4
I hate to necro a thread like this, but I wanted to just put forward some basic stuff on banning users. I have been insanely busy with stuff at Gaia Online (phpbb never was my favorite) and haven't had time to close out this issue. Here is a VERY QUICK script I wrote to perform a "ban"
Requisites:
a group for "banned" users Mine happened to be group 11
a working XOOPS install is very nice
Todo (maybe) change the AUTH to an actual XOOPS Auth. :(
$AUTH_USER = "xoopsadmin";
$AUTH_PASS = "somepassword";
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Kaizoku Fansubs Tools"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must enter a valid username and password to access this tool.';
exit;
} else {
if(md5($_SERVER['PHP_AUTH_USER']) != md5($AUTH_USER) || md5($_SERVER['PHP_AUTH_PW']) != md5($AUTH_PASS)) {
header('WWW-Authenticate: Basic realm="Kaizoku Fansubs Tools"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must enter a valid username and password to access this tool.';
exit;
}
}
// CONFIG
// REG GROUP
define("GROUP_REGISTERED_USERS", 2);
// BAN GROUP
define("GROUP_BANNED_USERS", 11);
// okay they are in, let's check some stuff
if(isset($_POST['action']) && $_POST['action'] == "ban") {
$action = "ban";
} else if(isset($_POST['action']) && $_POST['action'] == "unban") {
$action = "unban";
} else {
$action = "list";
}
if(isset($_POST['who']) && $_POST['who'] != "") {
$who = addslashes(stripslashes(trim($_POST['who'])));
} else {
if($action == "ban" || $action == "unban") {
echo "Did not supply valid username";
exit;
}
}
// echo "HOST is ".XOOPS_DB_HOST." AND USER IS ".XOOPS_DB_USER." AND PASS IS ";XOOPS_DB_PASS;exit;
$xoopsOption['nocommon'] = true;
include("mainfile.php");
$system_message = "";
// okay, we have our data
switch($action) {
case "ban":
case "unban":
// get username from the db, open connection
$link = mysql_connect(XOOPS_DB_HOST, XOOPS_DB_USER, XOOPS_DB_PASS);
if (!$link) {
echo 'Could not connect: ' . mysql_error();
exit;
}
$db_selected = mysql_select_db(XOOPS_DB_NAME, $link);
if (!$db_selected) {
echo 'Can't use '.XOOPS_DB_NAME.' : ' . mysql_error();
exit;
}
$sql = "SELECT uid, uname FROM ".XOOPS_DB_PREFIX."_users WHERE uname = '$who' LIMIT 1";
$result = mysql_query($sql);
if (!$result) {
echo 'Invalid query: ' . mysql_error() . " SQL: $sql";
exit;
}
$user_id = -1;
while ($row = mysql_fetch_assoc($result)) {
$user_id = $row['uid'];
}
if($user_id <= 0) {
echo "Invalid username specified.";
exit;
}
// woo, we have a user ID. If banning, remove from REG Group, insert into ban
// if unbanning, remove from ban group, insert into reg group
if($action == "ban") {
$remove_from = GROUP_REGISTERED_USERS;
$add_to = GROUP_BANNED_USERS;
$real_do = "banned";
} else {
$remove_from = GROUP_REGISTERED_USERS;
$add_to = GROUP_BANNED_USERS;
$real_do = "unbanned";
}
$sql_delete = "DELETE FROM ".XOOPS_DB_PREFIX."_groups_users_link WHERE uid = $user_id AND groupid = $remove_from LIMIT 1";
$sql_add = "INSERT INTO ".XOOPS_DB_PREFIX."_groups_users_link ('groupid','uid') VALUES ($add_to, $user_id)";
$result = mysql_query($sql_delete);
if (!$result) {
echo 'Could not delete from group: ' . mysql_error() . " SQL: $sql_delete";
exit;
}
$result = mysql_query($sql_add);
if (!$result) {
// they might be added
$sql = "SELECT * FROM ".XOOPS_DB_PREFIX."_groups_users_link WHERE uid = $user_id AND groupid = $add_to LIMIT 1";
$result = mysql_query($sql);
if (!$result) {
echo 'Could not query user table' . mysql_error() . " SQL: $sql_delete";
}
$user_id_check = -1;
while ($row = mysql_fetch_assoc($result)) {
$user_id_check = $row['uid'];
}
if($user_id_check <= 0) {
echo 'Could not add to group: ' . mysql_error() . " SQL: $sql_delete";
exit;
}
// no exit. user was already in group
}
// close that connection cowboy!
mysql_close($link);
$system_message = "The username $who (ID: $user_id) has been $real_do from the site.";
case "list":
default:
echo "$system_message";
echo "";
echo "";
echo "Ban User";
echo "Unban User";
echo "";
echo "";
}
?>
I don't think I've ever written something so sloppy in my life. :) Anywho, this may be rather helpful to anyone who has before had to "remove person from group A and ban them by adding them to group B".
Cheers all!
~Overworked Jakobo
