/[LeafOK_CVS]/fenglin/bbs/user_service_ban.php
ViewVC logotype

Annotation of /fenglin/bbs/user_service_ban.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.8 - (hide annotations)
Thu Nov 6 12:39:59 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.7: +3 -2 lines 
Optimize implementation of check_badwords()
Add param $bw_count to get the count of badwords replaced
1 sysadm 1.1 <?php
2     require_once "../lib/str_process.inc.php";
3     require_once "../lib/db_open.inc.php";
4     require_once "../lib/lml.inc.php";
5     require_once "../lib/str_process.inc.php";
6 sysadm 1.2 require_once "./article_op.inc.php";
7 sysadm 1.1 require_once "./check_sub.inc.php";
8     require_once "./session_init.inc.php";
9    
10     $data = json_decode(file_get_contents("php://input"), true);
11    
12     $uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
13     $sid = (isset($data["sid"]) ? intval($data["sid"]) : -200);
14     $ban = (isset($data["ban"]) && $data["ban"] == "1");
15     $day = (isset($data["day"]) ? intval($data["day"]) : 0);
16     $reason = (isset($data["reason"]) ? $data["reason"] : "");
17    
18     $result_set = array(
19     "return" => array(
20     "code" => 0,
21     "message" => "",
22     "errorFields" => array(),
23     )
24     );
25    
26     header("Content-Type:application/json; charset=utf-8");
27    
28     // Validate input data
29     if (!isset($_SESSION["BBS_uid"]) || $_SESSION["BBS_uid"] == 0)
30     {
31     $result_set["return"]["code"] = -1;
32     $result_set["return"]["message"] = "没有登录";
33    
34     mysqli_close($db_conn);
35     exit(json_encode($result_set));
36     }
37    
38     if ($sid < -2)
39     {
40     $result_set["return"]["code"] = -1;
41     $result_set["return"]["message"] = "错误的封禁类型";
42    
43     mysqli_close($db_conn);
44     exit(json_encode($result_set));
45     }
46    
47     if (($sid < 0 && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
48     || ($sid >= 0 && !$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M)))
49     {
50     $result_set["return"]["code"] = -1;
51     $result_set["return"]["message"] = "没有权限";
52    
53     mysqli_close($db_conn);
54     exit(json_encode($result_set));
55     }
56    
57     if ($_SESSION["BBS_uid"] == $uid)
58     {
59     $result_set["return"]["code"] = -1;
60     $result_set["return"]["message"] = "不能对自己操作";
61    
62     mysqli_close($db_conn);
63     exit(json_encode($result_set));
64     }
65    
66     if ($ban && ($day <= 0 || $day > 365 || $day != $data["day"]))
67     {
68     $result_set["return"]["code"] = -1;
69     $result_set["return"]["message"] = "期限不符合要求";
70    
71     mysqli_close($db_conn);
72     exit(json_encode($result_set));
73     }
74    
75     if ($ban && trim($reason) == "")
76     {
77     $result_set["return"]["code"] = -1;
78     $result_set["return"]["message"] = "理由必须填写";
79    
80     mysqli_close($db_conn);
81     exit(json_encode($result_set));
82     }
83    
84 sysadm 1.8 $bw_count = 0;
85     $r_reason = check_badwords($reason, "****", $bw_count);
86     if ($bw_count > 0)
87 sysadm 1.1 {
88     $result_set["return"]["code"] = -1;
89     $result_set["return"]["message"] = "理由包含非法内容";
90    
91     mysqli_close($db_conn);
92     exit(json_encode($result_set));
93     }
94    
95     // Begin transaction
96     $rs = mysqli_query($db_conn, "SET autocommit=0");
97     if ($rs == false)
98     {
99     $result_set["return"]["code"] = -2;
100     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
101    
102     mysqli_close($db_conn);
103     exit(json_encode($result_set));
104     }
105 sysadm 1.3
106 sysadm 1.1 $rs = mysqli_query($db_conn, "BEGIN");
107     if ($rs == false)
108     {
109     $result_set["return"]["code"] = -2;
110     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
111    
112     mysqli_close($db_conn);
113     exit(json_encode($result_set));
114     }
115    
116     // Check user
117     $sql = "SELECT username FROM user_list WHERE UID = $uid AND enable";
118    
119     $rs = mysqli_query($db_conn, $sql);
120     if ($rs == false)
121     {
122     $result_set["return"]["code"] = -2;
123     $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
124    
125     mysqli_close($db_conn);
126     exit(json_encode($result_set));
127     }
128    
129     if ($row = mysqli_fetch_array($rs))
130     {
131     $ban_user = $row["username"];
132     }
133     else
134     {
135     $result_set["return"]["code"] = -1;
136     $result_set["return"]["message"] = "用户不存在";
137    
138     mysqli_close($db_conn);
139     exit(json_encode($result_set));
140     }
141     mysqli_free_result($rs);
142    
143     // Check system user
144     $sql = "SELECT username, nickname FROM user_list
145     INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
146     WHERE user_list.UID = $BBS_sys_uid";
147    
148     $rs = mysqli_query($db_conn, $sql);
149     if ($rs == false)
150     {
151     $result_set["return"]["code"] = -2;
152     $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
153    
154     mysqli_close($db_conn);
155     exit(json_encode($result_set));
156     }
157    
158     if ($row = mysqli_fetch_array($rs))
159     {
160     $sys_user = $row["username"];
161     $sys_nick = $row["nickname"];
162     }
163     else
164     {
165     $result_set["return"]["code"] = -1;
166     $result_set["return"]["message"] = "系统账户不存在";
167    
168     mysqli_close($db_conn);
169     exit(json_encode($result_set));
170     }
171     mysqli_free_result($rs);
172    
173     // Check section
174     $section_title = "";
175     if ($sid > 0)
176     {
177     $sql = "SELECT title FROM section_config WHERE SID = $sid";
178    
179     $rs = mysqli_query($db_conn, $sql);
180     if ($rs == false)
181     {
182     $result_set["return"]["code"] = -2;
183     $result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
184 sysadm 1.3
185 sysadm 1.1 mysqli_close($db_conn);
186     exit(json_encode($result_set));
187     }
188 sysadm 1.3
189 sysadm 1.1 if ($row = mysqli_fetch_array($rs))
190     {
191     $section_title=$row["title"];
192     }
193     else
194     {
195     $result_set["return"]["code"] = -1;
196     $result_set["return"]["message"] = "版块不存在";
197 sysadm 1.3
198 sysadm 1.1 mysqli_close($db_conn);
199     exit(json_encode($result_set));
200     }
201     mysqli_free_result($rs);
202     }
203     else if ($sid == 0)
204     {
205     $section_title = "本站所有";
206     }
207    
208     // Check active ban
209     $sql = "SELECT BID FROM ban_user_list WHERE UID = $uid
210     AND SID = $sid AND enable FOR UPDATE";
211    
212     $rs = mysqli_query($db_conn, $sql);
213     if ($rs == false)
214     {
215     $result_set["return"]["code"] = -2;
216     $result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);
217    
218     mysqli_close($db_conn);
219     exit(json_encode($result_set));
220     }
221    
222     if ($row = mysqli_fetch_array($rs))
223     {
224     $bid = $row["BID"];
225     }
226     else
227     {
228     $bid = 0;
229     }
230     mysqli_free_result($rs);
231    
232     switch ($sid)
233     {
234     case 0:
235     $p_name = "发帖权限";
236     break;
237     case -1:
238     $p_name = "登陆权限";
239     break;
240     case -2:
241     $p_name = "消息权限";
242     break;
243     default:
244     $p_name = "发帖权限";
245     break;
246     }
247    
248     if ($ban)
249     {
250     if ($bid != 0)
251     {
252     $result_set["return"]["code"] = -1;
253     $result_set["return"]["message"] = "已存在该类封禁";
254 sysadm 1.3
255 sysadm 1.1 mysqli_close($db_conn);
256     exit(json_encode($result_set));
257     }
258    
259     $sql = "INSERT INTO ban_user_list(SID, UID, day, ban_uid, ban_dt,
260     ban_ip, unban_dt, reason) VALUES($sid, $uid, $day, " .
261     $_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() .
262     "', ADDDATE(NOW(), INTERVAL $day DAY), '" .
263     mysqli_real_escape_string($db_conn, $reason) . "')";
264    
265     $rs = mysqli_query($db_conn, $sql);
266     if ($rs == false)
267     {
268     $result_set["return"]["code"] = -2;
269     $result_set["return"]["message"] = "Add ban record error: " . mysqli_error($db_conn);
270    
271     mysqli_close($db_conn);
272     exit(json_encode($result_set));
273     }
274    
275     //Subtract exp
276     $rs = user_exp_change($uid, ($sid ? -50 : -300), $db_conn);
277     if ($rs == false)
278     {
279     $result_set["return"]["code"] = -2;
280     $result_set["return"]["message"] = "Subtract exp error: " . mysqli_error($db_conn);
281    
282     mysqli_close($db_conn);
283     exit(json_encode($result_set));
284     }
285    
286     // Prepare announcement
287     $title = ($sid > 0 ? "" : "[全站]") . "封禁“" . $ban_user . "”".
288     ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
289     $content = "用户“" . $ban_user . "”因:\n" . $reason . "\n应被封禁" .
290     ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
291     $day . "天。\n如不服本决定, 可在7日内申请复议。\n" .
292     "执行人: " . $_SESSION["BBS_username"] . "\n";
293 sysadm 1.3 }
294 sysadm 1.1 else // if (!ban)
295     {
296     if ($bid == 0)
297     {
298     $result_set["return"]["code"] = -1;
299     $result_set["return"]["message"] = "不存在该类封禁";
300 sysadm 1.3
301 sysadm 1.1 mysqli_close($db_conn);
302     exit(json_encode($result_set));
303     }
304    
305     $sql = "UPDATE ban_user_list SET unban_uid = " . $_SESSION["BBS_uid"] .
306     ", unban_dt = NOW(), unban_ip = '" . client_addr() .
307     "', enable = 0 WHERE BID = $bid";
308    
309     $rs = mysqli_query($db_conn, $sql);
310     if ($rs == false)
311     {
312     $result_set["return"]["code"] = -2;
313     $result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);
314    
315     mysqli_close($db_conn);
316     exit(json_encode($result_set));
317     }
318    
319     // Prepare announcement
320     $title = ($sid > 0 ? "" : "[全站]") . "恢复“" . $ban_user . "”" .
321     ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
322     $content = "已恢复用户“" . $ban_user . "”" .
323     ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
324     "。\n执行人: " . $_SESSION["BBS_username"] . "\n";
325     }
326    
327     // Set user privilege
328     $priv_name = "";
329     switch($sid)
330     {
331     case 0:
332     $priv_name = "p_post";
333     break;
334     case -1:
335     $priv_name = "p_login";
336     break;
337     case -2:
338     $priv_name = "p_msg";
339     break;
340     }
341    
342     if ($priv_name != "")
343     {
344     $sql = "UPDATE user_list SET $priv_name = " . ($ban ? 0 : 1) . " WHERE UID = $uid";
345    
346     $rs = mysqli_query($db_conn, $sql);
347     if ($rs == false)
348     {
349     $result_set["return"]["code"] = -2;
350     $result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);
351    
352     mysqli_close($db_conn);
353     exit(json_encode($result_set));
354     }
355     }
356 sysadm 1.3
357 sysadm 1.1 $sql = "UPDATE user_online SET current_action = '".
358     ($ban && $sid == -1 ? "exit" : "reload") ."' WHERE UID = $uid";
359    
360     $rs = mysqli_query($db_conn, $sql);
361     if ($rs == false)
362     {
363     $result_set["return"]["code"] = -2;
364     $result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);
365    
366     mysqli_close($db_conn);
367     exit(json_encode($result_set));
368     }
369    
370     // Calculate length of content
371 sysadm 1.7 $length = str_length($content, true);
372 sysadm 1.1
373     // Post announcement
374     $title = mysqli_real_escape_string($db_conn, $title);
375     $content = mysqli_real_escape_string($db_conn, $content);
376    
377     $sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";
378    
379     $rs = mysqli_query($db_conn, $sql);
380     if ($rs == false)
381     {
382     $result_set["return"]["code"] = -2;
383     $result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);
384    
385     mysqli_close($db_conn);
386     exit(json_encode($result_set));
387     }
388     $cid = mysqli_insert_id($db_conn);
389    
390     $sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
391     sub_ip, last_reply_dt, icon, length, excerption)
392     VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
393     $cid, NOW(), '" . client_addr() . "', NOW(), " .
394     ($ban ? 9 : 11) . ", $length, " . ($ban && $sid <= 0 ? 1 : 0) . ")";
395    
396     $rs = mysqli_query($db_conn, $sql);
397     if ($rs == false)
398     {
399     $result_set["return"]["code"] = -2;
400     $result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);
401    
402     mysqli_close($db_conn);
403     exit(json_encode($result_set));
404     }
405     $aid = mysqli_insert_id($db_conn);
406    
407     $sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";
408    
409     $rs = mysqli_query($db_conn, $sql);
410     if ($rs == false)
411     {
412     $result_set["return"]["code"] = -2;
413     $result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);
414    
415     mysqli_close($db_conn);
416     exit(json_encode($result_set));
417     }
418    
419     // Prepare message
420     if ($ban)
421     {
422 sysadm 1.5 $msg_content = "您" .
423 sysadm 1.1 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
424     "已被封禁,详见[article " . $aid . "]处罚公告[/article]。" .
425     "[align right]执行人:[user " . $_SESSION["BBS_uid"] . "]" .
426     $_SESSION["BBS_username"] . "[/user][/align]";
427     }
428     else
429     {
430 sysadm 1.5 $msg_content = "您" .
431 sysadm 1.1 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
432     "已被恢复。[align right]执行人:[user " . $_SESSION["BBS_uid"] . "]" .
433     $_SESSION["BBS_username"] . "[/user][/align]";
434     }
435    
436     // Send message
437     $msg_content = mysqli_real_escape_string($db_conn, $msg_content);
438    
439     $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
440     VALUES($BBS_sys_uid, $uid, '$msg_content', NOW(), '" .
441     client_addr() . "')";
442    
443     $rs = mysqli_query($db_conn, $sql);
444     if ($rs == false)
445     {
446     $result_set["return"]["code"] = -2;
447     $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
448    
449     mysqli_close($db_conn);
450     exit(json_encode($result_set));
451     }
452    
453     // Commit transaction
454     $rs = mysqli_query($db_conn, "COMMIT");
455     if ($rs == false)
456     {
457     $result_set["return"]["code"] = -2;
458     $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
459    
460     mysqli_close($db_conn);
461     exit(json_encode($result_set));
462     }
463    
464     mysqli_close($db_conn);
465     exit(json_encode($result_set));
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1