<?php
require dirname(__FILE__) . '/includes/bootstrap.php';
//Getting Current User ID
$userID = buckys_is_logged_in();
//Process Some Actions
if (isset($_GET['action']) && $_GET['action'] == 'ban-user') {
if (!BuckysModerator::isModerator($userID)) {
die(MSG_PERMISSION_DENIED);
}
if (!isset($_GET['userID']) || !BuckysUser::checkUserID($userID)) {
buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
//Ban User
BuckysBanUser::banUser($_GET['userID']);
buckys_redirect('/index.php', MSG_BAN_USER);
exit;
}
//Getting User ID from Parameter
$profileID = buckys_escape_query_integer(isset($_GET['user']) ? $_GET['user'] : null);
//If the parameter is null, goto homepage
if (!$profileID) {
buckys_redirect('/index.php');
}
//Getting UserData from Id
$userData = BuckysUser::getUserData($profileID);
//Goto Homepage if the userID is not correct
if (!buckys_not_null($userData) || !BuckysUser::checkUserID($profileID, true) && !buckys_check_user_acl(USER_ACL_ADMINISTRATOR)) {
buckys_redirect('/index.php');
}
$postType = isset($_GET['type']) ? $_GET['type'] : 'all';
/**
* Ban users
*
* @param Array $ids
* @param Int $objectType
* @param Int $moderatorType
*/
public function banUsers($ids, $objectType, $moderatorType)
{
global $db;
if (!is_array($ids)) {
$ids = array($ids);
}
$query = $db->prepare("SELECT * FROM " . TABLE_REPORTS . " WHERE objectType=%s AND reportID in (" . implode(", ", $ids) . ")", $objectType);
$rows = $db->getResultsArray($query);
foreach ($rows as $row) {
//Getting User ID
if ($row['objectType'] == 'post') {
$query = "SELECT poster FROM " . TABLE_POSTS . " WHERE postID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'comment') {
$query = "SELECT commenter FROM " . TABLE_POSTS_COMMENTS . " WHERE commentID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'message') {
$query = "SELECT sender FROM " . TABLE_MESSAGES . " WHERE messageID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'topic') {
$query = "SELECT creatorID FROM " . TABLE_FORUM_TOPICS . " WHERE topicID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'reply') {
$query = "SELECT creatorID FROM " . TABLE_FORUM_REPLIES . " WHERE replyID=" . $row['objectID'];
}
}
}
}
}
$userID = $db->getVar($query);
if ($userID) {
BuckysBanUser::banUser($userID);
}
}
}
/**
* Ban users
*
* @param Array $ids
* @return int
*/
public static function banUsers($ids)
{
global $db;
if (!is_array($ids)) {
$ids = [$ids];
}
$query = "SELECT * FROM " . TABLE_REPORTS . " WHERE reportID IN (" . implode(", ", $ids) . ")";
$rows = $db->getResultsArray($query);
$bannedUsers = 0;
$adminUsers = 0;
foreach ($rows as $row) {
//Getting User ID
if ($row['objectType'] == 'post') {
$query = "SELECT poster FROM " . TABLE_POSTS . " WHERE postID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'comment') {
$query = "SELECT commenter FROM " . TABLE_POSTS_COMMENTS . " WHERE commentID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'video_comment') {
$query = "SELECT userID FROM " . TABLE_VIDEO_COMMENTS . " WHERE commentID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'message') {
$query = "SELECT sender FROM " . TABLE_MESSAGES . " WHERE messageID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'topic') {
$query = "SELECT creatorID FROM " . TABLE_FORUM_TOPICS . " WHERE topicID=" . $row['objectID'];
} else {
if ($row['objectType'] == 'reply') {
$query = "SELECT creatorID FROM " . TABLE_FORUM_REPLIES . " WHERE replyID=" . $row['objectID'];
}
}
}
}
}
}
$userID = $db->getVar($query);
if ($userID) {
if (!buckys_check_user_acl(USER_ACL_MODERATOR, $userID)) {
BuckysBanUser::banUser($userID);
$bannedUsers++;
} else {
$adminUsers++;
}
}
}
if ($adminUsers > 0) {
buckys_add_message(MSG_CAN_NOT_BAN_ADMIN, MSG_TYPE_NOTIFY);
}
return $bannedUsers;
}