X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/0b546dde4f1a5187a376956df4274db77bc1cfbc..47aad98291fb8ad90cb308ba21fe73c7c7ccd843:/server-bans/ban-exceptions.php

diff --git a/server-bans/ban-exceptions.php b/server-bans/ban-exceptions.php
index 74761a1..6bd265b 100644
--- a/server-bans/ban-exceptions.php
+++ b/server-bans/ban-exceptions.php
@@ -1,6 +1,7 @@
 <?php
-require_once "../common.php";
-require_once "../header.php";
+require_once "../inc/common.php";
+require_once "../inc/header.php";
+require_once "../inc/connection.php";
 require_once "../misc/ban-exceptions-misc.php";
 if (!empty($_POST))
 {
@@ -9,55 +10,63 @@ if (!empty($_POST))
 
 	if (isset($_POST['tklch']) && !empty($_POST['tklch'])) // User has asked to delete these tkls
 	{
-		foreach ($_POST['tklch'] as $key => $value)
-		{
-			$tok = split($value, ",");
-			$iphost = base64_decode($tok[0]);
-			$success = false;
-			$success = $rpc->serverbanexception()->delete($iphost);
+		if (!current_user_can(PERMISSION_BAN_EXCEPTION_DEL))
+			Message::Fail("Could not delete ban exception(s): Permission denied");
+		else
+			foreach ($_POST['tklch'] as $key => $value)
+			{
+				$tok = split($value, ",");
+				$iphost = base64_decode($tok[0]);
+				$success = false;
+				$success = $rpc->serverbanexception()->delete($iphost);
 
 
-			if ($success)
-				Message::Success("Ban Exception has been removed for $iphost");
-			else
-				Message::Fail("Unable to remove Ban Exception on $iphost: $rpc->error");
-		}
+				if ($success)
+					Message::Success("Ban Exception has been removed for $iphost");
+				else
+					Message::Fail("Unable to remove Ban Exception on $iphost: $rpc->error");
+			}
 	}
 	elseif (isset($_POST['tkl_add']) && !empty($_POST['tkl_add']))
 	{
-		if (!($iphost = $_POST['tkl_add']))
-			Message::Fail("No mask was specified");
+		if (!current_user_can(PERMISSION_BAN_EXCEPTION_ADD))
+			Message::Fail("Could not add ban exception(s): Permission denied");
+		else
+		{
+			if (!($iphost = $_POST['tkl_add']))
+				Message::Fail("No mask was specified");
 
-		$bantypes = isset($_POST['bantype']) ? $_POST['bantype'] : "";
-		$bantypes_dup = "";
-		if (!empty($bantypes))
-			foreach ($bantypes as $bt)
-				$bantypes_dup .= $bt;
-		$bantypes = $bantypes_dup;
-		/* duplicate code for now [= */
-		$banlen_w = (isset($_POST['banlen_w'])) ? $_POST['banlen_w'] : NULL;
-		$banlen_d = (isset($_POST['banlen_d'])) ? $_POST['banlen_d'] : NULL;
-		$banlen_h = (isset($_POST['banlen_h'])) ? $_POST['banlen_h'] : NULL;
-		$duration = "";
-		if (!$banlen_d && !$banlen_h && !$banlen_w)
-			$duration .= "0";
-		else {
-			if ($banlen_w)
-				$duration .= $banlen_w;
-			if ($banlen_d)
-				$duration .= $banlen_d;
-			if ($banlen_h)
-				$duration .= $banlen_h;
-		}
-		$msg_msg = ($duration == "0" || $duration == "0w0d0h") ? "permanently" : "for " . rpc_convert_duration_string($duration);
-		$reason = (isset($_POST['ban_reason'])) ? $_POST['ban_reason'] : "No reason";
+			$bantypes = isset($_POST['bantype']) ? $_POST['bantype'] : "";
+			$bantypes_dup = "";
+			if (!empty($bantypes))
+				foreach ($bantypes as $bt)
+					$bantypes_dup .= $bt;
+			$bantypes = $bantypes_dup;
+			/* duplicate code for now [= */
+			$banlen_w = (isset($_POST['banlen_w'])) ? $_POST['banlen_w'] : NULL;
+			$banlen_d = (isset($_POST['banlen_d'])) ? $_POST['banlen_d'] : NULL;
+			$banlen_h = (isset($_POST['banlen_h'])) ? $_POST['banlen_h'] : NULL;
+			$duration = "";
+			if (!$banlen_d && !$banlen_h && !$banlen_w)
+				$duration .= "0";
+			else {
+				if ($banlen_w)
+					$duration .= $banlen_w;
+				if ($banlen_d)
+					$duration .= $banlen_d;
+				if ($banlen_h)
+					$duration .= $banlen_h;
+			}
+			$msg_msg = ($duration == "0" || $duration == "0w0d0h") ? "permanently" : "for " . rpc_convert_duration_string($duration);
+			$reason = (isset($_POST['ban_reason'])) ? $_POST['ban_reason'] : "No reason";
 
-		if (isset($_POST['soft']))
-			$iphost = "%$iphost";
-		if ($rpc->serverbanexception()->add($iphost, $bantypes, $reason, (($user = unreal_get_current_user())) ? $user->username : NULL, $duration))
-			Message::Success("Ban Exception set against \"$iphost\": $reason");
-		else
-			Message::Fail("Ban Exception could not be set against \"$iphost\": $rpc->error");
+			if (isset($_POST['soft']))
+				$iphost = "%$iphost";
+			if ($rpc->serverbanexception()->add($iphost, $bantypes, $reason, (($user = unreal_get_current_user())) ? $user->username : NULL, $duration))
+				Message::Success("Ban Exception set against \"$iphost\": $reason");
+			else
+				Message::Fail("Ban Exception could not be set against \"$iphost\": $rpc->error");
+		}
 		
 	}
 	elseif (isset($_POST['search_types']) && !empty($_POST['search_types']))
@@ -72,7 +81,7 @@ $ban_exceptions = $rpc->serverbanexception()->getAll();
 <h4>Ban Exceptions Overview</h4>
 Here is where you can make an exception to bans, that is, to make it so that the target mask is exempt from the ban types you specify.<br>
 <br>
-<p><button type="button" class="btn btn-primary" data-toggle="modal" data-target="#myModal">
+<p><button type="button" class="btn btn-primary" data-toggle="modal" data-target="#myModal" <?php echo (current_user_can(PERMISSION_BAN_EXCEPTION_ADD)) ? "" : "disabled"; ?>>
 			Add entry
 	</button></p></table>
 	<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">
@@ -197,7 +206,7 @@ Here is where you can make an exception to bans, that is, to make it so that the
 			echo "<td scope=\"col\">".$ban_exceptions->expire_at_string."</td>";
 			echo "</tr>";
 		}
-	?></tbody></table><p><button type="button" class="btn btn-danger" data-toggle="modal" data-target="#myModal2">
+	?></tbody></table><p><button type="button" class="btn btn-danger" data-toggle="modal" data-target="#myModal2" <?php echo (current_user_can(PERMISSION_BAN_EXCEPTION_DEL)) ? "" : "disabled"; ?>>
 	Delete selected
 	</button></p>
 	<div class="modal fade" id="myModal2" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">
@@ -222,4 +231,4 @@ Here is where you can make an exception to bans, that is, to make it so that the
 	</div>
 	</div></form></div></div>
 
-<?php require_once '../footer.php'; ?>
+<?php require_once '../inc/footer.php'; ?>