<?require "include/bittorrent.php";loggedinorreturn();function puke($text = "w00t"){stderr("w00t", $text);}if (get_user_class() < UC_MODERATOR)puke();$action = $_POST["action"];if ($action == "confirmuser"){$userid = $_POST["userid"];$confirm = $_POST["confirm"];mysql_query('UPDATE `users` SET `status` = ''.$confirm.'', `info` = NULL WHERE `id` = '.$userid.' LIMIT 1;') or sqlerr(__FILE__, __LINE__);$res = mysql_query("SELECT username FROM users WHERE id=$userid") or sqlerr(__FILE__, __LINE__);$row = mysql_fetch_array($res);header("Location: $BASEURL/uncon.php");die;}if ($action == "edituser"){$userid = $_POST["userid"];$title = $_POST["title"];$avatar = $_POST["avatar"];$support = $_POST["support"];$supportfor = $_POST["supportfor"];$enabled = $_POST["enabled"];$warned = $_POST["warned"];$warnlength = 0 + $_POST["warnlength"];$warnpm = $_POST["warnpm"];$donated = $_POST["donated"];$modcomment = $_POST["modcomment"];$class = 0 + $_POST["class"];if (!is_valid_id($userid) || !is_valid_user_class($class))stderr("Error", "Bad user ID or class ID.");// check target user class$res = mysql_query("SELECT * FROM users WHERE id=$userid") or sqlerr(__FILE__, __LINE__);$arr = mysql_fetch_assoc($res) or puke();$curenabled = $arr["enabled"];$curclass = $arr["class"];$curwarned = $arr["warned"];// User may not edit someone with same or higher class than himself!if ($curclass >= get_user_class())puke();if ($curclass != $class){// Notify user$what = ($class > $curclass ? "promoted" : "demoted");$msg = sqlesc("You have been $what to '" . get_user_class_name($class) . "' by $CURUSER[username].");$added = sqlesc(get_date_time());mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);$updateset[] = "class = $class";$what = ($class > $curclass ? "Promoted" : "Demoted");$modcomment = gmdate("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by $CURUSER[username]. ". $modcomment;}// some Helshad fun$fun = ($CURUSER['id'] == 277) ? " Tremble in fear, mortal." : "";if ($warned && $curwarned != $warned){$updateset[] = "warned = " . sqlesc($warned);$updateset[] = "warneduntil = '0000-00-00 00:00:00'";if ($warned == 'no'){$modcomment = gmdate("Y-m-d") . " - Warning removed by " . $CURUSER['username'] . ". ". $modcomment;$msg = sqlesc("Your warning has been removed by " . $CURUSER['username'] . ".");}$added = sqlesc(get_date_time());mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);}elseif ($warnlength){if ($warnlength == 255){$modcomment = gmdate("Y-m-d") . " - Warned by " . $CURUSER['username'] . ". Reason: $warnpm " . $modcomment;$msg = sqlesc("You have received a warning from $CURUSER[username].$fun" . ($warnpm ? " Reason: $warnpm" : ""));$updateset[] = "warneduntil = '0000-00-00 00:00:00'";}else{$warneduntil = get_date_time(gmtime() + $warnlength * 604800);$dur = $warnlength . " week" . ($warnlength > 1 ? "s" : "");$msg = sqlesc("You have received a $dur warning from " . $CURUSER['username'] . ".$fun" . ($warnpm ? " Reason: $warnpm" : ""));$modcomment = gmdate("Y-m-d") . " - Warned for $dur by " . $CURUSER['username'] . ". Reason: $warnpm " . $modcomment;$updateset[] = "warneduntil = '$warneduntil'";}$added = sqlesc(get_date_time());mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);$updateset[] = "warned = 'yes'";}if ($enabled != $curenabled){if ($enabled == 'yes')$modcomment = gmdate("Y-m-d") . " - Enabled by " . $CURUSER['username'] . ". " . $modcomment;else$modcomment = gmdate("Y-m-d") . " - Disabled by " . $CURUSER['username'] . ". " . $modcomment;}// Reset Passkeyif ((isset($_POST['resetkey'])) && ($_POST['resetkey'])){$newpasskey = md5($arr['username'].get_date_time().$arr['passhash']);$modcomment = gmdate("Y-m-d") . " - Passkey ".$arr['passkey']." Reset to ".$newpasskey." by " . $CURUSER['username'] . ". " . $modcomment;$updateset[] = "passkey=".sqlesc($newpasskey);}//VIP status$viptime = vipstatus($donated);if ($donor && $curdonor != $donor){$updateset[] = "donor = " . sqlesc($donor);$updateset[] = "viptime = '0000-00-00 00:00:00'";if ($donor == 'no'){$modcomment = gmdate("Y-m-d") . " - Ranga VIP została zdjęta przez " . $CURUSER['username'] . ". ". $modcomment;$msg = sqlesc("Ranga VIP została zdjęta przez " . $CURUSER['username'] . ".");$updateset[] = "class = ". UC_USER;}$added = sqlesc(get_date_time(gmtime()));//mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);}elseif ($viptime){if ($viptime == 255){$modcomment = gmdate("Y-m-d") . " - VIP nadany przez " . $CURUSER['username'] . ". " . $modcomment;$msg = sqlesc("Właśnie otrzymałeś dożywotnia rangę VIP od $CURUSER[username]. Dziękujemy za wpłatę Pozdrawiamy Załoga $SITENAME");$updateset[] = "viptime = '0000-00-00 00:00:00'";$updateset[] = "class = ". UC_VIP;}else{$vipuntil = get_date_time(gmtime() + $viptime*86400);$dur = $viptime . " dni" . ($viptime > 1 ? "" : "");$msg = sqlesc("Właśnie otrzymałeś promocje do rangi VIP na $dur od " . $CURUSER['username']." Dziękujemy za wpłatę Pozdrawiamy Załoga $SITENAME");$modcomment = gmdate("Y-m-d") . " - VIP na $dur od " . $CURUSER['username'] . ". " . $modcomment;$updateset[] = "viptime = '$vipuntil'";}$added = sqlesc(get_date_time());mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);$updateset[] = "donor = 'yes'";$updateset[] = "class = ". UC_VIP;}$updateset[] = "enabled = " . sqlesc($enabled);$updateset[] = "donated = " . sqlesc($donated);$updateset[] = "avatar = " . sqlesc($avatar);$updateset[] = "supportfor = " . sqlesc($supportfor);$updateset[] = "support = " . sqlesc($support);$updateset[] = "title = " . sqlesc($title);$updateset[] = "modcomment = " . sqlesc($modcomment);mysql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE id=$userid") or sqlerr(__FILE__, __LINE__);$returnto = htmlentities($_POST["returnto"]);header("Location: $BASEURL/$returnto");die;}puke();
