4 global $db,$error,$node;
5 $node_id=$node['node_id'];
7 if ($node['node_permission']!=('owner' || 'master' || 'op')) {
8 $error=$error_messages['EVENT_PERMISSION_ERROR'];
11 $bans=explode(";",$_POST['bans']); // XXX sqli?
13 $db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'");
14 foreach ($bans as $ban) {
15 $set=$db->query("select user_id from users where login='$ban'");
17 if ($set->getString('user_id')) {
18 $q="update node_access set node_permission='ban' where node_id=$node_id and user_id='".$set->getString('user_id')."'";
20 $changed=$db->update($q);
22 $q="insert into node_access set node_permission='ban',node_id=$node_id,user_id=".$set->getString('user_id');
25 logger::log('add ban',$node_id,'ok',$ban);
27 else { $error .= "$ban does not exist..."; }