connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $ban_type = (isset($_GET['ban_type'])) ? $sqlr->quote_smart($_GET['ban_type']) : "account_banned"; $key_field = ($ban_type == "account_banned") ? "id" :"ip"; //==========================$_GET and SECURE================================= $start = (isset($_GET['start'])) ? $sqlr->quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; $order_by = (isset($_GET['order_by'])) ? $sqlr->quote_smart($_GET['order_by']) : "$key_field"; if (!preg_match("/^[_[:lower:]]{1,12}$/", $order_by)) $order_by="$key_field"; $dir = (isset($_GET['dir'])) ? $sqlr->quote_smart($_GET['dir']) : 1; if (!preg_match("/^[01]{1}$/", $dir)) $dir=1; $order_dir = ($dir) ? "ASC" : "DESC"; $dir = ($dir) ? 0 : 1; //==========================$_GET and SECURE end============================= $query_1 = $sqlr->query("SELECT count(*) FROM $ban_type"); $all_record = $sqlr->result($query_1,0); $result = $sqlr->query("SELECT $key_field, bandate, unbandate, bannedby, SUBSTRING_INDEX(banreason,' ',3) FROM $ban_type ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); $this_page = $sqlr->num_rows($result); $output .= "

"; if($user_lvl >= $action_permission['insert']) makebutton($lang_banned['add_to_banned'], "banned.php?action=add_entry\" type=\"wrn",180); if ($ban_type === "account_banned") makebutton($lang_banned['banned_ips'], "banned.php?ban_type=ip_banned",130); else makebutton($lang_banned['banned_accounts'], "banned.php?ban_type=account_banned",130); makebutton($lang_global['back'], "javascript:window.history.back()\" type=\"def",130); $output .= "

".generate_pagination("banned.php?action=show_list&order_by=$order_by&ban_type=$ban_type&dir=".!$dir, $all_record, $itemperpage, $start)."

"; while ($ban = $sqlr->fetch_row($result)) { if ($ban_type === "account_banned") { $result1 = $sqlr->query("SELECT username FROM account WHERE id ='$ban[0]'"); $owner_acc_name = $sqlr->result($result1, 0, 'username'); $name_out = "$owner_acc_name"; } else { $name_out = $ban[0]; $owner_acc_name = $ban[0]; } $output .= " "; } $output .= "

{$lang_global['delete_short']}	{$lang_banned['ip_acc']}	{$lang_banned['bandate']}	{$lang_banned['unbandate']}	{$lang_banned['bannedby']}	{$lang_banned['banreason']}
"; if($user_lvl >= $action_permission['delete']) $output .= " $\"\"$ $owner_acc_name {$lang_global['are_you_sure']}', del_banned + '$ban[0]');\" style=\"cursor:pointer;\" alt=\"\" />"; $output .= "	$name_out	".date('d-m-Y G:i', $ban[1])."	".date('d-m-Y G:i', $ban[2])."	$ban[3]	$ban[4]
{$lang_banned['tot_banned']} : $all_record

"; } //######################################################################################################################## // DO DELETE ENTRY FROM LIST //######################################################################################################################## function do_delete_entry() { global $realm_db, $action_permission, $user_lvl; valid_login($action_permission['delete']); $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if(isset($_GET['ban_type'])) $ban_type = $sqlr->quote_smart($_GET['ban_type']); else redirect("banned.php?error=1"); $key_field = ($ban_type == "account_banned") ? "id" : "ip"; if(isset($_GET[$key_field])) $entry = $sqlr->quote_smart($_GET[$key_field]); else redirect("banned.php?error=1"); $sqlr->query("DELETE FROM $ban_type WHERE $key_field = '$entry'"); if ($sqlr->affected_rows()) redirect("banned.php?error=3&ban_type=$ban_type"); else redirect("banned.php?error=2&ban_type=$ban_type"); } //######################################################################################################################## // BAN NEW IP //######################################################################################################################## function add_entry() { global $lang_global, $lang_banned, $output, $action_permission, $user_lvl; valid_login($action_permission['insert']); $output .= "

{$lang_banned['ban_entry']}

{$lang_banned['ban_type']}
{$lang_banned['entry']}
{$lang_banned['ban_time']}
{$lang_banned['banreason']}
"; makebutton($lang_banned['ban_entry'], "javascript:do_submit()\" type=\"wrn",180); $output .= "	"; makebutton($lang_global['back'], "banned.php\" type=\"def",130); $output .= "

"; } //######################################################################################################################## //DO BAN NEW IP/ACC //######################################################################################################################## function do_add_entry() { global $realm_db, $user_name, $output, $action_permission, $user_lvl; valid_login($action_permission['insert']); if((empty($_GET['ban_type']))||(empty($_GET['entry'])) ||(empty($_GET['bantime']))) redirect("banned.php?error=1&action=add_entry"); $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $ban_type = $sqlr->quote_smart($_GET['ban_type']); $entry = $sqlr->quote_smart($_GET['entry']); if ($ban_type == "account_banned") { $result1 = $sqlr->query("SELECT id FROM account WHERE username ='$entry'"); if (!$sqlr->num_rows($result1)) redirect("banned.php?error=4&action=add_entry"); else $entry = $sqlr->result($result1, 0, 'id'); } $bantime = time() + (3600 * $sqlr->quote_smart($_GET['bantime'])); $banreason = (isset($_GET['banreason']) && ($_GET['banreason'] != '')) ? $sqlr->quote_smart($_GET['banreason']) : "none"; if ($ban_type === "account_banned") { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '$entry'"); if(!$sqlr->result($result, 0)) $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active) VALUES ('$entry',".time().",$bantime,'$user_name','$banreason', 1)"); } else { $sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason) VALUES ('$entry',".time().",$bantime,'$user_name','$banreason')"); } if ($sqlr->affected_rows()) redirect("banned.php?error=3&ban_type=$ban_type"); else redirect("banned.php?error=2&ban_type=$ban_type"); } //######################################################################################################################## // MAIN //######################################################################################################################## $err = (isset($_GET['error'])) ? $_GET['error'] : NULL; $output .= "

"; $lang_banned = lang_banned(); switch ($err) { case 1: $output .= "

{$lang_global['empty_fields']}

"; break; case 2: $output .= "

{$lang_banned['err_del_entry']}

"; break; case 3: $output .= "

{$lang_banned['updated']}

"; break; case 4: $output .= "

{$lang_banned['acc_not_found']}

"; break; default: //no error $output .= "

{$lang_banned['banned_list']}

"; } unset($err); $output .= "

"; $action = (isset($_GET['action'])) ? $_GET['action'] : NULL; switch ($action) { case "do_delete_entry": do_delete_entry(); break; case "add_entry": add_entry(); break; case "do_add_entry": do_add_entry(); break; default: show_list(); } unset($action); unset($action_permission); unset($lang_banned); require_once("footer.php"); ?>