/[LeafOK_CVS]/fenglin/bbs/user_service_ban.php
ViewVC logotype

Contents of /fenglin/bbs/user_service_ban.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.4 - (show annotations)
Tue Apr 29 11:55:32 2025 UTC (10 months, 2 weeks ago) by sysadm
Branch: MAIN
Changes since 1.3: +0 -1 lines 
Remove redundant PHP closing tag
1 <?php
2 require_once "../lib/str_process.inc.php";
3 require_once "../lib/db_open.inc.php";
4 require_once "../lib/lml.inc.php";
5 require_once "../lib/str_process.inc.php";
6 require_once "./article_op.inc.php";
7 require_once "./check_sub.inc.php";
8 require_once "./session_init.inc.php";
9
10 $data = json_decode(file_get_contents("php://input"), true);
11
12 $uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
13 $sid = (isset($data["sid"]) ? intval($data["sid"]) : -200);
14 $ban = (isset($data["ban"]) && $data["ban"] == "1");
15 $day = (isset($data["day"]) ? intval($data["day"]) : 0);
16 $reason = (isset($data["reason"]) ? $data["reason"] : "");
17
18 $result_set = array(
19 "return" => array(
20 "code" => 0,
21 "message" => "",
22 "errorFields" => array(),
23 )
24 );
25
26 header("Content-Type:application/json; charset=utf-8");
27
28 // Validate input data
29 if (!isset($_SESSION["BBS_uid"]) || $_SESSION["BBS_uid"] == 0)
30 {
31 $result_set["return"]["code"] = -1;
32 $result_set["return"]["message"] = "没有登录";
33
34 mysqli_close($db_conn);
35 exit(json_encode($result_set));
36 }
37
38 if ($sid < -2)
39 {
40 $result_set["return"]["code"] = -1;
41 $result_set["return"]["message"] = "错误的封禁类型";
42
43 mysqli_close($db_conn);
44 exit(json_encode($result_set));
45 }
46
47 if (($sid < 0 && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
48 || ($sid >= 0 && !$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M)))
49 {
50 $result_set["return"]["code"] = -1;
51 $result_set["return"]["message"] = "没有权限";
52
53 mysqli_close($db_conn);
54 exit(json_encode($result_set));
55 }
56
57 if ($_SESSION["BBS_uid"] == $uid)
58 {
59 $result_set["return"]["code"] = -1;
60 $result_set["return"]["message"] = "不能对自己操作";
61
62 mysqli_close($db_conn);
63 exit(json_encode($result_set));
64 }
65
66 if ($ban && ($day <= 0 || $day > 365 || $day != $data["day"]))
67 {
68 $result_set["return"]["code"] = -1;
69 $result_set["return"]["message"] = "期限不符合要求";
70
71 mysqli_close($db_conn);
72 exit(json_encode($result_set));
73 }
74
75 if ($ban && trim($reason) == "")
76 {
77 $result_set["return"]["code"] = -1;
78 $result_set["return"]["message"] = "理由必须填写";
79
80 mysqli_close($db_conn);
81 exit(json_encode($result_set));
82 }
83
84 $r_reason = check_badwords($reason, "****");
85 if ($reason != $r_reason)
86 {
87 $result_set["return"]["code"] = -1;
88 $result_set["return"]["message"] = "理由包含非法内容";
89
90 mysqli_close($db_conn);
91 exit(json_encode($result_set));
92 }
93
94 // Begin transaction
95 $rs = mysqli_query($db_conn, "SET autocommit=0");
96 if ($rs == false)
97 {
98 $result_set["return"]["code"] = -2;
99 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
100
101 mysqli_close($db_conn);
102 exit(json_encode($result_set));
103 }
104
105 $rs = mysqli_query($db_conn, "BEGIN");
106 if ($rs == false)
107 {
108 $result_set["return"]["code"] = -2;
109 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
110
111 mysqli_close($db_conn);
112 exit(json_encode($result_set));
113 }
114
115 // Check user
116 $sql = "SELECT username FROM user_list WHERE UID = $uid AND enable";
117
118 $rs = mysqli_query($db_conn, $sql);
119 if ($rs == false)
120 {
121 $result_set["return"]["code"] = -2;
122 $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
123
124 mysqli_close($db_conn);
125 exit(json_encode($result_set));
126 }
127
128 if ($row = mysqli_fetch_array($rs))
129 {
130 $ban_user = $row["username"];
131 }
132 else
133 {
134 $result_set["return"]["code"] = -1;
135 $result_set["return"]["message"] = "用户不存在";
136
137 mysqli_close($db_conn);
138 exit(json_encode($result_set));
139 }
140 mysqli_free_result($rs);
141
142 // Check system user
143 $sql = "SELECT username, nickname FROM user_list
144 INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
145 WHERE user_list.UID = $BBS_sys_uid";
146
147 $rs = mysqli_query($db_conn, $sql);
148 if ($rs == false)
149 {
150 $result_set["return"]["code"] = -2;
151 $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
152
153 mysqli_close($db_conn);
154 exit(json_encode($result_set));
155 }
156
157 if ($row = mysqli_fetch_array($rs))
158 {
159 $sys_user = $row["username"];
160 $sys_nick = $row["nickname"];
161 }
162 else
163 {
164 $result_set["return"]["code"] = -1;
165 $result_set["return"]["message"] = "系统账户不存在";
166
167 mysqli_close($db_conn);
168 exit(json_encode($result_set));
169 }
170 mysqli_free_result($rs);
171
172 // Check section
173 $section_title = "";
174 if ($sid > 0)
175 {
176 $sql = "SELECT title FROM section_config WHERE SID = $sid";
177
178 $rs = mysqli_query($db_conn, $sql);
179 if ($rs == false)
180 {
181 $result_set["return"]["code"] = -2;
182 $result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
183
184 mysqli_close($db_conn);
185 exit(json_encode($result_set));
186 }
187
188 if ($row = mysqli_fetch_array($rs))
189 {
190 $section_title=$row["title"];
191 }
192 else
193 {
194 $result_set["return"]["code"] = -1;
195 $result_set["return"]["message"] = "版块不存在";
196
197 mysqli_close($db_conn);
198 exit(json_encode($result_set));
199 }
200 mysqli_free_result($rs);
201 }
202 else if ($sid == 0)
203 {
204 $section_title = "本站所有";
205 }
206
207 // Check active ban
208 $sql = "SELECT BID FROM ban_user_list WHERE UID = $uid
209 AND SID = $sid AND enable FOR UPDATE";
210
211 $rs = mysqli_query($db_conn, $sql);
212 if ($rs == false)
213 {
214 $result_set["return"]["code"] = -2;
215 $result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);
216
217 mysqli_close($db_conn);
218 exit(json_encode($result_set));
219 }
220
221 if ($row = mysqli_fetch_array($rs))
222 {
223 $bid = $row["BID"];
224 }
225 else
226 {
227 $bid = 0;
228 }
229 mysqli_free_result($rs);
230
231 switch ($sid)
232 {
233 case 0:
234 $p_name = "发帖权限";
235 break;
236 case -1:
237 $p_name = "登陆权限";
238 break;
239 case -2:
240 $p_name = "消息权限";
241 break;
242 default:
243 $p_name = "发帖权限";
244 break;
245 }
246
247 if ($ban)
248 {
249 if ($bid != 0)
250 {
251 $result_set["return"]["code"] = -1;
252 $result_set["return"]["message"] = "已存在该类封禁";
253
254 mysqli_close($db_conn);
255 exit(json_encode($result_set));
256 }
257
258 $sql = "INSERT INTO ban_user_list(SID, UID, day, ban_uid, ban_dt,
259 ban_ip, unban_dt, reason) VALUES($sid, $uid, $day, " .
260 $_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() .
261 "', ADDDATE(NOW(), INTERVAL $day DAY), '" .
262 mysqli_real_escape_string($db_conn, $reason) . "')";
263
264 $rs = mysqli_query($db_conn, $sql);
265 if ($rs == false)
266 {
267 $result_set["return"]["code"] = -2;
268 $result_set["return"]["message"] = "Add ban record error: " . mysqli_error($db_conn);
269
270 mysqli_close($db_conn);
271 exit(json_encode($result_set));
272 }
273
274 //Subtract exp
275 $rs = user_exp_change($uid, ($sid ? -50 : -300), $db_conn);
276 if ($rs == false)
277 {
278 $result_set["return"]["code"] = -2;
279 $result_set["return"]["message"] = "Subtract exp error: " . mysqli_error($db_conn);
280
281 mysqli_close($db_conn);
282 exit(json_encode($result_set));
283 }
284
285 // Prepare announcement
286 $title = ($sid > 0 ? "" : "[全站]") . "封禁“" . $ban_user . "”".
287 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
288 $content = "用户“" . $ban_user . "”因:\n" . $reason . "\n应被封禁" .
289 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
290 $day . "天。\n如不服本决定, 可在7日内申请复议。\n" .
291 "执行人: " . $_SESSION["BBS_username"] . "\n";
292 }
293 else // if (!ban)
294 {
295 if ($bid == 0)
296 {
297 $result_set["return"]["code"] = -1;
298 $result_set["return"]["message"] = "不存在该类封禁";
299
300 mysqli_close($db_conn);
301 exit(json_encode($result_set));
302 }
303
304 $sql = "UPDATE ban_user_list SET unban_uid = " . $_SESSION["BBS_uid"] .
305 ", unban_dt = NOW(), unban_ip = '" . client_addr() .
306 "', enable = 0 WHERE BID = $bid";
307
308 $rs = mysqli_query($db_conn, $sql);
309 if ($rs == false)
310 {
311 $result_set["return"]["code"] = -2;
312 $result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);
313
314 mysqli_close($db_conn);
315 exit(json_encode($result_set));
316 }
317
318 // Prepare announcement
319 $title = ($sid > 0 ? "" : "[全站]") . "恢复“" . $ban_user . "”" .
320 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
321 $content = "已恢复用户“" . $ban_user . "”" .
322 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
323 "。\n执行人: " . $_SESSION["BBS_username"] . "\n";
324 }
325
326 // Set user privilege
327 $priv_name = "";
328 switch($sid)
329 {
330 case 0:
331 $priv_name = "p_post";
332 break;
333 case -1:
334 $priv_name = "p_login";
335 break;
336 case -2:
337 $priv_name = "p_msg";
338 break;
339 }
340
341 if ($priv_name != "")
342 {
343 $sql = "UPDATE user_list SET $priv_name = " . ($ban ? 0 : 1) . " WHERE UID = $uid";
344
345 $rs = mysqli_query($db_conn, $sql);
346 if ($rs == false)
347 {
348 $result_set["return"]["code"] = -2;
349 $result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);
350
351 mysqli_close($db_conn);
352 exit(json_encode($result_set));
353 }
354 }
355
356 $sql = "UPDATE user_online SET current_action = '".
357 ($ban && $sid == -1 ? "exit" : "reload") ."' WHERE UID = $uid";
358
359 $rs = mysqli_query($db_conn, $sql);
360 if ($rs == false)
361 {
362 $result_set["return"]["code"] = -2;
363 $result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);
364
365 mysqli_close($db_conn);
366 exit(json_encode($result_set));
367 }
368
369 // Calculate length of content
370 $length = str_length(LML($content, false, false, 1024));
371
372 // Post announcement
373 $title = mysqli_real_escape_string($db_conn, $title);
374 $content = mysqli_real_escape_string($db_conn, $content);
375
376 $sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";
377
378 $rs = mysqli_query($db_conn, $sql);
379 if ($rs == false)
380 {
381 $result_set["return"]["code"] = -2;
382 $result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);
383
384 mysqli_close($db_conn);
385 exit(json_encode($result_set));
386 }
387 $cid = mysqli_insert_id($db_conn);
388
389 $sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
390 sub_ip, last_reply_dt, icon, length, excerption)
391 VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
392 $cid, NOW(), '" . client_addr() . "', NOW(), " .
393 ($ban ? 9 : 11) . ", $length, " . ($ban && $sid <= 0 ? 1 : 0) . ")";
394
395 $rs = mysqli_query($db_conn, $sql);
396 if ($rs == false)
397 {
398 $result_set["return"]["code"] = -2;
399 $result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);
400
401 mysqli_close($db_conn);
402 exit(json_encode($result_set));
403 }
404 $aid = mysqli_insert_id($db_conn);
405
406 $sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";
407
408 $rs = mysqli_query($db_conn, $sql);
409 if ($rs == false)
410 {
411 $result_set["return"]["code"] = -2;
412 $result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);
413
414 mysqli_close($db_conn);
415 exit(json_encode($result_set));
416 }
417
418 // Prepare message
419 if ($ban)
420 {
421 $msg_content = "[hide]SYS_Ban_User[/hide]您" .
422 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
423 "已被封禁,详见[article " . $aid . "]处罚公告[/article]。" .
424 "[align right]执行人:[user " . $_SESSION["BBS_uid"] . "]" .
425 $_SESSION["BBS_username"] . "[/user][/align]";
426 }
427 else
428 {
429 $msg_content = "[hide]SYS_Unban_User[/hide]您" .
430 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
431 "已被恢复。[align right]执行人:[user " . $_SESSION["BBS_uid"] . "]" .
432 $_SESSION["BBS_username"] . "[/user][/align]";
433 }
434
435 // Send message
436 $msg_content = mysqli_real_escape_string($db_conn, $msg_content);
437
438 $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
439 VALUES($BBS_sys_uid, $uid, '$msg_content', NOW(), '" .
440 client_addr() . "')";
441
442 $rs = mysqli_query($db_conn, $sql);
443 if ($rs == false)
444 {
445 $result_set["return"]["code"] = -2;
446 $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
447
448 mysqli_close($db_conn);
449 exit(json_encode($result_set));
450 }
451
452 // Commit transaction
453 $rs = mysqli_query($db_conn, "COMMIT");
454 if ($rs == false)
455 {
456 $result_set["return"]["code"] = -2;
457 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
458
459 mysqli_close($db_conn);
460 exit(json_encode($result_set));
461 }
462
463 mysqli_close($db_conn);
464 exit(json_encode($result_set));
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1