function databaseBanUser($service_id, $username, $realm, $duration, $reason, $unban = false, $name_only = false, $ban_aliases = false)
{
global $config;
$link = databaseConnect($service_id);
if (!$link) {
return false;
}
$message = "";
$username = escape(strtolower($username));
$realm = escape($realm);
$duration = escape(intval($duration) * 3600);
$reason = escape($reason);
$realms = databaseGetRealms($service_id);
//find a realm to use by default that is not blank
$default_realm = "";
foreach ($realms as $i_realm) {
if ($i_realm != "") {
$default_realm = $i_realm;
break;
}
}
if ($realm != "") {
$realms = array($realm);
}
foreach ($realms as $realm_it) {
$where = "WHERE name = '{$username}' AND spoofedrealm = '{$realm_it}'";
//unban the user if we're supposed to
if ($unban) {
$link->query("DELETE FROM bans WHERE name = '{$username}' AND server = '{$realm_it}'");
$message .= "Unbanned {$username} on {$realm_it}<br />";
continue;
}
//make sure user isn't already banned
$result = $link->query("SELECT COUNT(*) FROM bans WHERE name = '{$username}' AND server = '{$realm_it}'");
$row = $result->fetch_array();
$result->close();
if ($row[0] > 0) {
$message .= "Skipping {$realm_it}: already banned!<br />";
continue;
}
//last few IP addresses logged; limited to 15 addresses within the last 30 days
$result = $link->query("SELECT DISTINCT ip FROM gameplayers LEFT JOIN games ON gameplayers.gameid = games.id {$where} AND datetime > DATE_SUB( NOW( ), INTERVAL 30 DAY) ORDER BY gameplayers.id DESC LIMIT 15");
//only continue if both we have found some addresses and we don't want to just ban by name
if (!$name_only && $result->num_rows > 0) {
while ($row = $result->fetch_array()) {
$ip = escape($row[0]);
//if this is for non-spoofchecked users, ban on default realm
$ban_realm = $realm_it;
if ($ban_realm == "") {
$ban_realm = $default_realm;
}
if ($config['db_expiredate'] === false) {
$link->query("INSERT INTO bans (botid, server, name, ip, date, gamename, admin, reason) VALUES ('0', '{$ban_realm}', '{$username}', '{$ip}', CURDATE(), '', 'uxpanel', '{$reason}'");
} else {
$link->query("INSERT INTO bans (botid, server, name, ip, date, gamename, admin, reason, {$config['db_expiredate']}) VALUES ('0', '{$ban_realm}', '{$username}', '{$ip}', CURDATE(), '', 'uxpanel', '{$reason}', DATE_ADD( NOW( ), INTERVAL {$duration} second ))");
}
$message .= "Banned used IP address [{$ip}] on {$realm_it}<br />";
}
} else {
//no previous games found; ban by username only if this is an actual realm
if ($realm_it != "") {
if ($config['db_expiredate'] === false) {
$link->query("INSERT INTO bans (botid, server, name, ip, date, gamename, admin, reason VALUES ('0', '{$realm_it}', '{$username}', '', CURDATE(), '', 'uxpanel', '{$reason}')");
} else {
$link->query("INSERT INTO bans (botid, server, name, ip, date, gamename, admin, reason, {$config['db_expiredate']}) VALUES ('0', '{$realm_it}', '{$username}', '', CURDATE(), '', 'uxpanel', '{$reason}', DATE_ADD( NOW( ), INTERVAL {$duration} second ))");
}
$message .= "Banned by name on {$realm_it}<br />";
}
}
$result->close();
}
if ($ban_aliases) {
$message .= "Banning aliases...<br />";
$searchRealm = $realm;
if ($searchRealm == "") {
$searchRealm = $default_realm;
}
//get list of aliases and ban them on the default realm
$array = array();
databaseAliases($service_id, $username, $searchRealm, 1, $array);
$players = array_keys($array);
foreach ($players as $p_str) {
$p_info = databaseGetPlayer($p_str);
$aliasName = escape($p_info[0]);
$aliasRealm = escape($p_info[1]);
if ($aliasName == $username && $aliasRealm == $searchRealm) {
continue;
}
$message .= databaseBanUser($service_id, $aliasName, $aliasRealm, $duration, $reason, false, true);
$message .= "Banned alias {$aliasName}@{$aliasRealm}<br />";
}
}
return $message;
}
include "../include/common.php";
include "../config.php";
include "../include/session.php";
include "../include/dbconnect.php";
include "../include/account.php";
include "../include/database.php";
if (isset($_SESSION['account_id']) && isset($_REQUEST['id']) && is_numeric($_REQUEST['id']) && isset($_SESSION['is_' . $_REQUEST['id'] . '_database'])) {
$message = "";
if (isset($_REQUEST['message'])) {
$message = str_replace("[br]", "<br>", htmlspecialchars($_REQUEST['message']));
}
if (isset($_POST['username']) && isset($_POST['reason']) && isset($_POST['realm']) && isset($_POST['duration'])) {
$unban = isset($_REQUEST['unban']);
$nameonly = isset($_REQUEST['nameonly']);
$aliases = isset($_REQUEST['aliases']);
$message = databaseBanUser($_REQUEST['id'], $_POST['username'], $_POST['realm'], $_POST['duration'], $_POST['reason'], $unban, $nameonly, $aliases);
if (!isset($_SESSION['noredirect'])) {
$messageEscape = urlencode(str_replace(array("<br>", "<br/>", "<br />"), array("[br]", "[br]", "[br]"), $message));
header("Location: ban.php?id=" . $_REQUEST['id'] . "&message=" . $messageEscape);
}
} else {
if (isset($_POST['clearbans']) && ($_POST['doclearbans'] = 'do')) {
databaseClearBans($_REQUEST['id']);
if (!isset($_SESSION['noredirect'])) {
header("Location: ban.php?id=" . $_REQUEST['id'] . "&message=" . urlencode("Cleared all bans successfully."));
}
}
}
$realms = databaseGetRealms($_REQUEST['id']);
get_page("ban", "database", array('service_id' => $_REQUEST['id'], 'message' => $message, 'realms' => $realms));
} else {
