forked from Xkeeper0/jul
-
Notifications
You must be signed in to change notification settings - Fork 1
/
admin-pendingusers.php
127 lines (111 loc) · 4.54 KB
/
admin-pendingusers.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
require "lib/common.php";
admincheck();
if (isset($_POST['act'])){
check_token($_POST['auth']);
$_GET['id'] = filter_int($_GET['id']);
if (!$_GET['id']) {
errorpage("No user selected.", 'admin-pendingusers.php', 'the Pending users page');
}
$data = $sql->fetchq("SELECT * FROM pendingusers WHERE id = {$_GET['id']}");
if (!$data) {
errorpage("This user doesn't exist. (ID #{$_GET['id']})", 'admin-pendingusers.php', 'the Pending users page');
}
if ($_POST['act'] == 'Accept') {
/*
User accepted:
- "move" the row from pendingusers to users
- create the necessary fields/userpic folder for a new user
*/
$sql->beginTransaction();
$newuser = $sql->prepare("INSERT INTO users (name, password, email, lastip, lastua, regdate, postsperpage, threadsperpage, scheme) VALUES (?,?,?,?,?,?,?,?,?)");
$sql->execute($newuser, [$data['name'], $data['password'], $data['email'], $data['ip'], $data['ua'], time(), $config['default-ppp'], $config['default-tpp'], $miscdata['defaultscheme']]);
$newuserid = $sql->insert_id();
$sql->query("DELETE FROM pendingusers WHERE id = {$_GET['id']}");
$sql->query("INSERT INTO forumread (user, forum, readdate) SELECT {$newuserid}, id, ".time()." FROM forums");
$sql->query("INSERT INTO users_rpg (uid) VALUES ({$newuserid})");
if ($config['log-useragents']) {
$ldata = [
'user' => $newuserid,
'ip' => $data['ip'],
'creationdate' => $data['date'],
'lastchange' => $data['date'],
'useragent' => $data['ua'],
'hash' => md5($data['ua']),
];
$sql->queryp("INSERT INTO log_useragent SET ".mysql::setplaceholders($ldata)."", $ldata);
}
$sql->commit();
report_new_user("approved pending user", [
'id' => $newuserid,
'name' => $data['name'],
'ip' => $data['ip']
]);
errorpage("User approved!", 'admin-pendingusers.php', 'the Pending Users page');
} else if ($_POST['act'] == 'Reject') {
/*
Rejected
Simply delete the pendinguser data
*/
$sql->query("DELETE FROM pendingusers WHERE id = {$_GET['id']}");
report_send(
IRC_STAFF, xk(8)."{$loguser['name']}".xk(7)." REJECTED pending user ".xk(8)."{$data['name']}".xk(7)." with IP ".xk(8)."{$data['ip']}".xk(7).".",
IRC_STAFF, "**{$loguser['name']}** REJECTED pending user **{$data['name']}** with IP **{$data['ip']}**."
);
errorpage("User rejected!", 'admin-pendingusers.php', 'the Pending Users page');
} else if ($_POST['act'] == 'IP Ban') {
/*
IP Banned:
Add IP Ban and delete the pendingusers data
*/
$sql->query("DELETE FROM pendingusers WHERE id = {$_GET['id']}");
$ircmsg = xk(8)."{$loguser['name']}".xk(7)." IP BANNED pending user ".xk(8)."{$data['name']}".xk(7)." with IP ".xk(8)."{$data['ip']}".xk(7).".";
ipban($data['ip'], "Rejected", $ircmsg, IRC_STAFF, 0, $loguser['id']);
errorpage("User blocked!", 'admin-pendingusers.php', 'the Pending Users page');
} else {
errorpage("Invalid action.", 'admin-pendingusers.php', 'the Pending Users page');
}
}
$users = $sql->query("SELECT * FROM pendingusers ORDER BY date DESC");
if ($sql->num_rows($users)) {
$txt = "";
$token = auth_tag();
while ($u = $sql->fetch($users)) {
$ip = htmlspecialchars($u['ip']);
$txt .= "
<tr>
<td class='tdbg1 center' rowspan='2'>{$u['id']}</td>
<td class='tdbg2'>".htmlspecialchars($u['name'])."</td>
<td class='tdbg2 center'>".printdate($u['date'])."</td>
<td class='tdbg1 center'><a href=\"admin-ipsearch.php?ip={$ip}\">{$ip}</a></td>
<td class='tdbg2 center'>
<form method='POST' action='?id={$u['id']}' style='display: inline'>
{$token}
<input type='submit' name='act' value='Accept'>
<input type='submit' name='act' value='Reject'>
<input type='submit' name='act' value='IP Ban'>
</form>
</td>
</tr>
<tr><td class='tdbg2 fonts' colspan='4'>".escape_html($u['ua'])."</td></tr>
";
}
} else {
$txt = "<tr><td class='tdbg1 center' colspan='5'>There are no pending users to be judged.</td></tr>";
}
pageheader("Pending users");
print adminlinkbar();
?>
<table class='table'>
<tr><td class='tdbgh center b' colspan='5'>Pending users</td></tr>
<tr>
<td class='tdbgc center b' style='width: 50px'>#</td>
<td class='tdbgc center b'>Name</td>
<td class='tdbgc center b' style='width: 250px'>Date</td>
<td class='tdbgc center b' style='width: 200px'>IP</td>
<td class='tdbgc center b' style='width: 230px'>Action</td>
</tr>
<?= $txt ?>
</table>
<?php
pagefooter();