예제 #1
0
function displayNormal($doc, $id)
{
    global $user, $table, $errmsg;
    if (!$user->isAdmin()) {
        $row = queryGetRow("\r\n            select t1.name as name, t1.role as role, t1.comment as comment\r\n            from {$table['user']} t1\r\n            where t1.id = ?", $id);
    } else {
        $row = queryGetRow("\r\n            select t1.name as name, t1.role as role, t1.comment as comment, t1.admin_comment as admin_comment, unix_timestamp(t1.ban_date) as ban_date, t1.ban_reason as ban_reason, t2.name as banned_by\r\n            from {$table['user']} t1 left join {$table['user']} t2 on t1.banned_by = t2.id\r\n            where t1.id = ?", $id);
    }
    if (!$row) {
        displayNotFound($doc);
        return;
    }
    $name = $row['name'];
    if ($row['comment']) {
        $comment = "<div class='user_comment'>" . f($row['comment']) . "</div>";
        $_comment = e($row['comment']);
    }
    $my = (int) $user->id == (int) $id;
    if ($my) {
        $user_form = "\r\n            <form method='post' action='user.php'>\r\n                <div class='fields'>\r\n                <label>Write a few things about yourself (optional):<br>\r\n                <textarea name='comment'>{$_comment}</textarea>\r\n                </label>\r\n                </div>\r\n                <input type='submit' value='Update information' />\r\n                <input type='hidden' name='action' value='comment' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n            </form>\r\n            <button id='passform_btn'>Change password</button>\r\n            <form method='post' action='user.php' id='passform' class='hidden'>\r\n                <div class='fields'>\r\n                <label>Old password:<br>\r\n                <input type='password' name='oldp' />\r\n                </label><br>\r\n                <label>New password:<br>\r\n                <input type='password' name='newp' id='newp' />\r\n                </label><br>\r\n                <label>Repeat new password:<br>\r\n                <input type='password' id='newp2' />\r\n                </label>\r\n                </div>\r\n                <input type='submit' value='Change password' />\r\n                <input type='hidden' name='action' value='password' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n            </form>\r\n        ";
    } else {
        if ($user->isAdmin()) {
            $user_form = "\r\n            <form method='post' action='user.php'>\r\n                <div class='fields'>\r\n                <label>User information:<br>\r\n                <textarea name='comment'>{$_comment}</textarea>\r\n                </label>\r\n                </div>\r\n                <input type='submit' value='Update information' />\r\n                <input type='hidden' name='action' value='comment' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n            </form>\r\n        ";
        }
    }
    if ($user_form) {
        $user_form .= "\r\n            <script>\r\n                \$(function()\r\n                {\r\n                    \$('#passform_btn').click(function()\r\n                    {\r\n                        \$('#passform').toggle();\r\n                    });\r\n                    \$('#passform').submit(function(ev)\r\n                    {\r\n                        if (\$('#newp').val() != \$('#newp2').val())\r\n                        {\r\n                            \$('#error').html('Error: passwords do not match');\r\n                            ev.preventDefault();\r\n                        }\r\n                    });\r\n                });\r\n            </script>\r\n        ";
    }
    if ($row['role'] == 'root') {
        $role = 'Owner';
    } else {
        if ($row['role'] == 'admin') {
            $role = 'Administrator';
        } else {
            if ($row['role'] == 'user') {
                $role = 'Member';
            }
        }
    }
    $res = "\r\n        <h2>{$name}</h2>\r\n        <div id='error'>{$errmsg}</div>\r\n        <p>{$role}</p>\r\n        {$comment}\r\n        {$user_form}\r\n        ";
    if ($user->isAdmin()) {
        $now = time();
        $ban_date = (int) $row['ban_date'];
        $banned = false;
        if ($ban_date == 1) {
            $reason = e($row['ban_reason']);
            $ban = "<p>Ban relieved by <b>{$row['banned_by']}</b>. Reason: <b>{$reason}</b></p>";
        } else {
            if ($now <= $ban_date) {
                $reason = e($row['ban_reason']);
                $date = formatDate($ban_date);
                $ban = "<p>User is banned until <b>{$date}</b> by <b>{$row['banned_by']}</b>. Reason: <b>{$reason}</b></p>";
                $banned = true;
            }
        }
        if ($banned) {
            $ban_form = "\r\n                <button id='banform_btn'>Remove ban</button>\r\n                <form method='post' id='banform' class='hidden' action='user.php'>\r\n                <div class='fields'>\r\n                <label>Why do you want to remove ban?<br>\r\n                <textarea name='ban_reason'></textarea>\r\n                </label>\r\n                </div>\r\n                <input type='submit' value='Remove ban' />\r\n                <input type='hidden' name='action' value='unban' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n                </form>\r\n            ";
        } else {
            $ban_until = formatDate($now);
            $ban_form = "\r\n                <button id='banform_btn'>Ban user</button>\r\n                <form method='post' id='banform' class='hidden' action='user.php'>\r\n                <div class='fields'>\r\n                <label>Reason for ban:<br>\r\n                <textarea name='ban_reason'></textarea>\r\n                </label><br>\r\n                <label>Ban until:<br>\r\n                <input type='text' id='ban_date' name='ban_date' value='{$ban_until}' />\r\n                </label><br>\r\n                <label>\r\n                <input type='checkbox' class='nowidth' name='ban_ips' value='1' />\r\n                Also ban all IPs of this user\r\n                </label><br>\r\n                <label>\r\n                <input type='checkbox' class='nowidth' name='ban_revert_all' value='1' />\r\n                Revert all changes made by this user\r\n                </label><br>\r\n                <label>\r\n                </div>\r\n                <input type='submit' value='Ban user' />\r\n                <input type='hidden' name='action' value='ban' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n                </form>\r\n            ";
        }
        $admin_comment = e($row['admin_comment']);
        $ips = array();
        $q = query("select distinct t1.user_ip, t2.id from {$table['translation']} t1, {$table['ip_data']} t2 where t1.user_id = ? and t1.user_ip = t2.ip", $id);
        while ($rr = $q->fetch()) {
            $ips[] = "<a href='index.php?p=userinfo&aid={$rr['1']}'>{$rr['0']}</a>";
        }
        $ips = implode('<br>', $ips);
        if ($row['role'] == 'admin') {
            $promote_form = "\r\n                <form method='post' action='user.php' class='addmargin' id='promote_form'>\r\n                <input type='submit' value='Demote to member' />\r\n                <div id='promote_msg'></div>\r\n                <input type='hidden' name='action' value='demote' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n                </form>\r\n            ";
        } else {
            if ($row['role'] != 'root') {
                $promote_form = "\r\n                <form method='post' action='user.php' class='addmargin' id='promote_form'>\r\n                <input type='submit' value='Promote to administrator' />\r\n                <div id='promote_msg'></div>\r\n                <input type='hidden' name='action' value='promote' />\r\n                <input type='hidden' name='id' value='{$id}' />\r\n                </form>\r\n            ";
            }
        }
        $res .= "\r\n            <p>IPs used by this user:</p>\r\n            <p>{$ips}</p>\r\n            {$ban}\r\n            <form method='post' action='user.php'>\r\n            <div class='fields'>\r\n            <label>Administrator comment (visible to administrators only):<br>\r\n            <textarea name='admin_comment'>{$admin_comment}</textarea>\r\n            </label>\r\n            </div>\r\n            <input type='submit' value='Update administrator comment' />\r\n            <input type='hidden' name='action' value='admin_comment' />\r\n            <input type='hidden' name='id' value='{$id}' />\r\n            </form>\r\n            {$ban_form}\r\n            {$promote_form}\r\n            <script>\r\n                var promote_confirmed = false;\r\n                \$(function()\r\n                {\r\n                    \$('#banform_btn').click(function()\r\n                    {\r\n                        \$('#banform').toggle();\r\n                    });\r\n                    \$('#promote_form').submit(function(ev)\r\n                    {\r\n                        if (!promote_confirmed)\r\n                        {\r\n                            promote_confirmed = true;\r\n                            \$('#promote_msg').html('Are you sure? Click again to confirm.');\r\n                            ev.preventDefault();\r\n                        }\r\n                    });\r\n                });\r\n            </script>\r\n        ";
    }
    $res .= "<p><a href='index.php?by={$id}'>View user submissions</a></p>";
    $doc->content = $res;
}
예제 #2
0
 public static function createAnonymous()
 {
     global $table;
     $user = new self();
     $res = queryGetRow("select id, unix_timestamp(ban_date) as ban_date from {$table['ip_data']} where ip = ?", $user->ip);
     if (!$res) {
         $id = $user->createIpRecord();
         if (!$id) {
             throw new Exception('Cannot create anonymous user');
         }
         $ban_date = 0;
     } else {
         $id = $res['id'];
         $ban_date = $res['ban_date'];
     }
     $data['id'] = 0;
     $user->aid = $id;
     $data['name'] = 'Anonymous' . $id;
     $data['role'] = 'user';
     $data['user_id_ban_date'] = 0;
     $data['ip_ban_date'] = $ban_date;
     $user->setData($data);
     return $user;
 }
예제 #3
0
<?php

require_once 'lib/db.php';
require_once 'lib/template.php';
$doc = new Document('base');
$doc->title = "Banned";
$ban_doc = new Document('banned');
if ($user->banned == User::BANNED_BY_USER_ID) {
    $ban = queryGetRow("select u1.ban_date as ban_date, u2.name as banned_by, u1.ban_reason as ban_reason\r\n                        from {$table['user']} u1, {$table['user']} u2\r\n                        where u1.id = ? and u2.id = u1.banned_by", $user->id);
    $ban_doc->set('ban', "User <b>{$user->name}</b> is banned until <b>{$ban['ban_date']}</b> by <b>{$ban['banned_by']}</b>.");
    $ban_doc->set('logout', "<a href='logout.php'><button>Log out</button></a>");
} else {
    $ban = queryGetRow("select t1.ban_date as ban_date, u2.name as banned_by, t1.ban_reason as ban_reason\r\n                        from {$table['ip_data']} t1, {$table['user']} u2\r\n                        where t1.ip = ? and u2.id = t1.banned_by", $user->ip);
    $ban_doc->set('ban', "Your ip address <b>{$user->ip}</b> is banned until <b>{$ban['ban_date']}</b> by <b>{$ban['banned_by']}</b>.");
}
$ban_doc->set('reason', $ban['ban_reason']);
$doc->content = $ban_doc->render();
echo $doc->render();
예제 #4
0
<?php

require_once 'lib/db.php';
require_once 'lib/functions.php';
$q = $_GET['q'];
if (!$q) {
    die;
}
try {
    $qq = queryGetRow("select t.source_id, t.translation from {$table['translation']} t, {$table['source']} src where src.source = ? and t.source_id = src.id order by t.id desc limit 1", $q);
    if (!$qq) {
        echo '{"success":"1","id":"0","result":""}';
    } else {
        echo '{"success":"1","id":"' . $qq[0] . '","result":"' . addslashes($qq[1]) . '"}';
    }
} catch (Exception $ex) {
    echo '{"success":"0","error":"' . addslashes($ex->getMessage()) . '"}';
}