header("Location: log.php?search=User+{$UserID}"); } $Cur = $DB->next_record(MYSQLI_ASSOC, false); if ($_POST['comment_hash'] != $Cur['CommentHash']) { error("Somebody else has moderated this user since you loaded it. Please go back and refresh the page."); } //NOW that we know the class of the current user, we can see if one staff member is trying to hax0r us. if (!check_perms('users_mod', $Cur['Class'])) { //Son of a f*****g bitch error(403); die; } if (!empty($_POST['donor_points_submit']) && !empty($_POST['donation_value']) && is_numeric($_POST['donation_value'])) { Donations::regular_donate($UserID, $_POST['donation_value'], "Add Points", $_POST['donation_reason'], $_POST['donation_currency']); } elseif (!empty($_POST['donor_values_submit'])) { Donations::update_rank($UserID, $_POST['donor_rank'], $_POST['total_donor_rank'], $_POST['reason']); } // If we're deleting the user, we can ignore all the other crap if ($_POST['UserStatus'] === 'delete' && check_perms('users_delete_users')) { Misc::write_log("User account {$UserID} (" . $Cur['Username'] . ") was deleted by " . $LoggedUser['Username']); $DB->query("\n\t\tDELETE FROM users_main\n\t\tWHERE id = {$UserID}"); $DB->query("\n\t\tDELETE FROM users_info\n\t\tWHERE UserID = {$UserID}"); $Cache->delete_value("user_info_{$UserID}"); Tracker::update_tracker('remove_user', array('passkey' => $Cur['torrent_pass'])); header("Location: log.php?search=User+{$UserID}"); die; } // User was not deleted. Perform other stuff. $UpdateSet = array(); $EditSummary = array(); $TrackerUserUpdates = array('passkey' => $Cur['torrent_pass']);