fenglin/manage/unban_user.php

<?php
        if (isset($_SERVER["argv"]) && strrpos($_SERVER["argv"][0], "/") !== false)
        {
                chdir(substr($_SERVER["argv"][0], 0, strrpos($_SERVER["argv"][0], "/")));
        }

        require_once "../lib/common.inc.php";
        require_once "../lib/lml.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "../lib/db_open.inc.php";

        if (!isset($_SERVER["argc"]))
        {
                require_once "../bbs/session_init.inc.php";

                force_login();
        }

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                "data" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        if (!(isset($_SESSION["BBS_priv"]) && $_SESSION["BBS_priv"]->checklevel(P_ADMIN_M | P_ADMIN_S))
                && !isset($_SERVER["argc"]))
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        
        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Check system user
        $sql = "SELECT username, nickname FROM user_list
                        INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
                        WHERE user_list.UID = $BBS_sys_uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $sys_user = $row["username"];
                $sys_nick = $row["nickname"];
        }
        else
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "系统账户不存在";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        mysqli_free_result($rs);

        // Check expired ban record
        $sql = "SELECT BID, ban_user_list.UID, ban_user_list.SID, username, title FROM ban_user_list 
                        LEFT JOIN user_list ON ban_user_list.UID = user_list.UID
                        LEFT JOIN section_config ON ban_user_list.SID = section_config.SID
                        WHERE ban_user_list.enable AND unban_dt <= NOW()";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        while ($row = mysqli_fetch_array($rs))
        {
                switch ($row["SID"])
                {
                        case 0:
                                $p_name = "发帖权限";
                                break;
                        case -1:
                                $p_name = "登陆权限";
                                break;
                        case -2:
                                $p_name = "消息权限";
                                break;
                        default:
                                $p_name = "发帖权限";
                                break;
                }

                $sql = "UPDATE ban_user_list SET enable = 0, unban_UID = $BBS_sys_uid,
                                unban_dt = NOW(), unban_ip = '127.0.0.1' WHERE BID = " . $row["BID"];

                $ret = mysqli_query($db_conn, $sql);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Prepare announcement
                $title = ($row["SID"] > 0 ? "" : "[全站]") . "恢复“" . $row["username"] . "”" .
                        ($row["SID"] > 0 ? "在“" . $row["title"] . "”版块的" : "全站") . $p_name;
                $content = "已恢复用户“" . $row["username"] . "”" .
                        ($row["SID"] > 0 ? "在“" . $row["title"] . "”版块的" : "全站") . $p_name .
                        "。\n执行人: " . $sys_user . "\n";

                // Set user privilege
                $priv_name = "";
                switch ($row["SID"])
                {
                        case 0:
                                $priv_name = "p_post";
                                break;
                        case -1:
                                $priv_name = "p_login";
                                break;
                        case -2:
                                $priv_name = "p_msg";
                                break;
                }

                if ($priv_name != "")
                {
                        $sql = "UPDATE user_list SET $priv_name = 1 WHERE UID = " . $row["UID"];

                        $ret = mysqli_query($db_conn, $sql);
                        if ($ret == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);
        
                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }

                $sql = "UPDATE user_online SET current_action = 'reload' WHERE UID = " . $row["UID"];

                $ret = mysqli_query($db_conn, $sql);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Calculate length of content
                $length = str_length(LML($content, false, false, 1024));

                // Post announcement
                $title = mysqli_real_escape_string($db_conn, $title);
                $content = mysqli_real_escape_string($db_conn, $content);

                $sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";

                $ret = mysqli_query($db_conn, $sql);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
                $cid = mysqli_insert_id($db_conn);

                $sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
                                sub_ip, last_reply_dt, icon, length, excerption)
                                VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
                                $cid, NOW(), '127.0.0.1', NOW(), 11, $length, 0)";

                $ret = mysqli_query($db_conn, $sql);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
                $aid = mysqli_insert_id($db_conn);

                $sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";

                $ret = mysqli_query($db_conn, $sql);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Prepare message
                $msg_content = "[hide]SYS_Unban_User[/hide]您" .
                        ($row["SID"] > 0 ? "在“" . $row["title"] . "”版块的" : "全站") . $p_name .
                        "已被恢复。[align right]执行人：[user " . $BBS_sys_uid . "]" .
                        $sys_user . "[/user][/align]";

                // Send message
                $msg_content = mysqli_real_escape_string($db_conn, $msg_content);

                $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                                VALUES($BBS_sys_uid, " . $row["UID"] . ", '$msg_content', NOW(), '127.0.0.1')";

                $ret = mysqli_query($db_conn, $sql);
                if ($ret == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                array_push($result_set["return"]["data"], array(
                        "bid" => $row["BID"],
                        "uid" => $row["UID"],
                        "sid" => $row["SID"],
                ));
        }

        mysqli_free_result($rs);

        // Commit transaction
        $rs = mysqli_query($db_conn, "COMMIT");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	<?php
2	if (isset($_SERVER["argv"]) && strrpos($_SERVER["argv"][0], "/") !== false)
3	{
4	chdir(substr($_SERVER["argv"][0], 0, strrpos($_SERVER["argv"][0], "/")));
5	}
6
7	require_once "../lib/common.inc.php";
8	require_once "../lib/lml.inc.php";
9	require_once "../lib/str_process.inc.php";
10	require_once "../lib/db_open.inc.php";
11
12	if (!isset($_SERVER["argc"]))
13	{
14	require_once "../bbs/session_init.inc.php";
15
16	force_login();
17	}
18
19	$result_set = array(
20	"return" => array(
21	"code" => 0,
22	"message" => "",
23	"errorFields" => array(),
24	"data" => array(),
25	)
26	);
27
28	header("Content-Type:application/json; charset=utf-8");
29
30	if (!(isset($_SESSION["BBS_priv"]) && $_SESSION["BBS_priv"]->checklevel(P_ADMIN_M \| P_ADMIN_S))
31	&& !isset($_SERVER["argc"]))
32	{
33	$result_set["return"]["code"] = -1;
34	$result_set["return"]["message"] = "没有权限";
35
36	mysqli_close($db_conn);
37	exit(json_encode($result_set));
38	}
39
40	// Begin transaction
41	$rs = mysqli_query($db_conn, "SET autocommit=0");
42	if ($rs == false)
43	{
44	$result_set["return"]["code"] = -2;
45	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
46
47	mysqli_close($db_conn);
48	exit(json_encode($result_set));
49	}
50
51	$rs = mysqli_query($db_conn, "BEGIN");
52	if ($rs == false)
53	{
54	$result_set["return"]["code"] = -2;
55	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
56
57	mysqli_close($db_conn);
58	exit(json_encode($result_set));
59	}
60
61	// Check system user
62	$sql = "SELECT username, nickname FROM user_list
63	INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
64	WHERE user_list.UID = $BBS_sys_uid";
65
66	$rs = mysqli_query($db_conn, $sql);
67	if ($rs == false)
68	{
69	$result_set["return"]["code"] = -2;
70	$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
71
72	mysqli_close($db_conn);
73	exit(json_encode($result_set));
74	}
75
76	if ($row = mysqli_fetch_array($rs))
77	{
78	$sys_user = $row["username"];
79	$sys_nick = $row["nickname"];
80	}
81	else
82	{
83	$result_set["return"]["code"] = -1;
84	$result_set["return"]["message"] = "系统账户不存在";
85
86	mysqli_close($db_conn);
87	exit(json_encode($result_set));
88	}
89	mysqli_free_result($rs);
90
91	// Check expired ban record
92	$sql = "SELECT BID, ban_user_list.UID, ban_user_list.SID, username, title FROM ban_user_list
93	LEFT JOIN user_list ON ban_user_list.UID = user_list.UID
94	LEFT JOIN section_config ON ban_user_list.SID = section_config.SID
95	WHERE ban_user_list.enable AND unban_dt <= NOW()";
96
97	$rs = mysqli_query($db_conn, $sql);
98	if ($rs == false)
99	{
100	$result_set["return"]["code"] = -2;
101	$result_set["return"]["message"] = "Query ban record error: " . mysqli_error($db_conn);
102
103	mysqli_close($db_conn);
104	exit(json_encode($result_set));
105	}
106
107	while ($row = mysqli_fetch_array($rs))
108	{
109	switch ($row["SID"])
110	{
111	case 0:
112	$p_name = "发帖权限";
113	break;
114	case -1:
115	$p_name = "登陆权限";
116	break;
117	case -2:
118	$p_name = "消息权限";
119	break;
120	default:
121	$p_name = "发帖权限";
122	break;
123	}
124
125	$sql = "UPDATE ban_user_list SET enable = 0, unban_UID = $BBS_sys_uid,
126	unban_dt = NOW(), unban_ip = '127.0.0.1' WHERE BID = " . $row["BID"];
127
128	$ret = mysqli_query($db_conn, $sql);
129	if ($ret == false)
130	{
131	$result_set["return"]["code"] = -2;
132	$result_set["return"]["message"] = "Update ban record error: " . mysqli_error($db_conn);
133
134	mysqli_close($db_conn);
135	exit(json_encode($result_set));
136	}
137
138	// Prepare announcement
139	$title = ($row["SID"] > 0 ? "" : "[全站]") . "恢复“" . $row["username"] . "”" .
140	($row["SID"] > 0 ? "在“" . $row["title"] . "”版块的" : "全站") . $p_name;
141	$content = "已恢复用户“" . $row["username"] . "”" .
142	($row["SID"] > 0 ? "在“" . $row["title"] . "”版块的" : "全站") . $p_name .
143	"。\n执行人: " . $sys_user . "\n";
144
145	// Set user privilege
146	$priv_name = "";
147	switch ($row["SID"])
148	{
149	case 0:
150	$priv_name = "p_post";
151	break;
152	case -1:
153	$priv_name = "p_login";
154	break;
155	case -2:
156	$priv_name = "p_msg";
157	break;
158	}
159
160	if ($priv_name != "")
161	{
162	$sql = "UPDATE user_list SET $priv_name = 1 WHERE UID = " . $row["UID"];
163
164	$ret = mysqli_query($db_conn, $sql);
165	if ($ret == false)
166	{
167	$result_set["return"]["code"] = -2;
168	$result_set["return"]["message"] = "Update user privilege error: " . mysqli_error($db_conn);
169
170	mysqli_close($db_conn);
171	exit(json_encode($result_set));
172	}
173	}
174
175	$sql = "UPDATE user_online SET current_action = 'reload' WHERE UID = " . $row["UID"];
176
177	$ret = mysqli_query($db_conn, $sql);
178	if ($ret == false)
179	{
180	$result_set["return"]["code"] = -2;
181	$result_set["return"]["message"] = "Update user online error: " . mysqli_error($db_conn);
182
183	mysqli_close($db_conn);
184	exit(json_encode($result_set));
185	}
186
187	// Calculate length of content
188	$length = str_length(LML($content, false, false, 1024));
189
190	// Post announcement
191	$title = mysqli_real_escape_string($db_conn, $title);
192	$content = mysqli_real_escape_string($db_conn, $content);
193
194	$sql = "INSERT INTO bbs_content(AID, content) VALUES(0, '$content')";
195
196	$ret = mysqli_query($db_conn, $sql);
197	if ($ret == false)
198	{
199	$result_set["return"]["code"] = -2;
200	$result_set["return"]["message"] = "Add content error: " . mysqli_error($db_conn);
201
202	mysqli_close($db_conn);
203	exit(json_encode($result_set));
204	}
205	$cid = mysqli_insert_id($db_conn);
206
207	$sql = "INSERT INTO bbs(SID, TID, UID, username, nickname, title, CID, sub_dt,
208	sub_ip, last_reply_dt, icon, length, excerption)
209	VALUES($BBS_notice_sid, 0, $BBS_sys_uid, '$sys_user', '$sys_nick', '$title',
210	$cid, NOW(), '127.0.0.1', NOW(), 11, $length, 0)";
211
212	$ret = mysqli_query($db_conn, $sql);
213	if ($ret == false)
214	{
215	$result_set["return"]["code"] = -2;
216	$result_set["return"]["message"] = "Add article error: " . mysqli_error($db_conn);
217
218	mysqli_close($db_conn);
219	exit(json_encode($result_set));
220	}
221	$aid = mysqli_insert_id($db_conn);
222
223	$sql = "UPDATE bbs_content SET AID = $aid WHERE CID = $cid";
224
225	$ret = mysqli_query($db_conn, $sql);
226	if ($ret == false)
227	{
228	$result_set["return"]["code"] = -2;
229	$result_set["return"]["message"] = "Update content error: " . mysqli_error($db_conn);
230
231	mysqli_close($db_conn);
232	exit(json_encode($result_set));
233	}
234
235	// Prepare message
236	$msg_content = "[hide]SYS_Unban_User[/hide]您" .
237	($row["SID"] > 0 ? "在“" . $row["title"] . "”版块的" : "全站") . $p_name .
238	"已被恢复。[align right]执行人：[user " . $BBS_sys_uid . "]" .
239	$sys_user . "[/user][/align]";
240
241	// Send message
242	$msg_content = mysqli_real_escape_string($db_conn, $msg_content);
243
244	$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
245	VALUES($BBS_sys_uid, " . $row["UID"] . ", '$msg_content', NOW(), '127.0.0.1')";
246
247	$ret = mysqli_query($db_conn, $sql);
248	if ($ret == false)
249	{
250	$result_set["return"]["code"] = -2;
251	$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
252
253	mysqli_close($db_conn);
254	exit(json_encode($result_set));
255	}
256
257	array_push($result_set["return"]["data"], array(
258	"bid" => $row["BID"],
259	"uid" => $row["UID"],
260	"sid" => $row["SID"],
261	));
262	}
263
264	mysqli_free_result($rs);
265
266	// Commit transaction
267	$rs = mysqli_query($db_conn, "COMMIT");
268	if ($rs == false)
269	{
270	$result_set["return"]["code"] = -2;
271	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
272
273	mysqli_close($db_conn);
274	exit(json_encode($result_set));
275	}
276
277	mysqli_close($db_conn);
278	exit(json_encode($result_set));
279	?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1