X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/062258ffca3e14131ac530492d36ea0b0430602f..c06c1713af2db485d55a91073bbc5b63b6aa8c0b:/server-bans/index.php

diff --git a/server-bans/index.php b/server-bans/index.php
index acf8ea6..fc2dee7 100644
--- a/server-bans/index.php
+++ b/server-bans/index.php
@@ -1,18 +1,20 @@
 <?php
-require_once "../common.php";
-
-require_once "../header.php";
+require_once "../inc/common.php";
+require_once "../inc/connection.php";
+require_once "../inc/header.php";
 
 if (!empty($_POST))
 {
 
-	do_log($_POST);
-
 	if (isset($_POST['tklch']) && !empty($_POST['tklch'])) // User has asked to delete these tkls
 	{
-		foreach ($_POST as $key => $value) {
-			foreach ($value as $tok) {
-				$tok = explode(",", $tok);
+		if (!current_user_can(PERMISSION_SERVER_BAN_DEL))
+		{
+			Message::Fail("Could not delete: Permission denied");
+		}
+		else {
+			foreach ($_POST['tklch'] as $key => $value) {
+				$tok = explode(",", $value);
 				$ban = base64_decode($tok[0]);
 				$type = base64_decode($tok[1]);
 				$success = false;
@@ -33,58 +35,65 @@ if (!empty($_POST))
 	}
 	elseif (isset($_POST['tkl_add']) && !empty($_POST['tkl_add']))
 	{
-		if (!($iphost = $_POST['tkl_add']))
-			Message::Fail("No mask was specified");
-		else if (!($bantype = (isset($_POST['bantype'])) ? $_POST['bantype'] : false))
+		if (!current_user_can(PERMISSION_SERVER_BAN_ADD))
 		{
-			Message::Fail("Unable to add Server Ban: No ban type selected");
-		} else /* It did */{
+			Message::Fail("Could not add: Permission denied");
+		}
+		else
+		{
+			if (!($iphost = $_POST['tkl_add']))
+				Message::Fail("No mask was specified");
+			else if (!($bantype = (isset($_POST['bantype'])) ? $_POST['bantype'] : false))
+			{
+				Message::Fail("Unable to add Server Ban: No ban type selected");
+			} else /* It did */{
 
-			if (
-				(
-					$bantype == "gline" ||
-					$bantype == "gzline" ||
-					$bantype == "shun" ||
-					$bantype == "eline"
-				) && strpos($iphost, "@") == false
-			) // doesn't have full mask
-				$iphost = "*@" . $iphost;
+				if (
+					(
+						$bantype == "gline" ||
+						$bantype == "gzline" ||
+						$bantype == "shun" ||
+						$bantype == "eline"
+					) && strpos($iphost, "@") == false
+				) // doesn't have full mask
+					$iphost = "*@" . $iphost;
 
-			$soft = ($_POST['soft']) ? true : false;
+				$soft = ($_POST['soft']) ? true : false;
 
-			if ($soft)
-				$iphost = "%" . $iphost;
-			/* duplicate code for now [= */
-			$banlen_w = (isset($_POST['banlen_w'])) ? $_POST['banlen_w'] : NULL;
-			$banlen_d = (isset($_POST['banlen_d'])) ? $_POST['banlen_d'] : NULL;
-			$banlen_h = (isset($_POST['banlen_h'])) ? $_POST['banlen_h'] : NULL;
-			$duration = "";
-			if (!$banlen_d && !$banlen_h && !$banlen_w)
-				$duration .= "0";
-			else {
-				if ($banlen_w)
-					$duration .= $banlen_w;
-				if ($banlen_d)
-					$duration .= $banlen_d;
-				if ($banlen_h)
-					$duration .= $banlen_h;
+				if ($soft)
+					$iphost = "%" . $iphost;
+				/* duplicate code for now [= */
+				$banlen_w = (isset($_POST['banlen_w'])) ? $_POST['banlen_w'] : NULL;
+				$banlen_d = (isset($_POST['banlen_d'])) ? $_POST['banlen_d'] : NULL;
+				$banlen_h = (isset($_POST['banlen_h'])) ? $_POST['banlen_h'] : NULL;
+				$duration = "";
+				if (!$banlen_d && !$banlen_h && !$banlen_w)
+					$duration .= "0";
+				else {
+					if ($banlen_w)
+						$duration .= $banlen_w;
+					if ($banlen_d)
+						$duration .= $banlen_d;
+					if ($banlen_h)
+						$duration .= $banlen_h;
+				}
+				$msg_msg = ($duration == "0" || $duration == "0w0d0h") ? "permanently" : "for " . rpc_convert_duration_string($duration);
+				$reason = (isset($_POST['ban_reason'])) ? $_POST['ban_reason'] : "No reason";
+				if ($bantype == "qline") {
+					if ($rpc->nameban()->add($iphost, $reason, $duration))
+						Message::Success("Name Ban set against \"$iphost\": $reason");
+					else
+						Message::Fail("Name Ban could not be set against \"$iphost\": $rpc->error");
+				} elseif ($bantype == "except") {
+					if ($rpc->serverbanexception()->add($iphost, "", $duration, $reason))
+						Message::Success("Exception set for \"$iphost\": $reason");
+					else
+						Message::Fail("Exception could not be set \"$iphost\": $rpc->error");
+				} else if ($rpc->serverban()->add($iphost, $bantype, $duration, $reason)) {
+					Message::Success("Host / IP: $iphost has been $bantype" . "d $msg_msg: $reason");
+				} else
+					Message::Fail("The $bantype against \"$iphost\" could not be added: $rpc->error");
 			}
-			$msg_msg = ($duration == "0" || $duration == "0w0d0h") ? "permanently" : "for " . rpc_convert_duration_string($duration);
-			$reason = (isset($_POST['ban_reason'])) ? $_POST['ban_reason'] : "No reason";
-			if ($bantype == "qline") {
-				if ($rpc->nameban()->add($iphost, $reason, $duration))
-					Message::Success("Name Ban set against \"$iphost\": $reason");
-				else
-					Message::Fail("Name Ban could not be set against \"$iphost\": $rpc->error");
-			} elseif ($bantype == "except") {
-				if ($rpc->serverbanexception()->add($iphost, "", $duration, $reason))
-					Message::Success("Exception set for \"$iphost\": $reason");
-				else
-					Message::Fail("Exception could not be set \"$iphost\": $rpc->error");
-			} else if ($rpc->serverban()->add($iphost, $bantype, $duration, $reason)) {
-				Message::Success("Host / IP: $iphost has been $bantype" . "d $msg_msg: $reason");
-			} else
-				Message::Fail("The $bantype against \"$iphost\" could not be added: $rpc->error");
 		}
 	}
 	elseif (isset($_POST['search_types']) && !empty($_POST['search_types']))
@@ -97,7 +106,7 @@ $tkl = $rpc->serverban()->getAll();
 ?>
 <h4>Server Bans Overview</h4>
 Here are all your network bans, from K-Lines to G-Lines, it's all here.<br><br>
-<p><button type="button" class="btn btn-primary" data-toggle="modal" data-target="#myModal">
+<p><button type="button" class="btn btn-primary" data-toggle="modal" data-target="#myModal" <?php echo (current_user_can(PERMISSION_SERVER_BAN_ADD)) ? "" : "disabled"; ?>>
 			Add entry
 	</button></p></table>
 	<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">
@@ -213,7 +222,7 @@ Here are all your network bans, from K-Lines to G-Lines, it's all here.<br><br>
 			echo "<td scope=\"col\">".$tkl->expire_at_string."</td>";
 			echo "</tr>";
 		}
-	?></tbody></table><p><button type="button" class="btn btn-danger" data-toggle="modal" data-target="#myModal2">
+	?></tbody></table><p><button type="button" class="btn btn-danger" data-toggle="modal" data-target="#myModal2" <?php echo (current_user_can(PERMISSION_SERVER_BAN_DEL)) ? "" : "disabled"; ?>>
 	Delete selected
 	</button></p>
 	<div class="modal fade" id="myModal2" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">
@@ -238,4 +247,4 @@ Here are all your network bans, from K-Lines to G-Lines, it's all here.<br><br>
 	</div>
 	</div></form></div></div>
 
-<?php require_once '../footer.php'; ?>
+<?php require_once '../inc/footer.php'; ?>