/[LeafOK_CVS]/fenglin/bbs/user_service_ban.php
ViewVC logotype

Contents of /fenglin/bbs/user_service_ban.php

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.8 - (show annotations)
Thu Nov 6 12:39:59 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.7: +3 -2 lines 
Optimize implementation of check_badwords()
Add param $bw_count to get the count of badwords replaced
1 <?php
2 require_once "../lib/str_process.inc.php";
3 require_once "../lib/db_open.inc.php";
4 require_once "../lib/lml.inc.php";
5 require_once "../lib/str_process.inc.php";
6 require_once "./article_op.inc.php";
7 require_once "./check_sub.inc.php";
8 require_once "./session_init.inc.php";
9
10 $data = json_decode(file_get_contents("php://input"), true);
11
12 $uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
13 $sid = (isset($data["sid"]) ? intval($data["sid"]) : -200);
14 $ban = (isset($data["ban"]) && $data["ban"] == "1");
15 $day = (isset($data["day"]) ? intval($data["day"]) : 0);
16 $reason = (isset($data["reason"]) ? $data["reason"] : "");
17
18 $result_set = array(
19 "return" => array(
20 "code" => 0,
21 "message" => "",
22 "errorFields" => array(),
23 )
24 );
25
26 header("Content-Type:application/json; charset=utf-8");
27
28 // Validate input data
29 if (!isset($_SESSION["BBS_uid"]) || $_SESSION["BBS_uid"] == 0)
30 {
31 $result_set["return"]["code"] = -1;
32 $result_set["return"]["message"] = "没有登录";
33
34 mysqli_close($db_conn);
35 exit(json_encode($result_set));
36 }
37
38 if ($sid < -2)
39 {
40 $result_set["return"]["code"] = -1;
41 $result_set["return"]["message"] = "错误的封禁类型";
42
43 mysqli_close($db_conn);
44 exit(json_encode($result_set));
45 }
46
47 if (($sid < 0 && !$_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
48 || ($sid >= 0 && !$_SESSION["BBS_priv"]->checkpriv($sid, S_MAN_M)))
49 {
50 $result_set["return"]["code"] = -1;
51 $result_set["return"]["message"] = "没有权限";
52
53 mysqli_close($db_conn);
54 exit(json_encode($result_set));
55 }
56
57 if ($_SESSION["BBS_uid"] == $uid)
58 {
59 $result_set["return"]["code"] = -1;
60 $result_set["return"]["message"] = "不能对自己操作";
61
62 mysqli_close($db_conn);
63 exit(json_encode($result_set));
64 }
65
66 if ($ban && ($day <= 0 || $day > 365 || $day != $data["day"]))
67 {
68 $result_set["return"]["code"] = -1;
69 $result_set["return"]["message"] = "期限不符合要求";
70
71 mysqli_close($db_conn);
72 exit(json_encode($result_set));
73 }
74
75 if ($ban && trim($reason) == "")
76 {
77 $result_set["return"]["code"] = -1;
78 $result_set["return"]["message"] = "理由必须填写";
79
80 mysqli_close($db_conn);
81 exit(json_encode($result_set));
82 }
83
84 $bw_count = 0;
85 $r_reason = check_badwords($reason, "****", $bw_count);
86 if ($bw_count > 0)
87 {
88 $result_set["return"]["code"] = -1;
89 $result_set["return"]["message"] = "理由包含非法内容";
90
91 mysqli_close($db_conn);
92 exit(json_encode($result_set));
93 }
94
95 // Begin transaction
96 $rs = mysqli_query($db_conn, "SET autocommit=0");
97 if ($rs == false)
98 {
99 $result_set["return"]["code"] = -2;
100 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
101
102 mysqli_close($db_conn);
103 exit(json_encode($result_set));
104 }
105
106 $rs = mysqli_query($db_conn, "BEGIN");
107 if ($rs == false)
108 {
109 $result_set["return"]["code"] = -2;
110 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
111
112 mysqli_close($db_conn);
113 exit(json_encode($result_set));
114 }
115
116 // Check user
117 $sql = "SELECT username FROM user_list WHERE UID = $uid AND enable";
118
119 $rs = mysqli_query($db_conn, $sql);
120 if ($rs == false)
121 {
122 $result_set["return"]["code"] = -2;
123 $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
124
125 mysqli_close($db_conn);
126 exit(json_encode($result_set));
127 }
128
129 if ($row = mysqli_fetch_array($rs))
130 {
131 $ban_user = $row["username"];
132 }
133 else
134 {
135 $result_set["return"]["code"] = -1;
136 $result_set["return"]["message"] = "用户不存在";
137
138 mysqli_close($db_conn);
139 exit(json_encode($result_set));
140 }
141 mysqli_free_result($rs);
142
143 // Check system user
144 $sql = "SELECT username, nickname FROM user_list
145 INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
146 WHERE user_list.UID = $BBS_sys_uid";
147
148 $rs = mysqli_query($db_conn, $sql);
149 if ($rs == false)
150 {
151 $result_set["return"]["code"] = -2;
152 $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
153
154 mysqli_close($db_conn);
155 exit(json_encode($result_set));
156 }
157
158 if ($row = mysqli_fetch_array($rs))
159 {
160 $sys_user = $row["username"];
161 $sys_nick = $row["nickname"];
162 }
163 else
164 {
165 $result_set["return"]["code"] = -1;
166 $result_set["return"]["message"] = "系统账户不存在";
167
168 mysqli_close($db_conn);
169 exit(json_encode($result_set));
170 }
171 mysqli_free_result($rs);
172
173 // Check section
174 $section_title = "";
175 if ($sid > 0)
176 {
177 $sql = "SELECT title FROM section_config WHERE SID = $sid";
178
179 $rs = mysqli_query($db_conn, $sql);
180 if ($rs == false)
181 {
182 $result_set["return"]["code"] = -2;
183 $result_set["return"]["message"] = "Query section error: " . mysqli_error($db_conn);
184
185 mysqli_close($db_conn);
186 exit(json_encode($result_set));
187 }
188
189 if ($row = mysqli_fetch_array($rs))
190 {
191 $section_title=$row["title"];
192 }
193 else
194 {
195 $result_set["return"]["code"] = -1;
196 $result_set["return"]["message"] = "版块不存在";
197
198 mysqli_close($db_conn);
199 exit(json_encode($result_set));
200 }
201 mysqli_free_result($rs);
202 }
203 else if ($sid == 0)
204 {
205 $section_title = "本站所有";
206 }
207
208 // Check active ban
209 $sql = "SELECT BID FROM ban_user_list WHERE UID = $uid
210 AND SID = $sid AND enable FOR UPDATE";
211
212 $rs = mysqli_query($db_conn, $sql);
213 if ($rs == false)
214 {
215 $result_set["return"]["code"] = -2;
216 $result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);
217
218 mysqli_close($db_conn);
219 exit(json_encode($result_set));
220 }
221
222 if ($row = mysqli_fetch_array($rs))
223 {
224 $bid = $row["BID"];
225 }
226 else
227 {
228 $bid = 0;
229 }
230 mysqli_free_result($rs);
231
232 switch ($sid)
233 {
234 case 0:
235 $p_name = "发帖权限";
236 break;
237 case -1:
238 $p_name = "登陆权限";
239 break;
240 case -2:
241 $p_name = "消息权限";
242 break;
243 default:
244 $p_name = "发帖权限";
245 break;
246 }
247
248 if ($ban)
249 {
250 if ($bid != 0)
251 {
252 $result_set["return"]["code"] = -1;
253 $result_set["return"]["message"] = "已存在该类封禁";
254
255 mysqli_close($db_conn);
256 exit(json_encode($result_set));
257 }
258
259 $sql = "INSERT INTO ban_user_list(SID, UID, day, ban_uid, ban_dt,
260 ban_ip, unban_dt, reason) VALUES($sid, $uid, $day, " .
261 $_SESSION["BBS_uid"] . ", NOW(), '" . client_addr() .
262 "', ADDDATE(NOW(), INTERVAL $day DAY), '" .
263 mysqli_real_escape_string($db_conn, $reason) . "')";
264
265 $rs = mysqli_query($db_conn, $sql);
266 if ($rs == false)
267 {
268 $result_set["return"]["code"] = -2;
269 $result_set["return"]["message"] = "Add ban record error: " . mysqli_error($db_conn);
270
271 mysqli_close($db_conn);
272 exit(json_encode($result_set));
273 }
274
275 //Subtract exp
276 $rs = user_exp_change($uid, ($sid ? -50 : -300), $db_conn);
277 if ($rs == false)
278 {
279 $result_set["return"]["code"] = -2;
280 $result_set["return"]["message"] = "Subtract exp error: " . mysqli_error($db_conn);
281
282 mysqli_close($db_conn);
283 exit(json_encode($result_set));
284 }
285
286 // Prepare announcement
287 $title = ($sid > 0 ? "" : "[全站]") . "封禁“" . $ban_user . "”".
288 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
289 $content = "用户“" . $ban_user . "”因:\n" . $reason . "\n应被封禁" .
290 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
291 $day . "天。\n如不服本决定, 可在7日内申请复议。\n" .
292 "执行人: " . $_SESSION["BBS_username"] . "\n";
293 }
294 else // if (!ban)
295 {
296 if ($bid == 0)
297 {
298 $result_set["return"]["code"] = -1;
299 $result_set["return"]["message"] = "不存在该类封禁";
300
301 mysqli_close($db_conn);
302 exit(json_encode($result_set));
303 }
304
305 $sql = "UPDATE ban_user_list SET unban_uid = " . $_SESSION["BBS_uid"] .
306 ", unban_dt = NOW(), unban_ip = '" . client_addr() .
307 "', enable = 0 WHERE BID = $bid";
308
309 $rs = mysqli_query($db_conn, $sql);
310 if ($rs == false)
311 {
312 $result_set["return"]["code"] = -2;
313 $result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);
314
315 mysqli_close($db_conn);
316 exit(json_encode($result_set));
317 }
318
319 // Prepare announcement
320 $title = ($sid > 0 ? "" : "[全站]") . "恢复“" . $ban_user . "”" .
321 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name;
322 $content = "已恢复用户“" . $ban_user . "”" .
323 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
324 "。\n执行人: " . $_SESSION["BBS_username"] . "\n";
325 }
326
327 // Set user privilege
328 $priv_name = "";
329 switch($sid)
330 {
331 case 0:
332 $priv_name = "p_post";
333 break;
334 case -1:
335 $priv_name = "p_login";
336 break;
337 case -2:
338 $priv_name = "p_msg";
339 break;
340 }
341
342 if ($priv_name != "")
343 {
344 $sql = "UPDATE user_list SET $priv_name = " . ($ban ? 0 : 1) . " WHERE UID = $uid";
345
346 $rs = mysqli_query($db_conn, $sql);
347 if ($rs == false)
348 {
349 $result_set["return"]["code"] = -2;
350 $result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);
351
352 mysqli_close($db_conn);
353 exit(json_encode($result_set));
354 }
355 }
356
357 $sql = "UPDATE user_online SET current_action = '".
358 ($ban && $sid == -1 ? "exit" : "reload") ."' WHERE UID = $uid";
359
360 $rs = mysqli_query($db_conn, $sql);
361 if ($rs == false)
362 {
363 $result_set["return"]["code"] = -2;
364 $result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);
365
366 mysqli_close($db_conn);
367 exit(json_encode($result_set));
368 }
369
370 // Calculate length of content
371 $length = str_length($content, true);
372
373 // Post announcement
374 $title = mysqli_real_escape_string($db_conn, $title);
375 $content = mysqli_real_escape_string($db_conn, $content);
376
377 $sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";
378
379 $rs = mysqli_query($db_conn, $sql);
380 if ($rs == false)
381 {
382 $result_set["return"]["code"] = -2;
383 $result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);
384
385 mysqli_close($db_conn);
386 exit(json_encode($result_set));
387 }
388 $cid = mysqli_insert_id($db_conn);
389
390 $sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
391 sub_ip, last_reply_dt, icon, length, excerption)
392 VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
393 $cid, NOW(), '" . client_addr() . "', NOW(), " .
394 ($ban ? 9 : 11) . ", $length, " . ($ban && $sid <= 0 ? 1 : 0) . ")";
395
396 $rs = mysqli_query($db_conn, $sql);
397 if ($rs == false)
398 {
399 $result_set["return"]["code"] = -2;
400 $result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);
401
402 mysqli_close($db_conn);
403 exit(json_encode($result_set));
404 }
405 $aid = mysqli_insert_id($db_conn);
406
407 $sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";
408
409 $rs = mysqli_query($db_conn, $sql);
410 if ($rs == false)
411 {
412 $result_set["return"]["code"] = -2;
413 $result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);
414
415 mysqli_close($db_conn);
416 exit(json_encode($result_set));
417 }
418
419 // Prepare message
420 if ($ban)
421 {
422 $msg_content = "您" .
423 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
424 "已被封禁,详见[article " . $aid . "]处罚公告[/article]。" .
425 "[align right]执行人:[user " . $_SESSION["BBS_uid"] . "]" .
426 $_SESSION["BBS_username"] . "[/user][/align]";
427 }
428 else
429 {
430 $msg_content = "您" .
431 ($sid > 0 ? "在“" . $section_title . "”版块的" : "全站") . $p_name .
432 "已被恢复。[align right]执行人:[user " . $_SESSION["BBS_uid"] . "]" .
433 $_SESSION["BBS_username"] . "[/user][/align]";
434 }
435
436 // Send message
437 $msg_content = mysqli_real_escape_string($db_conn, $msg_content);
438
439 $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
440 VALUES($BBS_sys_uid, $uid, '$msg_content', NOW(), '" .
441 client_addr() . "')";
442
443 $rs = mysqli_query($db_conn, $sql);
444 if ($rs == false)
445 {
446 $result_set["return"]["code"] = -2;
447 $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
448
449 mysqli_close($db_conn);
450 exit(json_encode($result_set));
451 }
452
453 // Commit transaction
454 $rs = mysqli_query($db_conn, "COMMIT");
455 if ($rs == false)
456 {
457 $result_set["return"]["code"] = -2;
458 $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
459
460 mysqli_close($db_conn);
461 exit(json_encode($result_set));
462 }
463
464 mysqli_close($db_conn);
465 exit(json_encode($result_set));
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1