}
$db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('aname' => $aname, 'aintro' => $aintro, 'private' => $private, 'albumpwd' => $pwd)) . ' WHERE aid=' . pwEscape($aid));
refreshto("{$basename}a=own", 'operate_success');
}
} elseif ($a == 'viewalbum') {
define('AJAX', 1);
define('F_M', true);
InitGP(array('aid'));
$aid = (int) $aid;
empty($aid) && Showmsg('data_error');
require_once PrintEot('m_ajax');
ajax_footer();
} elseif ($a == 'createajax') {
define('AJAX', 1);
define('F_M', true);
banUser();
InitGP(array('job'));
require_once PrintEot('m_ajax');
ajax_footer();
} elseif ($a == 'getallowflash') {
define('AJAX', 1);
define('F_M', true);
InitGP(array('aid'));
$aid = (int) $aid;
if ($aid) {
$photonums = $db->get_value("SELECT photonum FROM pw_cnalbum WHERE atype='0' AND aid=" . pwEscape($aid));
$o_maxphotonum && $photonums >= $o_maxphotonum && Showmsg('colony_photofull');
if ($o_maxphotonum) {
$allowmutinum = $o_maxphotonum - $photonums;
} else {
$allowmutinum = 'infinite';
function showBanForm($banid)
{
global $DB;
$unme = $DB->selectCell("SELECT username FROM account WHERE id='" . $banid . "'");
echo "\r\n\t\t<div class=\"content\">\t\r\n\t\t\t<div class=\"content-header\">\r\n\t\t\t\t<h4><a href=\"?p=admin\">Main Menu</a> / <a href=\"?p=admin&sub=users\">Manage Users</a> / " . $unme . " / Ban</h4>\r\n\t\t\t</div> <!-- .content-header -->\t\t\t\t\r\n\t\t\t<div class=\"main-content\">\r\n\t";
if (isset($_POST['ban_user'])) {
banUser($_POST['ban_user'], $_POST['ban_reason']);
}
echo "\r\n\t\t<form method=\"POST\" action=\"?p=admin&sub=users&id=" . $banid . "&action=ban\" name=\"adminform\" class=\"form label-inline\">\r\n\t\t\t<input type='hidden' name='ban_user' value='" . $banid . "' />\r\n\t\t\t<table>\r\n\t\t\t\t<thead>\r\n\t\t\t\t\t<th><center><b>Ban Account #" . $banid . " (" . $unme . ")</b></center></th>\r\n\t\t\t\t</thead>\r\n\t\t\t</table>\r\n\t\t\t<br />\r\n\t\t\t<div class='field'>\r\n\t\t\t\t<label for='Username'>Ban Reason: </label>\r\n\t\t\t\t<input id='Username' name='ban_reason' size='20' type='text' class='large' />\r\n\t\t\t</div>\r\n\t\t\t\r\n\t\t\t<div class=\"buttonrow-border\">\t\t\t\t\t\t\t\t\r\n\t\t\t\t<center><button><span>Ban User</span></button></center>\t\t\t\r\n\t\t\t</div>\r\n\r\n\t\t</form>\r\n\t</div>\r\n\t";
}
case "reportUser": case "reportuser": $oldignoreuserabort = ignore_user_abort(true); reportUser($option,$form,$uid); break; case "processReports": case "processreports": $oldignoreuserabort = ignore_user_abort(true); processReports(); break; case "banProfile": case "banprofile": $oldignoreuserabort = ignore_user_abort(true); banUser($option,$uid,$form,$act); break; case "viewReports": case "viewreports": viewReports($option,$uid,$act); break; case "emailUser": case "emailuser": emailUser($option,$uid); break; case "pendingApprovalUser": case "pendingapprovaluser": pendingApprovalUsers($option);
<?php
ob_start();
require_once "functions.php";
if (!$isLoggedIn && !isAdmin) {
header("Location:index.php");
exit;
}
$ban = isset($_GET['ban']) ? $_GET['ban'] : false;
$userID = isset($_GET['id']) ? $_GET['id'] : false;
if ($userID) {
if ($ban) {
banUser($userID);
} else {
unbanUser($userID);
}
}
<?php
include "../util/DbUtil.php";
session_start();
$userid = $_POST['userid'];
$response = "";
$db_conn = getConnectedDb();
if (is_null($db_conn)) {
$response = "Error connecting to database. Try again later.";
} elseif (isUserBanned($db_conn, $userid)) {
$response = "User already banned.";
} elseif (!banUser($db_conn, $userid)) {
$response = "Error banning user";
} else {
$response = "Success";
}
echo $response;
postMedia($_GET['sid']);
header("Location: mod.php");
} elseif ($_GET['type'] == "1") {
rejectImage($_GET['sid']);
header("Location: mod.php");
} elseif ($_GET['type'] == "2") {
reportImage($_GET['sid']);
header("Location: mod.php");
} elseif ($_GET['type'] == "-1") {
if (is_admin(mod_id())) {
banUser($_GET['sid'], 0);
}
header("Location: mod.php");
} elseif ($_GET['type'] == "-2") {
if (is_admin(mod_id())) {
banUser($_GET['sid'], 1);
}
header("Location: reports.php");
} elseif ($_GET['type'] == "-3") {
if (is_admin(mod_id())) {
removeReport($_GET['sid']);
}
header("Location: reports.php");
}
}
if ($_GET['type'] == "register") {
if (!is_mod(mod_id())) {
addModerator(mod_id());
header("Location: mod.php");
} else {
header("Location: mod.php");
