ban for posting

2025-07-27 15:36:11 +00:00 · 2025-06-16 03:13:53 +03:00 · 2025-06-16 03:13:53 +03:00 · 70c510f388
commit 70c510f388
parent da3dc76280
2 changed files with 16 additions and 1 deletions
--- a/main/api.php
+++ b/main/api.php
@ -89,6 +89,15 @@ if (!$username || !$message || strlen($username) > 50 || strlen($message) > 1000
 }

 try {
+    $stmt = $db->prepare('SELECT is_blocked FROM users WHERE username = ?');
+    $stmt->execute([$username]);
+    $user = $stmt->fetch(PDO::FETCH_ASSOC);
+    
+    if ($user && $user['is_blocked']) {
+        http_response_code(403);
+        die(json_encode(['error' => 'Account is blocked']));
+    }
+
    $stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
    $stmt->execute([$username]);
    if ($stmt->fetch()) {
--- a/main/index.php
+++ b/main/index.php
@ -37,7 +37,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $is_encrypted = isset($_POST['encrypted']) ? 1 : 0;

    if ($username && $message) {
-        if (is_registered($db, $username)) {
+        $stmt = $db->prepare('SELECT is_blocked FROM users WHERE username = ?');
+        $stmt->execute([$username]);
+        $user = $stmt->fetch(PDO::FETCH_ASSOC);
+        
+        if ($user && $user['is_blocked']) {
+            $error = 'Ваш аккаунт заблокирован';
+        } else if (is_registered($db, $username)) {
            if (!isset($_SESSION['username']) || $_SESSION['username'] !== $username) {
                $error = 'Это имя занято. Войдите для отправки.';
            }