include 'core/config.php';
include 'core/core.php';
$db->query('start transaction');
if (isset($_SESSION[$shortTitle . 'User']['level']) && $_SESSION[$shortTitle . 'User']['level'] >= 3) {
if (isset($_GET['action'], $_POST['password'])) {
foreach ($_POST as $key => $value) {
if ($key == 'maxIdleTime') {
$_POST[$key] = misc::clean($value, 'numeric');
} else {
$_POST[$key] = misc::clean($value);
}
}
switch ($_GET['action']) {
case 'vars':
if ($_SESSION[$shortTitle . 'User']['password'] == sha1($_POST['password'])) {
$message = $ui[flags::set($_POST['name'], $_POST['value'])];
} else {
$message = $ui['wrongPassword'];
}
break;
case 'bans':
$user = new user();
$status = $user->get('name', $_POST['name']);
if ($_SESSION[$shortTitle . 'User']['password'] == sha1($_POST['password'])) {
if ($status == 'done') {
if ($_POST['level'] > -1) {
$user->data['level'] = $_POST['level'];
$message = $ui[$user->set()];
} else {
$message = $ui[user::remove($user->data['id'])];
}
