-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathban.php
115 lines (89 loc) · 2.76 KB
/
ban.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
// Unapproved use and redistribution of this code and respective product is strictly prohibited.
// Copyright© 2018 Keanu Ashwell all rights are reserved to the author, creator, registered
// authorised and licensed owners of this product and it's content
// Start outputbuffer
ob_start();
// Start session
session_start();
// Require database connection
require_once('mysql.php');
// Query
$QUERY_USER = mysqli_query($conn, '
SELECT
exchangeme.accounts.permissionid
FROM exchangeme.accounts
WHERE exchangeme.accounts.username = "' . $_SESSION['user']['username'] . '"
');
// Fetch Results
$RESULT_USER = mysqli_fetch_array($QUERY_USER);
// Check that this user can ban
if($RESULT_USER['permissionid'] >= 6) {
// Sanity Check
if(
!empty($_POST['User'])
&& isset($_POST['User'])
&& !empty($_POST['Reason'])
&& isset($_POST['Reason'])
&& !empty($_POST['Duration'])
&& isset($_POST['Duration'])
&& !empty($_POST['Details'])
&& isset($_POST['Details'])
) {
// Query
$QUERY_ADD_BAN = mysqli_query($conn, '
INSERT INTO exchangeme.bans (
exchangeme.bans.id,
exchangeme.bans.userid,
exchangeme.bans.startdate,
exchangeme.bans.enddate,
exchangeme.bans.reasonid,
exchangeme.bans.admin,
exchangeme.bans.details,
exchangeme.bans.ip
) VALUES (
DEFAULT,
(
SELECT
exchangeme.accounts.id
FROM exchangeme.accounts
WHERE exchangeme.accounts.username = "' . $_POST['User'] . '"
),
DEFAULT,
"' . $_POST['Duration'] . '",
(
SELECT
exchangeme.banreasons.id
FROM exchangeme.banreasons
WHERE exchangeme.banreasons.reason = "' . $_POST['Reason'] . '"
),
"' . $_SESSION['user']['username'] . '",
"' . $_POST['Details'] . '",
(
SELECT
exchangeme.accounts.ip
FROM exchangeme.accounts
WHERE exchangeme.accounts.username = "' . $_POST['User'] . '"
)
);
');
// Resubmit Headers
header('Location: profile.php?Profile=' . $_POST['User'] . '');
} else {
// Check that user was posted
if(
!empty($_POST['User'])
&& isset($_POST['User'])
) {
// Resubmit Headers
header('Location: profile.php?Profile=' . $_POST['User'] . '');
} else {
// Resubmit Headers
header('Location: index.php');
}
}
} else {
// Resubmit Headers
header('Location: index.php');
}
?>