Issues (393)

web/public/d/admin.php (1 issue)

1
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/config.inc.php"); ?>
2
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/db_helper.php"); ?>
3
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/time_manip.php"); ?>
4
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/user_helper.php"); ?>
5
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/video_helper.php"); ?>
6
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/video_updater.php"); ?>
7
<?php require_once($_SERVER['DOCUMENT_ROOT'] . "/s/classes/user_update.php"); ?><?php $__video_h = new video_helper($__db); ?>
8
<?php $__video_u = new video_updater($__db); ?>
9
<?php $__user_h = new user_helper($__db); ?>
10
<?php $__user_u = new user_update($__db); ?>
11
<?php $__db_h = new db_helper(); ?>
12
<?php $__time_h = new time_helper(); ?>
13
<?php
14
    if(!isset($_SESSION['siteusername'])) { die(); }
15
    if(!$__user_h->if_admin($_SESSION['siteusername'])) { die(); }
16
17
    $request = (object) [
18
        "action" => $_GET['action'],
19
        "users"  => $_POST['users'],
20
        "reason" => $_POST['ban_reason'],
21
        "videos" => $_POST['videos'],
22
        "from"   => $_SESSION['siteusername'],
23
24
        "error" => (object) [
25
            "message" => "",
26
            "status" => "OK"
27
        ]
28
    ]; 
29
30
    $request->users  = explode(",", $request->users);
31
    $request->videos = explode(",", $request->videos);
32
    $request->tables = array(
33
        "users"            => "username",
34
        "videos"           => "author",
35
        "channel_views"    => "viewer",
36
        "comments"         => "author",
37
        "comment_likes"    => "sender",
38
        "comment_reply"    => "author",
39
        "favorite_video"   => "sender",
40
        "friends"          => "sender",
41
        "likes"            => "sender",
42
        "playlists"        => "author",
43
        "pms"              => "owner",
44
        "profile_comments" => "author",
45
        "quicklist_videos" => "author",
46
        "reports"          => "sender",
47
        "subscribers"      => "sender",
48
        "views"            => "viewer",
49
    );
50
    $request->tables_increment = 0;
51
52
    if($request->action == "ban_users") {        
53
        foreach($request->users as $username) {
54
            $stmt = $__db->prepare("DELETE FROM users WHERE username=:username");
55
            $stmt->execute(array(
56
                ':username' => $username,
57
            ));
58
            
59
            $stmt = $__db->prepare("DELETE FROM videos WHERE author=:username");
60
            $stmt->execute(array(
61
                ':username' => $username,
62
            ));
63
64
            $stmt = $__db->prepare("DELETE FROM channel_views WHERE viewer=:username");
65
            $stmt->execute(array(
66
                ':username' => $username,
67
            ));
68
69
            $stmt = $__db->prepare("DELETE FROM comments WHERE author=:username");
70
            $stmt->execute(array(
71
                ':username' => $username,
72
            ));
73
74
            $stmt = $__db->prepare("DELETE FROM comment_likes WHERE sender=:username");
75
            $stmt->execute(array(
76
                ':username' => $username,
77
            ));
78
79
            $stmt = $__db->prepare("DELETE FROM comment_reply WHERE author=:username");
80
            $stmt->execute(array(
81
                ':username' => $username,
82
            ));
83
84
            $stmt = $__db->prepare("DELETE FROM favorite_video WHERE sender=:username");
85
            $stmt->execute(array(
86
                ':username' => $username,
87
            ));
88
89
            $stmt = $__db->prepare("DELETE FROM friends WHERE sender=:username");
90
            $stmt->execute(array(
91
                ':username' => $username,
92
            ));
93
94
            $stmt = $__db->prepare("DELETE FROM likes WHERE sender=:username");
95
            $stmt->execute(array(
96
                ':username' => $username,
97
            ));
98
99
            $stmt = $__db->prepare("DELETE FROM playlists WHERE author=:username");
100
            $stmt->execute(array(
101
                ':username' => $username,
102
            ));
103
104
            $stmt = $__db->prepare("DELETE FROM pms WHERE owner=:username");
105
            $stmt->execute(array(
106
                ':username' => $username,
107
            ));
108
109
            $stmt = $__db->prepare("DELETE FROM profile_comments WHERE author=:username");
110
            $stmt->execute(array(
111
                ':username' => $username,
112
            ));
113
114
            $stmt = $__db->prepare("DELETE FROM quicklist_videos WHERE author=:username");
115
            $stmt->execute(array(
116
                ':username' => $username,
117
            ));
118
            
119
            $stmt = $__db->prepare("DELETE FROM reports WHERE sender=:username");
120
            $stmt->execute(array(
121
                ':username' => $username,
122
            ));
123
124
            $stmt = $__db->prepare("DELETE FROM subscribers WHERE sender=:username");
125
            $stmt->execute(array(
126
                ':username' => $username,
127
            ));
128
129
            $stmt = $__db->prepare("DELETE FROM views WHERE viewer=:username");
130
            $stmt->execute(array(
131
                ':username' => $username,
132
            ));
133
134
            header("Location: /admin/bans");
135
        }
136
    } else if($request->action == "delete_videos") {
137
        foreach($request->videos as $video) {
138
            $stmt = $__db->prepare("DELETE FROM videos WHERE rid=:video");
139
            $stmt->execute(array(
140
                ':video' => $video,
141
            ));
142
143
            header("Location: /admin/bans");
144
        }
145
    } else if($request->action == "actually_just_ban") {
146
        $stmt = $__db->prepare("INSERT INTO bans (username, reason, expire, moderator) VALUES (:username, :reason, now(), :moderator)");
147
        $stmt->execute(array(
148
            ':username'  => $_POST['users'],
149
            ':moderator' => $_SESSION['siteusername'],
150
            ':reason'    => $request->reason,
151
        ));
152
153
        header("Location: /admin/bans");
154
    } else if($request->action == "actually_just_ban_ip") {
155
        $_user = $__user_h->fetch_user_username($_POST['users']);
156
157
        $stmt = $__db->prepare("INSERT INTO bans (username, reason, expire, moderator) VALUES (:username, :reason, now(), :moderator)");
158
        $stmt->execute(array(
159
            ':username'  => $_user['ip'],
160
            ':moderator' => $_SESSION['siteusername'],
161
            ':reason'    => "",
162
        ));
163
        
164
        header("Location: /admin/bans");
165
    }
166
167
    //echo json_encode($request, JSON_PRETTY_PRINT);
168
?>
0 ignored issues
show
It is not recommended to use PHP's closing tag ?> in files other than templates.

Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore.

A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever.

Loading history...