fenglin/bbs/user_service_ban.php

<?php
        require_once "../lib/str_process.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/lml.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./article_op.inc.php";
        require_once "./check_sub.inc.php";
        require_once "./session_init.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
        $sid = (isset($data["sid"]) ? intval($data["sid"]) : -200);
        $ban = (isset($data["ban"]) && $data["ban"] == "1");
        $day = (isset($data["day"]) ? intval($data["day"]) : 0);
        $reason = (isset($data["reason"]) ? $data["reason"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!isset($_SESSION["BBS_uid"]) || $_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($sid < -2)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "错误的封禁类型";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (($sid < 0 && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
                || ($sid >= 0 && !$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M)))
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($_SESSION["BBS_uid"] == $uid)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "不能对自己操作";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($ban && ($day <= 0 || $day > 365 || $day != $data["day"]))
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "期限不符合要求";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($ban && trim($reason) == "")
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "理由必须填写";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $r_reason = check_badwords($reason, "****");
        if ($reason != $r_reason)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "理由包含非法内容";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Check user
        $sql = "SELECT username FROM user_list WHERE UID = $uid AND enable";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $ban_user = $row["username"];
        }
        else
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "用户不存在";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        mysqli_free_result($rs);

        // Check system user
        $sql = "SELECT username, nickname FROM user_list
                        INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
                        WHERE user_list.UID = $BBS_sys_uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $sys_user = $row["username"];
                $sys_nick = $row["nickname"];
        }
        else
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "系统账户不存在";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        mysqli_free_result($rs);

        // Check section
        $section_title = "";
        if ($sid > 0)
        {
                $sql = "SELECT title FROM section_config WHERE SID = $sid";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($row = mysqli_fetch_array($rs))
                {
                        $section_title=$row["title"];
                }
                else
                {
                        $result_set["return"]["code"] = -1;
                        $result_set["return"]["message"] = "版块不存在";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
                mysqli_free_result($rs);
        }
        else if ($sid == 0)
        {
                $section_title = "本站所有";
        }

        // Check active ban
        $sql = "SELECT BID FROM ban_user_list WHERE UID = $uid
                        AND SID = $sid AND enable FOR UPDATE";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $bid = $row["BID"];
        }
        else
        {
                $bid = 0;
        }
        mysqli_free_result($rs);

        switch ($sid)
        {
                case 0:
                        $p_name = "发帖权限";
                        break;
                case -1:
                        $p_name = "登陆权限";
                        break;
                case -2:
                        $p_name = "消息权限";
                        break;
                default:
                        $p_name = "发帖权限";
                        break;
        }

        if ($ban)
        {
                if ($bid != 0)
                {
                        $result_set["return"]["code"] = -1;
                        $result_set["return"]["message"] = "已存在该类封禁";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $sql = "INSERT INTO ban_user_list(SID, UID, day, ban_uid, ban_dt,
                                ban_ip, unban_dt, reason) VALUES($sid, $uid, $day, " .
                                $_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() .
                                "', ADDDATE(NOW(), INTERVAL $day DAY), '" .
                                mysqli_real_escape_string($db_conn, $reason) . "')";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Add ban record error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                //Subtract exp
                $rs = user_exp_change($uid, ($sid ? -50 : -300), $db_conn);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Subtract exp error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Prepare announcement
                $title = ($sid > 0 ? "" : "[全站]") . "封禁“" . $ban_user . "”".
                        ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
                $content = "用户“" . $ban_user . "”因：\n" . $reason . "\n应被封禁" .
                        ($sid > 0 ? "在“" . $section_title . "”版块的"  : "全站") . $p_name .
                        $day . "天。\n如不服本决定, 可在7日内申请复议。\n" .
                        "执行人: " . $_SESSION["BBS_username"] . "\n";
        }
        else // if (!ban)
        {
                if ($bid == 0)
                {
                        $result_set["return"]["code"] = -1;
                        $result_set["return"]["message"] = "不存在该类封禁";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $sql = "UPDATE ban_user_list SET unban_uid = " . $_SESSION["BBS_uid"] .
                                ", unban_dt = NOW(), unban_ip = '" . client_addr() .
                                "', enable = 0 WHERE BID = $bid";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Prepare announcement
                $title = ($sid > 0 ? "" : "[全站]") . "恢复“" . $ban_user . "”" .
                        ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
                $content = "已恢复用户“" . $ban_user . "”" .
                        ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
                        "。\n执行人: " . $_SESSION["BBS_username"] . "\n";
        }

        // Set user privilege
        $priv_name = "";
        switch($sid)
        {
                case 0:
                        $priv_name = "p_post";
                        break;
                case -1:
                        $priv_name = "p_login";
                        break;
                case -2:
                        $priv_name = "p_msg";
                        break;
        }

        if ($priv_name != "")
        {
                $sql = "UPDATE user_list SET $priv_name = " . ($ban ? 0 : 1) . " WHERE UID = $uid";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
        }

        $sql = "UPDATE user_online SET current_action = '".
                        ($ban && $sid == -1 ? "exit" : "reload") ."' WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Calculate length of content
        $length = str_length(LML($content, false, false, 1024));

        // Post announcement
        $title = mysqli_real_escape_string($db_conn, $title);
        $content = mysqli_real_escape_string($db_conn, $content);

        $sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        $cid = mysqli_insert_id($db_conn);

        $sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
                        sub_ip, last_reply_dt, icon, length, excerption)
                        VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
                        $cid, NOW(), '" . client_addr() . "', NOW(), " .
                        ($ban ? 9 : 11) . ", $length, " . ($ban && $sid <= 0 ? 1 : 0) . ")";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        $aid = mysqli_insert_id($db_conn);

        $sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Prepare message
        if ($ban)
        {
                $msg_content = "[hide]SYS_Ban_User[/hide]您" .
                        ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
                        "已被封禁，详见[article " . $aid . "]处罚公告[/article]。" .
                        "[align right]执行人：[user " . $_SESSION["BBS_uid"] . "]" .
                        $_SESSION["BBS_username"] . "[/user][/align]";
        }
        else
        {
                $msg_content = "[hide]SYS_Unban_User[/hide]您" .
                        ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
                        "已被恢复。[align right]执行人：[user " . $_SESSION["BBS_uid"] . "]" .
                        $_SESSION["BBS_username"] . "[/user][/align]";
        }

        // Send message
        $msg_content = mysqli_real_escape_string($db_conn, $msg_content);

        $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                        VALUES($BBS_sys_uid, $uid, '$msg_content', NOW(), '" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Commit transaction
        $rs = mysqli_query($db_conn, "COMMIT");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	sysadm	1.1	<?php
2			require_once "../lib/str_process.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "../lib/lml.inc.php";
5			require_once "../lib/str_process.inc.php";
6	sysadm	1.2	require_once "./article_op.inc.php";
7	sysadm	1.1	require_once "./check_sub.inc.php";
8			require_once "./session_init.inc.php";
9
10			$data = json_decode(file_get_contents("php://input"), true);
11
12			$uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
13			$sid = (isset($data["sid"]) ? intval($data["sid"]) : -200);
14			$ban = (isset($data["ban"]) && $data["ban"] == "1");
15			$day = (isset($data["day"]) ? intval($data["day"]) : 0);
16			$reason = (isset($data["reason"]) ? $data["reason"] : "");
17
18			$result_set = array(
19			"return" => array(
20			"code" => 0,
21			"message" => "",
22			"errorFields" => array(),
23			)
24			);
25
26			header("Content-Type:application/json; charset=utf-8");
27
28			// Validate input data
29			if (!isset($_SESSION["BBS_uid"]) \|\| $_SESSION["BBS_uid"] == 0)
30			{
31			$result_set["return"]["code"] = -1;
32			$result_set["return"]["message"] = "没有登录";
33
34			mysqli_close($db_conn);
35			exit(json_encode($result_set));
36			}
37
38			if ($sid < -2)
39			{
40			$result_set["return"]["code"] = -1;
41			$result_set["return"]["message"] = "错误的封禁类型";
42
43			mysqli_close($db_conn);
44			exit(json_encode($result_set));
45			}
46
47			if (($sid < 0 && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M \| P_ADMIN_S))
48			\|\| ($sid >= 0 && !$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M)))
49			{
50			$result_set["return"]["code"] = -1;
51			$result_set["return"]["message"] = "没有权限";
52
53			mysqli_close($db_conn);
54			exit(json_encode($result_set));
55			}
56
57			if ($_SESSION["BBS_uid"] == $uid)
58			{
59			$result_set["return"]["code"] = -1;
60			$result_set["return"]["message"] = "不能对自己操作";
61
62			mysqli_close($db_conn);
63			exit(json_encode($result_set));
64			}
65
66			if ($ban && ($day <= 0 \|\| $day > 365 \|\| $day != $data["day"]))
67			{
68			$result_set["return"]["code"] = -1;
69			$result_set["return"]["message"] = "期限不符合要求";
70
71			mysqli_close($db_conn);
72			exit(json_encode($result_set));
73			}
74
75			if ($ban && trim($reason) == "")
76			{
77			$result_set["return"]["code"] = -1;
78			$result_set["return"]["message"] = "理由必须填写";
79
80			mysqli_close($db_conn);
81			exit(json_encode($result_set));
82			}
83
84			$r_reason = check_badwords($reason, "****");
85			if ($reason != $r_reason)
86			{
87			$result_set["return"]["code"] = -1;
88			$result_set["return"]["message"] = "理由包含非法内容";
89
90			mysqli_close($db_conn);
91			exit(json_encode($result_set));
92			}
93
94			// Begin transaction
95			$rs = mysqli_query($db_conn, "SET autocommit=0");
96			if ($rs == false)
97			{
98			$result_set["return"]["code"] = -2;
99			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
100
101			mysqli_close($db_conn);
102			exit(json_encode($result_set));
103			}
104	sysadm	1.3
105	sysadm	1.1	$rs = mysqli_query($db_conn, "BEGIN");
106			if ($rs == false)
107			{
108			$result_set["return"]["code"] = -2;
109			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
110
111			mysqli_close($db_conn);
112			exit(json_encode($result_set));
113			}
114
115			// Check user
116			$sql = "SELECT username FROM user_list WHERE UID = $uid AND enable";
117
118			$rs = mysqli_query($db_conn, $sql);
119			if ($rs == false)
120			{
121			$result_set["return"]["code"] = -2;
122			$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
123
124			mysqli_close($db_conn);
125			exit(json_encode($result_set));
126			}
127
128			if ($row = mysqli_fetch_array($rs))
129			{
130			$ban_user = $row["username"];
131			}
132			else
133			{
134			$result_set["return"]["code"] = -1;
135			$result_set["return"]["message"] = "用户不存在";
136
137			mysqli_close($db_conn);
138			exit(json_encode($result_set));
139			}
140			mysqli_free_result($rs);
141
142			// Check system user
143			$sql = "SELECT username, nickname FROM user_list
144			INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
145			WHERE user_list.UID = $BBS_sys_uid";
146
147			$rs = mysqli_query($db_conn, $sql);
148			if ($rs == false)
149			{
150			$result_set["return"]["code"] = -2;
151			$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
152
153			mysqli_close($db_conn);
154			exit(json_encode($result_set));
155			}
156
157			if ($row = mysqli_fetch_array($rs))
158			{
159			$sys_user = $row["username"];
160			$sys_nick = $row["nickname"];
161			}
162			else
163			{
164			$result_set["return"]["code"] = -1;
165			$result_set["return"]["message"] = "系统账户不存在";
166
167			mysqli_close($db_conn);
168			exit(json_encode($result_set));
169			}
170			mysqli_free_result($rs);
171
172			// Check section
173			$section_title = "";
174			if ($sid > 0)
175			{
176			$sql = "SELECT title FROM section_config WHERE SID = $sid";
177
178			$rs = mysqli_query($db_conn, $sql);
179			if ($rs == false)
180			{
181			$result_set["return"]["code"] = -2;
182			$result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
183	sysadm	1.3
184	sysadm	1.1	mysqli_close($db_conn);
185			exit(json_encode($result_set));
186			}
187	sysadm	1.3
188	sysadm	1.1	if ($row = mysqli_fetch_array($rs))
189			{
190			$section_title=$row["title"];
191			}
192			else
193			{
194			$result_set["return"]["code"] = -1;
195			$result_set["return"]["message"] = "版块不存在";
196	sysadm	1.3
197	sysadm	1.1	mysqli_close($db_conn);
198			exit(json_encode($result_set));
199			}
200			mysqli_free_result($rs);
201			}
202			else if ($sid == 0)
203			{
204			$section_title = "本站所有";
205			}
206
207			// Check active ban
208			$sql = "SELECT BID FROM ban_user_list WHERE UID = $uid
209			AND SID = $sid AND enable FOR UPDATE";
210
211			$rs = mysqli_query($db_conn, $sql);
212			if ($rs == false)
213			{
214			$result_set["return"]["code"] = -2;
215			$result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);
216
217			mysqli_close($db_conn);
218			exit(json_encode($result_set));
219			}
220
221			if ($row = mysqli_fetch_array($rs))
222			{
223			$bid = $row["BID"];
224			}
225			else
226			{
227			$bid = 0;
228			}
229			mysqli_free_result($rs);
230
231			switch ($sid)
232			{
233			case 0:
234			$p_name = "发帖权限";
235			break;
236			case -1:
237			$p_name = "登陆权限";
238			break;
239			case -2:
240			$p_name = "消息权限";
241			break;
242			default:
243			$p_name = "发帖权限";
244			break;
245			}
246
247			if ($ban)
248			{
249			if ($bid != 0)
250			{
251			$result_set["return"]["code"] = -1;
252			$result_set["return"]["message"] = "已存在该类封禁";
253	sysadm	1.3
254	sysadm	1.1	mysqli_close($db_conn);
255			exit(json_encode($result_set));
256			}
257
258			$sql = "INSERT INTO ban_user_list(SID, UID, day, ban_uid, ban_dt,
259			ban_ip, unban_dt, reason) VALUES($sid, $uid, $day, " .
260			$_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() .
261			"', ADDDATE(NOW(), INTERVAL $day DAY), '" .
262			mysqli_real_escape_string($db_conn, $reason) . "')";
263
264			$rs = mysqli_query($db_conn, $sql);
265			if ($rs == false)
266			{
267			$result_set["return"]["code"] = -2;
268			$result_set["return"]["message"] = "Add ban record error: " . mysqli_error($db_conn);
269
270			mysqli_close($db_conn);
271			exit(json_encode($result_set));
272			}
273
274			//Subtract exp
275			$rs = user_exp_change($uid, ($sid ? -50 : -300), $db_conn);
276			if ($rs == false)
277			{
278			$result_set["return"]["code"] = -2;
279			$result_set["return"]["message"] = "Subtract exp error: " . mysqli_error($db_conn);
280
281			mysqli_close($db_conn);
282			exit(json_encode($result_set));
283			}
284
285			// Prepare announcement
286			$title = ($sid > 0 ? "" : "[全站]") . "封禁“" . $ban_user . "”".
287			($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
288			$content = "用户“" . $ban_user . "”因：\n" . $reason . "\n应被封禁" .
289			($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
290			$day . "天。\n如不服本决定, 可在7日内申请复议。\n" .
291			"执行人: " . $_SESSION["BBS_username"] . "\n";
292	sysadm	1.3	}
293	sysadm	1.1	else // if (!ban)
294			{
295			if ($bid == 0)
296			{
297			$result_set["return"]["code"] = -1;
298			$result_set["return"]["message"] = "不存在该类封禁";
299	sysadm	1.3
300	sysadm	1.1	mysqli_close($db_conn);
301			exit(json_encode($result_set));
302			}
303
304			$sql = "UPDATE ban_user_list SET unban_uid = " . $_SESSION["BBS_uid"] .
305			", unban_dt = NOW(), unban_ip = '" . client_addr() .
306			"', enable = 0 WHERE BID = $bid";
307
308			$rs = mysqli_query($db_conn, $sql);
309			if ($rs == false)
310			{
311			$result_set["return"]["code"] = -2;
312			$result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);
313
314			mysqli_close($db_conn);
315			exit(json_encode($result_set));
316			}
317
318			// Prepare announcement
319			$title = ($sid > 0 ? "" : "[全站]") . "恢复“" . $ban_user . "”" .
320			($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
321			$content = "已恢复用户“" . $ban_user . "”" .
322			($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
323			"。\n执行人: " . $_SESSION["BBS_username"] . "\n";
324			}
325
326			// Set user privilege
327			$priv_name = "";
328			switch($sid)
329			{
330			case 0:
331			$priv_name = "p_post";
332			break;
333			case -1:
334			$priv_name = "p_login";
335			break;
336			case -2:
337			$priv_name = "p_msg";
338			break;
339			}
340
341			if ($priv_name != "")
342			{
343			$sql = "UPDATE user_list SET $priv_name = " . ($ban ? 0 : 1) . " WHERE UID = $uid";
344
345			$rs = mysqli_query($db_conn, $sql);
346			if ($rs == false)
347			{
348			$result_set["return"]["code"] = -2;
349			$result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);
350
351			mysqli_close($db_conn);
352			exit(json_encode($result_set));
353			}
354			}
355	sysadm	1.3
356	sysadm	1.1	$sql = "UPDATE user_online SET current_action = '".
357			($ban && $sid == -1 ? "exit" : "reload") ."' WHERE UID = $uid";
358
359			$rs = mysqli_query($db_conn, $sql);
360			if ($rs == false)
361			{
362			$result_set["return"]["code"] = -2;
363			$result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);
364
365			mysqli_close($db_conn);
366			exit(json_encode($result_set));
367			}
368
369			// Calculate length of content
370			$length = str_length(LML($content, false, false, 1024));
371
372			// Post announcement
373			$title = mysqli_real_escape_string($db_conn, $title);
374			$content = mysqli_real_escape_string($db_conn, $content);
375
376			$sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";
377
378			$rs = mysqli_query($db_conn, $sql);
379			if ($rs == false)
380			{
381			$result_set["return"]["code"] = -2;
382			$result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);
383
384			mysqli_close($db_conn);
385			exit(json_encode($result_set));
386			}
387			$cid = mysqli_insert_id($db_conn);
388
389			$sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
390			sub_ip, last_reply_dt, icon, length, excerption)
391			VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
392			$cid, NOW(), '" . client_addr() . "', NOW(), " .
393			($ban ? 9 : 11) . ", $length, " . ($ban && $sid <= 0 ? 1 : 0) . ")";
394
395			$rs = mysqli_query($db_conn, $sql);
396			if ($rs == false)
397			{
398			$result_set["return"]["code"] = -2;
399			$result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);
400
401			mysqli_close($db_conn);
402			exit(json_encode($result_set));
403			}
404			$aid = mysqli_insert_id($db_conn);
405
406			$sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";
407
408			$rs = mysqli_query($db_conn, $sql);
409			if ($rs == false)
410			{
411			$result_set["return"]["code"] = -2;
412			$result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);
413
414			mysqli_close($db_conn);
415			exit(json_encode($result_set));
416			}
417
418			// Prepare message
419			if ($ban)
420			{
421			$msg_content = "[hide]SYS_Ban_User[/hide]您" .
422			($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
423			"已被封禁，详见[article " . $aid . "]处罚公告[/article]。" .
424			"[align right]执行人：[user " . $_SESSION["BBS_uid"] . "]" .
425			$_SESSION["BBS_username"] . "[/user][/align]";
426			}
427			else
428			{
429			$msg_content = "[hide]SYS_Unban_User[/hide]您" .
430			($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
431			"已被恢复。[align right]执行人：[user " . $_SESSION["BBS_uid"] . "]" .
432			$_SESSION["BBS_username"] . "[/user][/align]";
433			}
434
435			// Send message
436			$msg_content = mysqli_real_escape_string($db_conn, $msg_content);
437
438			$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
439			VALUES($BBS_sys_uid, $uid, '$msg_content', NOW(), '" .
440			client_addr() . "')";
441
442			$rs = mysqli_query($db_conn, $sql);
443			if ($rs == false)
444			{
445			$result_set["return"]["code"] = -2;
446			$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
447
448			mysqli_close($db_conn);
449			exit(json_encode($result_set));
450			}
451
452			// Commit transaction
453			$rs = mysqli_query($db_conn, "COMMIT");
454			if ($rs == false)
455			{
456			$result_set["return"]["code"] = -2;
457			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
458
459			mysqli_close($db_conn);
460			exit(json_encode($result_set));
461			}
462
463			mysqli_close($db_conn);
464			exit(json_encode($result_set));
465			?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1