text0Nly/main/admin.php

<?php
session_start();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Content-Security-Policy: default-src \'self\'');

if (!isset($_SESSION['is_moderator']) || !$_SESSION['is_moderator']) {
    header('Location: index.php');
    exit;
}

$config = require 'config.php';
$db = new PDO(
    "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
    $config['db']['user'], 
    $config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$error = '';
$success = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['action']) && isset($_POST['username'])) {
        $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
        
        if ($_POST['action'] === 'ban') {
            $stmt = $db->prepare('UPDATE users SET is_blocked = 1 WHERE username = ?');
            $stmt->execute([$username]);
            $success = "User $username has been banned";
        } elseif ($_POST['action'] === 'unban') {
            $stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?');
            $stmt->execute([$username]);
            $success = "User $username has been unbanned";
        } elseif ($_POST['action'] === 'preventive_ban') {
            if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
                $error = "Invalid username format";
            } else {
                $stmt = $db->prepare('INSERT INTO banned_usernames (username) VALUES (?)');
                try {
                    $stmt->execute([$username]);
                    $success = "Username $username has been preventively banned";
                } catch (PDOException $e) {
                    $error = "Username already banned";
                }
            }
        }
    }
}

$stmt = $db->query('SELECT username, is_blocked, is_moderator, created_at FROM users ORDER BY created_at DESC');
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>Text0Nly - Admin Panel</title>
    <link rel="stylesheet" href="styles.css">
    <style>
        .admin-table {
            width: 100%;
            border-collapse: collapse;
            margin-top: 20px;
        }
        .admin-table th, .admin-table td {
            padding: 8px;
            border: 1px solid #ddd;
            text-align: left;
        }
        .admin-table th {
            background: #f5f5f5;
        }
        .ban-btn {
            background: #dc3545;
            color: white;
            border: none;
            padding: 4px 8px;
            cursor: pointer;
            border-radius: 4px;
        }
        .unban-btn {
            background: #28a745;
            color: white;
            border: none;
            padding: 4px 8px;
            cursor: pointer;
            border-radius: 4px;
        }
        .status-banned {
            color: #dc3545;
        }
        .status-moderator {
            color: #28a745;
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="header">
            <h1>Admin Panel</h1>
            <div class="header-buttons">
                <a href="index.php">Back to chat</a>
            </div>
        </div>

        <?php if ($error): ?>
            <div class="error"><?= htmlspecialchars($error) ?></div>
        <?php endif; ?>
        <?php if ($success): ?>
            <div class="success"><?= htmlspecialchars($success) ?></div>
        <?php endif; ?>

        <div class="preventive-ban">
            <h2>Preventive Ban</h2>
            <form method="post" class="ban-form">
                <input type="text" name="username" placeholder="Username to ban" required pattern="[a-zA-Z0-9_]+" maxlength="50">
                <input type="hidden" name="action" value="preventive_ban">
                <button type="submit" class="ban-btn">Ban Username</button>
            </form>
        </div>

        <table class="admin-table">
            <thead>
                <tr>
                    <th>Username</th>
                    <th>Status</th>
                    <th>Created</th>
                    <th>Actions</th>
                </tr>
            </thead>
            <tbody>
                <?php foreach ($users as $user): ?>
                    <tr>
                        <td><?= htmlspecialchars($user['username']) ?></td>
                        <td>
                            <?php if ($user['is_blocked']): ?>
                                <span class="status-banned">Banned</span>
                            <?php elseif ($user['is_moderator']): ?>
                                <span class="status-moderator">Moderator</span>
                            <?php else: ?>
                                Active
                            <?php endif; ?>
                        </td>
                        <td><?= $user['created_at'] ?></td>
                        <td>
                            <?php if (!$user['is_moderator']): ?>
                                <form method="post" style="display:inline">
                                    <input type="hidden" name="username" value="<?= htmlspecialchars($user['username']) ?>">
                                    <?php if ($user['is_blocked']): ?>
                                        <input type="hidden" name="action" value="unban">
                                        <button type="submit" class="unban-btn">Unban</button>
                                    <?php else: ?>
                                        <input type="hidden" name="action" value="ban">
                                        <button type="submit" class="ban-btn">Ban</button>
                                    <?php endif; ?>
                                </form>
                            <?php endif; ?>
                        </td>
                    </tr>
                <?php endforeach; ?>
            </tbody>
        </table>
    </div>
</body>
</html>