Файл: adm/ban.php
Строк: 38
<?php
include '../system/sys.php';
include '../system/funcs.php';
if (!isset ($us)) {
header ('location: /');
exit;
}
if ($us['level']<1) {
header ('location:/');
exit;
}
H ('Бан', 'Бан');
if (isset ($_GET['id'])) {
$_GET['id'] = intval ($_GET['id']);
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`=?)", array ($_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /adm/nick.php');
exit;
}
}
echo '<form action="/adm/ban.php?add" method="post">';
echo '<div class="list1">';
echo 'Id:<br/><input name="id" value="' . $_GET['id'] . '"/><br/>';
echo 'Причина:<br/><textarea name="text"></textarea><br/>';
echo 'Срок:<br/>';
echo '<input name="d" size="2"/> д.<br/>';
echo '<input name="h" size="2"/> ч.<br/>';
echo '<input name="m" size="2"/> м.<br/>';
echo '<input name="s" size="2"/> с.<br/>';
echo '</div>';
echo '<div class="lst">';
echo '<input type="submit" value="Забанить"/>';
echo '</div>';
echo '</form>';
if (isset ($_GET['add'])) {
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`=?)", array ((int) $_POST['id']));
if ($query -> rowCount () == 0) {
header ('location: /adm/ban.php');
exit;
}
else {
$u = $query -> fetch ();
$_POST['text'] = htmlspecialchars (addslashes (trim ($_POST['text'])));
if ($u['level']>=$us['level']) {
echo '
<div class="list1">
<b style="color:red;">Ошибка!</b>
</div>
';
}
elseif (empty ($_POST['text'])) {
echo '
<div class="list1">
<b style="color:red;">Вы не ввели причину..</b>
</div>
';
}
else {
$_POST['d'] = (int) $_POST['d'];
if ($_POST['d']<0) {
$_POST['d'] = 0;
}
$_POST['h'] = (int) $_POST['h'];
if ($_POST['h']<0) {
$_POST['h'] = 0;
}
if ($_POST['h']>24) {
$_POST['h'] = 24;
}
$_POST['m'] = (int) $_POST['m'];
if ($_POST['m']<0) {
$_POST['m'] = 0;
}
if ($_POST['m']>60) {
$_POST['m'] = 60;
}
$_POST['s'] = (int) $_POST['s'];
if ($_POST['s']<0) {
$_POST['s'] = 0;
}
if ($_POST['s']>60) {
$_POST['s'] = 60;
}
$time = ($_POST['d'] * 86400)+($_POST['h']*3600)+($_POST['m']*60)+$_POST['s'];
if ($time==0) {
echo '
<div class="list1">
<b style="color:red;">Вы не ввели срок..</b>
</div>
';
}
else {
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `ban` WHERE (`us`='" . $u['id'] . "') AND (`time`>'" . time () . "')")!=0) {
echo '
<div class="list1">
<b style="color:red;">' . uNick ($u['id']) . ' уже в бане!</b>
</div>
';
}
else {
DB :: $dbs -> query ("INSERT INTO `nar` (`us`,`kem`,`text`,`type`,`time`) VALUES ('" . $u['id'] . "','" . $us['id'] . "',?,'3','" . time () . "')", array ($_POST['text']));
DB :: $dbs -> query ("INSERT INTO `ban` (`us`,`kem`,`text`,`end`,`time`) VALUES ('" . $u['id'] . "','" . $us['id'] . "',?,'" . (time () + $time) . "','" . time () ."')", array ($_POST['text']));
echo '
<div class="list1">
' . uNick ($u['id']) . ' забанен!
</div>
';
header('refresh:1; url=/adm/ban.php');
}
}
}
}
}
F ();
?>