XSRF protection and PHPdoc for mod/admin.php
This commit is contained in:
parent
1b6c84d8f4
commit
d7e750ad74
8 changed files with 103 additions and 33 deletions
|
@ -5,6 +5,10 @@
|
||||||
*/
|
*/
|
||||||
require_once("include/remoteupdate.php");
|
require_once("include/remoteupdate.php");
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
*/
|
||||||
function admin_post(&$a){
|
function admin_post(&$a){
|
||||||
|
|
||||||
|
|
||||||
|
@ -67,6 +71,10 @@ function admin_post(&$a){
|
||||||
return; // NOTREACHED
|
return; // NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function admin_content(&$a) {
|
function admin_content(&$a) {
|
||||||
|
|
||||||
if(!is_site_admin()) {
|
if(!is_site_admin()) {
|
||||||
|
@ -74,7 +82,7 @@ function admin_content(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
|
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
|
||||||
return;
|
return "";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Side bar links
|
* Side bar links
|
||||||
|
@ -147,6 +155,7 @@ function admin_content(&$a) {
|
||||||
if(is_ajax()) {
|
if(is_ajax()) {
|
||||||
echo $o;
|
echo $o;
|
||||||
killme();
|
killme();
|
||||||
|
return '';
|
||||||
} else {
|
} else {
|
||||||
return $o;
|
return $o;
|
||||||
}
|
}
|
||||||
|
@ -155,6 +164,8 @@ function admin_content(&$a) {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Admin Summary Page
|
* Admin Summary Page
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
*/
|
*/
|
||||||
function admin_page_summary(&$a) {
|
function admin_page_summary(&$a) {
|
||||||
$r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`");
|
$r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`");
|
||||||
|
@ -188,12 +199,15 @@ function admin_page_summary(&$a) {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Admin Site Page
|
* Admin Site Page
|
||||||
|
* @param App $a
|
||||||
*/
|
*/
|
||||||
function admin_page_site_post(&$a){
|
function admin_page_site_post(&$a){
|
||||||
if (!x($_POST,"page_site")){
|
if (!x($_POST,"page_site")){
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
|
||||||
|
|
||||||
$sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : '');
|
$sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : '');
|
||||||
$banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
|
$banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
|
||||||
$language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : '');
|
$language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : '');
|
||||||
|
@ -298,7 +312,7 @@ function admin_page_site_post(&$a){
|
||||||
} else {
|
} else {
|
||||||
set_config('system','directory_submit_url', $global_directory);
|
set_config('system','directory_submit_url', $global_directory);
|
||||||
}
|
}
|
||||||
set_config('system','directory_search_url', $global_search_url);
|
|
||||||
set_config('system','block_extended_register', $no_multi_reg);
|
set_config('system','block_extended_register', $no_multi_reg);
|
||||||
set_config('system','no_openid', $no_openid);
|
set_config('system','no_openid', $no_openid);
|
||||||
set_config('system','no_regfullname', $no_regfullname);
|
set_config('system','no_regfullname', $no_regfullname);
|
||||||
|
@ -318,6 +332,10 @@ function admin_page_site_post(&$a){
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function admin_page_site(&$a) {
|
function admin_page_site(&$a) {
|
||||||
|
|
||||||
/* Installed langs */
|
/* Installed langs */
|
||||||
|
@ -408,6 +426,7 @@ function admin_page_site(&$a) {
|
||||||
'$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
|
'$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
|
||||||
'$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
|
'$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
|
||||||
|
|
||||||
|
'$form_security_token' => get_form_security_token("admin_site"),
|
||||||
|
|
||||||
));
|
));
|
||||||
|
|
||||||
|
@ -416,11 +435,15 @@ function admin_page_site(&$a) {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Users admin page
|
* Users admin page
|
||||||
|
*
|
||||||
|
* @param App $a
|
||||||
*/
|
*/
|
||||||
function admin_page_users_post(&$a){
|
function admin_page_users_post(&$a){
|
||||||
$pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() );
|
$pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() );
|
||||||
$users = ( x($_POST, 'user') ? $_POST['user'] : Array() );
|
$users = ( x($_POST, 'user') ? $_POST['user'] : Array() );
|
||||||
|
|
||||||
|
check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
|
||||||
|
|
||||||
if (x($_POST,'page_users_block')){
|
if (x($_POST,'page_users_block')){
|
||||||
foreach($users as $uid){
|
foreach($users as $uid){
|
||||||
q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s",
|
q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s",
|
||||||
|
@ -453,6 +476,10 @@ function admin_page_users_post(&$a){
|
||||||
return; // NOTREACHED
|
return; // NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function admin_page_users(&$a){
|
function admin_page_users(&$a){
|
||||||
if ($a->argc>2) {
|
if ($a->argc>2) {
|
||||||
$uid = $a->argv[3];
|
$uid = $a->argv[3];
|
||||||
|
@ -460,10 +487,11 @@ function admin_page_users(&$a){
|
||||||
if (count($user)==0){
|
if (count($user)==0){
|
||||||
notice( 'User not found' . EOL);
|
notice( 'User not found' . EOL);
|
||||||
goaway($a->get_baseurl(true) . '/admin/users' );
|
goaway($a->get_baseurl(true) . '/admin/users' );
|
||||||
return; // NOTREACHED
|
return ''; // NOTREACHED
|
||||||
}
|
}
|
||||||
switch($a->argv[2]){
|
switch($a->argv[2]){
|
||||||
case "delete":{
|
case "delete":{
|
||||||
|
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
|
||||||
// delete user
|
// delete user
|
||||||
require_once("include/Contact.php");
|
require_once("include/Contact.php");
|
||||||
user_remove($uid);
|
user_remove($uid);
|
||||||
|
@ -471,6 +499,7 @@ function admin_page_users(&$a){
|
||||||
notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
|
notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
|
||||||
}; break;
|
}; break;
|
||||||
case "block":{
|
case "block":{
|
||||||
|
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
|
||||||
q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s",
|
q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s",
|
||||||
intval( 1-$user[0]['blocked'] ),
|
intval( 1-$user[0]['blocked'] ),
|
||||||
intval( $uid )
|
intval( $uid )
|
||||||
|
@ -479,7 +508,7 @@ function admin_page_users(&$a){
|
||||||
}; break;
|
}; break;
|
||||||
}
|
}
|
||||||
goaway($a->get_baseurl(true) . '/admin/users' );
|
goaway($a->get_baseurl(true) . '/admin/users' );
|
||||||
return; // NOTREACHED
|
return ''; // NOTREACHED
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -555,6 +584,7 @@ function admin_page_users(&$a){
|
||||||
'$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
|
'$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
|
||||||
'$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
|
'$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
|
||||||
|
|
||||||
|
'$form_security_token' => get_form_security_token("admin_users"),
|
||||||
|
|
||||||
// values //
|
// values //
|
||||||
'$baseurl' => $a->get_baseurl(true),
|
'$baseurl' => $a->get_baseurl(true),
|
||||||
|
@ -567,10 +597,12 @@ function admin_page_users(&$a){
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* Plugins admin page
|
* Plugins admin page
|
||||||
|
*
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function admin_page_plugins(&$a){
|
function admin_page_plugins(&$a){
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -580,7 +612,7 @@ function admin_page_plugins(&$a){
|
||||||
$plugin = $a->argv[2];
|
$plugin = $a->argv[2];
|
||||||
if (!is_file("addon/$plugin/$plugin.php")){
|
if (!is_file("addon/$plugin/$plugin.php")){
|
||||||
notice( t("Item not found.") );
|
notice( t("Item not found.") );
|
||||||
return;
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (x($_GET,"a") && $_GET['a']=="t"){
|
if (x($_GET,"a") && $_GET['a']=="t"){
|
||||||
|
@ -597,7 +629,7 @@ function admin_page_plugins(&$a){
|
||||||
}
|
}
|
||||||
set_config("system","addon", implode(", ",$a->plugins));
|
set_config("system","addon", implode(", ",$a->plugins));
|
||||||
goaway($a->get_baseurl(true) . '/admin/plugins' );
|
goaway($a->get_baseurl(true) . '/admin/plugins' );
|
||||||
return; // NOTREACHED
|
return ''; // NOTREACHED
|
||||||
}
|
}
|
||||||
// display plugin details
|
// display plugin details
|
||||||
require_once('library/markdown.php');
|
require_once('library/markdown.php');
|
||||||
|
@ -674,6 +706,11 @@ function admin_page_plugins(&$a){
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $themes
|
||||||
|
* @param string $th
|
||||||
|
* @param int $result
|
||||||
|
*/
|
||||||
function toggle_theme(&$themes,$th,&$result) {
|
function toggle_theme(&$themes,$th,&$result) {
|
||||||
for($x = 0; $x < count($themes); $x ++) {
|
for($x = 0; $x < count($themes); $x ++) {
|
||||||
if($themes[$x]['name'] === $th) {
|
if($themes[$x]['name'] === $th) {
|
||||||
|
@ -689,6 +726,11 @@ function toggle_theme(&$themes,$th,&$result) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $themes
|
||||||
|
* @param string $th
|
||||||
|
* @return int
|
||||||
|
*/
|
||||||
function theme_status($themes,$th) {
|
function theme_status($themes,$th) {
|
||||||
for($x = 0; $x < count($themes); $x ++) {
|
for($x = 0; $x < count($themes); $x ++) {
|
||||||
if($themes[$x]['name'] === $th) {
|
if($themes[$x]['name'] === $th) {
|
||||||
|
@ -704,7 +746,10 @@ function theme_status($themes,$th) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param array $themes
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function rebuild_theme_table($themes) {
|
function rebuild_theme_table($themes) {
|
||||||
$o = '';
|
$o = '';
|
||||||
if(count($themes)) {
|
if(count($themes)) {
|
||||||
|
@ -720,10 +765,12 @@ function rebuild_theme_table($themes) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* Themes admin page
|
* Themes admin page
|
||||||
|
*
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function admin_page_themes(&$a){
|
function admin_page_themes(&$a){
|
||||||
|
|
||||||
$allowed_themes_str = get_config('system','allowed_themes');
|
$allowed_themes_str = get_config('system','allowed_themes');
|
||||||
|
@ -740,7 +787,7 @@ function admin_page_themes(&$a){
|
||||||
foreach($files as $file) {
|
foreach($files as $file) {
|
||||||
$f = basename($file);
|
$f = basename($file);
|
||||||
$is_experimental = intval(file_exists($file . '/experimental'));
|
$is_experimental = intval(file_exists($file . '/experimental'));
|
||||||
$is_unsupported = 1-(intval(file_exists($file . '/unsupported')));
|
$is_supported = 1-(intval(file_exists($file . '/unsupported'))); // Is not used yet
|
||||||
$is_allowed = intval(in_array($f,$allowed_themes));
|
$is_allowed = intval(in_array($f,$allowed_themes));
|
||||||
$themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed);
|
$themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed);
|
||||||
}
|
}
|
||||||
|
@ -748,7 +795,7 @@ function admin_page_themes(&$a){
|
||||||
|
|
||||||
if(! count($themes)) {
|
if(! count($themes)) {
|
||||||
notice( t('No themes found.'));
|
notice( t('No themes found.'));
|
||||||
return;
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -759,7 +806,7 @@ function admin_page_themes(&$a){
|
||||||
$theme = $a->argv[2];
|
$theme = $a->argv[2];
|
||||||
if(! is_dir("view/theme/$theme")){
|
if(! is_dir("view/theme/$theme")){
|
||||||
notice( t("Item not found.") );
|
notice( t("Item not found.") );
|
||||||
return;
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (x($_GET,"a") && $_GET['a']=="t"){
|
if (x($_GET,"a") && $_GET['a']=="t"){
|
||||||
|
@ -775,7 +822,7 @@ function admin_page_themes(&$a){
|
||||||
|
|
||||||
set_config('system','allowed_themes',$s);
|
set_config('system','allowed_themes',$s);
|
||||||
goaway($a->get_baseurl(true) . '/admin/themes' );
|
goaway($a->get_baseurl(true) . '/admin/themes' );
|
||||||
return; // NOTREACHED
|
return ''; // NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
// display theme details
|
// display theme details
|
||||||
|
@ -859,10 +906,13 @@ function admin_page_themes(&$a){
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Logs admin page
|
* Logs admin page
|
||||||
|
*
|
||||||
|
* @param App $a
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function admin_page_logs_post(&$a) {
|
function admin_page_logs_post(&$a) {
|
||||||
if (x($_POST,"page_logs")) {
|
if (x($_POST,"page_logs")) {
|
||||||
|
check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs');
|
||||||
|
|
||||||
$logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : '');
|
$logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : '');
|
||||||
$debugging = ((x($_POST,'debugging')) ? true : false);
|
$debugging = ((x($_POST,'debugging')) ? true : false);
|
||||||
|
@ -880,6 +930,10 @@ function admin_page_logs_post(&$a) {
|
||||||
return; // NOTREACHED
|
return; // NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function admin_page_logs(&$a){
|
function admin_page_logs(&$a){
|
||||||
|
|
||||||
$log_choices = Array(
|
$log_choices = Array(
|
||||||
|
@ -937,9 +991,14 @@ readable.");
|
||||||
'$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""),
|
'$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""),
|
||||||
'$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Friendica top-level directory.")),
|
'$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Friendica top-level directory.")),
|
||||||
'$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices),
|
'$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices),
|
||||||
|
|
||||||
|
'$form_security_token' => get_form_security_token("admin_logs"),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
*/
|
||||||
function admin_page_remoteupdate_post(&$a) {
|
function admin_page_remoteupdate_post(&$a) {
|
||||||
// this function should be called via ajax post
|
// this function should be called via ajax post
|
||||||
if(!is_site_admin()) {
|
if(!is_site_admin()) {
|
||||||
|
@ -958,6 +1017,10 @@ function admin_page_remoteupdate_post(&$a) {
|
||||||
killme();
|
killme();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param App $a
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
function admin_page_remoteupdate(&$a) {
|
function admin_page_remoteupdate(&$a) {
|
||||||
if(!is_site_admin()) {
|
if(!is_site_admin()) {
|
||||||
return login(false);
|
return login(false);
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/logs" method="post">
|
<form action="$baseurl/admin/logs" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
{{ inc field_checkbox.tpl with $field=$debugging }}{{ endinc }}
|
{{ inc field_checkbox.tpl with $field=$debugging }}{{ endinc }}
|
||||||
{{ inc field_input.tpl with $field=$logfile }}{{ endinc }}
|
{{ inc field_input.tpl with $field=$logfile }}{{ endinc }}
|
||||||
|
|
|
@ -38,6 +38,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/site" method="post">
|
<form action="$baseurl/admin/site" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
{{ inc field_input.tpl with $field=$sitename }}{{ endinc }}
|
{{ inc field_input.tpl with $field=$sitename }}{{ endinc }}
|
||||||
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
|
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/users" method="post">
|
<form action="$baseurl/admin/users" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
<h3>$h_pending</h3>
|
<h3>$h_pending</h3>
|
||||||
{{ if $pending }}
|
{{ if $pending }}
|
||||||
|
@ -72,8 +73,8 @@
|
||||||
<td class='login_date'>$u.page-flags</td>
|
<td class='login_date'>$u.page-flags</td>
|
||||||
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
||||||
<td class="tools">
|
<td class="tools">
|
||||||
<a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
<a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
||||||
<a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon drop'></span></a>
|
<a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon drop'></span></a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{ endfor }}
|
{{ endfor }}
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/users" method="post">
|
<form action="$baseurl/admin/users" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
<h3>$h_pending</h3>
|
<h3>$h_pending</h3>
|
||||||
{{ if $pending }}
|
{{ if $pending }}
|
||||||
|
@ -72,8 +73,8 @@
|
||||||
<td class='login_date'>$u.page-flags</td>
|
<td class='login_date'>$u.page-flags</td>
|
||||||
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
||||||
<td class="tools" style="width:60px;">
|
<td class="tools" style="width:60px;">
|
||||||
<a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
<a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
||||||
<a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
<a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{ endfor }}
|
{{ endfor }}
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/users" method="post">
|
<form action="$baseurl/admin/users" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
<h3>$h_pending</h3>
|
<h3>$h_pending</h3>
|
||||||
{{ if $pending }}
|
{{ if $pending }}
|
||||||
|
@ -72,8 +73,8 @@
|
||||||
<td class='login_date'>$u.page-flags</td>
|
<td class='login_date'>$u.page-flags</td>
|
||||||
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
||||||
<td class="tools" style="width:60px;">
|
<td class="tools" style="width:60px;">
|
||||||
<a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
<a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
||||||
<a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
<a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{ endfor }}
|
{{ endfor }}
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/users" method="post">
|
<form action="$baseurl/admin/users" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
<h3>$h_pending</h3>
|
<h3>$h_pending</h3>
|
||||||
{{ if $pending }}
|
{{ if $pending }}
|
||||||
|
@ -72,8 +73,8 @@
|
||||||
<td class='login_date'>$u.page-flags</td>
|
<td class='login_date'>$u.page-flags</td>
|
||||||
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
||||||
<td class="tools" style="width:60px;">
|
<td class="tools" style="width:60px;">
|
||||||
<a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
<a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
||||||
<a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
<a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{ endfor }}
|
{{ endfor }}
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
<h1>$title - $page</h1>
|
<h1>$title - $page</h1>
|
||||||
|
|
||||||
<form action="$baseurl/admin/users" method="post">
|
<form action="$baseurl/admin/users" method="post">
|
||||||
|
<input type='hidden' name='form_security_token' value='$form_security_token'>
|
||||||
|
|
||||||
<h3>$h_pending</h3>
|
<h3>$h_pending</h3>
|
||||||
{{ if $pending }}
|
{{ if $pending }}
|
||||||
|
@ -72,8 +73,8 @@
|
||||||
<td class='login_date'>$u.page-flags</td>
|
<td class='login_date'>$u.page-flags</td>
|
||||||
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
|
||||||
<td class="tools" style="width:60px;">
|
<td class="tools" style="width:60px;">
|
||||||
<a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
<a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
|
||||||
<a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
<a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{ endfor }}
|
{{ endfor }}
|
||||||
|
|
Loading…
Reference in a new issue