} $db->update("UPDATE pw_cnalbum SET " . pwSqlSingle(array('aname' => $aname, 'aintro' => $aintro, 'private' => $private, 'albumpwd' => $pwd)) . ' WHERE aid=' . pwEscape($aid)); refreshto("{$basename}a=own", 'operate_success'); } } elseif ($a == 'viewalbum') { define('AJAX', 1); define('F_M', true); InitGP(array('aid')); $aid = (int) $aid; empty($aid) && Showmsg('data_error'); require_once PrintEot('m_ajax'); ajax_footer(); } elseif ($a == 'createajax') { define('AJAX', 1); define('F_M', true); banUser(); InitGP(array('job')); require_once PrintEot('m_ajax'); ajax_footer(); } elseif ($a == 'getallowflash') { define('AJAX', 1); define('F_M', true); InitGP(array('aid')); $aid = (int) $aid; if ($aid) { $photonums = $db->get_value("SELECT photonum FROM pw_cnalbum WHERE atype='0' AND aid=" . pwEscape($aid)); $o_maxphotonum && $photonums >= $o_maxphotonum && Showmsg('colony_photofull'); if ($o_maxphotonum) { $allowmutinum = $o_maxphotonum - $photonums; } else { $allowmutinum = 'infinite';
function showBanForm($banid) { global $DB; $unme = $DB->selectCell("SELECT username FROM account WHERE id='" . $banid . "'"); echo "\r\n\t\t<div class=\"content\">\t\r\n\t\t\t<div class=\"content-header\">\r\n\t\t\t\t<h4><a href=\"?p=admin\">Main Menu</a> / <a href=\"?p=admin&sub=users\">Manage Users</a> / " . $unme . " / Ban</h4>\r\n\t\t\t</div> <!-- .content-header -->\t\t\t\t\r\n\t\t\t<div class=\"main-content\">\r\n\t"; if (isset($_POST['ban_user'])) { banUser($_POST['ban_user'], $_POST['ban_reason']); } echo "\r\n\t\t<form method=\"POST\" action=\"?p=admin&sub=users&id=" . $banid . "&action=ban\" name=\"adminform\" class=\"form label-inline\">\r\n\t\t\t<input type='hidden' name='ban_user' value='" . $banid . "' />\r\n\t\t\t<table>\r\n\t\t\t\t<thead>\r\n\t\t\t\t\t<th><center><b>Ban Account #" . $banid . " (" . $unme . ")</b></center></th>\r\n\t\t\t\t</thead>\r\n\t\t\t</table>\r\n\t\t\t<br />\r\n\t\t\t<div class='field'>\r\n\t\t\t\t<label for='Username'>Ban Reason: </label>\r\n\t\t\t\t<input id='Username' name='ban_reason' size='20' type='text' class='large' />\r\n\t\t\t</div>\r\n\t\t\t\r\n\t\t\t<div class=\"buttonrow-border\">\t\t\t\t\t\t\t\t\r\n\t\t\t\t<center><button><span>Ban User</span></button></center>\t\t\t\r\n\t\t\t</div>\r\n\r\n\t\t</form>\r\n\t</div>\r\n\t"; }
case "reportUser": case "reportuser": $oldignoreuserabort = ignore_user_abort(true); reportUser($option,$form,$uid); break; case "processReports": case "processreports": $oldignoreuserabort = ignore_user_abort(true); processReports(); break; case "banProfile": case "banprofile": $oldignoreuserabort = ignore_user_abort(true); banUser($option,$uid,$form,$act); break; case "viewReports": case "viewreports": viewReports($option,$uid,$act); break; case "emailUser": case "emailuser": emailUser($option,$uid); break; case "pendingApprovalUser": case "pendingapprovaluser": pendingApprovalUsers($option);
<?php ob_start(); require_once "functions.php"; if (!$isLoggedIn && !isAdmin) { header("Location:index.php"); exit; } $ban = isset($_GET['ban']) ? $_GET['ban'] : false; $userID = isset($_GET['id']) ? $_GET['id'] : false; if ($userID) { if ($ban) { banUser($userID); } else { unbanUser($userID); } }
<?php include "../util/DbUtil.php"; session_start(); $userid = $_POST['userid']; $response = ""; $db_conn = getConnectedDb(); if (is_null($db_conn)) { $response = "Error connecting to database. Try again later."; } elseif (isUserBanned($db_conn, $userid)) { $response = "User already banned."; } elseif (!banUser($db_conn, $userid)) { $response = "Error banning user"; } else { $response = "Success"; } echo $response;
postMedia($_GET['sid']); header("Location: mod.php"); } elseif ($_GET['type'] == "1") { rejectImage($_GET['sid']); header("Location: mod.php"); } elseif ($_GET['type'] == "2") { reportImage($_GET['sid']); header("Location: mod.php"); } elseif ($_GET['type'] == "-1") { if (is_admin(mod_id())) { banUser($_GET['sid'], 0); } header("Location: mod.php"); } elseif ($_GET['type'] == "-2") { if (is_admin(mod_id())) { banUser($_GET['sid'], 1); } header("Location: reports.php"); } elseif ($_GET['type'] == "-3") { if (is_admin(mod_id())) { removeReport($_GET['sid']); } header("Location: reports.php"); } } if ($_GET['type'] == "register") { if (!is_mod(mod_id())) { addModerator(mod_id()); header("Location: mod.php"); } else { header("Location: mod.php");