From 70c510f3880500091b3d08b78dbfd926dbd2f7ee Mon Sep 17 00:00:00 2001
From: Lain Iwakura <lain@iwakurahome.ru>
Date: Mon, 16 Jun 2025 03:13:53 +0300
Subject: [PATCH] ban for posting

---
 main/api.php   | 9 +++++++++
 main/index.php | 8 +++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/main/api.php b/main/api.php
index b8dfb7c..1b59df5 100644
--- a/main/api.php
+++ b/main/api.php
@@ -89,6 +89,15 @@ if (!$username || !$message || strlen($username) > 50 || strlen($message) > 1000
 }
 
 try {
+    $stmt = $db->prepare('SELECT is_blocked FROM users WHERE username = ?');
+    $stmt->execute([$username]);
+    $user = $stmt->fetch(PDO::FETCH_ASSOC);
+    
+    if ($user && $user['is_blocked']) {
+        http_response_code(403);
+        die(json_encode(['error' => 'Account is blocked']));
+    }
+
     $stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
     $stmt->execute([$username]);
     if ($stmt->fetch()) {
diff --git a/main/index.php b/main/index.php
index 8515adf..477f392 100644
--- a/main/index.php
+++ b/main/index.php
@@ -37,7 +37,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $is_encrypted = isset($_POST['encrypted']) ? 1 : 0;
 
     if ($username && $message) {
-        if (is_registered($db, $username)) {
+        $stmt = $db->prepare('SELECT is_blocked FROM users WHERE username = ?');
+        $stmt->execute([$username]);
+        $user = $stmt->fetch(PDO::FETCH_ASSOC);
+        
+        if ($user && $user['is_blocked']) {
+            $error = 'Ваш аккаунт заблокирован';
+        } else if (is_registered($db, $username)) {
             if (!isset($_SESSION['username']) || $_SESSION['username'] !== $username) {
                 $error = 'Это имя занято. Войдите для отправки.';
             }