$allowedToBan = true; } if ($allowedToBan) { // Make sure special chars for MySQL are escaped $bannedUser = addslashes($bannedUser); $bannedUser = str_ireplace(array("\"", "\r\n", "\n", "\r", ";"), "", $bannedUser); // Remove ; to prevent kick command inyection like name; quit or ; _restart $banQueries = new BanQueries(); $lengthQueries = new LengthQueries(); $length = $lengthQueries->getBanLength($lengthId); // Banned user information $bannedUserO = $banQueries->getBannedUser($banId); if ($fullPower || $banManager || $bannedUserO->getBanner() == $_SESSION['name'] && !empty($_SESSION['name']) && ($admin || $member) || $bannedUserO->getBannerSteamId() == $_SESSION['steamId'] && !empty($_SESSION['steamId']) && ($admin || $member)) { // We are banning an IP if (isset($_POST['banIp'])) { $banQueries->addIpBan($_POST['ip']); header("Location: index.php?page=updateBan&banId=" . $banId); } else { if (isset($_POST['updateBan'])) { // We are updating ban information if ($config->enableSmfIntegration) { $username = $user_info['username']; } else { $username = $_SESSION['name']; } if (!$fullPowerLevelEditUser || $fullPower) { $ModifiedBy = $username; } if ($member) { $pending = 1; } else {