Major cleanup for login/account/users pages

A lot of general code / user experience cleanup. Admin->Ban account for period of time. Admin->Add ban IP option. Admin->Account list page -> clean up active (aka suspend) / banned status. Admin->Created Ban List page showing all current account and IP bans in the database.
paintballrefjosh · Jan 28, 2017 · 3169067 · 3169067
1 parent eae077a
commit 3169067
Show file tree

Hide file tree

Showing 13 changed files with 251 additions and 152 deletions.
diff --git a/core/SDL/class.account.php b/core/SDL/class.account.php
@@ -670,10 +670,14 @@ function delete_key($key)
 // POST account id, reason, and banned by.
 // @$banip: 1 = yes, ban the IP as well, 0 = Dont ban IP
 
-	function banAccount($bannid, $banreason, $bannedby, $banip = 0)
+	function banAccount($bannid, $banreason, $banduration, $bannedby, $banip = 0)
 	{
-		$timez = time();
-		$unban = $timez - 10;
+		$starttime = time();
+		if($banduration > 0)
+			$endtime = $starttime + $banduration;
+		else
+			$endtime = 0;
+
 		$this->DB->query("INSERT INTO `account_banned`(
 			`id`, 
 			`bandate`, 
@@ -683,8 +687,8 @@ function banAccount($bannid, $banreason, $bannedby, $banip = 0)
 			`active`) 
 		   VALUES(
 			'".$bannid."', 
-			'".$timez."', 
-			'". $unban ."',
+			'".$starttime."', 
+			'".$endtime."',
 			'".$bannedby."',
 			'".$banreason."',
 			'1')
@@ -702,14 +706,14 @@ function banAccount($bannid, $banreason, $bannedby, $banip = 0)
 				`banreason`) 
 			   VALUES(
 				'". $getip ."', 
-				'". $timez ."', 
-				'". $unban ."',
+				'". $starttime ."', 
+				'". $endtime ."',
 				'". $bannedby ."', 
 				'". $banreason. "')
 			");
 		}
 
-		$this->DB->query("UPDATE `mw_account_extend` SET `account_level`=5 WHERE account_id='".$bannid."'");
+		//$this->DB->query("UPDATE `mw_account_extend` SET `account_level`=5 WHERE account_id='".$bannid."'");
 		return TRUE;
 	}
 

diff --git a/core/core.php b/core/core.php
@@ -10,8 +10,8 @@
 
 class Core
 {
-	var $version = '4.0.0';
-	var $version_date = '2017-01-20, 22:50';
+	var $version = '4.0.3';
+	var $version_date = '2017-01-28, 00:15';
 	var $exp_dbversion = '1.0a';
 
 	function __construct()

diff --git a/inc/account/account.manage.php b/inc/account/account.manage.php
@@ -42,7 +42,11 @@
 
 function changeEmail()
 {
-	global $lang, $user, $Account, $DB;
+	global $lang, $user, $Account, $DB, $Config;
+
+	if(!$Config->get('allow_user_emailchange'))
+		return TRUE;
+
 	$newemail = trim($_POST['email']);
 
 	// First we check if the email is valid
@@ -86,7 +90,7 @@ function changePass()
 	{
 		if($Account->setPassword($user['id'], $newpass) == TRUE)
 		{
-			output_message('success', $lang['change_pass_success']);
+			output_message('success', $lang['change_pass_success'].'</b><meta http-equiv=refresh content="4;url=?p=account&sub=manage">');
 		}
 		else
 		{

diff --git a/inc/admin/body_header.php b/inc/admin/body_header.php
@@ -9,11 +9,6 @@
 /****************************************************************************/
 
 // Block out all users who arent admins
-if($user['account_level'] == 5) 
-{
-	echo "You Are Banned";
-	die();
-}
 if($user['account_level'] <= 2) 
 {
 	redirect('index.php',1);

diff --git a/inc/admin/script_files/admin.users.php b/inc/admin/script_files/admin.users.php
@@ -65,7 +65,7 @@ function changePass()
 	{
 		if($Account->setPassword($_GET['id'], $newpass) == TRUE)
 		{
-			output_message('success','<b>Password set successfully! Please wait while your redirected...</b>
+			output_message('success','<b>Password set successfully! Please wait while you are redirected...</b>
 			<meta http-equiv=refresh content="3;url=?p=admin&sub=users&id='.$_GET['id'].'">');
 		}
 		else
@@ -136,7 +136,7 @@ function editUser()
 			`total_donations`='".$_POST['total_donations']."'
 		  WHERE `account_id`='".$_GET['id']."'
 		");
-		output_message('success','User Updated Successfully! Please wait while your redirected...
+		output_message('success','User Updated Successfully! Please wait while you are redirected...
 			<meta http-equiv=refresh content="3;url=?p=admin&sub=users&id='.$_GET['id'].'">');
 	}
 }
@@ -148,7 +148,7 @@ function unBan($unbanid)
 	if($Account->unbanAccount($unbanid) == TRUE)
 	{
 		output_message('success','Success. Account #'.$unbanid.' Successfully Un-Banned!
-			Please wait while your redirected... <meta http-equiv=refresh content="3;url=?p=admin&sub=users&id='.$_GET['id'].'"');
+			Please wait while you are redirected... <meta http-equiv=refresh content="3;url=?p=admin&sub=users&id='.$_GET['id'].'"');
 	}	
 }
 
@@ -163,14 +163,14 @@ function deleteUser($did)
 }
 
 // Ban user
-function banUser($bannid, $banreason) 
+function banUser($bannid, $banreason, $banduration, $banip) 
 {
 	global $DB, $user, $Account;
 	if(!$banreason) 
 	{
 		$banreason = "Not Specified";
 	}
-	if($Account->banAccount($bannid, $banreason, $user['username']) == TRUE)
+	if($Account->banAccount($bannid, $banreason, $banduration, $user['username'], $banip) == TRUE)
 	{
 		output_message('success','Success. Account #'.$bannid.' Successfully banned. Reason: '.$banreason.'');
 	}
@@ -182,37 +182,53 @@ function showBanForm($banid)
 {
 	global $DB;
 	$unme = $DB->selectCell("SELECT username FROM account WHERE id='".$banid."'");
-	echo "
-		<div class=\"content\">	
-			<div class=\"content-header\">
-				<h4><a href=\"?p=admin\">Main Menu</a> / <a href=\"?p=admin&sub=users\">Manage Users</a> / ".$unme." / Ban</h4>
+	?>
+		<div class="content">	
+			<div class="content-header">
+				<h4><a href="?p=admin">Main Menu</a> / <a href="?p=admin&sub=users">Manage Users</a> / <a href="?p=admin&sub=users&id=<?= $_GET['id'];?>"><?= $unme;?></a> / Ban</h4>
 			</div> <!-- .content-header -->				
-			<div class=\"main-content\">
-	";
-	if(isset($_POST['ban_user'])) 
+		<div class=\"main-content\">
+	<?php
+	if(isset($_POST['ban_reason'])) 
 	{
-		banUser($_POST['ban_user'],$_POST['ban_reason']);
+		banUser($_GET['id'], $_POST['ban_reason'], $_POST['ban_duration'], isset($_POST['ban_ip']));
 	}
-	echo "
-		<form method=\"POST\" action=\"?p=admin&sub=users&id=".$banid."&action=ban\" name=\"adminform\" class=\"form label-inline\">
-			<input type='hidden' name='ban_user'  value='".$banid."' />
+	?>
+		<form method="POST" name="adminform" class="form label-inline">
 			<table>
 				<thead>
-					<th><center><b>Ban Account #".$banid." (".$unme.")</b></center></th>
+					<th><center><b>Ban Account #<?= $banid;?> (<?= $unme;?>)</b></center></th>
 				</thead>
 			</table>
 			<br />
 			<div class='field'>
-				<label for='Username'>Ban Reason: </label>
-				<input id='Username' name='ban_reason' size='20' type='text' class='large' />
+				<label for='ban_reason'>Ban Reason: </label>
+				<input id='ban_reason' name='ban_reason' size='20' type='text' class='large' />
 			</div>
-			
-			<div class=\"buttonrow-border\">								
+			<div class='field'>
+				<label for='ban_duration'>Ban Duration: </label>
+				<select id='ban_duration' name='ban_duration' class='large'>
+					<option value="0" selected="selected">Indefinite</option>
+					<option value="3600">1 hour</option>
+					<option value="14400">4 hours</option>
+					<option value="28800">8 hours</option>
+					<option value="86400">1 day</option>
+					<option value="172800">2 days</option>
+					<option value="259200">3 days</option>
+					<option value="345600">4 days</option>
+					<option value="640800">7 days</option>
+				</select>
+			</div>
+			<div class='field'>
+				<label for='ban_ip'>Ban IP Address: </label>
+				<input id='ban_ip' name='ban_ip' type='checkbox' value='1' />
+			</div>
+			<div class="buttonrow-border">								
 				<center><button><span>Ban User</span></button></center>			
 			</div>
 
 		</form>
 	</div>
-	";
+	<?php
 }
 ?>
diff --git a/inc/admin/template_files/admin.banlist.php b/inc/admin/template_files/admin.banlist.php
@@ -14,6 +14,71 @@
 		<h4><a href="?p=admin">Main Menu</a> / Banlist</h4>
 	</div> <!-- .content-header -->				
 	<div class="main-content">
-		<br /><font color="red"><center><b>Under Construction</b><br />Remember, this is just a preview, and not everything is finished yet!</center></font>
+		<table>
+			<thead>
+				<th><center><b>Account Bans</center></b></th>
+			</thead>
+		</table>
+		<table width="95%">
+		<thead>
+			<tr>
+				<th width="15%"><b><center>Username</center></b></th>
+				<th width="20%"><b><center>Ban Date</center></b></th>
+				<th width="15%"><b><center>Banned By</center></b></th>
+				<th width="50%"><b>Ban Reason</b></th>
+			</tr>
+		</thead>
+		<?php
+		$ban_list = $DB->select("SELECT account.id, username, bandate, bannedby, banreason FROM account_banned JOIN account ON account.id = account_banned.id WHERE active='1' ORDER BY bandate DESC");
+		if($ban_list)
+		{
+			foreach($ban_list as $row)
+			{
+		?>
+			<tr class="content">
+				<td align="center"><a href="?p=admin&sub=users&id=<?= $row['id'];?>"><?php echo $row['username']; ?></a></td>
+				<td align="center"><?php echo date("Y-m-d @ G:i", $row['bandate']); ?></td>
+				<td align="center"><?php echo $row['bannedby']; ?></td>
+				<td align="left"><?php echo $row['banreason']; ?></td>
+			</tr>
+		<?php
+			}
+		}
+		?>
+		</table>
+		<br />
+		<br />
+		<table>
+			<thead>
+				<th><center><b>IP Address Bans</center></b></th>
+			</thead>
+		</table>
+		<table width="95%">
+		<thead>
+			<tr>
+				<th width="15%"><b><center>IP Address</center></b></th>
+				<th width="20%"><b><center>Ban Date</center></b></th>
+				<th width="15%"><b><center>Banned By</center></b></th>
+				<th width="50%"><b>Ban Reason</b></th>
+			</tr>
+		</thead>
+		<?php
+		$ban_list = $DB->select("SELECT ip, bandate, bannedby, banreason FROM ip_banned ORDER BY bandate DESC");
+		if($ban_list)
+		{
+			foreach($ban_list as $row)
+			{
+		?>
+			<tr class="content">
+				<td align="center"><?php echo $row['ip']; ?></td>
+				<td align="center"><?php echo date("Y-m-d @ G:i", $row['bandate']); ?></td>
+				<td align="center"><?php echo $row['bannedby']; ?></td>
+				<td align="left"><?php echo $row['banreason']; ?></td>
+			</tr>
+		<?php
+			}
+		}
+		?>
+		</table>
 	</div>
 </div>