function ban() { global $globals; global $user; $uid = $user['uid']; // Run the DB query to ban the user here echo "Hi {$uid}, now it is going to be the banned"; // including bannedList file in order to run the ban function on the user[uid] include $globals['sourcedir'] . 'bannedList.php'; // running the ban function on the user[uid] ban($uid); // Logging into the Ai_actions table, that user is banned $qI1 = "INSERT INTO `ai_actions_taken`(`users_uid`, `ban`) VALUES({$uid}, 1)"; $qI1_e = db_query($qI1); }
top($from['id']); break; case '/mytop': mytop($from['id']); break; case '/reloadquiz': if ($from['id'] == administrator_id) { global $questionlist; $questions = file_get_contents('quiz'); $questions .= "\n" . file_get_contents('quiz2'); $questionlist = explode("\n", trim($questions)); } break; default: if (mb_stripos($text, '/ban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) { ban(mb_substr($text, 5, mb_strlen($text, 'UTF-8'), 'UTF-8')); } else { if (mb_stripos($text, '/unban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) { unban(mb_substr($text, 7, mb_strlen($text, 'UTF-8'), 'UTF-8')); } else { if (mb_stripos($text, '/feedback', 0, 'UTF-8') !== FALSE) { feedback($from['id'], mb_substr($text, 10, mb_strlen($text, 'UTF-8'), 'UTF-8')); } else { message($from['id'], $text); } } } break; } } }
} else { return false; } } function detect() { // file_get_contents("php://input") //Get the POST Data $re = array('and', 'or', 'count', 'select', 'from', 'union', 'group', 'by', 'limit', 'insert', 'where', 'order', 'alter', 'delete', 'having', 'max', 'min', 'avg', 'sum', 'sqrt', 'rand', 'concat', 'sleep'); $pattern = '/' . implode('|', $re) . '/'; $query = $_SERVER['QUERY_STRING']; $query = urldecode($query); $query = strtolower($query); return preg_match($pattern, $query); } if (isset($_SESSION['lastime'])) { if (ban()) { header('HTTP/1.1 500 Internal Server Error'); header("Connetion:close"); exit; } } else { $_SESSION['lastime'] = nowtime(); } if (detect()) { header('HTTP/1.1 500 Internal Server Error'); header("Connetion:close"); exit; } //payload //?area=hangzhou' %26%26 (substr(load_file('path'),1,1)='<') %23 ?>
exit; } else { avert('Vous postez trop vite. Veuillez attendre ' . $temps_chaque_post . ' secondes entre chaque envoi.'); } } else { avert('Le sujet est verrouillé !'); } } else { avert('Le message ne peut pas être vide !'); } } $req_sujet = $connexion->prepare('SELECT * FROM sujets WHERE id = ' . $_GET['id']); $req_sujet->execute(); $don_sujet = $req_sujet->fetch(PDO::FETCH_OBJ); if ($_GET['action'] == 'ban' and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) { $reponse = ban($_GET['banId'], $_GET['token'], $connexion); if ($reponse) { info('Le membre a bien été banni !'); } else { avert('Une erreur s\'est produite !'); } } if ($_GET['action'] == 'banIp' and isset($_GET['banIp']) and isset($_GET['banId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] >= 90) { $reponse = banIp($_GET['banIp'], $_GET['banId'], $_GET['token'], $connexion); if ($reponse) { info('Le membre a bien été banni !'); } else { avert('Une erreur s\'est produite !'); } } if ($_GET['action'] == 'listeNoire' and isset($_GET['listeNoireIp']) and isset($_GET['listeNoireId']) and $_GET['token'] == $_SESSION['mToken'] and $_SESSION['acces'] == 90) {
function mod_ban_post($board, $delete, $post, $token = false) { global $config, $mod; if (!openBoard($board)) { error($config['error']['noboard']); } if (!hasPermission($config['mod']['delete'], $board)) { error($config['error']['noaccess']); } $security_token = make_secure_link_token($board . '/ban/' . $post); $query = prepare(sprintf('SELECT `ip`, `thread` FROM `posts_%s` WHERE `id` = :id', $board)); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if (!($_post = $query->fetch(PDO::FETCH_ASSOC))) { error($config['error']['404']); } $thread = $_post['thread']; $ip = $_post['ip']; if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) { require_once 'inc/mod/ban.php'; if (isset($_POST['ip'])) { $ip = $_POST['ip']; } ban($ip, $_POST['reason'], parse_time($_POST['length']), $_POST['board'] == '*' ? false : $_POST['board']); if (isset($_POST['public_message'], $_POST['message'])) { // public ban message $query = prepare(sprintf('UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id', $board)); $query->bindValue(':id', $post); $query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message']))); $query->execute() or error(db_error($query)); modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message'])); buildThread($thread ? $thread : $post); buildIndex(); } elseif (isset($_POST['delete']) && (int) $_POST['delete']) { // Delete post deletePost($post); modLog("Deleted post #{$post}"); // Rebuild board buildIndex(); } header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']); } $args = array('ip' => $ip, 'hide_ip' => !hasPermission($config['mod']['show_ip'], $board), 'post' => $post, 'board' => $board, 'delete' => (bool) $delete, 'boards' => listBoards(), 'token' => $security_token); mod_page(_('New ban'), 'mod/ban_form.html', $args); }
function processCommand($cmdString) { if (substr($cmdString, 0, 1) != '/') return false; $firstSpace = strpos($cmdString, ' '); if ($firstSpace) { $command = substr($cmdString, 1, $firstSpace - 1); $args = substr($cmdString, $firstSpace + 1); $args = trim($args); if ($args == '') unset($args); else $args = explode(' ', $args); } else { $command = substr($cmdString, 1); } switch($command) { case 'help': if (isset($args)) showHelp($args[0]); else showHelp('help'); break; case 'login': if (isset($args)) if (login(md5($args[0]))) sysShout('Logged in! <a href="javascript:window.location.reload()">Refresh</a> this browser window to view information about shouts that were made before you logged in.'); else sysShout('Login failed.'); break; case 'logout': if (logout()) sysShout('Logged out.'); else sysShout('Logout failed.'); break; case 'ban': if (isset($args)) { if (ban($args[0])) sysShout('Banned ' . formatString($args[0]) . '.'); else sysShout('Couldn\'t ban ' . formatString($args[0]) . '.'); } break; case 'unban': if (isset($args)) { if (unban($args[0])) sysShout('Unbanned ' . formatString($args[0]) . '.'); else sysShout('Couldn\'t unban ' . formatString($args[0]) . '.'); } break; case 'bans': listBans(); break; case 'clearbans': if (clearBans()) sysShout('Bans cleared.'); else sysShout('Couldn\'t clear bans.'); break; case 'clear': if (clearLog()) sysShout('All shouts cleared; <a href="javascript:window.location.reload()">refresh</a> your browser window.'); else sysShout('Couldn\'t clear the chat.'); break; } return true; }
if (!valid('manager')) die('"PLS AUTOBAN ME" - you'); adduser($_POST['addusername'], $_POST['adduserpass']); remuser($_POST['remusername'], $_POST['remuserpass']); break;*/ case 'rebuildall': rebuild(1); break; case 'debug': echo $_SERVER['DOCUMENT_ROOT']; break; case 'banish': $ip = $_POST['ip_to_ban']; $pubreason = mysql_real_escape_string($_POST['pubreason']); $staffreason = mysql_real_escape_string($_POST['staffreason']); $banlength = mysql_real_escape_string($_POST['timebannedfor']); ban($ip, $pubreason, $staffreason, $banlength); echo '<br/ > <a href="' . PHP_SELF . '?mode=admin" />Return</a>'; break; case 'usrdel': usrdel($no, $pwd); default: if ($res) { resredir($res); echo "<META HTTP-EQUIV=\"refresh\" content=\"10;URL=" . PHP_SELF2_ABS . "\">"; } else { echo "Updating index...\n"; updatelog(); echo "<META HTTP-EQUIV=\"refresh\" content=\"0;URL=" . PHP_SELF2_ABS . "\">"; } }