friendica/src/Module/Admin/Users.php

318 lines
11 KiB
PHP

<?php
namespace Friendica\Module\Admin;
use Friendica\Content\Pager;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model\Register;
use Friendica\Model\User;
use Friendica\Module\BaseAdminModule;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
class Users extends BaseAdminModule
{
public static function post()
{
parent::post();
$a = self::getApp();
$pending = defaults($_POST, 'pending' , []);
$users = defaults($_POST, 'user' , []);
$nu_name = defaults($_POST, 'new_user_name' , '');
$nu_nickname = defaults($_POST, 'new_user_nickname', '');
$nu_email = defaults($_POST, 'new_user_email' , '');
$nu_language = Config::get('system', 'language');
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
if ($nu_name !== '' && $nu_email !== '' && $nu_nickname !== '') {
try {
$result = User::create([
'username' => $nu_name,
'email' => $nu_email,
'nickname' => $nu_nickname,
'verified' => 1,
'language' => $nu_language
]);
} catch (\Exception $ex) {
notice($ex->getMessage());
return;
}
$user = $result['user'];
$preamble = Strings::deindent(L10n::t('
Dear %1$s,
the administrator of %2$s has set up an account for you.'));
$body = Strings::deindent(L10n::t('
The login details are as follows:
Site Location: %1$s
Login Name: %2$s
Password: %3$s
You may change your password from your account "Settings" page after logging
in.
Please take a few moments to review the other account settings on that page.
You may also wish to add some basic information to your default profile
(on the "Profiles" page) so that other people can easily find you.
We recommend setting your full name, adding a profile photo,
adding some profile "keywords" (very useful in making new friends) - and
perhaps what country you live in; if you do not wish to be more specific
than that.
We fully respect your right to privacy, and none of these items are necessary.
If you are new and do not know anybody here, they may help
you to make some new and interesting friends.
If you ever want to delete your account, you can do so at %1$s/removeme
Thank you and welcome to %4$s.'));
$preamble = sprintf($preamble, $user['username'], Config::get('config', 'sitename'));
$body = sprintf($body, $a->getBaseURL(), $user['nickname'], $result['password'], Config::get('config', 'sitename'));
notification([
'type' => SYSTEM_EMAIL,
'language' => $user['language'],
'to_name' => $user['username'],
'to_email' => $user['email'],
'uid' => $user['uid'],
'subject' => L10n::t('Registration details for %s', Config::get('config', 'sitename')),
'preamble' => $preamble,
'body' => $body]);
}
if (!empty($_POST['page_users_block'])) {
DBA::update('user', ['blocked' => 1], ['uid' => $users]);
notice(L10n::tt('%s user blocked', '%s users blocked', count($users)));
}
if (!empty($_POST['page_users_unblock'])) {
DBA::update('user', ['blocked' => 0], ['uid' => $users]);
notice(L10n::tt('%s user unblocked', '%s users unblocked', count($users)));
}
if (!empty($_POST['page_users_delete'])) {
foreach ($users as $uid) {
if (local_user() != $uid) {
User::remove($uid);
} else {
notice(L10n::t('You can\'t remove yourself'));
}
}
notice(L10n::tt('%s user deleted', '%s users deleted', count($users)));
}
if (!empty($_POST['page_users_approve'])) {
require_once 'mod/regmod.php';
foreach ($pending as $hash) {
user_allow($hash);
}
}
if (!empty($_POST['page_users_deny'])) {
require_once 'mod/regmod.php';
foreach ($pending as $hash) {
user_deny($hash);
}
}
$a->internalRedirect('admin/users');
}
public static function content()
{
parent::content();
$a = self::getApp();
if ($a->argc > 3) {
// @TODO: Replace with parameter from router
$action = $a->argv[2];
$uid = $a->argv[3];
$user = DBA::selectFirst('user', ['username', 'blocked'], ['uid' => $uid]);
if (!DBA::isResult($user)) {
notice('User not found' . EOL);
$a->internalRedirect('admin/users');
return ''; // NOTREACHED
}
switch ($action) {
case 'delete':
if (local_user() != $uid) {
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
// delete user
User::remove($uid);
notice(L10n::t('User "%s" deleted', $user['username']));
} else {
notice(L10n::t('You can\'t remove yourself'));
}
break;
case 'block':
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
DBA::update('user', ['blocked' => 1], ['uid' => $uid]);
notice(L10n::t('User "%s" blocked', $user['username']));
break;
case 'unblock':
parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
DBA::update('user', ['blocked' => 0], ['uid' => $uid]);
notice(L10n::t('User "%s" unblocked', $user['username']));
break;
}
$a->internalRedirect('admin/users');
}
/* get pending */
$pending = Register::getPending();
$pager = new Pager($a->query_string, 100);
/* ordering */
$valid_orders = [
'contact.name',
'user.email',
'user.register_date',
'user.login_date',
'lastitem_date',
'user.page-flags'
];
$order = 'contact.name';
$order_direction = '+';
if (!empty($_GET['o'])) {
$new_order = $_GET['o'];
if ($new_order[0] === '-') {
$order_direction = '-';
$new_order = substr($new_order, 1);
}
if (in_array($new_order, $valid_orders)) {
$order = $new_order;
}
}
$sql_order = '`' . str_replace('.', '`.`', $order) . '`';
$sql_order_direction = ($order_direction === '+') ? 'ASC' : 'DESC';
$usersStmt = DBA::p("SELECT `user`.*, `contact`.`name`, `contact`.`url`, `contact`.`micro`, `user`.`account_expired`, `contact`.`last-item` AS `lastitem_date`
FROM `user`
INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self`
WHERE `user`.`verified`
ORDER BY $sql_order $sql_order_direction LIMIT ?, ?", $pager->getStart(), $pager->getItemsPerPage()
);
$users = DBA::toArray($usersStmt);
$adminlist = explode(',', str_replace(' ', '', Config::get('config', 'admin_email')));
$_setup_users = function ($e) use ($adminlist) {
$page_types = [
User::PAGE_FLAGS_NORMAL => L10n::t('Normal Account Page'),
User::PAGE_FLAGS_SOAPBOX => L10n::t('Soapbox Page'),
User::PAGE_FLAGS_COMMUNITY => L10n::t('Public Forum'),
User::PAGE_FLAGS_FREELOVE => L10n::t('Automatic Friend Page'),
User::PAGE_FLAGS_PRVGROUP => L10n::t('Private Forum')
];
$account_types = [
User::ACCOUNT_TYPE_PERSON => L10n::t('Personal Page'),
User::ACCOUNT_TYPE_ORGANISATION => L10n::t('Organisation Page'),
User::ACCOUNT_TYPE_NEWS => L10n::t('News Page'),
User::ACCOUNT_TYPE_COMMUNITY => L10n::t('Community Forum'),
User::ACCOUNT_TYPE_RELAY => L10n::t('Relay'),
];
$e['page_flags_raw'] = $e['page-flags'];
$e['page-flags'] = $page_types[$e['page-flags']];
$e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
$e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
$e['register_date'] = Temporal::getRelativeDate($e['register_date']);
$e['login_date'] = Temporal::getRelativeDate($e['login_date']);
$e['lastitem_date'] = Temporal::getRelativeDate($e['lastitem_date']);
$e['is_admin'] = in_array($e['email'], $adminlist);
$e['is_deletable'] = (intval($e['uid']) != local_user());
$e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
return $e;
};
$tmp_users = array_map($_setup_users, $users);
// Get rid of dashes in key names, Smarty3 can't handle them
// and extracting deleted users
$deleted = [];
$users = [];
foreach ($tmp_users as $user) {
foreach ($user as $k => $v) {
$newkey = str_replace('-', '_', $k);
$user[$newkey] = $v;
}
if ($user['deleted']) {
$deleted[] = $user;
} else {
$users[] = $user;
}
}
$th_users = array_map(null, [L10n::t('Name'), L10n::t('Email'), L10n::t('Register date'), L10n::t('Last login'), L10n::t('Last item'), L10n::t('Type')], $valid_orders);
$t = Renderer::getMarkupTemplate('admin/users.tpl');
$o = Renderer::replaceMacros($t, [
// strings //
'$title' => L10n::t('Administration'),
'$page' => L10n::t('Users'),
'$submit' => L10n::t('Add User'),
'$select_all' => L10n::t('select all'),
'$h_pending' => L10n::t('User registrations waiting for confirm'),
'$h_deleted' => L10n::t('User waiting for permanent deletion'),
'$th_pending' => [L10n::t('Request date'), L10n::t('Name'), L10n::t('Email')],
'$no_pending' => L10n::t('No registrations.'),
'$pendingnotetext' => L10n::t('Note from the user'),
'$approve' => L10n::t('Approve'),
'$deny' => L10n::t('Deny'),
'$delete' => L10n::t('Delete'),
'$block' => L10n::t('Block'),
'$blocked' => L10n::t('User blocked'),
'$unblock' => L10n::t('Unblock'),
'$siteadmin' => L10n::t('Site admin'),
'$accountexpired' => L10n::t('Account expired'),
'$h_users' => L10n::t('Users'),
'$h_newuser' => L10n::t('New User'),
'$th_deleted' => [L10n::t('Name'), L10n::t('Email'), L10n::t('Register date'), L10n::t('Last login'), L10n::t('Last item'), L10n::t('Permanent deletion')],
'$th_users' => $th_users,
'$order_users' => $order,
'$order_direction_users' => $order_direction,
'$confirm_delete_multi' => L10n::t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
'$confirm_delete' => L10n::t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
'$form_security_token' => parent::getFormSecurityToken('admin_users'),
// values //
'$baseurl' => $a->getBaseURL(true),
'$pending' => $pending,
'deleted' => $deleted,
'$users' => $users,
'$newusername' => ['new_user_name', L10n::t('Name'), '', L10n::t('Name of the new user.')],
'$newusernickname' => ['new_user_nickname', L10n::t('Nickname'), '', L10n::t('Nickname of the new user.')],
'$newuseremail' => ['new_user_email', L10n::t('Email'), '', L10n::t('Email address of the new user.'), '', '', 'email'],
]);
$o .= $pager->renderFull(DBA::count('user'));
return $o;
}
}