mirror of
https://git.sekbaer.de/Friendica/friendica.git
synced 2025-06-08 16:14:26 +02:00
Merge branch 'bug/phpinfo-accessible-hotfix' into 2020.09-rc
# Conflicts: # src/Module/Admin/DBSync.php # src/Module/Admin/Logs/Settings.php # src/Module/Admin/Themes/Details.php # src/Module/Admin/Themes/Embed.php
This commit is contained in:
Hypolite Petovan
commit
fb7f7435c0
20 changed files with 497 additions and 569 deletions
|
|
@ -34,7 +34,9 @@ class Users extends BaseAdmin
|
|||
{
|
||||
public static function post(array $parameters = [])
|
||||
{
|
||||
parent::post($parameters);
|
||||
self::checkAdminAccess();
|
||||
|
||||
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
|
||||
|
||||
$pending = $_POST['pending'] ?? [];
|
||||
$users = $_POST['user'] ?? [];
|
||||
|
|
@ -43,8 +45,6 @@ class Users extends BaseAdmin
|
|||
$nu_email = $_POST['new_user_email'] ?? '';
|
||||
$nu_language = DI::config()->get('system', 'language');
|
||||
|
||||
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
|
||||
|
||||
if ($nu_name !== '' && $nu_email !== '' && $nu_nickname !== '') {
|
||||
try {
|
||||
User::createMinimal($nu_name, $nu_email, $nu_nickname, $nu_language);
|
||||
|
|
@ -101,187 +101,186 @@ class Users extends BaseAdmin
|
|||
{
|
||||
parent::content($parameters);
|
||||
|
||||
$a = DI::app();
|
||||
$action = $parameters['action'] ?? '';
|
||||
$uid = $parameters['uid'] ?? 0;
|
||||
|
||||
if ($a->argc > 3) {
|
||||
// @TODO: Replace with parameter from router
|
||||
$action = $a->argv[2];
|
||||
$uid = $a->argv[3];
|
||||
if ($uid) {
|
||||
$user = User::getById($uid, ['username', 'blocked']);
|
||||
if (!DBA::isResult($user)) {
|
||||
notice(DI::l10n()->t('User not found'));
|
||||
DI::baseUrl()->redirect('admin/users');
|
||||
return ''; // NOTREACHED
|
||||
}
|
||||
}
|
||||
|
||||
switch ($action) {
|
||||
case 'delete':
|
||||
if (local_user() != $uid) {
|
||||
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
// delete user
|
||||
User::remove($uid);
|
||||
switch ($action) {
|
||||
case 'delete':
|
||||
if (local_user() != $uid) {
|
||||
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
// delete user
|
||||
User::remove($uid);
|
||||
|
||||
notice(DI::l10n()->t('User "%s" deleted', $user['username']));
|
||||
} else {
|
||||
notice(DI::l10n()->t('You can\'t remove yourself'));
|
||||
notice(DI::l10n()->t('User "%s" deleted', $user['username']));
|
||||
} else {
|
||||
notice(DI::l10n()->t('You can\'t remove yourself'));
|
||||
}
|
||||
break;
|
||||
case 'block':
|
||||
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::block($uid);
|
||||
notice(DI::l10n()->t('User "%s" blocked', $user['username']));
|
||||
break;
|
||||
case 'unblock':
|
||||
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::block($uid, false);
|
||||
notice(DI::l10n()->t('User "%s" unblocked', $user['username']));
|
||||
break;
|
||||
case 'allow':
|
||||
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::allow(Register::getPendingForUser($uid)['hash'] ?? '');
|
||||
notice(DI::l10n()->t('Account approved.'));
|
||||
break;
|
||||
case 'deny':
|
||||
self::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::deny(Register::getPendingForUser($uid)['hash'] ?? '');
|
||||
notice(DI::l10n()->t('Registration revoked'));
|
||||
break;
|
||||
default:
|
||||
/* get pending */
|
||||
$pending = Register::getPending();
|
||||
|
||||
$pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 100);
|
||||
|
||||
$valid_orders = [
|
||||
'name',
|
||||
'email',
|
||||
'register_date',
|
||||
'login_date',
|
||||
'last-item',
|
||||
'page-flags'
|
||||
];
|
||||
|
||||
$order = 'name';
|
||||
$order_direction = '+';
|
||||
if (!empty($_GET['o'])) {
|
||||
$new_order = $_GET['o'];
|
||||
if ($new_order[0] === '-') {
|
||||
$order_direction = '-';
|
||||
$new_order = substr($new_order, 1);
|
||||
}
|
||||
break;
|
||||
case 'block':
|
||||
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::block($uid);
|
||||
notice(DI::l10n()->t('User "%s" blocked', $user['username']));
|
||||
break;
|
||||
case 'unblock':
|
||||
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::block($uid, false);
|
||||
notice(DI::l10n()->t('User "%s" unblocked', $user['username']));
|
||||
break;
|
||||
case 'allow':
|
||||
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::allow(Register::getPendingForUser($uid)['hash'] ?? '');
|
||||
notice(DI::l10n()->t('Account approved.'));
|
||||
break;
|
||||
case 'deny':
|
||||
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||
User::deny(Register::getPendingForUser($uid)['hash'] ?? '');
|
||||
notice(DI::l10n()->t('Registration revoked'));
|
||||
break;
|
||||
}
|
||||
|
||||
DI::baseUrl()->redirect('admin/users');
|
||||
if (in_array($new_order, $valid_orders)) {
|
||||
$order = $new_order;
|
||||
}
|
||||
}
|
||||
|
||||
$users = User::getList($pager->getStart(), $pager->getItemsPerPage(), 'all', $order, ($order_direction == '-'));
|
||||
|
||||
$adminlist = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
|
||||
$_setup_users = function ($e) use ($adminlist) {
|
||||
$page_types = [
|
||||
User::PAGE_FLAGS_NORMAL => DI::l10n()->t('Normal Account Page'),
|
||||
User::PAGE_FLAGS_SOAPBOX => DI::l10n()->t('Soapbox Page'),
|
||||
User::PAGE_FLAGS_COMMUNITY => DI::l10n()->t('Public Forum'),
|
||||
User::PAGE_FLAGS_FREELOVE => DI::l10n()->t('Automatic Friend Page'),
|
||||
User::PAGE_FLAGS_PRVGROUP => DI::l10n()->t('Private Forum')
|
||||
];
|
||||
$account_types = [
|
||||
User::ACCOUNT_TYPE_PERSON => DI::l10n()->t('Personal Page'),
|
||||
User::ACCOUNT_TYPE_ORGANISATION => DI::l10n()->t('Organisation Page'),
|
||||
User::ACCOUNT_TYPE_NEWS => DI::l10n()->t('News Page'),
|
||||
User::ACCOUNT_TYPE_COMMUNITY => DI::l10n()->t('Community Forum'),
|
||||
User::ACCOUNT_TYPE_RELAY => DI::l10n()->t('Relay'),
|
||||
];
|
||||
|
||||
$e['page_flags_raw'] = $e['page-flags'];
|
||||
$e['page-flags'] = $page_types[$e['page-flags']];
|
||||
|
||||
$e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
|
||||
$e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
|
||||
|
||||
$e['register_date'] = Temporal::getRelativeDate($e['register_date']);
|
||||
$e['login_date'] = Temporal::getRelativeDate($e['login_date']);
|
||||
$e['lastitem_date'] = Temporal::getRelativeDate($e['last-item']);
|
||||
$e['is_admin'] = in_array($e['email'], $adminlist);
|
||||
$e['is_deletable'] = (intval($e['uid']) != local_user());
|
||||
$e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
|
||||
|
||||
return $e;
|
||||
};
|
||||
|
||||
$tmp_users = array_map($_setup_users, $users);
|
||||
|
||||
// Get rid of dashes in key names, Smarty3 can't handle them
|
||||
// and extracting deleted users
|
||||
|
||||
$deleted = [];
|
||||
$users = [];
|
||||
foreach ($tmp_users as $user) {
|
||||
foreach ($user as $k => $v) {
|
||||
$newkey = str_replace('-', '_', $k);
|
||||
$user[$newkey] = $v;
|
||||
}
|
||||
|
||||
if ($user['deleted']) {
|
||||
$deleted[] = $user;
|
||||
} else {
|
||||
$users[] = $user;
|
||||
}
|
||||
}
|
||||
|
||||
$th_users = array_map(null, [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Type')], $valid_orders);
|
||||
|
||||
$t = Renderer::getMarkupTemplate('admin/users.tpl');
|
||||
$o = Renderer::replaceMacros($t, [
|
||||
// strings //
|
||||
'$title' => DI::l10n()->t('Administration'),
|
||||
'$page' => DI::l10n()->t('Users'),
|
||||
'$submit' => DI::l10n()->t('Add User'),
|
||||
'$select_all' => DI::l10n()->t('select all'),
|
||||
'$h_pending' => DI::l10n()->t('User registrations waiting for confirm'),
|
||||
'$h_deleted' => DI::l10n()->t('User waiting for permanent deletion'),
|
||||
'$th_pending' => [DI::l10n()->t('Request date'), DI::l10n()->t('Name'), DI::l10n()->t('Email')],
|
||||
'$no_pending' => DI::l10n()->t('No registrations.'),
|
||||
'$pendingnotetext' => DI::l10n()->t('Note from the user'),
|
||||
'$approve' => DI::l10n()->t('Approve'),
|
||||
'$deny' => DI::l10n()->t('Deny'),
|
||||
'$delete' => DI::l10n()->t('Delete'),
|
||||
'$block' => DI::l10n()->t('Block'),
|
||||
'$blocked' => DI::l10n()->t('User blocked'),
|
||||
'$unblock' => DI::l10n()->t('Unblock'),
|
||||
'$siteadmin' => DI::l10n()->t('Site admin'),
|
||||
'$accountexpired' => DI::l10n()->t('Account expired'),
|
||||
|
||||
'$h_users' => DI::l10n()->t('Users'),
|
||||
'$h_newuser' => DI::l10n()->t('New User'),
|
||||
'$th_deleted' => [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Permanent deletion')],
|
||||
'$th_users' => $th_users,
|
||||
'$order_users' => $order,
|
||||
'$order_direction_users' => $order_direction,
|
||||
|
||||
'$confirm_delete_multi' => DI::l10n()->t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
|
||||
'$confirm_delete' => DI::l10n()->t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
|
||||
|
||||
'$form_security_token' => self::getFormSecurityToken('admin_users'),
|
||||
|
||||
// values //
|
||||
'$baseurl' => DI::baseUrl()->get(true),
|
||||
|
||||
'$pending' => $pending,
|
||||
'deleted' => $deleted,
|
||||
'$users' => $users,
|
||||
'$newusername' => ['new_user_name', DI::l10n()->t('Name'), '', DI::l10n()->t('Name of the new user.')],
|
||||
'$newusernickname' => ['new_user_nickname', DI::l10n()->t('Nickname'), '', DI::l10n()->t('Nickname of the new user.')],
|
||||
'$newuseremail' => ['new_user_email', DI::l10n()->t('Email'), '', DI::l10n()->t('Email address of the new user.'), '', '', 'email'],
|
||||
]);
|
||||
|
||||
$o .= $pager->renderFull(DBA::count('user'));
|
||||
|
||||
return $o;
|
||||
}
|
||||
|
||||
/* get pending */
|
||||
$pending = Register::getPending();
|
||||
|
||||
$pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 100);
|
||||
|
||||
$valid_orders = [
|
||||
'name',
|
||||
'email',
|
||||
'register_date',
|
||||
'login_date',
|
||||
'last-item',
|
||||
'page-flags'
|
||||
];
|
||||
|
||||
$order = 'name';
|
||||
$order_direction = '+';
|
||||
if (!empty($_GET['o'])) {
|
||||
$new_order = $_GET['o'];
|
||||
if ($new_order[0] === '-') {
|
||||
$order_direction = '-';
|
||||
$new_order = substr($new_order, 1);
|
||||
}
|
||||
|
||||
if (in_array($new_order, $valid_orders)) {
|
||||
$order = $new_order;
|
||||
}
|
||||
}
|
||||
|
||||
$users = User::getList($pager->getStart(), $pager->getItemsPerPage(), 'all', $order, ($order_direction == '-'));
|
||||
|
||||
$adminlist = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
|
||||
$_setup_users = function ($e) use ($adminlist) {
|
||||
$page_types = [
|
||||
User::PAGE_FLAGS_NORMAL => DI::l10n()->t('Normal Account Page'),
|
||||
User::PAGE_FLAGS_SOAPBOX => DI::l10n()->t('Soapbox Page'),
|
||||
User::PAGE_FLAGS_COMMUNITY => DI::l10n()->t('Public Forum'),
|
||||
User::PAGE_FLAGS_FREELOVE => DI::l10n()->t('Automatic Friend Page'),
|
||||
User::PAGE_FLAGS_PRVGROUP => DI::l10n()->t('Private Forum')
|
||||
];
|
||||
$account_types = [
|
||||
User::ACCOUNT_TYPE_PERSON => DI::l10n()->t('Personal Page'),
|
||||
User::ACCOUNT_TYPE_ORGANISATION => DI::l10n()->t('Organisation Page'),
|
||||
User::ACCOUNT_TYPE_NEWS => DI::l10n()->t('News Page'),
|
||||
User::ACCOUNT_TYPE_COMMUNITY => DI::l10n()->t('Community Forum'),
|
||||
User::ACCOUNT_TYPE_RELAY => DI::l10n()->t('Relay'),
|
||||
];
|
||||
|
||||
$e['page_flags_raw'] = $e['page-flags'];
|
||||
$e['page-flags'] = $page_types[$e['page-flags']];
|
||||
|
||||
$e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
|
||||
$e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
|
||||
|
||||
$e['register_date'] = Temporal::getRelativeDate($e['register_date']);
|
||||
$e['login_date'] = Temporal::getRelativeDate($e['login_date']);
|
||||
$e['lastitem_date'] = Temporal::getRelativeDate($e['last-item']);
|
||||
$e['is_admin'] = in_array($e['email'], $adminlist);
|
||||
$e['is_deletable'] = (intval($e['uid']) != local_user());
|
||||
$e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
|
||||
|
||||
return $e;
|
||||
};
|
||||
|
||||
$tmp_users = array_map($_setup_users, $users);
|
||||
|
||||
// Get rid of dashes in key names, Smarty3 can't handle them
|
||||
// and extracting deleted users
|
||||
|
||||
$deleted = [];
|
||||
$users = [];
|
||||
foreach ($tmp_users as $user) {
|
||||
foreach ($user as $k => $v) {
|
||||
$newkey = str_replace('-', '_', $k);
|
||||
$user[$newkey] = $v;
|
||||
}
|
||||
|
||||
if ($user['deleted']) {
|
||||
$deleted[] = $user;
|
||||
} else {
|
||||
$users[] = $user;
|
||||
}
|
||||
}
|
||||
|
||||
$th_users = array_map(null, [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Type')], $valid_orders);
|
||||
|
||||
$t = Renderer::getMarkupTemplate('admin/users.tpl');
|
||||
$o = Renderer::replaceMacros($t, [
|
||||
// strings //
|
||||
'$title' => DI::l10n()->t('Administration'),
|
||||
'$page' => DI::l10n()->t('Users'),
|
||||
'$submit' => DI::l10n()->t('Add User'),
|
||||
'$select_all' => DI::l10n()->t('select all'),
|
||||
'$h_pending' => DI::l10n()->t('User registrations waiting for confirm'),
|
||||
'$h_deleted' => DI::l10n()->t('User waiting for permanent deletion'),
|
||||
'$th_pending' => [DI::l10n()->t('Request date'), DI::l10n()->t('Name'), DI::l10n()->t('Email')],
|
||||
'$no_pending' => DI::l10n()->t('No registrations.'),
|
||||
'$pendingnotetext' => DI::l10n()->t('Note from the user'),
|
||||
'$approve' => DI::l10n()->t('Approve'),
|
||||
'$deny' => DI::l10n()->t('Deny'),
|
||||
'$delete' => DI::l10n()->t('Delete'),
|
||||
'$block' => DI::l10n()->t('Block'),
|
||||
'$blocked' => DI::l10n()->t('User blocked'),
|
||||
'$unblock' => DI::l10n()->t('Unblock'),
|
||||
'$siteadmin' => DI::l10n()->t('Site admin'),
|
||||
'$accountexpired' => DI::l10n()->t('Account expired'),
|
||||
|
||||
'$h_users' => DI::l10n()->t('Users'),
|
||||
'$h_newuser' => DI::l10n()->t('New User'),
|
||||
'$th_deleted' => [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Permanent deletion')],
|
||||
'$th_users' => $th_users,
|
||||
'$order_users' => $order,
|
||||
'$order_direction_users' => $order_direction,
|
||||
|
||||
'$confirm_delete_multi' => DI::l10n()->t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
|
||||
'$confirm_delete' => DI::l10n()->t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
|
||||
|
||||
'$form_security_token' => parent::getFormSecurityToken('admin_users'),
|
||||
|
||||
// values //
|
||||
'$baseurl' => DI::baseUrl()->get(true),
|
||||
|
||||
'$pending' => $pending,
|
||||
'deleted' => $deleted,
|
||||
'$users' => $users,
|
||||
'$newusername' => ['new_user_name', DI::l10n()->t('Name'), '', DI::l10n()->t('Name of the new user.')],
|
||||
'$newusernickname' => ['new_user_nickname', DI::l10n()->t('Nickname'), '', DI::l10n()->t('Nickname of the new user.')],
|
||||
'$newuseremail' => ['new_user_email', DI::l10n()->t('Email'), '', DI::l10n()->t('Email address of the new user.'), '', '', 'email'],
|
||||
]);
|
||||
|
||||
$o .= $pager->renderFull(DBA::count('user'));
|
||||
|
||||
return $o;
|
||||
DI::baseUrl()->redirect('admin/users');
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue