Файл: app/admin/user/block.php
Строк: 61
<?php
Core::only('level', 1);
if (filter_has_var(INPUT_GET, 'id'))
{
$filter = [
'id' => filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT)
];
$profile = $db->query("SELECT * FROM `users` WHERE `id` = '".$filter['id']."' LIMIT 1")->fetch();
}
if (empty($profile) || $user['level'] < $profile['level'])
{
Core::go("/");
}
$smarty->header('Блокировка');
if (filter_has_var(INPUT_POST, 'submit'))
{
$filter = [
'time_ban' => filter_has_var(INPUT_POST, 'time_ban')
? filter_input(INPUT_POST, 'time_ban', FILTER_SANITIZE_NUMBER_INT)
: null,
'text' => filter_has_var(INPUT_POST, 'text')
? filter_input(INPUT_POST, 'text', FILTER_UNSAFE_RAW)
: null,
];
$time_ban = time();
if ($_POST['time'] == 'minute')
$time_ban += $filter['time_ban'] * 60;
if ($_POST['time'] == 'hour')
$time_ban += $filter['time_ban'] * 60 * 60;
if ($_POST['time'] == 'day')
$time_ban += $filter['time_ban'] * 60 * 60 * 24;
if ($_POST['time'] == 'mouth')
$time_ban += $filter['time_ban'] * 60 * 60 * 24 * 30;
if (Filter::strlen($filter['text']) < 2 || Filter::strlen($filter['text']) > 5000)
{
$error = 'Неверный формат причины.';
}
elseif ($db->query("SELECT `id` FROM `users_block` WHERE `text` = '" . $filter['text'] . "' AND `id_user` = '" . $user['id'] . "' AND `id_profile` = '" . $profile['id'] . "' AND `time` > '" . (time() - 600) . "'")->rowCount() != 0)
{
$error = 'Блокировка уже существует.';
}
else
{
$stmt = $db->prepare('INSERT INTO `users_block` (`id_user`, `id_profile`, `time`, `time_ban`, `text`) VALUES (:id_user, :id_profile, :time, :time_ban, :text)');
$stmt->execute([
':id_user' => $user['id'],
':id_profile' => $profile['id'],
':time' => time(),
':time_ban' => $time_ban,
':text' => $filter['text']
]);
}
}
$elements[] = [
'type' => 'input',
'title' => Lang::word('Время'),
'info' => [
'name' => 'time_ban',
'size' => 3
]
];
$elements[]= [
'type' => 'select',
'br' => 1,
'info' => [
'name' => 'time',
'options' => [
[
'minute',
Lang::word('Минут'),
],
[ 'hour',
Lang::word('Часов'),
],
[ 'day',
Lang::word('Дней'),
],
[ 'mouth',
Lang::word('Месяцев'),
]
]
]
];
$elements[] = [
'type' => 'textarea',
'title' => Lang::word('Причина'),
'br' => 1,
'info' => [
'name' => 'text',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Заблокировать')
]
];
$all = $db->query("SELECT `id` FROM `users_block` WHERE `id_profile` = '" . $profile['id'] . "'")->rowCount();
$pages = new Pages($all, $config['pages']);
$query = $db->query("SELECT * FROM `users_block` WHERE `id_profile` = '" . $profile['id'] . "' ORDER BY `id` DESC LIMIT " . $start . ", " . $config['pages']);
while ($list = $query->fetch())
{
$posts[] = [
'image' => User::photo($list['id_user']),
'title' => User::login($list['id_user']) . ' ' . Lang::word('до') . ' ' . Core::time($list['time_ban']),
'post' => Filter::output($list['text']),
'time' => Core::time($list['time'])
];
}
if ($all == 0)
$posts[] = [
'title' => Lang::word('Нет блокировок.')
];
$smarty->assign([
'method' => 'POST',
'action' => '?id=' . $profile['id'],
'el' => $elements,
'post' => $posts
]);
$smarty->display('form.tpl');
$smarty->display('posts.tpl');
$smarty->footer();