aboutsummaryrefslogtreecommitdiff
path: root/actions/admin/user
diff options
context:
space:
mode:
Diffstat (limited to 'actions/admin/user')
-rw-r--r--actions/admin/user/ban.php63
-rw-r--r--actions/admin/user/delete.php67
-rw-r--r--actions/admin/user/makeadmin.php56
-rw-r--r--actions/admin/user/removeadmin.php56
-rw-r--r--actions/admin/user/resetpassword.php81
-rw-r--r--actions/admin/user/unban.php62
6 files changed, 173 insertions, 212 deletions
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
index 65590f044..209ece2a0 100644
--- a/actions/admin/user/ban.php
+++ b/actions/admin/user/ban.php
@@ -1,39 +1,30 @@
<?php
- /**
- * Elgg ban user
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+/**
+ * Bans a user.
+ *
+ * User entities are banned by setting the 'banned' column
+ * to 'yes' in the users_entity table.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
-
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- // Get the user
- $guid = get_input('guid');
- $obj = get_entity($guid);
-
- if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
- {
- // Now actually disable it
- if ($obj->ban('banned')) {
- system_message(elgg_echo('admin:user:ban:yes'));
- }
- else
- register_error(elgg_echo('admin:user:ban:no'));
- } else {
- $canedit = $obj->canEdit();
- $isinstance = ($obj instanceof ElggUser);
- register_error(elgg_echo('admin:user:ban:no'));
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:ban:no'));
+ forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->ban('banned')) {
+ system_message(elgg_echo('admin:user:ban:yes'));
+ } else {
+ register_error(elgg_echo('admin:user:ban:no'));
}
-
- forward('pg/admin/user/');
- exit;
-?> \ No newline at end of file
+} else {
+ register_error(elgg_echo('admin:user:ban:no'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
index 0ee87a98d..7cfbd0925 100644
--- a/actions/admin/user/delete.php
+++ b/actions/admin/user/delete.php
@@ -1,35 +1,40 @@
<?php
- /**
- * Elgg delete user
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+/**
+ * Delete a user.
+ *
+ * The user will be deleted recursively, meaning all entities
+ * owned or contained by the user will also be removed.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
+// Get the user
+$guid = get_input('guid');
+$user = get_entity($guid);
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- // Get the user
- $guid = get_input('guid');
- $obj = get_entity($guid);
-
- if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
- {
- if ($obj->delete())
- system_message(elgg_echo('admin:user:delete:yes'));
- else
- register_error(elgg_echo('admin:user:delete:no'));
- }
- else
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:delete:no'));
+ forward(REFERER);
+}
+
+$name = $user->name;
+$username = $user->username;
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->delete()) {
+ system_message(elgg_echo('admin:user:delete:yes', array($name)));
+ } else {
register_error(elgg_echo('admin:user:delete:no'));
-
- forward($_SERVER['HTTP_REFERER']);
- exit;
-?> \ No newline at end of file
+ }
+} else {
+ register_error(elgg_echo('admin:user:delete:no'));
+}
+
+// forward to user administration if on a user's page as it no longer exists
+$forward = REFERER;
+if (strpos($_SERVER['HTTP_REFERER'], $username) != FALSE) {
+ $forward = "admin/users/newest";
+}
+
+forward($forward);
diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php
index 440dd616a..54b0b7070 100644
--- a/actions/admin/user/makeadmin.php
+++ b/actions/admin/user/makeadmin.php
@@ -1,37 +1,27 @@
<?php
- /**
- * Make another user an admin.
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+/**
+ * Grants admin privileges to a user.
+ *
+ * In >=1.7.1, admin is flagged by setting the admin
+ * column in the users_entity table.
+ *
+ * In <1.7.1, admin is a piece of metadata on the user object.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
- global $CONFIG;
-
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- // Get the user
- $guid = get_input('guid');
- $obj = get_entity($guid);
-
- if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
- {
- $obj->admin = 'yes';
- if ($obj->admin)
- system_message(elgg_echo('admin:user:makeadmin:yes'));
- else
- register_error(elgg_echo('admin:user:makeadmin:no'));
- }
- else
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->makeAdmin()) {
+ system_message(elgg_echo('admin:user:makeadmin:yes'));
+ } else {
register_error(elgg_echo('admin:user:makeadmin:no'));
-
- forward($_SERVER['HTTP_REFERER']);
+ }
+} else {
+ register_error(elgg_echo('admin:user:makeadmin:no'));
+}
-?> \ No newline at end of file
+forward(REFERER);
diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php
index 7cd06bc05..8cebc7078 100644
--- a/actions/admin/user/removeadmin.php
+++ b/actions/admin/user/removeadmin.php
@@ -1,37 +1,27 @@
<?php
- /**
- * Make another user an admin.
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+/**
+ * Revokes admin privileges from a user.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
- global $CONFIG;
-
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- // Get the user
- $guid = get_input('guid');
- $obj = get_entity($guid);
-
- if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
- {
- $obj->admin = '';
- if (!$obj->admin)
- system_message(elgg_echo('admin:user:removeadmin:yes'));
- else
- register_error(elgg_echo('admin:user:removeadmin:no'));
- }
- else
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:removeadmin:no'));
+ forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->removeAdmin()) {
+ system_message(elgg_echo('admin:user:removeadmin:yes'));
+ } else {
register_error(elgg_echo('admin:user:removeadmin:no'));
-
- forward($_SERVER['HTTP_REFERER']);
+ }
+} else {
+ register_error(elgg_echo('admin:user:removeadmin:no'));
+}
-?> \ No newline at end of file
+forward(REFERER);
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
index 18574d143..d019a7f55 100644
--- a/actions/admin/user/resetpassword.php
+++ b/actions/admin/user/resetpassword.php
@@ -1,44 +1,43 @@
<?php
- /**
- * Admin password reset.
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+/**
+ * Reset a user's password.
+ *
+ * This is an admin action that generates a new salt and password
+ * for a user, then emails the password to the user's registered
+ * email address.
+ *
+ * NOTE: This is different to the "reset password" link users
+ * can use in that it does not first email the user asking if
+ * they want to have their password reset.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
- global $CONFIG;
-
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- // Get the user
- $guid = get_input('guid');
- $obj = get_entity($guid);
-
- if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
- {
- $password = generate_random_cleartext_password();
-
- $obj->salt = generate_random_cleartext_password(); // Reset the salt
- $obj->password = generate_user_password($obj, $password);
-
- if ($obj->save())
- {
- system_message(elgg_echo('admin:user:resetpassword:yes'));
-
- notify_user($obj->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), sprintf(elgg_echo('email:resetpassword:body'), $obj->username, $password), NULL, 'email');
- } else
- register_error(elgg_echo('admin:user:resetpassword:no'));
- }
- else
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ $password = generate_random_cleartext_password();
+
+ // Always reset the salt before generating the user password.
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
+
+ if ($user->save()) {
+ system_message(elgg_echo('admin:user:resetpassword:yes'));
+
+ notify_user($user->guid,
+ elgg_get_site_entity()->guid,
+ elgg_echo('email:resetpassword:subject'),
+ elgg_echo('email:resetpassword:body', array($user->username, $password)),
+ NULL,
+ 'email');
+ } else {
register_error(elgg_echo('admin:user:resetpassword:no'));
-
- forward($_SERVER['HTTP_REFERER']);
- exit;
-?> \ No newline at end of file
+ }
+} else {
+ register_error(elgg_echo('admin:user:resetpassword:no'));
+}
+
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
index 06f71d47c..7a772a0d3 100644
--- a/actions/admin/user/unban.php
+++ b/actions/admin/user/unban.php
@@ -1,41 +1,27 @@
<?php
- /**
- * Elgg ban user
- *
- * @package Elgg
- * @subpackage Core
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd
- * @copyright Curverider Ltd 2008-2009
- * @link http://elgg.org/
- */
+/**
+ * Unbans a user.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
- require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/engine/start.php");
-
- // block non-admin users
- admin_gatekeeper();
- action_gatekeeper();
-
- $access_status = access_get_show_hidden_status();
- access_show_hidden_entities(true);
-
- // Get the user
- $guid = get_input('guid');
- $obj = get_entity($guid);
-
- if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
- {
- // Now actually disable it
- if ($obj->unban())
- system_message(elgg_echo('admin:user:unban:yes'));
- else
- register_error(elgg_echo('admin:user:unban:no'));
- }
- else
+$access_status = access_get_show_hidden_status();
+access_show_hidden_entities(true);
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->unban()) {
+ system_message(elgg_echo('admin:user:unban:yes'));
+ } else {
register_error(elgg_echo('admin:user:unban:no'));
-
- access_show_hidden_entities($access_status);
-
- forward($_SERVER['HTTP_REFERER']);
- exit;
-?> \ No newline at end of file
+ }
+} else {
+ register_error(elgg_echo('admin:user:unban:no'));
+}
+
+access_show_hidden_entities($access_status);
+
+forward(REFERER);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 12:13:56 +0000