function ban()
{
global $globals;
global $user;
$uid = $user['uid'];
// Run the DB query to ban the user here
echo "Hi {$uid}, now it is going to be the banned";
// including bannedList file in order to run the ban function on the user[uid]
include $globals['sourcedir'] . 'bannedList.php';
// running the ban function on the user[uid]
ban($uid);
// Logging into the Ai_actions table, that user is banned
$qI1 = "INSERT INTO `ai_actions_taken`(`users_uid`, `ban`) VALUES({$uid}, 1)";
$qI1_e = db_query($qI1);
}
top($from['id']);
break;
case '/mytop':
mytop($from['id']);
break;
case '/reloadquiz':
if ($from['id'] == administrator_id) {
global $questionlist;
$questions = file_get_contents('quiz');
$questions .= "\n" . file_get_contents('quiz2');
$questionlist = explode("\n", trim($questions));
}
break;
default:
if (mb_stripos($text, '/ban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) {
ban(mb_substr($text, 5, mb_strlen($text, 'UTF-8'), 'UTF-8'));
} else {
if (mb_stripos($text, '/unban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) {
unban(mb_substr($text, 7, mb_strlen($text, 'UTF-8'), 'UTF-8'));
} else {
if (mb_stripos($text, '/feedback', 0, 'UTF-8') !== FALSE) {
feedback($from['id'], mb_substr($text, 10, mb_strlen($text, 'UTF-8'), 'UTF-8'));
} else {
message($from['id'], $text);
}
}
}
break;
}
}
}
} else {
return false;
}
}
function detect()
{
// file_get_contents("php://input") //Get the POST Data
$re = array('and', 'or', 'count', 'select', 'from', 'union', 'group', 'by', 'limit', 'insert', 'where', 'order', 'alter', 'delete', 'having', 'max', 'min', 'avg', 'sum', 'sqrt', 'rand', 'concat', 'sleep');
$pattern = '/' . implode('|', $re) . '/';
$query = $_SERVER['QUERY_STRING'];
$query = urldecode($query);
$query = strtolower($query);
return preg_match($pattern, $query);
}
if (isset($_SESSION['lastime'])) {
if (ban()) {
header('HTTP/1.1 500 Internal Server Error');
header("Connetion:close");
exit;
}
} else {
$_SESSION['lastime'] = nowtime();
}
if (detect()) {
header('HTTP/1.1 500 Internal Server Error');
header("Connetion:close");
exit;
}
//payload
//?area=hangzhou' %26%26 (substr(load_file('path'),1,1)='<') %23
?>
exit;
} else {
avert('Vous postez trop vite. Veuillez attendre ' . $temps_chaque_post . ' secondes entre chaque envoi.');
}
} else {
avert('Le sujet est verrouillé !');
}
} else {
avert('Le message ne peut pas être vide !');
}
}
$req_sujet = $connexion->prepare('SELECT * FROM sujets WHERE id = ' . $_GET['id']);
$req_sujet->execute();
$don_sujet = $req_sujet->fetch(PDO::FETCH_OBJ);
if ($_GET['action'] == 'ban' and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) {
$reponse = ban($_GET['banId'], $_GET['token'], $connexion);
if ($reponse) {
info('Le membre a bien été banni !');
} else {
avert('Une erreur s\'est produite !');
}
}
if ($_GET['action'] == 'banIp' and isset($_GET['banIp']) and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) {
$reponse = banIp($_GET['banIp'], $_GET['banId'], $_GET['token'], $connexion);
if ($reponse) {
info('Le membre a bien été banni !');
} else {
avert('Une erreur s\'est produite !');
}
}
if ($_GET['action'] == 'listeNoire' and isset($_GET['listeNoireIp']) and isset($_GET['listeNoireId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] == 90) {
function mod_ban_post($board, $delete, $post, $token = false)
{
global $config, $mod;
if (!openBoard($board)) {
error($config['error']['noboard']);
}
if (!hasPermission($config['mod']['delete'], $board)) {
error($config['error']['noaccess']);
}
$security_token = make_secure_link_token($board . '/ban/' . $post);
$query = prepare(sprintf('SELECT `ip`, `thread` FROM `posts_%s` WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
if (!($_post = $query->fetch(PDO::FETCH_ASSOC))) {
error($config['error']['404']);
}
$thread = $_post['thread'];
$ip = $_post['ip'];
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
require_once 'inc/mod/ban.php';
if (isset($_POST['ip'])) {
$ip = $_POST['ip'];
}
ban($ip, $_POST['reason'], parse_time($_POST['length']), $_POST['board'] == '*' ? false : $_POST['board']);
if (isset($_POST['public_message'], $_POST['message'])) {
// public ban message
$query = prepare(sprintf('UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message'])));
$query->execute() or error(db_error($query));
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message']));
buildThread($thread ? $thread : $post);
buildIndex();
} elseif (isset($_POST['delete']) && (int) $_POST['delete']) {
// Delete post
deletePost($post);
modLog("Deleted post #{$post}");
// Rebuild board
buildIndex();
}
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}
$args = array('ip' => $ip, 'hide_ip' => !hasPermission($config['mod']['show_ip'], $board), 'post' => $post, 'board' => $board, 'delete' => (bool) $delete, 'boards' => listBoards(), 'token' => $security_token);
mod_page(_('New ban'), 'mod/ban_form.html', $args);
}
function processCommand($cmdString) {
if (substr($cmdString, 0, 1) != '/') return false;
$firstSpace = strpos($cmdString, ' ');
if ($firstSpace) {
$command = substr($cmdString, 1, $firstSpace - 1);
$args = substr($cmdString, $firstSpace + 1);
$args = trim($args);
if ($args == '') unset($args);
else $args = explode(' ', $args);
} else {
$command = substr($cmdString, 1);
}
switch($command) {
case 'help':
if (isset($args))
showHelp($args[0]);
else
showHelp('help');
break;
case 'login':
if (isset($args))
if (login(md5($args[0])))
sysShout('Logged in! <a href="javascript:window.location.reload()">Refresh</a> this browser window to view information about shouts that were made before you logged in.');
else
sysShout('Login failed.');
break;
case 'logout':
if (logout())
sysShout('Logged out.');
else
sysShout('Logout failed.');
break;
case 'ban':
if (isset($args)) {
if (ban($args[0]))
sysShout('Banned ' . formatString($args[0]) . '.');
else
sysShout('Couldn\'t ban ' . formatString($args[0]) . '.');
}
break;
case 'unban':
if (isset($args)) {
if (unban($args[0]))
sysShout('Unbanned ' . formatString($args[0]) . '.');
else
sysShout('Couldn\'t unban ' . formatString($args[0]) . '.');
}
break;
case 'bans':
listBans();
break;
case 'clearbans':
if (clearBans())
sysShout('Bans cleared.');
else
sysShout('Couldn\'t clear bans.');
break;
case 'clear':
if (clearLog())
sysShout('All shouts cleared; <a href="javascript:window.location.reload()">refresh</a> your browser window.');
else
sysShout('Couldn\'t clear the chat.');
break;
}
return true;
}
if (!valid('manager'))
die('"PLS AUTOBAN ME" - you');
adduser($_POST['addusername'], $_POST['adduserpass']);
remuser($_POST['remusername'], $_POST['remuserpass']);
break;*/
case 'rebuildall':
rebuild(1);
break;
case 'debug':
echo $_SERVER['DOCUMENT_ROOT'];
break;
case 'banish':
$ip = $_POST['ip_to_ban'];
$pubreason = mysql_real_escape_string($_POST['pubreason']);
$staffreason = mysql_real_escape_string($_POST['staffreason']);
$banlength = mysql_real_escape_string($_POST['timebannedfor']);
ban($ip, $pubreason, $staffreason, $banlength);
echo '<br/ > <a href="' . PHP_SELF . '?mode=admin" />Return</a>';
break;
case 'usrdel':
usrdel($no, $pwd);
default:
if ($res) {
resredir($res);
echo "<META HTTP-EQUIV=\"refresh\" content=\"10;URL=" . PHP_SELF2_ABS . "\">";
} else {
echo "Updating index...\n";
updatelog();
echo "<META HTTP-EQUIV=\"refresh\" content=\"0;URL=" . PHP_SELF2_ABS . "\">";
}
}
