= UC_ADMINISTRATOR) )
{
$first = trim($_POST["first"]);
$last = trim($_POST["last"]);
$comment = trim($_POST["comment"]);
$hostname = mysql_escape_string( htmlspecialchars( trim($_POST["hostname"]) ) );
if (!$first || !$last || !$comment || !$hostname)
stderr( _("Error"), "Missing form data.");
$first = ip2long($first);
$last = ip2long($last);
if ($first == -1 || $last == -1)
stderr( _("Error"), _("Bad IP address.") );
$comment = mysql_escape_string( htmlspecialchars($comment) );
$insert_ban_sql = sprintf("INSERT INTO bans (added, addedby, first, last, comment, hostname) VALUES (%s, %u, %u, %u, '%s', '%s')", 'NOW()', $CURUSER['id'], $first, $last, $comment, $hostname);
do_mysql_query($insert_ban_sql) or sqlerr(__FILE__,__LINE__);
header("Location: ".$BASEURL.$_SERVER['REQUEST_URI']);
die;
}
ob_start("ob_gzhandler");
$res = do_mysql_query("SELECT * FROM bans ORDER BY added DESC") or sqlerr();
stdhead( _("Bans") );
print(""._('Current Bans')."
");
if (@mysql_num_rows($res) == 0)
print(""._('Nothing found')."
");
else
{
print("\n");
print("| Added | "._('First IP')." | "._('Last IP')." | "._('Hostname')." | ".
""._('By')." | "._('Comment')." | "._('Remove')." |
");
while ($arr = mysql_fetch_assoc($res))
{
$r2 = do_mysql_query("SELECT username FROM users WHERE id=".$arr['addedby']) or sqlerr();
$a2 = mysql_fetch_assoc($r2);
$arr["first"] = long2ip($arr["first"]);
$arr["last"] = long2ip($arr["last"]);
print("| $arr[added] | $arr[first] | $arr[last] | $arr[hostname] | $a2[username]".
" | $arr[comment] | Remove |
\n");
}
print("
\n");
}
if ( (get_user_class() >= UC_ADMINISTRATOR ) )
{
print(""._('Add ban')."
");
print("\n");
}
stdfoot();
?>