51ff3226 |
1 | <?php |
2 | |
3 | function banlist() { |
fd15ea3a |
4 | global $db,$error,$node; |
51ff3226 |
5 | $node_id=$node['node_id']; |
6 | |
7 | if ($node['node_permission']!=('owner' || 'master' || 'op')) { |
8 | $error=$error_messages['EVENT_PERMISSION_ERROR']; |
9 | return false; |
10 | } |
4cea789e |
11 | $bans = explode(";",$_POST['bans']); // XXX sqli? |
12 | $bans = array_map('mysql_real_escape_string', $bans); |
51ff3226 |
13 | |
14 | $db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='ban'"); |
15 | foreach ($bans as $ban) { |
16 | $set=$db->query("select user_id from users where login='$ban'"); |
17 | $set->next(); |
18 | if ($set->getString('user_id')) { |
19 | $q="update node_access set node_permission='ban' where node_id=$node_id and user_id='".$set->getString('user_id')."'"; |
20 | echo $q; |
21 | $changed=$db->update($q); |
22 | if (!$changed) { |
23 | $q="insert into node_access set node_permission='ban',node_id=$node_id,user_id=".$set->getString('user_id'); |
24 | $db->query($q); |
25 | } |
fd15ea3a |
26 | logger::log('add ban',$node_id,'ok',$ban); |
51ff3226 |
27 | } |
28 | else { $error .= "$ban does not exist..."; } |
29 | } |
30 | } |
31 | ?> |