function displayNormal($doc, $id)
{
global $user, $table, $errmsg;
if (!$user->isAdmin()) {
$row = queryGetRow("\r\n select t1.name as name, t1.role as role, t1.comment as comment\r\n from {$table['user']} t1\r\n where t1.id = ?", $id);
} else {
$row = queryGetRow("\r\n select t1.name as name, t1.role as role, t1.comment as comment, t1.admin_comment as admin_comment, unix_timestamp(t1.ban_date) as ban_date, t1.ban_reason as ban_reason, t2.name as banned_by\r\n from {$table['user']} t1 left join {$table['user']} t2 on t1.banned_by = t2.id\r\n where t1.id = ?", $id);
}
if (!$row) {
displayNotFound($doc);
return;
}
$name = $row['name'];
if ($row['comment']) {
$comment = "<div class='user_comment'>" . f($row['comment']) . "</div>";
$_comment = e($row['comment']);
}
$my = (int) $user->id == (int) $id;
if ($my) {
$user_form = "\r\n <form method='post' action='user.php'>\r\n <div class='fields'>\r\n <label>Write a few things about yourself (optional):<br>\r\n <textarea name='comment'>{$_comment}</textarea>\r\n </label>\r\n </div>\r\n <input type='submit' value='Update information' />\r\n <input type='hidden' name='action' value='comment' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n <button id='passform_btn'>Change password</button>\r\n <form method='post' action='user.php' id='passform' class='hidden'>\r\n <div class='fields'>\r\n <label>Old password:<br>\r\n <input type='password' name='oldp' />\r\n </label><br>\r\n <label>New password:<br>\r\n <input type='password' name='newp' id='newp' />\r\n </label><br>\r\n <label>Repeat new password:<br>\r\n <input type='password' id='newp2' />\r\n </label>\r\n </div>\r\n <input type='submit' value='Change password' />\r\n <input type='hidden' name='action' value='password' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n ";
} else {
if ($user->isAdmin()) {
$user_form = "\r\n <form method='post' action='user.php'>\r\n <div class='fields'>\r\n <label>User information:<br>\r\n <textarea name='comment'>{$_comment}</textarea>\r\n </label>\r\n </div>\r\n <input type='submit' value='Update information' />\r\n <input type='hidden' name='action' value='comment' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n ";
}
}
if ($user_form) {
$user_form .= "\r\n <script>\r\n \$(function()\r\n {\r\n \$('#passform_btn').click(function()\r\n {\r\n \$('#passform').toggle();\r\n });\r\n \$('#passform').submit(function(ev)\r\n {\r\n if (\$('#newp').val() != \$('#newp2').val())\r\n {\r\n \$('#error').html('Error: passwords do not match');\r\n ev.preventDefault();\r\n }\r\n });\r\n });\r\n </script>\r\n ";
}
if ($row['role'] == 'root') {
$role = 'Owner';
} else {
if ($row['role'] == 'admin') {
$role = 'Administrator';
} else {
if ($row['role'] == 'user') {
$role = 'Member';
}
}
}
$res = "\r\n <h2>{$name}</h2>\r\n <div id='error'>{$errmsg}</div>\r\n <p>{$role}</p>\r\n {$comment}\r\n {$user_form}\r\n ";
if ($user->isAdmin()) {
$now = time();
$ban_date = (int) $row['ban_date'];
$banned = false;
if ($ban_date == 1) {
$reason = e($row['ban_reason']);
$ban = "<p>Ban relieved by <b>{$row['banned_by']}</b>. Reason: <b>{$reason}</b></p>";
} else {
if ($now <= $ban_date) {
$reason = e($row['ban_reason']);
$date = formatDate($ban_date);
$ban = "<p>User is banned until <b>{$date}</b> by <b>{$row['banned_by']}</b>. Reason: <b>{$reason}</b></p>";
$banned = true;
}
}
if ($banned) {
$ban_form = "\r\n <button id='banform_btn'>Remove ban</button>\r\n <form method='post' id='banform' class='hidden' action='user.php'>\r\n <div class='fields'>\r\n <label>Why do you want to remove ban?<br>\r\n <textarea name='ban_reason'></textarea>\r\n </label>\r\n </div>\r\n <input type='submit' value='Remove ban' />\r\n <input type='hidden' name='action' value='unban' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n ";
} else {
$ban_until = formatDate($now);
$ban_form = "\r\n <button id='banform_btn'>Ban user</button>\r\n <form method='post' id='banform' class='hidden' action='user.php'>\r\n <div class='fields'>\r\n <label>Reason for ban:<br>\r\n <textarea name='ban_reason'></textarea>\r\n </label><br>\r\n <label>Ban until:<br>\r\n <input type='text' id='ban_date' name='ban_date' value='{$ban_until}' />\r\n </label><br>\r\n <label>\r\n <input type='checkbox' class='nowidth' name='ban_ips' value='1' />\r\n Also ban all IPs of this user\r\n </label><br>\r\n <label>\r\n <input type='checkbox' class='nowidth' name='ban_revert_all' value='1' />\r\n Revert all changes made by this user\r\n </label><br>\r\n <label>\r\n </div>\r\n <input type='submit' value='Ban user' />\r\n <input type='hidden' name='action' value='ban' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n ";
}
$admin_comment = e($row['admin_comment']);
$ips = array();
$q = query("select distinct t1.user_ip, t2.id from {$table['translation']} t1, {$table['ip_data']} t2 where t1.user_id = ? and t1.user_ip = t2.ip", $id);
while ($rr = $q->fetch()) {
$ips[] = "<a href='index.php?p=userinfo&aid={$rr['1']}'>{$rr['0']}</a>";
}
$ips = implode('<br>', $ips);
if ($row['role'] == 'admin') {
$promote_form = "\r\n <form method='post' action='user.php' class='addmargin' id='promote_form'>\r\n <input type='submit' value='Demote to member' />\r\n <div id='promote_msg'></div>\r\n <input type='hidden' name='action' value='demote' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n ";
} else {
if ($row['role'] != 'root') {
$promote_form = "\r\n <form method='post' action='user.php' class='addmargin' id='promote_form'>\r\n <input type='submit' value='Promote to administrator' />\r\n <div id='promote_msg'></div>\r\n <input type='hidden' name='action' value='promote' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n ";
}
}
$res .= "\r\n <p>IPs used by this user:</p>\r\n <p>{$ips}</p>\r\n {$ban}\r\n <form method='post' action='user.php'>\r\n <div class='fields'>\r\n <label>Administrator comment (visible to administrators only):<br>\r\n <textarea name='admin_comment'>{$admin_comment}</textarea>\r\n </label>\r\n </div>\r\n <input type='submit' value='Update administrator comment' />\r\n <input type='hidden' name='action' value='admin_comment' />\r\n <input type='hidden' name='id' value='{$id}' />\r\n </form>\r\n {$ban_form}\r\n {$promote_form}\r\n <script>\r\n var promote_confirmed = false;\r\n \$(function()\r\n {\r\n \$('#banform_btn').click(function()\r\n {\r\n \$('#banform').toggle();\r\n });\r\n \$('#promote_form').submit(function(ev)\r\n {\r\n if (!promote_confirmed)\r\n {\r\n promote_confirmed = true;\r\n \$('#promote_msg').html('Are you sure? Click again to confirm.');\r\n ev.preventDefault();\r\n }\r\n });\r\n });\r\n </script>\r\n ";
}
$res .= "<p><a href='index.php?by={$id}'>View user submissions</a></p>";
$doc->content = $res;
}
public static function createAnonymous()
{
global $table;
$user = new self();
$res = queryGetRow("select id, unix_timestamp(ban_date) as ban_date from {$table['ip_data']} where ip = ?", $user->ip);
if (!$res) {
$id = $user->createIpRecord();
if (!$id) {
throw new Exception('Cannot create anonymous user');
}
$ban_date = 0;
} else {
$id = $res['id'];
$ban_date = $res['ban_date'];
}
$data['id'] = 0;
$user->aid = $id;
$data['name'] = 'Anonymous' . $id;
$data['role'] = 'user';
$data['user_id_ban_date'] = 0;
$data['ip_ban_date'] = $ban_date;
$user->setData($data);
return $user;
}
<?php
require_once 'lib/db.php';
require_once 'lib/template.php';
$doc = new Document('base');
$doc->title = "Banned";
$ban_doc = new Document('banned');
if ($user->banned == User::BANNED_BY_USER_ID) {
$ban = queryGetRow("select u1.ban_date as ban_date, u2.name as banned_by, u1.ban_reason as ban_reason\r\n from {$table['user']} u1, {$table['user']} u2\r\n where u1.id = ? and u2.id = u1.banned_by", $user->id);
$ban_doc->set('ban', "User <b>{$user->name}</b> is banned until <b>{$ban['ban_date']}</b> by <b>{$ban['banned_by']}</b>.");
$ban_doc->set('logout', "<a href='logout.php'><button>Log out</button></a>");
} else {
$ban = queryGetRow("select t1.ban_date as ban_date, u2.name as banned_by, t1.ban_reason as ban_reason\r\n from {$table['ip_data']} t1, {$table['user']} u2\r\n where t1.ip = ? and u2.id = t1.banned_by", $user->ip);
$ban_doc->set('ban', "Your ip address <b>{$user->ip}</b> is banned until <b>{$ban['ban_date']}</b> by <b>{$ban['banned_by']}</b>.");
}
$ban_doc->set('reason', $ban['ban_reason']);
$doc->content = $ban_doc->render();
echo $doc->render();
<?php
require_once 'lib/db.php';
require_once 'lib/functions.php';
$q = $_GET['q'];
if (!$q) {
die;
}
try {
$qq = queryGetRow("select t.source_id, t.translation from {$table['translation']} t, {$table['source']} src where src.source = ? and t.source_id = src.id order by t.id desc limit 1", $q);
if (!$qq) {
echo '{"success":"1","id":"0","result":""}';
} else {
echo '{"success":"1","id":"' . $qq[0] . '","result":"' . addslashes($qq[1]) . '"}';
}
} catch (Exception $ex) {
echo '{"success":"0","error":"' . addslashes($ex->getMessage()) . '"}';
}