1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
class acp_disallow
{
var $u_action;
function main($id, $mode)
{
global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$user->add_lang('acp/posting');
// Set up general vars
$this->tpl_name = 'acp_disallow';
$this->page_title = 'ACP_DISALLOW_USERNAMES';
$form_key = 'acp_disallow';
add_form_key($form_key);
$disallow = (isset($_POST['disallow'])) ? true : false;
$allow = (isset($_POST['allow'])) ? true : false;
if (($allow || $disallow) && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if ($disallow)
{
$disallowed_user = str_replace('*', '%', utf8_normalize_nfc(request_var('disallowed_user', '', true)));
if (!$disallowed_user)
{
trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'SELECT disallow_id
FROM ' . DISALLOW_TABLE . "
WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));
$db->sql_query($sql);
$cache->destroy('_disallowed_usernames');
$message = $user->lang['DISALLOW_SUCCESSFUL'];
add_log('admin', 'LOG_DISALLOW_ADD', str_replace('%', '*', $disallowed_user));
trigger_error($message . adm_back_link($this->u_action));
}
else if ($allow)
{
$disallowed_id = request_var('disallowed_id', 0);
if (!$disallowed_id)
{
trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'DELETE FROM ' . DISALLOW_TABLE . '
WHERE disallow_id = ' . $disallowed_id;
$db->sql_query($sql);
$cache->destroy('_disallowed_usernames');
add_log('admin', 'LOG_DISALLOW_DELETE');
trigger_error($user->lang['DISALLOWED_DELETED'] . adm_back_link($this->u_action));
}
// Grab the current list of disallowed usernames...
$sql = 'SELECT *
FROM ' . DISALLOW_TABLE;
$result = $db->sql_query($sql);
$disallow_select = '';
while ($row = $db->sql_fetchrow($result))
{
$disallow_select .= '<option value="' . $row['disallow_id'] . '">' . str_replace('%', '*', $row['disallow_username']) . '</option>';
}
$db->sql_freeresult($result);
$template->assign_vars(array(
'U_ACTION' => $this->u_action,
'S_DISALLOWED_NAMES' => $disallow_select)
);
}
}
|