src/Module/Admin/Users/Index.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2022, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module\Admin\Users;
  23
  24 use Friendica\Content\Pager;
  25 use Friendica\Core\Renderer;
  26 use Friendica\Core\Session;
  27 use Friendica\Database\DBA;
  28 use Friendica\DI;
  29 use Friendica\Model\User;
  30 use Friendica\Module\Admin\BaseUsers;
  31
  32 class Index extends BaseUsers
  33 {
  34         protected function post(array $request = [])
  35         {
  36                 self::checkAdminAccess();
  37
  38                 self::checkFormSecurityTokenRedirectOnError('admin/users', 'admin_users');
  39
  40                 $users = $_POST['user'] ?? [];
  41
  42                 if (!empty($_POST['page_users_block'])) {
  43                         foreach ($users as $uid) {
  44                                 User::block($uid);
  45                         }
  46                         DI::sysmsg()->addInfo(DI::l10n()->tt('%s user blocked', '%s users blocked', count($users)));
  47                 }
  48
  49                 if (!empty($_POST['page_users_unblock'])) {
  50                         foreach ($users as $uid) {
  51                                 User::block($uid, false);
  52                         }
  53                         DI::sysmsg()->addInfo(DI::l10n()->tt('%s user unblocked', '%s users unblocked', count($users)));
  54                 }
  55
  56                 if (!empty($_POST['page_users_delete'])) {
  57                         foreach ($users as $uid) {
  58                                 if (Session::getLocalUser() != $uid) {
  59                                         User::remove($uid);
  60                                 } else {
  61                                         DI::sysmsg()->addNotice(DI::l10n()->t('You can\'t remove yourself'));
  62                                 }
  63                         }
  64
  65                         DI::sysmsg()->addInfo(DI::l10n()->tt('%s user deleted', '%s users deleted', count($users)));
  66                 }
  67
  68                 DI::baseUrl()->redirect(DI::args()->getQueryString());
  69         }
  70
  71         protected function content(array $request = []): string
  72         {
  73                 parent::content();
  74
  75                 $action = $this->parameters['action'] ?? '';
  76                 $uid = $this->parameters['uid'] ?? 0;
  77
  78                 if ($uid) {
  79                         $user = User::getById($uid, ['username', 'blocked']);
  80                         if (!DBA::isResult($user)) {
  81                                 DI::sysmsg()->addNotice(DI::l10n()->t('User not found'));
  82                                 DI::baseUrl()->redirect('admin/users');
  83                                 return ''; // NOTREACHED
  84                         }
  85                 }
  86
  87                 switch ($action) {
  88                         case 'delete':
  89                                 if (Session::getLocalUser() != $uid) {
  90                                         self::checkFormSecurityTokenRedirectOnError(DI::baseUrl()->get(true), 'admin_users', 't');
  91                                         // delete user
  92                                         User::remove($uid);
  93
  94                                         DI::sysmsg()->addNotice(DI::l10n()->t('User "%s" deleted', $user['username']));
  95                                 } else {
  96                                         DI::sysmsg()->addNotice(DI::l10n()->t('You can\'t remove yourself'));
  97                                 }
  98
  99                                 DI::baseUrl()->redirect('admin/users');
 100                                 break;
 101                         case 'block':
 102                                 self::checkFormSecurityTokenRedirectOnError('admin/users', 'admin_users', 't');
 103                                 User::block($uid);
 104                                 DI::sysmsg()->addNotice(DI::l10n()->t('User "%s" blocked', $user['username']));
 105                                 DI::baseUrl()->redirect('admin/users');
 106                                 break;
 107                         case 'unblock':
 108                                 self::checkFormSecurityTokenRedirectOnError('admin/users', 'admin_users', 't');
 109                                 User::block($uid, false);
 110                                 DI::sysmsg()->addNotice(DI::l10n()->t('User "%s" unblocked', $user['username']));
 111                                 DI::baseUrl()->redirect('admin/users');
 112                                 break;
 113                 }
 114                 $pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 100);
 115
 116                 $valid_orders = [
 117                         'name',
 118                         'email',
 119                         'register_date',
 120                         'login_date',
 121                         'last-item',
 122                         'page-flags'
 123                 ];
 124
 125                 $order = 'name';
 126                 $order_direction = '+';
 127                 if (!empty($_GET['o'])) {
 128                         $new_order = $_GET['o'];
 129                         if ($new_order[0] === '-') {
 130                                 $order_direction = '-';
 131                                 $new_order = substr($new_order, 1);
 132                         }
 133
 134                         if (in_array($new_order, $valid_orders)) {
 135                                 $order = $new_order;
 136                         }
 137                 }
 138
 139                 $users = User::getList($pager->getStart(), $pager->getItemsPerPage(), 'all', $order, ($order_direction == '-'));
 140
 141                 $users = array_map(self::setupUserCallback(), $users);
 142
 143                 $th_users = array_map(null, [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Type')], $valid_orders);
 144
 145                 $count = DBA::count('user', ["`uid` != ?", 0]);
 146
 147                 $t = Renderer::getMarkupTemplate('admin/users/index.tpl');
 148                 return self::getTabsHTML('all') .       Renderer::replaceMacros($t, [
 149                         // strings //
 150                         '$title' => DI::l10n()->t('Administration'),
 151                         '$page' => DI::l10n()->t('Users'),
 152                         '$select_all' => DI::l10n()->t('select all'),
 153                         '$h_deleted' => DI::l10n()->t('User waiting for permanent deletion'),
 154                         '$delete' => DI::l10n()->t('Delete'),
 155                         '$block' => DI::l10n()->t('Block'),
 156                         '$blocked' => DI::l10n()->t('User blocked'),
 157                         '$unblock' => DI::l10n()->t('Unblock'),
 158                         '$siteadmin' => DI::l10n()->t('Site admin'),
 159                         '$accountexpired' => DI::l10n()->t('Account expired'),
 160
 161                         '$h_users' => DI::l10n()->t('Users'),
 162                         '$h_newuser' => DI::l10n()->t('Create a new user'),
 163                         '$th_deleted' => [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Permanent deletion')],
 164                         '$th_users' => $th_users,
 165                         '$order_users' => $order,
 166                         '$order_direction_users' => $order_direction,
 167
 168                         '$confirm_delete_multi' => DI::l10n()->t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
 169                         '$confirm_delete' => DI::l10n()->t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
 170
 171                         '$form_security_token' => self::getFormSecurityToken('admin_users'),
 172
 173                         // values //
 174                         '$baseurl' => DI::baseUrl()->get(true),
 175                         '$query_string' => DI::args()->getQueryString(),
 176
 177                         '$users' => $users,
 178                         '$count' => $count,
 179                         '$pager' => $pager->renderFull($count),
 180                 ]);
 181         }
 182 }