<?php
require_once "models/config.php";
if (!isUserLoggedIn()) {
echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">';
die;
}
if (!isUserMod($id) and !isUserAdmin($id)) {
echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">';
die;
}
$account = $loggedInUser->display_username;
?>
<h1>Ban A user from chat</h1>
<form action="" name="banform" method="POST">
<input type="text" name="ban" class="field" />
<input type="submit" value="ban" class="blues" />
</form>
<?php
if (isset($_POST["ban"])) {
$banby = $account;
$username = mysql_real_escape_string(strip_tags($_POST["ban"]));
mysql_query("UPDATE userCake_Users SET `ChatBanned`='1' WHERE `Username`='{$username}'");
mysql_query("UPDATE userCake_Users SET `BannedBy`='{$banby}' WHERE `Username`='{$username}'");
$message_sys = mysql_real_escape_string(strip_tags("" . $username . " was banned from chat."));
$color_sys = mysql_real_escape_string(strip_tags("#FF0000"));
$user_sys = mysql_real_escape_string(strip_tags("system"));
mysql_query("INSERT INTO messages (color, username, message) VALUES ('{$color_sys}','{$user_sys}','{$message_sys}')");
}
if (isset($_GET["unban"])) {
$username = mysql_real_escape_string(strip_tags($_GET["unban"]));
<?php
$id = $loggedInUser->user_id;
$account = $loggedInUser->display_username;
if(!isUserLoggedIn()){
echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">';
}
if(isUserAdmin($id) === true)
{
echo "<h2>Welcome Admin</h2>";
$sql = mysql_query("SELECT * FROM Tickets");
}
if(isUserMod($id) === true)
{
echo "<h2>Welcome Moderator</h2>";
$sql = mysql_query("SELECT * FROM Tickets");
}
if(isUserNormal($id)){
echo "<h2>How may I help you today, <b>".$account."</b> ?</h2>";
echo "
<ul class='flatflipbuttons'>
<li style='width: 200px !important;' class='square'><a href='index.php?page=newticket'><span>Get Support</span></a></li>
</ul>
</br>";
$sql = mysql_query("SELECT * FROM Tickets WHERE `user_id`='$id'");
}
$num = mysql_num_rows($sql);
?>
<div id="page">
<?php
require_once 'models/config.php';
include 'models/chat.config.php';
//___
$id = $loggedInUser->user_id;
$username = $loggedInUser->display_username;
//___
if (isUserCBanned($id)) {
die;
} else {
if (isUserAdmin($id)) {
$color = "#0404B4";
} else {
if (isUserMod($id)) {
$color = "#B43104";
} else {
$color = "#000000";
}
}
$color_ = $db->real_escape_string(htmlentities($color));
$user = $db->real_escape_string(htmlentities($username));
$message = $db->real_escape_string(strip_tags($_POST['message'], '<a>'));
$timestamp = $db->real_escape_string(gettime());
$db->Query("INSERT INTO messages (color, username, message, timestamp) VALUES ('{$color_}','{$user}','{$message}','{$timestamp}')");
}
<?php
if(!isUserLoggedIn())
{
echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">';
die();
}
$id = @mysql_real_escape_string($_GET["id"]);
$sql = @mysql_query("SELECT * FROM Tickets WHERE `id`=$id");
$owner = @mysql_result($sql, 0, "user_id");
if ($loggedInUser->user_id == $owner OR isUserAdmin($loggedInUser->user_id) OR isUserMod($loggedInUser->user_id)) {
if (isset($_GET["action"])) {
if ($_GET["action"] == "closev") {
echo "<h3>Are you sure?</h3><br \><a href=\"index.php?page=viewticket&action=closey&id=" . $id . "\"><input type=\"submit\" class=\"blues\" value=\"Yes\"/></a><br /><a href=\"index.php?page=viewticket&id=$id\"><input type=\"submit\" class=\"blues\" value=\"No\"/></a><br />";
}
if ($_GET["action"] == "closey") {
mysql_query("UPDATE Tickets SET opened=0 WHERE `id`='$id'");
echo "Your ticket has been closed.";
echo '<meta http-equiv="refresh" content="0; URL=index.php?page=support">';
}
if ($_GET["action"] == "open")
{
mysql_query("UPDATE Tickets SET opened=1 WHERE `id`='$id'");
echo "Your ticket has been reopened.";
echo '<meta http-equiv="refresh" content="0; URL=index.php?page=support">';
}
} else {
$subject = mysql_result($sql, 0, "subject");
if (isset($_POST["post"])) {
$post = mysql_real_escape_string(strip_tags($_POST["post"]));
$uid = $loggedInUser->user_id;
if (!isUserMod($idaa) and !isUserAdmin($idaa)) {
$color = htmlentities($value['color']);
$user = htmlentities($value['username']);
$msg = htmlentities($value['message']);
echo "<li id='msg_row'><b id='u_name_chat' style='color: " . $color . ";'>" . $user . "</b>: " . $msg . "</li>";
} else {
$color = htmlentities($value['color']);
$user = htmlentities($value['username']);
$msg = htmlentities($value['message']);
$todelete = $db->real_escape_string($value['id']);
echo "<li id='msg_row'><b id='u_name_chat' style='color: " . $color . ";'>" . $user . "</b>: " . $msg . "<a color='blue' href='#' rel=" . $todelete . " class='delete' onClick='deleteChat(this);'>delete</a></li>";
}
}
?>
<script>
<?php
if (isUserMod($idaa) || isUserAdmin($idaa)) {
?>
function deleteChat(t) {
console.log("Clicked delete");
var toDEL = $(t).parent();
var id = $(t).attr('rel');
console.log(id);
$.post('ajaxDEL.php', {id: id})
.done(function(data) {
$(toDEL).hide();
});
}
/*$('.delete').click(function() {
