<?php// do connect to database $dbhost = 'localhost'; $dbname = 'site'; $

1. <?php
2. // do connect to database
3. $dbhost = 'localhost';
4. $dbname = 'site';
5. $dbuser = 'username';
6. $dbpass = 'password';
7. // user interaction with html form
8. if (isset($_POST['bansubmit']))
9. {
10. switch ($_POST['banform']) {
11. case 'ban':
12. $playername = $_REQUEST['player']; // "player" is name of html field (input)
13. $dbconnect = mysql_connect($dbhost, $dbuser, $dbpass);
14. mysql_select_db("$dbname") or die("Can't select a database.");
15. $rs = mysql_query("SELECT * FROM phpbb_users WHERE username='$playername'");
16. $result = mysql_fetch_array( $rs);
17. if ($result[username] !== $playername) {
18. header('Refresh: 3; URL: index.html');
19. break;
20. }
21. else {
22. $rs = mysql_query("SELECT * FROM bans WHERE player='$playername'");
23. $result = mysql_fetch_array( $rs);
24. if ($result[player] == $playername) {
25. header('Refresh: 3; URL: index.html');
26. break;
27. }
28. else {
29. mysql_query("INSERT INTO bans (player, guid, reason) VALUES("some values");");
30. mysql_close();
31. header('Location: index.html');
32. break;
33. }
34. }
35.  
36. case 'unban':
37. $playername = $_REQUEST['player'];
38. $dbconnect = mysql_connect($dbhost, $dbuser, $dbpass);
39. mysql_select_db("$dbname") or die("Can't select a database.");
40. $rs = mysql_query("SELECT * FROM phpbb_users WHERE username='$playername'");
41. $result = mysql_fetch_array( $rs);
42. if ($result[username] !== $playername) {
43. header('Refresh: 3; URL: index.html');
44. break;
45. }
46. else {
47. $rs = mysql_query("SELECT * FROM bans WHERE player='$playername'");
48. $result = mysql_fetch_array( $rs);
49. if ($result[player] == $playername) {
50. mysql_query("DELETE FROM bans WHERE player='$playername';");
51. mysql_close();
52. header('Location: index.html');
53. break;
54. }
55. }
56. }
57. }
58.  
59. if (isset($_POST['warnsubmit']))
60. {
61. switch ($_POST['warnform']) {
62. case 'warn':
63. $playername = $_REQUEST['player'];
64. $dbconnect = mysql_connect($dbhost, $dbuser, $dbpass);
65. mysql_select_db("$dbname") or die("Can't select a database.");
66. $rs = mysql_query("SELECT * FROM phpbb_users WHERE username='$playername'");
67. $result = mysql_fetch_array( $rs);
68. if ($result[username] !== $playername) {
69. header('Refresh: 3; URL: index.html');
70. break;
71. }
72. else {
73. $rs = mysql_query("SELECT * FROM warnings WHERE player='$playername'");
74. $result = mysql_fetch_array( $rs);
75. if ($result[player] == $playername) {
76. header('Refresh: 3; URL: index.html');
77. break;
78. }
79. else {
80. mysql_query("INSERT INTO warnings (player, guid, reason) VALUES("some values");");
81. mysql_close();
82. header('Location: index.html');
83. break;
84. }
85. }
86.  
87. case 'unwarn':
88. $playername = $_REQUEST['player'];
89. $dbconnect = mysql_connect($dbhost, $dbuser, $dbpass);
90. mysql_select_db("$dbname") or die("Can't select a database.");
91. $rs = mysql_query("SELECT * FROM phpbb_users WHERE username='$playername'");
92. $result = mysql_fetch_array( $rs);
93. if ($result[username] !== $playername) {
94. header('Refresh: 3; URL: index.html');
95. break;
96. }
97. else {
98. $rs = mysql_query("SELECT * FROM warnings WHERE player='$playername'");
99. $result = mysql_fetch_array( $rs);
100. if ($result[player] == $playername) {
101. mysql_query("DELETE FROM warnings WHERE player='$playername';");
102. mysql_close();
103. header('Location: index.html');
104. break;
105. }
106. }
107. }
108. }