php-phpbb/phpBB/adm/admin_disallow.php

<?php
/** 
*
* @package acp
* @version $Id$
* @copyright (c) 2005 phpBB Group 
* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
*
*/

/**
*/
if (!empty($setmodules))
{
	if (!$auth->acl_get('a_names'))
	{
		return;
	}

	$module['USER']['DISALLOW'] = basename(__FILE__) . $SID;

	return;
}

define('IN_PHPBB', 1);
// Include files
$phpbb_root_path = '../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/functions_user.'.$phpEx);

// Check permissions
if (!$auth->acl_get('a_names'))
{
	trigger_error($user->lang['NO_ADMIN']);
}

if (isset($_POST['disallow']))
{
	$disallowed_user = (isset($_REQUEST['disallowed_user'])) ? htmlspecialchars($_REQUEST['disallowed_user']) : '';
	$disallowed_user = str_replace('*', '%', $disallowed_user);

	if (validate_username($disallowed_user))
	{
		$message = $user->lang['Disallowed_already'];
	}
	else
	{
		$sql = 'INSERT INTO ' . DISALLOW_TABLE . " (disallow_username)
			VALUES('" . $db->sql_escape(stripslashes($disallowed_user)) . "')";
		$result = $db->sql_query($sql);

		$message = $user->lang['Disallow_successful'];
	}

	add_log('admin', 'log_disallow_add', str_replace('%', '*', $disallowed_user));

	trigger_error($message);
}
else if (isset($_POST['allow']))
{
	$disallowed_id = (isset($_REQUEST['disallowed_id'])) ? intval($_REQUEST['disallowed_id']) : '';

	if (empty($disallowed_id))
	{
		trigger_error($user->lang['No_user_selected']);
	}

	$sql = 'DELETE FROM ' . DISALLOW_TABLE . "
		WHERE disallow_id = $disallowed_id";
	$db->sql_query($sql);

	add_log('admin', 'log_disallow_delete');

	trigger_error($user->lang['Disallowed_deleted']);
}

// Grab the current list of disallowed usernames...
$sql = 'SELECT *
	FROM ' . DISALLOW_TABLE;
$result = $db->sql_query($sql);

$disallow_select = '';
if ($row = $db->sql_fetchrow($result))
{
	do
	{
		$disallow_select .= '<option value="' . $row['disallow_id'] . '">' . str_replace('%', '*', $row['disallow_username']) . '</option>';
	}
	while ($row = $db->sql_fetchrow($result));
}

// Output page
adm_page_header($user->lang['DISALLOW']);

?>

<h1><?php echo $user->lang['DISALLOW']; ?></h1>

<p><?php echo $user->lang['Disallow_explain']; ?></p>

<form method="post" action="<?php echo "admin_disallow.$phpEx$SID"; ?>"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
	<tr>
		<th colspan="2"><?php echo $user->lang['Add_disallow_title']; ?></th>
	</tr>
	<tr>
		<td class="row1"><?php echo $user->lang['USERNAME']; ?><br /><span class="gensmall"><?php echo $user->lang['Add_disallow_explain']; ?></span></td>
		<td class="row2"><input class="post" type="text" name="disallowed_user" size="30" />&nbsp;</td>
	</tr>
	<tr>
		<td class="cat" colspan="2" align="center"><input class="btnmain" type="submit" name="disallow" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;&nbsp;<input class="btnlite" type="reset" value="<?php echo $user->lang['RESET']; ?>" />
	</tr>
</table>

<h1><?php echo $user->lang['Delete_disallow_title']; ?></h1>

<p><?php echo $user->lang['Delete_disallow_explain']; ?></p>

<table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0" align="center">
	<tr>
		<th colspan="2"><?php echo $user->lang['Delete_disallow_title']; ?></th>
	</tr>
<?php

	if ($disallow_select != '')
	{

?>
	<tr>
		<td class="row1"><?php echo $user->lang['USERNAME']; ?></td>
		<td class="row2"><select class="post" name="disallowed_id"><?php echo $disallow_select; ?></select></td>
	</tr>
	<tr>
		<td class="cat" colspan="2" align="center"><input class="btnmain" type="submit" name="allow" value="<?php echo $user->lang['SUBMIT']; ?>" />&nbsp;&nbsp;<input class="btnlite" type="reset" value="<?php echo $user->lang['RESET']; ?>" />
	</tr>
<?php

	}
	else
	{

?>
	<tr>
		<td class="row1" colspan="2" align="center"><?php echo $user->lang['No_disallowed']; ?></td>
	</tr>
<?php

	}

?>
</table></form>

<?php

adm_page_footer();

?>