Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1130 lines
35 KiB

  1. <?php
  2. /**
  3. * Friendica admin
  4. */
  5. require_once("include/remoteupdate.php");
  6. /**
  7. * @param App $a
  8. */
  9. function admin_post(&$a){
  10. if(!is_site_admin()) {
  11. return;
  12. }
  13. // do not allow a page manager to access the admin panel at all.
  14. if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
  15. return;
  16. // urls
  17. if ($a->argc > 1){
  18. switch ($a->argv[1]){
  19. case 'site':
  20. admin_page_site_post($a);
  21. break;
  22. case 'users':
  23. admin_page_users_post($a);
  24. break;
  25. case 'plugins':
  26. if ($a->argc > 2 &&
  27. is_file("addon/".$a->argv[2]."/".$a->argv[2].".php")){
  28. @include_once("addon/".$a->argv[2]."/".$a->argv[2].".php");
  29. if(function_exists($a->argv[2].'_plugin_admin_post')) {
  30. $func = $a->argv[2].'_plugin_admin_post';
  31. $func($a);
  32. }
  33. }
  34. goaway($a->get_baseurl(true) . '/admin/plugins/' . $a->argv[2] );
  35. return; // NOTREACHED
  36. break;
  37. case 'themes':
  38. $theme = $a->argv[2];
  39. if (is_file("view/theme/$theme/config.php")){
  40. require_once("view/theme/$theme/config.php");
  41. if (function_exists("theme_admin_post")){
  42. theme_admin_post($a);
  43. }
  44. }
  45. info(t('Theme settings updated.'));
  46. if(is_ajax()) return;
  47. goaway($a->get_baseurl(true) . '/admin/themes/' . $theme );
  48. return;
  49. break;
  50. case 'logs':
  51. admin_page_logs_post($a);
  52. break;
  53. case 'dbsync':
  54. admin_page_dbsync_post($a);
  55. break;
  56. case 'update':
  57. admin_page_remoteupdate_post($a);
  58. break;
  59. }
  60. }
  61. goaway($a->get_baseurl(true) . '/admin' );
  62. return; // NOTREACHED
  63. }
  64. /**
  65. * @param App $a
  66. * @return string
  67. */
  68. function admin_content(&$a) {
  69. if(!is_site_admin()) {
  70. return login(false);
  71. }
  72. if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
  73. return "";
  74. /**
  75. * Side bar links
  76. */
  77. // array( url, name, extra css classes )
  78. $aside = Array(
  79. 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"),
  80. 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"),
  81. 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"),
  82. 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"),
  83. 'dbsync' => Array($a->get_baseurl(true)."/admin/dbsync/", t('DB updates'), "dbsync"),
  84. 'update' => Array($a->get_baseurl(true)."/admin/update/", t("Software Update") , "update")
  85. );
  86. /* get plugins admin page */
  87. $r = q("SELECT * FROM `addon` WHERE `plugin_admin`=1");
  88. $aside['plugins_admin']=Array();
  89. foreach ($r as $h){
  90. $plugin =$h['name'];
  91. $aside['plugins_admin'][] = Array($a->get_baseurl(true)."/admin/plugins/".$plugin, $plugin, "plugin");
  92. // temp plugins with admin
  93. $a->plugins_admin[] = $plugin;
  94. }
  95. $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs");
  96. $t = get_markup_template("admin_aside.tpl");
  97. $a->page['aside'] = replace_macros( $t, array(
  98. '$admin' => $aside,
  99. '$h_pending' => t('User registrations waiting for confirmation'),
  100. '$admurl'=> $a->get_baseurl(true)."/admin/"
  101. ));
  102. /**
  103. * Page content
  104. */
  105. $o = '';
  106. // urls
  107. if ($a->argc > 1){
  108. switch ($a->argv[1]){
  109. case 'site':
  110. $o = admin_page_site($a);
  111. break;
  112. case 'users':
  113. $o = admin_page_users($a);
  114. break;
  115. case 'plugins':
  116. $o = admin_page_plugins($a);
  117. break;
  118. case 'themes':
  119. $o = admin_page_themes($a);
  120. break;
  121. case 'logs':
  122. $o = admin_page_logs($a);
  123. break;
  124. case 'dbsync':
  125. $o = admin_page_dbsync($a);
  126. break;
  127. case 'update':
  128. $o = admin_page_remoteupdate($a);
  129. break;
  130. default:
  131. notice( t("Item not found.") );
  132. }
  133. } else {
  134. $o = admin_page_summary($a);
  135. }
  136. if(is_ajax()) {
  137. echo $o;
  138. killme();
  139. return '';
  140. } else {
  141. return $o;
  142. }
  143. }
  144. /**
  145. * Admin Summary Page
  146. * @param App $a
  147. * @return string
  148. */
  149. function admin_page_summary(&$a) {
  150. $r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`");
  151. $accounts = Array(
  152. Array( t('Normal Account'), 0),
  153. Array( t('Soapbox Account'), 0),
  154. Array( t('Community/Celebrity Account'), 0),
  155. Array( t('Automatic Friend Account'), 0)
  156. );
  157. $users=0;
  158. foreach ($r as $u){ $accounts[$u['page-flags']][1] = $u['count']; $users+= $u['count']; }
  159. logger('accounts: ' . print_r($accounts,true));
  160. $r = q("SELECT COUNT(id) as `count` FROM `register`");
  161. $pending = $r[0]['count'];
  162. $t = get_markup_template("admin_summary.tpl");
  163. return replace_macros($t, array(
  164. '$title' => t('Administration'),
  165. '$page' => t('Summary'),
  166. '$users' => Array( t('Registered users'), $users),
  167. '$accounts' => $accounts,
  168. '$pending' => Array( t('Pending registrations'), $pending),
  169. '$version' => Array( t('Version'), FRIENDICA_VERSION),
  170. '$build' => get_config('system','build'),
  171. '$plugins' => Array( t('Active plugins'), $a->plugins )
  172. ));
  173. }
  174. /**
  175. * Admin Site Page
  176. * @param App $a
  177. */
  178. function admin_page_site_post(&$a){
  179. if (!x($_POST,"page_site")){
  180. return;
  181. }
  182. check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
  183. $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : '');
  184. $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
  185. $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : '');
  186. $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : '');
  187. $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0);
  188. $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0);
  189. $abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0);
  190. $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : '');
  191. $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : '');
  192. $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : '');
  193. $block_public = ((x($_POST,'block_public')) ? True : False);
  194. $force_publish = ((x($_POST,'publish_all')) ? True : False);
  195. $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : '');
  196. $no_multi_reg = ((x($_POST,'no_multi_reg')) ? True : False);
  197. $no_openid = !((x($_POST,'no_openid')) ? True : False);
  198. $no_regfullname = !((x($_POST,'no_regfullname')) ? True : False);
  199. $no_utf = !((x($_POST,'no_utf')) ? True : False);
  200. $no_community_page = !((x($_POST,'no_community_page')) ? True : False);
  201. $verifyssl = ((x($_POST,'verifyssl')) ? True : False);
  202. $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : '');
  203. $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : '');
  204. $timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60);
  205. $delivery_interval = ((x($_POST,'delivery_interval'))? intval(trim($_POST['delivery_interval'])) : 0);
  206. $dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
  207. $ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
  208. $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
  209. $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
  210. if($ssl_policy != intval(get_config('system','ssl_policy'))) {
  211. if($ssl_policy == SSL_POLICY_FULL) {
  212. q("update `contact` set
  213. `url` = replace(`url` , 'http:' , 'https:'),
  214. `photo` = replace(`photo` , 'http:' , 'https:'),
  215. `thumb` = replace(`thumb` , 'http:' , 'https:'),
  216. `micro` = replace(`micro` , 'http:' , 'https:'),
  217. `request` = replace(`request`, 'http:' , 'https:'),
  218. `notify` = replace(`notify` , 'http:' , 'https:'),
  219. `poll` = replace(`poll` , 'http:' , 'https:'),
  220. `confirm` = replace(`confirm`, 'http:' , 'https:'),
  221. `poco` = replace(`poco` , 'http:' , 'https:')
  222. where `self` = 1"
  223. );
  224. q("update `profile` set
  225. `photo` = replace(`photo` , 'http:' , 'https:'),
  226. `thumb` = replace(`thumb` , 'http:' , 'https:')
  227. where 1 "
  228. );
  229. }
  230. elseif($ssl_policy == SSL_POLICY_SELFSIGN) {
  231. q("update `contact` set
  232. `url` = replace(`url` , 'https:' , 'http:'),
  233. `photo` = replace(`photo` , 'https:' , 'http:'),
  234. `thumb` = replace(`thumb` , 'https:' , 'http:'),
  235. `micro` = replace(`micro` , 'https:' , 'http:'),
  236. `request` = replace(`request`, 'https:' , 'http:'),
  237. `notify` = replace(`notify` , 'https:' , 'http:'),
  238. `poll` = replace(`poll` , 'https:' , 'http:'),
  239. `confirm` = replace(`confirm`, 'https:' , 'http:'),
  240. `poco` = replace(`poco` , 'https:' , 'http:')
  241. where `self` = 1"
  242. );
  243. q("update `profile` set
  244. `photo` = replace(`photo` , 'https:' , 'http:'),
  245. `thumb` = replace(`thumb` , 'https:' , 'http:')
  246. where 1 "
  247. );
  248. }
  249. }
  250. set_config('system','ssl_policy',$ssl_policy);
  251. set_config('system','delivery_interval',$delivery_interval);
  252. set_config('config','sitename',$sitename);
  253. if ($banner==""){
  254. // don't know why, but del_config doesn't work...
  255. q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
  256. dbesc("system"),
  257. dbesc("banner")
  258. );
  259. } else {
  260. set_config('system','banner', $banner);
  261. }
  262. set_config('system','language', $language);
  263. set_config('system','theme', $theme);
  264. set_config('system','maximagesize', $maximagesize);
  265. set_config('config','register_policy', $register_policy);
  266. set_config('system','account_abandon_days', $abandon_days);
  267. set_config('config','register_text', $register_text);
  268. set_config('system','allowed_sites', $allowed_sites);
  269. set_config('system','allowed_email', $allowed_email);
  270. set_config('system','block_public', $block_public);
  271. set_config('system','publish_all', $force_publish);
  272. if ($global_directory==""){
  273. // don't know why, but del_config doesn't work...
  274. q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
  275. dbesc("system"),
  276. dbesc("directory_submit_url")
  277. );
  278. } else {
  279. set_config('system','directory_submit_url', $global_directory);
  280. }
  281. set_config('system','block_extended_register', $no_multi_reg);
  282. set_config('system','no_openid', $no_openid);
  283. set_config('system','no_regfullname', $no_regfullname);
  284. set_config('system','no_community_page', $no_community_page);
  285. set_config('system','no_utf', $no_utf);
  286. set_config('system','verifyssl', $verifyssl);
  287. set_config('system','proxyuser', $proxyuser);
  288. set_config('system','proxy', $proxy);
  289. set_config('system','curl_timeout', $timeout);
  290. set_config('system','dfrn_only', $dfrn_only);
  291. set_config('system','ostatus_disabled', $ostatus_disabled);
  292. set_config('system','diaspora_enabled', $diaspora_enabled);
  293. info( t('Site settings updated.') . EOL);
  294. goaway($a->get_baseurl(true) . '/admin/site' );
  295. return; // NOTREACHED
  296. }
  297. /**
  298. * @param App $a
  299. * @return string
  300. */
  301. function admin_page_site(&$a) {
  302. /* Installed langs */
  303. $lang_choices = array();
  304. $langs = glob('view/*/strings.php');
  305. if(is_array($langs) && count($langs)) {
  306. if(! in_array('view/en/strings.php',$langs))
  307. $langs[] = 'view/en/';
  308. asort($langs);
  309. foreach($langs as $l) {
  310. $t = explode("/",$l);
  311. $lang_choices[$t[1]] = $t[1];
  312. }
  313. }
  314. /* Installed themes */
  315. $theme_choices = array();
  316. $files = glob('view/theme/*');
  317. if($files) {
  318. foreach($files as $file) {
  319. $f = basename($file);
  320. $theme_name = ((file_exists($file . '/experimental')) ? sprintf("%s - \x28Experimental\x29", $f) : $f);
  321. $theme_choices[$f] = $theme_name;
  322. }
  323. }
  324. /* Banner */
  325. $banner = get_config('system','banner');
  326. if($banner == false)
  327. $banner = '<a href="http://friendica.com"><img id="logo-img" src="images/friendica-32.png" alt="logo" /></a><span id="logo-text"><a href="http://friendica.com">Friendica</a></span>';
  328. $banner = htmlspecialchars($banner);
  329. //echo "<pre>"; var_dump($lang_choices); die("</pre>");
  330. /* Register policy */
  331. $register_choices = Array(
  332. REGISTER_CLOSED => t("Closed"),
  333. REGISTER_APPROVE => t("Requires approval"),
  334. REGISTER_OPEN => t("Open")
  335. );
  336. $ssl_choices = array(
  337. SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
  338. SSL_POLICY_FULL => t("Force all links to use SSL"),
  339. SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
  340. );
  341. $t = get_markup_template("admin_site.tpl");
  342. return replace_macros($t, array(
  343. '$title' => t('Administration'),
  344. '$page' => t('Site'),
  345. '$submit' => t('Submit'),
  346. '$registration' => t('Registration'),
  347. '$upload' => t('File upload'),
  348. '$corporate' => t('Policies'),
  349. '$advanced' => t('Advanced'),
  350. '$baseurl' => $a->get_baseurl(true),
  351. // name, label, value, help string, extra data...
  352. '$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), ""),
  353. '$banner' => array('banner', t("Banner/Logo"), $banner, ""),
  354. '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
  355. '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
  356. '$ssl_policy' => array('ssl_policy', t("SSL link policy"), (string) intval(get_config('system','ssl_policy')), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
  357. '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
  358. '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
  359. '$register_text' => array('register_text', t("Register text"), htmlentities($a->config['register_text'], ENT_QUOTES), t("Will be displayed prominently on the registration page.")),
  360. '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
  361. '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
  362. '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),
  363. '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")),
  364. '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")),
  365. '$global_directory' => array('directory_submit_url', t("Global directory update URL"), get_config('system','directory_submit_url'), t("URL to update the global directory. If this is not set, the global directory is completely unavailable to the application.")),
  366. '$no_multi_reg' => array('no_multi_reg', t("Block multiple registrations"), get_config('system','block_extended_register'), t("Disallow users to register additional accounts for use as pages.")),
  367. '$no_openid' => array('no_openid', t("OpenID support"), !get_config('system','no_openid'), t("OpenID support for registration and logins.")),
  368. '$no_regfullname' => array('no_regfullname', t("Fullname check"), !get_config('system','no_regfullname'), t("Force users to register with a space between firstname and lastname in Full name, as an antispam measure")),
  369. '$no_utf' => array('no_utf', t("UTF-8 Regular expressions"), !get_config('system','no_utf'), t("Use PHP UTF8 regular expressions")),
  370. '$no_community_page' => array('no_community_page', t("Show Community Page"), !get_config('system','no_community_page'), t("Display a Community page showing all recent public postings on this site.")),
  371. '$ostatus_disabled' => array('ostatus_disabled', t("Enable OStatus support"), !get_config('system','ostatus_disable'), t("Provide built-in OStatus \x28identi.ca, status.net, etc.\x29 compatibility. All communications in OStatus are public, so privacy warnings will be occasionally displayed.")),
  372. '$diaspora_enabled' => array('diaspora_enabled', t("Enable Diaspora support"), get_config('system','diaspora_enabled'), t("Provide built-in Diaspora network compatibility.")),
  373. '$dfrn_only' => array('dfrn_only', t('Only allow Friendica contacts'), get_config('system','dfrn_only'), t("All contacts must use Friendica protocols. All other built-in communication protocols disabled.")),
  374. '$verifyssl' => array('verifyssl', t("Verify SSL"), get_config('system','verifyssl'), t("If you wish, you can turn on strict certificate checking. This will mean you cannot connect (at all) to self-signed SSL sites.")),
  375. '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
  376. '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
  377. '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
  378. '$delivery_interval' => array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")),
  379. '$form_security_token' => get_form_security_token("admin_site"),
  380. ));
  381. }
  382. function admin_page_dbsync(&$a) {
  383. $o = '';
  384. if($a->argc > 3 && intval($a->argv[3]) && $a->argv[2] === 'mark') {
  385. set_config('database', 'update_' . intval($a->argv[3]), 'success');
  386. info( t('Update has been marked successful') . EOL);
  387. goaway($a->get_baseurl(true) . '/admin/dbsync');
  388. }
  389. if($a->argc > 2 && intval($a->argv[2])) {
  390. require_once('update.php');
  391. $func = 'update_' . intval($a->argv[2]);
  392. if(function_exists($func)) {
  393. $retval = $func();
  394. if($retval === UPDATE_FAILED) {
  395. $o .= sprintf( t('Executing %s failed. Check system logs.'), $func);
  396. }
  397. elseif($retval === UPDATE_SUCCESS) {
  398. $o .= sprintf( t('Update %s was successfully applied.', $func));
  399. set_config('database',$func, 'success');
  400. }
  401. else
  402. $o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $func);
  403. }
  404. else
  405. $o .= sprintf( t('Update function %s could not be found.'), $func);
  406. return $o;
  407. }
  408. $failed = array();
  409. $r = q("select * from config where `cat` = 'database' ");
  410. if(count($r)) {
  411. foreach($r as $rr) {
  412. $upd = intval(substr($rr['k'],7));
  413. if($upd < 1139 || $rr['v'] === 'success')
  414. continue;
  415. $failed[] = $upd;
  416. }
  417. }
  418. if(! count($failed))
  419. return '<h3>' . t('No failed updates.') . '</h3>';
  420. $o = replace_macros(get_markup_template('failed_updates.tpl'),array(
  421. '$base' => $a->get_baseurl(true),
  422. '$banner' => t('Failed Updates'),
  423. '$desc' => t('This does not include updates prior to 1139, which did not return a status.'),
  424. '$mark' => t('Mark success (if update was manually applied)'),
  425. '$apply' => t('Attempt to execute this update step automatically'),
  426. '$failed' => $failed
  427. ));
  428. return $o;
  429. }
  430. /**
  431. * Users admin page
  432. *
  433. * @param App $a
  434. */
  435. function admin_page_users_post(&$a){
  436. $pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() );
  437. $users = ( x($_POST, 'user') ? $_POST['user'] : Array() );
  438. check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
  439. if (x($_POST,'page_users_block')){
  440. foreach($users as $uid){
  441. q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s",
  442. intval( $uid )
  443. );
  444. }
  445. notice( sprintf( tt("%s user blocked/unblocked", "%s users blocked/unblocked", count($users)), count($users)) );
  446. }
  447. if (x($_POST,'page_users_delete')){
  448. require_once("include/Contact.php");
  449. foreach($users as $uid){
  450. user_remove($uid);
  451. }
  452. notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) );
  453. }
  454. if (x($_POST,'page_users_approve')){
  455. require_once("mod/regmod.php");
  456. foreach($pending as $hash){
  457. user_allow($hash);
  458. }
  459. }
  460. if (x($_POST,'page_users_deny')){
  461. require_once("mod/regmod.php");
  462. foreach($pending as $hash){
  463. user_deny($hash);
  464. }
  465. }
  466. goaway($a->get_baseurl(true) . '/admin/users' );
  467. return; // NOTREACHED
  468. }
  469. /**
  470. * @param App $a
  471. * @return string
  472. */
  473. function admin_page_users(&$a){
  474. if ($a->argc>2) {
  475. $uid = $a->argv[3];
  476. $user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid));
  477. if (count($user)==0){
  478. notice( 'User not found' . EOL);
  479. goaway($a->get_baseurl(true) . '/admin/users' );
  480. return ''; // NOTREACHED
  481. }
  482. switch($a->argv[2]){
  483. case "delete":{
  484. check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
  485. // delete user
  486. require_once("include/Contact.php");
  487. user_remove($uid);
  488. notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
  489. }; break;
  490. case "block":{
  491. check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
  492. q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s",
  493. intval( 1-$user[0]['blocked'] ),
  494. intval( $uid )
  495. );
  496. notice( sprintf( ($user[0]['blocked']?t("User '%s' unblocked"):t("User '%s' blocked")) , $user[0]['username']) . EOL);
  497. }; break;
  498. }
  499. goaway($a->get_baseurl(true) . '/admin/users' );
  500. return ''; // NOTREACHED
  501. }
  502. /* get pending */
  503. $pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
  504. FROM `register`
  505. LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid`
  506. LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;");
  507. /* get users */
  508. $total = q("SELECT count(*) as total FROM `user` where 1");
  509. if(count($total)) {
  510. $a->set_pager_total($total[0]['total']);
  511. $a->set_pager_itemspage(100);
  512. }
  513. $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`
  514. FROM
  515. (SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid`
  516. FROM `item`
  517. WHERE `item`.`type` = 'wall'
  518. GROUP BY `item`.`uid`) AS `lastitem`
  519. RIGHT OUTER JOIN `user` ON `user`.`uid` = `lastitem`.`uid`,
  520. `contact`
  521. WHERE
  522. `user`.`uid` = `contact`.`uid`
  523. AND `user`.`verified` =1
  524. AND `contact`.`self` =1
  525. ORDER BY `contact`.`name` LIMIT %d, %d
  526. ",
  527. intval($a->pager['start']),
  528. intval($a->pager['itemspage'])
  529. );
  530. function _setup_users($e){
  531. $accounts = Array(
  532. t('Normal Account'),
  533. t('Soapbox Account'),
  534. t('Community/Celebrity Account'),
  535. t('Automatic Friend Account')
  536. );
  537. $e['page-flags'] = $accounts[$e['page-flags']];
  538. $e['register_date'] = relative_date($e['register_date']);
  539. $e['login_date'] = relative_date($e['login_date']);
  540. $e['lastitem_date'] = relative_date($e['lastitem_date']);
  541. return $e;
  542. }
  543. $users = array_map("_setup_users", $users);
  544. $t = get_markup_template("admin_users.tpl");
  545. $o = replace_macros($t, array(
  546. // strings //
  547. '$title' => t('Administration'),
  548. '$page' => t('Users'),
  549. '$submit' => t('Submit'),
  550. '$select_all' => t('select all'),
  551. '$h_pending' => t('User registrations waiting for confirm'),
  552. '$th_pending' => array( t('Request date'), t('Name'), t('Email') ),
  553. '$no_pending' => t('No registrations.'),
  554. '$approve' => t('Approve'),
  555. '$deny' => t('Deny'),
  556. '$delete' => t('Delete'),
  557. '$block' => t('Block'),
  558. '$unblock' => t('Unblock'),
  559. '$h_users' => t('Users'),
  560. '$th_users' => array( t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account') ),
  561. '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
  562. '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
  563. '$form_security_token' => get_form_security_token("admin_users"),
  564. // values //
  565. '$baseurl' => $a->get_baseurl(true),
  566. '$pending' => $pending,
  567. '$users' => $users,
  568. ));
  569. $o .= paginate($a);
  570. return $o;
  571. }
  572. /**
  573. * Plugins admin page
  574. *
  575. * @param App $a
  576. * @return string
  577. */
  578. function admin_page_plugins(&$a){
  579. /**
  580. * Single plugin
  581. */
  582. if ($a->argc == 3){
  583. $plugin = $a->argv[2];
  584. if (!is_file("addon/$plugin/$plugin.php")){
  585. notice( t("Item not found.") );
  586. return '';
  587. }
  588. if (x($_GET,"a") && $_GET['a']=="t"){
  589. check_form_security_token_redirectOnErr('/admin/plugins', 'admin_themes', 't');
  590. // Toggle plugin status
  591. $idx = array_search($plugin, $a->plugins);
  592. if ($idx !== false){
  593. unset($a->plugins[$idx]);
  594. uninstall_plugin($plugin);
  595. info( sprintf( t("Plugin %s disabled."), $plugin ) );
  596. } else {
  597. $a->plugins[] = $plugin;
  598. install_plugin($plugin);
  599. info( sprintf( t("Plugin %s enabled."), $plugin ) );
  600. }
  601. set_config("system","addon", implode(", ",$a->plugins));
  602. goaway($a->get_baseurl(true) . '/admin/plugins' );
  603. return ''; // NOTREACHED
  604. }
  605. // display plugin details
  606. require_once('library/markdown.php');
  607. if (in_array($plugin, $a->plugins)){
  608. $status="on"; $action= t("Disable");
  609. } else {
  610. $status="off"; $action= t("Enable");
  611. }
  612. $readme=Null;
  613. if (is_file("addon/$plugin/README.md")){
  614. $readme = file_get_contents("addon/$plugin/README.md");
  615. $readme = Markdown($readme);
  616. } else if (is_file("addon/$plugin/README")){
  617. $readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>";
  618. }
  619. $admin_form="";
  620. if (is_array($a->plugins_admin) && in_array($plugin, $a->plugins_admin)){
  621. @require_once("addon/$plugin/$plugin.php");
  622. $func = $plugin.'_plugin_admin';
  623. $func($a, $admin_form);
  624. }
  625. $t = get_markup_template("admin_plugins_details.tpl");
  626. return replace_macros($t, array(
  627. '$title' => t('Administration'),
  628. '$page' => t('Plugins'),
  629. '$toggle' => t('Toggle'),
  630. '$settings' => t('Settings'),
  631. '$baseurl' => $a->get_baseurl(true),
  632. '$plugin' => $plugin,
  633. '$status' => $status,
  634. '$action' => $action,
  635. '$info' => get_plugin_info($plugin),
  636. '$str_author' => t('Author: '),
  637. '$str_maintainer' => t('Maintainer: '),
  638. '$admin_form' => $admin_form,
  639. '$function' => 'plugins',
  640. '$screenshot' => '',
  641. '$readme' => $readme,
  642. '$form_security_token' => get_form_security_token("admin_themes"),
  643. ));
  644. }
  645. /**
  646. * List plugins
  647. */
  648. $plugins = array();
  649. $files = glob("addon/*/");
  650. if($files) {
  651. foreach($files as $file) {
  652. if (is_dir($file)){
  653. list($tmp, $id)=array_map("trim", explode("/",$file));
  654. $info = get_plugin_info($id);
  655. $plugins[] = array( $id, (in_array($id, $a->plugins)?"on":"off") , $info);
  656. }
  657. }
  658. }
  659. $t = get_markup_template("admin_plugins.tpl");
  660. return replace_macros($t, array(
  661. '$title' => t('Administration'),
  662. '$page' => t('Plugins'),
  663. '$submit' => t('Submit'),
  664. '$baseurl' => $a->get_baseurl(true),
  665. '$function' => 'plugins',
  666. '$plugins' => $plugins,
  667. '$form_security_token' => get_form_security_token("admin_themes"),
  668. ));
  669. }
  670. /**
  671. * @param array $themes
  672. * @param string $th
  673. * @param int $result
  674. */
  675. function toggle_theme(&$themes,$th,&$result) {
  676. for($x = 0; $x < count($themes); $x ++) {
  677. if($themes[$x]['name'] === $th) {
  678. if($themes[$x]['allowed']) {
  679. $themes[$x]['allowed'] = 0;
  680. $result = 0;
  681. }
  682. else {
  683. $themes[$x]['allowed'] = 1;
  684. $result = 1;
  685. }
  686. }
  687. }
  688. }
  689. /**
  690. * @param array $themes
  691. * @param string $th
  692. * @return int
  693. */
  694. function theme_status($themes,$th) {
  695. for($x = 0; $x < count($themes); $x ++) {
  696. if($themes[$x]['name'] === $th) {
  697. if($themes[$x]['allowed']) {
  698. return 1;
  699. }
  700. else {
  701. return 0;
  702. }
  703. }
  704. }
  705. return 0;
  706. }
  707. /**
  708. * @param array $themes
  709. * @return string
  710. */
  711. function rebuild_theme_table($themes) {
  712. $o = '';
  713. if(count($themes)) {
  714. foreach($themes as $th) {
  715. if($th['allowed']) {
  716. if(strlen($o))
  717. $o .= ',';
  718. $o .= $th['name'];
  719. }
  720. }
  721. }
  722. return $o;
  723. }
  724. /**
  725. * Themes admin page
  726. *
  727. * @param App $a
  728. * @return string
  729. */
  730. function admin_page_themes(&$a){
  731. $allowed_themes_str = get_config('system','allowed_themes');
  732. $allowed_themes_raw = explode(',',$allowed_themes_str);
  733. $allowed_themes = array();
  734. if(count($allowed_themes_raw))
  735. foreach($allowed_themes_raw as $x)
  736. if(strlen(trim($x)))
  737. $allowed_themes[] = trim($x);
  738. $themes = array();
  739. $files = glob('view/theme/*');
  740. if($files) {
  741. foreach($files as $file) {
  742. $f = basename($file);
  743. $is_experimental = intval(file_exists($file . '/experimental'));
  744. $is_supported = 1-(intval(file_exists($file . '/unsupported'))); // Is not used yet
  745. $is_allowed = intval(in_array($f,$allowed_themes));
  746. $themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed);
  747. }
  748. }
  749. if(! count($themes)) {
  750. notice( t('No themes found.'));
  751. return '';
  752. }
  753. /**
  754. * Single theme
  755. */
  756. if ($a->argc == 3){
  757. $theme = $a->argv[2];
  758. if(! is_dir("view/theme/$theme")){
  759. notice( t("Item not found.") );
  760. return '';
  761. }
  762. if (x($_GET,"a") && $_GET['a']=="t"){
  763. check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
  764. // Toggle theme status
  765. toggle_theme($themes,$theme,$result);
  766. $s = rebuild_theme_table($themes);
  767. if($result)
  768. info( sprintf('Theme %s enabled.',$theme));
  769. else
  770. info( sprintf('Theme %s disabled.',$theme));
  771. set_config('system','allowed_themes',$s);
  772. goaway($a->get_baseurl(true) . '/admin/themes' );
  773. return ''; // NOTREACHED
  774. }
  775. // display theme details
  776. require_once('library/markdown.php');
  777. if (theme_status($themes,$theme)) {
  778. $status="on"; $action= t("Disable");
  779. } else {
  780. $status="off"; $action= t("Enable");
  781. }
  782. $readme=Null;
  783. if (is_file("view/theme/$theme/README.md")){
  784. $readme = file_get_contents("view/theme/$theme/README.md");
  785. $readme = Markdown($readme);
  786. } else if (is_file("view/theme/$theme/README")){
  787. $readme = "<pre>". file_get_contents("view/theme/$theme/README") ."</pre>";
  788. }
  789. $admin_form="";
  790. if (is_file("view/theme/$theme/config.php")){
  791. require_once("view/theme/$theme/config.php");
  792. if(function_exists("theme_admin")){
  793. $admin_form = theme_admin($a);
  794. }
  795. }
  796. $screenshot = array( get_theme_screenshot($theme), t('Screenshot'));
  797. if(! stristr($screenshot[0],$theme))
  798. $screenshot = null;
  799. $t = get_markup_template("admin_plugins_details.tpl");
  800. return replace_macros($t, array(
  801. '$title' => t('Administration'),
  802. '$page' => t('Themes'),
  803. '$toggle' => t('Toggle'),
  804. '$settings' => t('Settings'),
  805. '$baseurl' => $a->get_baseurl(true),
  806. '$plugin' => $theme,
  807. '$status' => $status,
  808. '$action' => $action,
  809. '$info' => get_theme_info($theme),
  810. '$function' => 'themes',
  811. '$admin_form' => $admin_form,
  812. '$str_author' => t('Author: '),
  813. '$str_maintainer' => t('Maintainer: '),
  814. '$screenshot' => $screenshot,
  815. '$readme' => $readme,
  816. '$form_security_token' => get_form_security_token("admin_themes"),
  817. ));
  818. }
  819. /**
  820. * List themes
  821. */
  822. $xthemes = array();
  823. if($themes) {
  824. foreach($themes as $th) {
  825. $xthemes[] = array($th['name'],(($th['allowed']) ? "on" : "off"), get_theme_info($th['name']));
  826. }
  827. }
  828. $t = get_markup_template("admin_plugins.tpl");
  829. return replace_macros($t, array(
  830. '$title' => t('Administration'),
  831. '$page' => t('Themes'),
  832. '$submit' => t('Submit'),
  833. '$baseurl' => $a->get_baseurl(true),
  834. '$function' => 'themes',
  835. '$plugins' => $xthemes,
  836. '$experimental' => t('[Experimental]'),
  837. '$unsupported' => t('[Unsupported]'),
  838. '$form_security_token' => get_form_security_token("admin_themes"),
  839. ));
  840. }
  841. /**
  842. * Logs admin page
  843. *
  844. * @param App $a
  845. */
  846. function admin_page_logs_post(&$a) {
  847. if (x($_POST,"page_logs")) {
  848. check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs');
  849. $logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : '');
  850. $debugging = ((x($_POST,'debugging')) ? true : false);
  851. $loglevel = ((x($_POST,'loglevel')) ? intval(trim($_POST['loglevel'])) : 0);
  852. set_config('system','logfile', $logfile);
  853. set_config('system','debugging', $debugging);
  854. set_config('system','loglevel', $loglevel);
  855. }
  856. info( t("Log settings updated.") );
  857. goaway($a->get_baseurl(true) . '/admin/logs' );
  858. return; // NOTREACHED
  859. }
  860. /**
  861. * @param App $a
  862. * @return string
  863. */
  864. function admin_page_logs(&$a){
  865. $log_choices = Array(
  866. LOGGER_NORMAL => 'Normal',
  867. LOGGER_TRACE => 'Trace',
  868. LOGGER_DEBUG => 'Debug',
  869. LOGGER_DATA => 'Data',
  870. LOGGER_ALL => 'All'
  871. );
  872. $t = get_markup_template("admin_logs.tpl");
  873. $f = get_config('system','logfile');
  874. $data = '';
  875. if(!file_exists($f)) {
  876. $data = t("Error trying to open <strong>$f</strong> log file.\r\n<br/>Check to see if file $f exist and is
  877. readable.");
  878. }
  879. else {
  880. $fp = fopen($f, 'r');
  881. if(!$fp) {
  882. $data = t("Couldn't open <strong>$f</strong> log file.\r\n<br/>Check to see if file $f is readable.");
  883. }
  884. else {
  885. $fstat = fstat($fp);
  886. $size = $fstat['size'];
  887. if($size != 0)
  888. {
  889. if($size > 5000000 || $size < 0)
  890. $size = 5000000;
  891. $seek = fseek($fp,0-$size,SEEK_END);
  892. if($seek === 0) {
  893. $data = escape_tags(fread($fp,$size));
  894. while(! feof($fp))
  895. $data .= escape_tags(fread($fp,4096));
  896. }
  897. }
  898. fclose($fp);
  899. }
  900. }
  901. return replace_macros($t, array(
  902. '$title' => t('Administration'),
  903. '$page' => t('Logs'),
  904. '$submit' => t('Submit'),
  905. '$clear' => t('Clear'),
  906. '$data' => $data,
  907. '$baseurl' => $a->get_baseurl(true),
  908. '$logname' => get_config('system','logfile'),
  909. // name, label, value, help string, extra data...
  910. '$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""),
  911. '$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Friendica top-level directory.")),
  912. '$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices),
  913. '$form_security_token' => get_form_security_token("admin_logs"),
  914. ));
  915. }
  916. /**
  917. * @param App $a
  918. */
  919. function admin_page_remoteupdate_post(&$a) {
  920. // this function should be called via ajax post
  921. if(!is_site_admin()) {
  922. return;
  923. }
  924. if (x($_POST,'remotefile') && $_POST['remotefile']!=""){
  925. $remotefile = $_POST['remotefile'];
  926. $ftpdata = (x($_POST['ftphost'])?$_POST:false);
  927. doUpdate($remotefile, $ftpdata);
  928. } else {
  929. echo "No remote file to download. Abort!";
  930. }
  931. killme();
  932. }
  933. /**
  934. * @param App $a
  935. * @return string
  936. */
  937. function admin_page_remoteupdate(&$a) {
  938. if(!is_site_admin()) {
  939. return login(false);
  940. }
  941. $canwrite = canWeWrite();
  942. $canftp = function_exists('ftp_connect');
  943. $needupdate = true;
  944. $u = checkUpdate();
  945. if (!is_array($u)){
  946. $needupdate = false;
  947. $u = array('','','');
  948. }
  949. $tpl = get_markup_template("admin_remoteupdate.tpl");
  950. return replace_macros($tpl, array(
  951. '$baseurl' => $a->get_baseurl(true),
  952. '$submit' => t("Update now"),
  953. '$close' => t("Close"),
  954. '$localversion' => FRIENDICA_VERSION,
  955. '$remoteversion' => $u[1],
  956. '$needupdate' => $needupdate,
  957. '$canwrite' => $canwrite,
  958. '$canftp' => $canftp,
  959. '$ftphost' => array('ftphost', t("FTP Host"), '',''),
  960. '$ftppath' => array('ftppath', t("FTP Path"), '/',''),
  961. '$ftpuser' => array('ftpuser', t("FTP User"), '',''),
  962. '$ftppwd' => array('ftppwd', t("FTP Password"), '',''),
  963. '$remotefile'=>array('remotefile','', $u['2'],'')
  964. ));
  965. }