function admin_report_event($username, $action, $resource_id)
{
/* global $hp_includepath;
$log_text = date('Y-m-d H:i:s') . "\t" . $username . "\t" . $action . "\t" . $resource_id . "\n";
$logfile = fopen($hp_includepath . 'admin_logs/' . date('Y-m-d') . '.log', 'a');
fwrite($logfile, $log_text);
fclose($logfile);*/
log_admin_event('report event', $action, $_SESSION['login']['id'], $username, $resource_id);
}
function block_user($userid)
{
mysql_query('UPDATE userinfo SET image = 0, image_ban_expire = "' . (time() + 86400 * 7) . '" WHERE userid = "' . $userid . '" LIMIT 1') or die('<script language="javascript">alert("FATALT FEL! IGNORERA FÖLJANDE MEDDELANDE OM ATT UPPDATERINGEN LYCKADES. MYSQL FELINFORMATION: (vidarebefodra till Tritone)\\n\\n' . mysql_error() . '")</script>');
/* We need to load and modify the remote users session */
$sessid_sql = 'SELECT session_id FROM login WHERE id = "' . $userid . '" LIMIT 1';
$sessid_result = mysql_query($sessid_sql) or die(report_sql_error($sessid_sql));
$sessid_data = mysql_fetch_assoc($sessid_result);
if (strlen($sessid_data['session_id']) > 5) {
$remote_session = session_load($sessid_data['session_id']);
$remote_session['userinfo']['image_ban_expire'] = time() + 86400 * 7;
session_save($sessid_data['session_id'], $remote_session);
}
if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
echo '<script language="javascript">alert("Användar-ID ' . $userid . ' har blockerats från framtida uppladdning av bilder.");</script>';
log_admin_event('user blocked image upload', '', $_SESSION['login']['id'], $userid, $userid);
} else {
echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
}
}
function refuse_image($userid, $validator)
{
if ($userid == 17505 || $userid == 573633 || $userid == 625747 || $userid == 68767) {
die('Man kan inte ta bort denna bild...');
exit;
}
global $hp_path;
$query = 'UPDATE userinfo SET image = "3", image_validator = "' . $validator . '" ';
$query .= ' WHERE userid = "' . $userid . '" LIMIT 1';
mysql_query($query) or die;
if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
messages_send(2348, $userid, '', $_POST['message'], 0, 7);
} else {
echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
}
admin_report_event($_SESSION['login']['username'], 'Refused avatar', $userid);
log_admin_event('avatar validated', 'denied', $validator, $userid, 0);
//image id not available here
admin_action_count($_SESSION['login']['id'], 'avatar_denied');
}
function refuse_image($userid, $validator)
{
if ($userid == 17505 || $userid == 573633 || $userid == 625747 || $userid == 68767) {
die('Man kan inte ta bort denna bild...');
exit;
}
global $hp_path;
$query = 'UPDATE userinfo SET image = "3", image_validator = "' . $validator . '" ';
$query .= ' WHERE userid = "' . $userid . '" LIMIT 1';
mysql_query($query) or die;
if (unlink(PATHS_IMAGES . 'users/full/' . $userid . '.jpg') && unlink(PATHS_IMAGES . 'users/thumb/' . $userid . '.jpg')) {
guestbook_insert(array('sender' => 2348, 'recipient' => $userid, 'is_private' => 1, 'message' => mysql_real_escape_string('OBS! Detta meddelande har skickats automatiskt. Det är ingen idé att svara på meddelandet, kontakta någon ordningsvakt eller fråga i forumet.
Din bild har nekats, acceptera det.
Välj en ny bild som följer vår policy:
1) Bilden föreställer dig och ansiktet syns tydligt
2) Det är bara du på bilden
3) Ingen alkohol, ingen porr och inga nazistiska symboler
4) Inget som bryter mot Svensk lag, är upphovsrättskyddat eller är kränkande för någon person förekommer
5) Det är en skarp och ljus bild på dig
6) Bilden är inte taggad från någon annan sida ex. snyggast
7) Du har inte angett rätt ålder/kön så att det överensstämmer med personen på bilden')));
} else {
echo '<script language="javascript">alert("Ett fel uppstod när ' . $userid . '.jpg skulle tas bort!");</script>';
}
admin_report_event($_SESSION['login']['username'], 'Refused avatar', $userid);
log_admin_event('avatar validated', 'denied', $validator, $userid, 0);
//image id not available here
admin_action_count($_SESSION['login']['id'], 'avatar_denied');
}
function login_recover_user($user_id, $username)
{
// Check if a user with the username of the user we are recovering exists
$query = 'SELECT username FROM login WHERE username = "******"';
$result = mysql_query($query) or report_sql_error($query);
$data = mysql_fetch_assoc($result);
// If A user was found
if (mysql_affected_rows() != 0) {
return 'username_taken';
}
// Log the action to admin log
log_admin_event('user recovered', '', $_SESSION['login']['id'], $user_id, $user_id);
// Recreate the user in the database
$query = 'UPDATE login SET lastusernamechange = ' . time() . ', lastusername = "******", username = "******", is_removed = 0, removal_message = "" WHERE id = "' . $user_id . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
// If the user was successfully removed, return true
if (mysql_affected_rows() == 1) {
return 'success';
}
}
die;
}
} elseif ($_SESSION['login']['lastusernamechange'] > time() - 604800) {
jscript_alert('Så ofta kan du inte byta användarnamn, du får inte byta oftare än en gång i veckan!');
jscript_go_back();
die;
} else {
$query = 'UPDATE login SET username ="******", lastusernamechange = UNIX_TIMESTAMP(), ';
$query .= 'lastusername = "******", lastaction = 0 ';
$query .= 'WHERE id = ' . $_SESSION['login']['id'] . ' LIMIT 1';
mysql_query($query) or die(report_sql_error($query));
$new_sign = 'Jag hette tidigare ' . $_SESSION['login']['username'];
$query = 'UPDATE userinfo SET forum_signature ="' . $new_sign . '" ';
$query .= 'WHERE userid = "' . $_SESSION['login']['id'] . '" LIMIT 1';
mysql_query($query);
log_admin_event('username changed', $_SESSION['login']['username'], $_SESSION['login']['id'], $_SESSION['login']['id'], $_SESSION['login']['id']);
jscript_alert('Sådärja, du heter numera ' . $_POST['new_username'] . ' på hamsterpaj. Du loggas nu ut.');
jscript_location('/index.php');
$_SESSION = null;
session_destroy();
die;
}
}
echo rounded_corners_tabs_top();
echo '<h1 style="margin-top: 0px;">Byt namn</h1>';
echo '<p>Nu finns möjligheten att byta användarnamn på hamsterpaj. Du kan bara byta namn en gång i veckan och din signatur låses till ett meddelande om att du bytt namn i en vecka efter bytet.</p>';
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">';
echo '<strong>Nytt användarnamn:</strong><br />';
echo '<input type="text" name="new_username" class="textbox" maxlength="16" /><br/>';
echo '<strong>Ditt lösenord:</strong><br/>';
echo '<input type="password" name="password_old" class="textbox"/><br/><br />';
<?php
/* Remove old users */
$query = 'SELECT id, username FROM login WHERE (lastlogon < UNIX_TIMESTAMP() - 60*60*24*183 OR lastlogon IS NULL) AND is_removed = "0" AND id != 857929 AND id != 2348 AND id != 876354';
// We don't wish to remove webmaster or tha hamster or anonym
$result = mysql_query($query);
while ($data = mysql_fetch_assoc($result)) {
log_admin_event('user removed', $data['username'], '2348', $data['id'], $data['id']);
login_remove_user($data['id']);
}
{
$query = 'SELECT session_id FROM login WHERE id = "' . $_GET['back_to_user_id'] . '" LIMIT 1';
$result = mysql_query($query) or report_sql_error($query);
$data = mysql_fetch_assoc($result);
if(mysql_num_rows($result) == 1 && strlen($data['session_id']) > 0)
{
$remote_session = session_load($data['session_id']);
unset($remote_session['privilegies'][$_GET['privilegie']]);
session_save($data['session_id'], $remote_session);
}
}
$query = 'DELETE FROM privilegies WHERE privilegie_id = ' . $_GET['privilegie_id'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query);
log_admin_event('privilegie removed', $_GET['privilegie'], $_SESSION['login']['id'], $_GET['back_to_user_id'], 0);
jscript_location($_SERVER['PHP_SELF'] . '?action=load_user&user_id=' . $_GET['back_to_user_id']);
exit;
}
break;
case 'view_users_by_privilegie':
$output .= '<h2>Listar användare med privilegien ' . $_GET['privilegie'] . '</h2>' . "\n";
$output .= rounded_corners_top(array('color' => 'blue_deluxe'));
if(in_array($_GET['privilegie'], $available_privilegies))
{
$query = 'SELECT l.username AS username, l.id AS user_id';
$query .= ' FROM login AS l, privilegies AS pl';
<?php
require '../include/core/common.php';
require $hp_includepath . 'admin-functions.php';
$ui_options['current_menu'] = 'admin';
ui_top($ui_options);
if (!is_privilegied('logout_user')) {
die;
}
if (!isset($_GET['action'])) {
echo 'vad görru!!!';
} elseif ($_GET['action'] == 'logout') {
$query = 'SELECT id, session_id FROM login WHERE username = "******"';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) > 0) {
$data = mysql_fetch_assoc($result);
$user_to_sess = $data['session_id'];
$userid = $data['id'];
unlink('/var/lib/php/session2/sess_' . $user_to_sess);
$query = 'UPDATE login SET lastaction = "0" WHERE id = "' . $userid . '"';
mysql_query($query) or report_sql_error($query);
log_admin_event('user kicked', $_GET['username'] . ' was loged out by ' . $_SESSION['login']['username'], $_SESSION['login']['id'], $userid, $userid);
jscript_alert('Personen är nu utloggad');
} else {
jscript_alert('Hittade inte användaren...');
}
jscript_go_back();
}
ui_bottom();
} elseif (THIS_URI == $tab['Varna användare'] && isset($_POST['username']) && isset($_POST['reason'])) {
if (strlen($_POST['username']) > 0 && strlen($_POST['reason']) > 0) {
$query = 'SELECT username, id FROM login WHERE username LIKE "' . $_POST['username'] . '" LIMIT 1';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['id'] > 0) {
$user_id = $row['id'];
$query = 'INSERT INTO user_warnings (user_id, set_by, timestamp, reason)
VALUES (\'' . $user_id . '\', \'' . $_SESSION['login']['id'] . '\', \'' . time() . '\', \'' . $_POST['reason'] . '\');';
$query2 = 'UPDATE userinfo SET last_warning = ' . time() . ' WHERE userid = ' . $user_id . ' LIMIT 1';
$query3 = 'INSERT INTO user_abuse (timestamp, admin, freetext)
VALUES (' . time() . ', ' . $_SESSION['login']['id'] . ', "Varnad: ' . $_POST['reason'] . '")';
mysql_query($query) or die(mysql_error() . '<br />' . $query);
mysql_query($query2) or report_sql_error($query2, __FILE__, __LINE__);
mysql_query($query3) or report_sql_error($query3, __FILE__, __LINE__);
log_admin_event('user warned', $row['username'], $_SESSION['login']['id'], $user_id, $user_id);
$message = 'Hej, du har blivit varnad med anledningen:' . "\n";
$message .= '-----' . "\n";
$message .= '%REASON%' . "\n";
$message .= '-----' . "\n\n";
$message .= 'Varningen håller i en vecka. dvs tills ' . date("d/m H:i", time() + 604800) . ' så mitt råd är att du tar det lugnt och inte besvärar någon i onödan :)' . "\n\n";
$message .= 'Med vänliga hälsningar Hamsterpaj Crew.';
$guestbook_message = array('sender' => 2348, 'recipient' => intval($user_id), 'message' => mysql_real_escape_string(str_replace(array('%REASON%', '%ADMIN%'), array($_POST['reason'], $_SESSION['login']['username']), $message)));
//preint_r($guestbook_message);
guestbook_insert($guestbook_message);
$out .= '<h2>Användaren hittades!</h1>' . "\n";
$out .= 'Användarnamnet <strong>' . $_POST['username'] . '</strong> hittades och hade ID <strong>' . $user_id . '</strong> :)<br />' . "\n";
$out .= 'Tidpunkt: ' . time() . '<br />';
$out .= 'Anledning var:<br />' . "\n";
$out .= $_POST['reason'] . "<br />\n";
$out .= '<strong>Användaren har nu tilldelats en varning!</strong>';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
log_admin_event('forum unlock thread', '', $_SESSION['login']['id'], $post['author'], $_GET['post_id']);
}
/* Renaming posts (threads). Fix a function for this later on... */
if ($_GET['action'] == 'rename_post' && is_privilegied('discussion_forum_rename_threads') && is_numeric($_GET['post_id'])) {
$posts = discussion_forum_post_fetch(array('post_id' => $_GET['post_id']));
$post = array_pop($posts);
$message = 'Hej, din tråd i forumet med titeln "%TITLE%" har blivit omdöpt till %NEW_TITLE%
Ordningsvakten som döpte om din tråd var: %RENAMERS_USERNAME%.' . "\n" . '
Har du frågor så är du välkommen att fråga honom/henne, annars, may the force be with you!
';
$guestbook_message = array('sender' => 2348, 'recipient' => intval($post['author']), 'message' => mysql_real_escape_string(str_replace(array('%TITLE%', '%CONTENT%', '%RENAMERS_USERNAME%', '%NEW_TITLE%'), array($post['title'], $post['content'], $_SESSION['login']['username'], $_GET['new_title']), $message)));
guestbook_insert($guestbook_message);
$query = 'UPDATE forum_posts SET title = "' . $_GET['new_title'] . '" WHERE id = "' . $_GET['post_id'] . '" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
log_admin_event('forum rename post', $post['title'] . ' -> ' . $_GET['new_title'], $_SESSION['login']['id'], $post['author'], $_GET['post_id']);
}
/* Remove answer to notice */
if ($_GET['action'] == 'remove_answer_notice' && is_numeric($_GET['post_id']) && login_checklogin()) {
$query = 'DELETE FROM forum_notices WHERE post_id = ' . $_GET['post_id'] . ' AND user = "******" LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
/* Category read */
if ($_GET['action'] == 'set_category_read') {
$category = discussion_forum_categories_fetch(array('id' => $_GET['category']));
$options['show_new_threads'] = true;
$options['forum_id'] = $_GET['category'];
$threads = discussion_forum_post_fetch($options);
forum_update_category_session(array('category' => $category[0], 'threads' => $threads));
discussion_forum_reload_category_subscriptions();
if (!empty($_GET['return'])) {
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if ($post['author'] != $_SESSION['login']['id'] && isset($_POST['content'])) {
$message = 'Hej, ditt inlägg i forumet med titeln "%TITLE%" har blivit ändrat.' . "\n";
$message .= 'Ordningsvakten som ändrade ditt inlägg heter %EDITERS_USERNAME% och ändrade inlägget till:' . "\n\n";
$message .= '-----' . "\n";
$message .= '%CONTENT_NEW%' . "\n";
$message .= '-----' . "\n\n";
$message .= 'Här är ditt ursprungliga inlägg:' . "\n";
$message .= '-----' . "\n";
$message .= '%CONTENT_OLD%' . "\n";
$message .= '-----' . "\n\n";
$message .= 'Har du några frågor så ta det med någon ordningsvakt, du hittar sådana i modulen "Inloggade Ordningsvakter" till höger.' . "\n";
$message .= '/Webmaster';
$guestbook_message = array('sender' => 2348, 'recipient' => intval($post['author']), 'message' => mysql_real_escape_string(str_replace(array('%TITLE%', '%CONTENT_NEW%', '%CONTENT_OLD%', '%EDITERS_USERNAME%'), array($post['title'], $_POST['content'], $post['content'], $_SESSION['login']['username']), $message)));
guestbook_insert($guestbook_message);
log_admin_event('forumpost changed', '', $_SESSION['login']['id'], $post['author'], $_GET['post_id']);
}
}
echo '<h1>Ändring och tillägg sparat!</h1>' . "\n";
} elseif (isset($_GET['post_id']) && is_numeric($_GET['post_id'])) {
$post = discussion_forum_post_fetch(array('post_id' => $_GET['post_id']));
if (count($post) == 1) {
$post = array_pop($post);
$disabled = forum_security(array('action' => 'edit_post', 'post' => $post)) == true ? '' : ' disabled="disabled"';
echo '<form method="post">' . "\n";
echo '<input type="hidden" name="post_id" value="' . $_GET['post_id'] . '" />' . "\n";
echo '<h5>Inläggstext</h5>' . "\n";
echo '<textarea name="content"' . $disabled . ' class="content_editor">' . $post['content'] . '</textarea>' . "\n";
if (forum_security(array('action' => 'post_addition', 'post' => $post)) == true) {
echo '<h5>Tillägg</h5>' . "\n";
echo '<textarea name="addition"></textarea>' . "\n";
$out .= ($zebra == 1) ? '<tr style="background: #eee;">' . "\n" : '<tr>' . "\n";
$zebra = ($zebra == 1) ? $zebra = 0 : $zebra = 1;
$out .= '<td valign="top">' . $data['id'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['sender'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['recipient'] . '</td>' . "\n";
$out .= '<td valign="top">' . date("Y.m.d - H:i.s", $data['timestamp']) . '</td>' . "\n";
$out .= '<td valign="top">' . $data['title'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['message'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['discussion'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['recipient_status'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['sender_status'] . '</td>' . "\n";
$out .= '<td valign="top">' . $data['mass_message_id'] . '</td>' . "\n";
$out .= '</tr>' . "\n\n";
}
$out .= '</table>' . "\n";
//ui_top($ui_options);
//echo utf8_decode($out);
echo $out;
//ui_bottom();
log_admin_event('pm hack', 'Mellan: ' . $get['id1'] . ' och ' . $get['id2'] . '', $_SESSION['login']['id'], $get['id1'], '');
}
else
{
?>
<h3>Kolla upp skummisars meddelanden.</h3>
<form action="/admin/pm_hack.php" method="get">
ID1 : <input type="text" name="id1" /> ID2: <input type="text" name="id2" /><input type="submit" value="sekz"></form>
<?
}
?>
$out .= '</tr>' . "\n";
while ($data = mysql_fetch_assoc($result)) {
$userlabel = $data['forum_userlabel'];
if (!isset($assigned[$userlabel])) {
$assigned[$userlabel] = '%VALUE%';
$border .= 'style="border-top: solid;"' . "\n";
}
$out .= '<tr>' . "\n";
$out .= '<td ' . $border . '>' . $data['username'] . '</td>' . "\n";
$out .= '<td ' . $border . '>' . $userlabel . '</td>' . "\n";
$out .= '</tr>' . "\n";
$border = "";
}
$out .= '</table>' . "\n";
break;
case 'change':
$forum_userlabel = $_POST['forum_userlabel'];
$user_id = $_POST['user_id'];
$query = 'UPDATE userinfo SET forum_userlabel = "' . $forum_userlabel . '" WHERE userid = ' . $user_id . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
$out .= 'Ändrat';
log_admin_event('userlabel changed', $_POST['forum_userlabel'], $_SESSION['login']['id'], $_POST['user_id'], '');
jscript_alert('Användarens forumstatus är ändrad');
jscript_location('/admin/forum_userlabel.php');
}
$out .= rounded_corners_bottom();
ui_top($ui_options);
echo $out;
ui_bottom();
?>
break;
case 'edit':
$user_flag = $_POST['user_flag'];
$userid = $_POST['userid'];
if (isset($_POST['add']) && is_numeric($user_flag) && is_numeric($userid)) {
$query = 'INSERT INTO user_flags (user , flag) VALUES (' . $userid . ',' . $user_flag . ')';
$result = mysql_query($query) or die(report_sql_error($query));
$output .= 'Flaggan är inlagd!';
$query = 'SELECT title FROM user_flags_list WHERE id = ' . $user_flag . ' LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
$data = mysql_fetch_assoc($result);
log_admin_event('user flag added', $data['title'], $_SESSION['login']['id'], $userid, '');
} elseif (isset($_POST['remove']) && is_numeric($user_flag) && is_numeric($userid)) {
$query = 'DELETE FROM user_flags WHERE user ='******' AND flag =' . $user_flag . ' LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
$output .= 'Flaggan är borttagen!';
$query = 'SELECT title FROM user_flags_list WHERE id = ' . $user_flag . ' LIMIT 1';
$result = mysql_query($query) or die(report_sql_error($query));
$data = mysql_fetch_assoc($result);
log_admin_event('user flag removed', $data['title'], $_SESSION['login']['id'], $userid, '');
} else {
$output .= 'Nåt fel hände, försök igen.' . "\n";
}
break;
}
$output .= rounded_corners_bottom();
ui_top($ui_options);
echo $output;
ui_bottom();
?>
<?php
require '../include/core/common.php';
$ui_options['current_menu'] = 'hamsterpaj';
$ui_options['title'] = 'Användare borttagen - Hamsterpaj.net';
ui_top($ui_options);
if (is_privilegied('remove_user')) {
if (isset($_GET['userid']) && is_numeric($_GET['userid'])) {
$query = 'SELECT id, session_id, username FROM login WHERE id = "' . $_GET['userid'] . '"';
$result = mysql_query($query) or report_sql_error($query);
$data = mysql_fetch_assoc($result);
$user_to_sess = $data['session_id'];
$userid = $data['id'];
$old_username = $data['username'];
unlink('/var/lib/php/session2/sess_' . $data['session_id']);
log_admin_event('user removed', $data['username'], $_SESSION['login']['id'], $_GET['userid'], $_GET['userid']);
login_remove_user($_GET['userid']);
echo '<h1>Knäppgök borttagen</h1>';
}
}
ui_bottom();
?>
$message = 'Hej, ditt inlägg i forumet med titeln "%TITLE%" har tagits bort.' . "\n";
$message .= 'Ordningsvakten som tog bort ditt inlägg heter %REMOVERS_USERNAME% och gjorde följande notering:' . "\n\n";
$message .= '-----' . "\n";
$message .= '%REMOVAL_COMMENT%' . "\n";
$message .= '-----' . "\n\n";
$message .= 'Här är ditt inlägg:' . "\n";
$message .= '-----' . "\n";
$message .= '%CONTENT%' . "\n";
$message .= '-----' . "\n\n";
$message .= 'Har du några frågor så ta det med någon ordningsvakt, du hittar sådana i modulen "Inloggade Ordningsvakter" till höger.' . "\n";
$message .= 'Detta är inte hela världen, men det är kanske bäst att du chillar lite extra i framtiden.' . "\n\n";
$message .= '/Webmaster';
$guestbook_message = array('sender' => 2348, 'recipient' => intval($post['author']), 'message' => mysql_real_escape_string(str_replace(array('%TITLE%', '%CONTENT%', '%REMOVAL_COMMENT%', '%REMOVERS_USERNAME%'), array($post['title'], $post['content'], $_GET['removal_comment'], $_SESSION['login']['username']), $message)));
preint_r($guestbook_message);
guestbook_insert($guestbook_message);
log_admin_event('post removed', $post['removal_comment'], $_SESSION['login']['id'], $post['author'], $_GET['post_id']);
admin_action_count($_SESSION['login']['id'], 'post_removed');
}
if ($_GET['action'] == 'unremove_post' && forum_security(array('action' => 'unremove_post', 'post_id' => $_GET['post_id']))) {
discussion_forum_remove_post(array('post_id' => $_GET['post_id'], 'mode' => 'unremove'));
}
if ($_GET['action'] == 'vote' && login_checklogin() && is_numeric($_GET['thread_id'])) {
$query = 'UPDATE forum_read_posts SET has_voted = 1 WHERE thread_id = "' . $_GET['thread_id'] . '" AND user_id = "' . $_SESSION['login']['id'] . '" AND has_voted = 0';
mysql_query($query);
if (mysql_affected_rows() == 1) {
$operand = $_GET['vote'] == 'positive' ? '+' : '-';
$query = 'UPDATE forum_posts SET score = score ' . $operand . ' 1 WHERE id = "' . $_GET['thread_id'] . '"';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
}
}
/* Thread subscriptions */
function deletePhoto($userid, $imgid)
{
if ($userid == 17505) {
echo '<script>alert(\'Vi har gjort ett undantag för tant-erfaren, som får ha sin visningsbild trots att bryter mot reglerna.\');</script>';
return 0;
}
unlink(PATHS_IMAGES . 'photoalbum/full/' . $userid . '_' . $imgid . '.jpg');
unlink(PATHS_IMAGES . 'photoalbum/thumb/' . $userid . '_' . $imgid . '.jpg');
$query = 'UPDATE photoalbums SET title = null, status = 0 WHERE userid = "' . $userid . '" AND imgid = "' . $imgid . '" LIMIT 1';
mysql_query($query) or die('MySQL error when updating photoalbums: ' . mysql_error());
log_admin_event('photo deleted', '', $_SESSION['login']['id'], $userid, $imgid);
}
$out .= '<td><strong>' . date('Y-m-d', $data['timestamp']) . ': </strong></td>';
$out .= '<td>' . $data['ip'] . '</td>';
$out .= '<td>' . $data['reason'] . '</td>';
$out .= '<td><a href="/traffa/profile.php?id=' . $data['banned_by_user_id'] . '">' . $data['banned_by_username'] . '</a></td>';
$out .= '<td><a href="' . $_SERVER['PHP_SELF'] . '?action=remove_confirm&ip=' . $data['ip'] . '">[X]</a></td>';
$out .= '</tr>' . "\n";
}
$out .= '</table>' . "\n";
$out .= !isset($_GET['show_all']) ? '<a href="/admin/ip_ban_admin.php?show_all">Visa alla</a>' : '';
break;
case 'add':
if (isset($_POST['ip']) && isset($_POST['reason']) && substr($_POST['ip'], 0, 7) != '192.168' && preg_match('/^(25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)\\.(25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)$/', $_POST['ip'])) {
$query = 'INSERT INTO ip_ban_list(ip, reason, banned_by, timestamp) VALUES ("' . $_POST['ip'] . '", "' . $_POST['reason'] . '", ' . $_SESSION['login']['id'] . ', ' . time() . ')';
if (@mysql_query($query)) {
$out .= 'Ip-adressen lades till i systemet! <a href="' . $_SERVER['PHP_SELF'] . '">« Tillbaka</a>.' . "\n";
log_admin_event('ip banned', $_POST['ip'], $_SESSION['login']['id'], 0, 0);
} else {
// Primary key...
$out .= 'Ip-adressen kunde inte läggas till i systemet. Om den redan finns i systemet, kontakta en Sysop med information: ' . __FILE__ . ' on line ' . __LINE__;
}
} else {
$out .= 'Ip-adress ogiltig. Kontakta Sysop.';
}
break;
case 'remove_confirm':
$out .= '<h2>Vill du verkligen ta bort ' . $_GET['ip'] . ' ifrån bannade-ip-listan?</h2>' . "\n";
$out .= '<form method="post" action="' . $_SERVER['PHP_SELF'] . '?action=remove">' . "\n";
$out .= '<input type="hidden" name="ip" value="' . $_GET['ip'] . '">' . "\n";
$out .= '<input type="submit" value="Ja, klart jag vill!" class="button_120" />';
$out .= '</form>' . "\n";
break;
function photoblog_forbid_upload($options)
{
if (!is_privilegied('photoblog_upload_forbid')) {
throw new Exception('You need privilegies for this');
}
if (!isset($options['user_id']) && !is_numeric($options['user_id'])) {
throw new Exception('User id must be set');
}
if (!isset($options['days']) && !is_numeric($options['days'])) {
throw new Exception('number of days must be set');
}
$query = 'UPDATE photoblog_preferences SET upload_forbidden = ' . strtotime('+' . $options['days'] . ' day', time()) . ' WHERE userid = ' . $options['user_id'] . ' LIMIT 1';
mysql_query($query) or report_sql_error($query, __FILE__, __LINE__);
if ($_SESSION['login']['id'] == $options['user_id']) {
$_SESSION['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
} else {
$query = 'SELECT session_id FROM login WHERE id = ' . $options['user_id'] . ' LIMIT 1';
$result = mysql_query($query) or report_sql_error($query);
if (mysql_num_rows($result) == 1) {
$data = mysql_fetch_assoc($result);
if (strlen($data['session_id']) > 0) {
$remote_session = session_load($data['session_id']);
$remote_session['photoblog_preferences']['upload_forbidden'] = strtotime('+' . $options['days'] . ' day', time());
session_save($data['session_id'], $remote_session);
}
}
}
log_admin_event('photoblog_upload_forbidden', 'Antal dagar: ' . $options['days'], $_SESSION['login']['id'], $options['user_id'], 0);
}
