-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmailban.php
86 lines (85 loc) · 2.69 KB
/
mailban.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
declare(strict_types=1);
/**
* MCCodes v2 by Dabomstew & ColdBlooded
*
* Repository: https://github.com/davemacaulay/mccodesv2
* License: MIT License
*/
global $db, $ir, $h;
require_once('globals.php');
if (!check_access('manage_punishments'))
{
echo 'You cannot access this area.
<br />> <a href="index.php">Go Home</a>';
$h->endpage();
exit;
}
$_POST['user'] =
(isset($_POST['user']) && is_numeric($_POST['user']))
? abs(intval($_POST['user'])) : '';
$_POST['reason'] =
(isset($_POST['reason'])
&& ((strlen($_POST['reason']) > 3)
&& (strlen($_POST['reason']) < 50)))
? strip_tags(stripslashes($_POST['reason'])) : '';
$_POST['days'] =
(isset($_POST['days']) && is_numeric($_POST['days']))
? abs(intval($_POST['days'])) : '';
if (!empty($_POST['user']) && !empty($_POST['reason'])
&& !empty($_POST['days']))
{
if (!isset($_POST['verf'])
|| !verify_csrf_code('mailban', stripslashes($_POST['verf'])))
{
echo '<h3>Error</h3><hr />
This operation has been blocked for your security.<br />
Please try again.<br />
> <a href="mailban.php?userid=' . $_POST['user']
. '">Try Again</a>';
$h->endpage();
exit;
}
if (check_access('administrator', $_POST['user']))
{
echo 'You cannot mailban admins, please destaff them first.
<br />> <a href="mailban.php">Go Back</a>';
$h->endpage();
exit;
}
$e_reason = $db->escape($_POST['reason']);
$re =
$db->query(
"UPDATE `users`
SET `mailban` = {$_POST['days']},
`mb_reason` = '{$e_reason}'
WHERE `userid` = {$_POST['user']}");
event_add($_POST['user'],
"You were banned from mail for {$_POST['days']} day(s) for the following reason: {$_POST['reason']}");
echo 'User was mail banned.<br />
> <a href="index.php">Go Home</a>';
}
else
{
$mb_csrf = request_csrf_code('mailban');
$_GET['userid'] =
(isset($_GET['userid']) && is_numeric($_GET['userid']))
? abs(intval($_GET['userid'])) : -1;
echo "
<h3>Mail Banning User</h3>
The user will not be able to use the mail system for a set period of days.
<br />
<form action='mailban.php' method='post'>
User: " . user_dropdown('user', $_GET['userid'])
. "
<br />
Days: <input type='text' name='days' />
<br />
Reason: <input type='text' name='reason' />
<br />
<input type='hidden' name='verf' value='{$mb_csrf}' />
<input type='submit' value='MailBan User' />
</form>
";
}
$h->endpage();