(3); } $revert = get($_POST, 'ban_revert_all') == '1'; $ban_ips = get($_POST, 'ban_ips') == '1'; $ban_reason = get($_POST, 'ban_reason'); query("update {$table['user']} set ban_date = from_unixtime(?), banned_by = ?, ban_reason = ? where id = ?", $ban_date, $user->id, $ban_reason, $id); if ($revert && !$ban_ips) { revertUserChanges("main.user_id = '{$id}'", $ban_reason); } if ($ban_ips) { $q = query("select distinct user_ip from translation where user_id = ?", $id); $ips = $q->fetchAll(); foreach ($ips as $ip) { banIp($ip[0], $ban_date, $ban_reason, $revert, false); } } } else { if ($action == 'unban') { $unban_reason = get($_POST, 'ban_reason'); query("update {$table['user']} set ban_date = from_unixtime(1), banned_by = ?, ban_reason = ? where id = ?", $user->id, $unban_reason, $id); } else { if ($action == 'promote') { query("update {$table['user']} set role = 'admin' where id = ? and id != 1", $id); } else { if ($action == 'demote') { query("update {$table['user']} set role = 'user' where id = ? and id != 1", $id); } else { invalid(); } } } } } } } }
avert('Le message ne peut pas être vide !'); } } $req_sujet = $connexion->prepare('SELECT * FROM sujets WHERE id = ' . $_GET['id']); $req_sujet->execute(); $don_sujet = $req_sujet->fetch(PDO::FETCH_OBJ); if ($_GET['action'] == 'ban' and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) { $reponse = ban($_GET['banId'], $_GET['token'], $connexion); if ($reponse) { info('Le membre a bien été banni !'); } else { avert('Une erreur s\'est produite !'); } } if ($_GET['action'] == 'banIp' and isset($_GET['banIp']) and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) { $reponse = banIp($_GET['banIp'], $_GET['banId'], $_GET['token'], $connexion); if ($reponse) { info('Le membre a bien été banni !'); } else { avert('Une erreur s\'est produite !'); } } if ($_GET['action'] == 'listeNoire' and isset($_GET['listeNoireIp']) and isset($_GET['listeNoireId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] == 90) { $reponse = listeNoire($_GET['listeNoireIp'], $_GET['listeNoirId'], $_GET['token'], $connexion); if ($reponse) { info('Le membre a bien été blacklisté !'); } else { avert('Une erreur s\'est produite !'); } } if ($_GET['action'] == 'epingler' and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 50) {