src/Module/Admin/Users.php

   1 <?php
   2
   3 namespace Friendica\Module\Admin;
   4
   5 use Friendica\Content\Pager;
   6 use Friendica\Core\Config;
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\Renderer;
   9 use Friendica\Database\DBA;
  10 use Friendica\Model\Register;
  11 use Friendica\Model\User;
  12 use Friendica\Module\BaseAdminModule;
  13 use Friendica\Util\Strings;
  14 use Friendica\Util\Temporal;
  15
  16 class Users extends BaseAdminModule
  17 {
  18         public static function post(array $parameters = [])
  19         {
  20                 parent::post($parameters);
  21
  22                 $a = self::getApp();
  23
  24                 $pending     = $_POST['pending']           ?? [];
  25                 $users       = $_POST['user']              ?? [];
  26                 $nu_name     = $_POST['new_user_name']     ?? '';
  27                 $nu_nickname = $_POST['new_user_nickname'] ?? '';
  28                 $nu_email    = $_POST['new_user_email']    ?? '';
  29                 $nu_language = Config::get('system', 'language');
  30
  31                 parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
  32
  33                 if ($nu_name !== '' && $nu_email !== '' && $nu_nickname !== '') {
  34                         try {
  35                                 $result = User::create([
  36                                         'username' => $nu_name,
  37                                         'email' => $nu_email,
  38                                         'nickname' => $nu_nickname,
  39                                         'verified' => 1,
  40                                         'language' => $nu_language
  41                                 ]);
  42                         } catch (\Exception $ex) {
  43                                 notice($ex->getMessage());
  44                                 return;
  45                         }
  46
  47                         $user = $result['user'];
  48                         $preamble = Strings::deindent(L10n::t('
  49                         Dear %1$s,
  50                                 the administrator of %2$s has set up an account for you.'));
  51                         $body = Strings::deindent(L10n::t('
  52                         The login details are as follows:
  53
  54                         Site Location:  %1$s
  55                         Login Name:             %2$s
  56                         Password:               %3$s
  57
  58                         You may change your password from your account "Settings" page after logging
  59                         in.
  60
  61                         Please take a few moments to review the other account settings on that page.
  62
  63                         You may also wish to add some basic information to your default profile
  64                         (on the "Profiles" page) so that other people can easily find you.
  65
  66                         We recommend setting your full name, adding a profile photo,
  67                         adding some profile "keywords" (very useful in making new friends) - and
  68                         perhaps what country you live in; if you do not wish to be more specific
  69                         than that.
  70
  71                         We fully respect your right to privacy, and none of these items are necessary.
  72                         If you are new and do not know anybody here, they may help
  73                         you to make some new and interesting friends.
  74
  75                         If you ever want to delete your account, you can do so at %1$s/removeme
  76
  77                         Thank you and welcome to %4$s.'));
  78
  79                         $preamble = sprintf($preamble, $user['username'], Config::get('config', 'sitename'));
  80                         $body = sprintf($body, $a->getBaseURL(), $user['nickname'], $result['password'], Config::get('config', 'sitename'));
  81
  82                         notification([
  83                                 'type'     => SYSTEM_EMAIL,
  84                                 'language' => $user['language'],
  85                                 'to_name'  => $user['username'],
  86                                 'to_email' => $user['email'],
  87                                 'uid'      => $user['uid'],
  88                                 'subject'  => L10n::t('Registration details for %s', Config::get('config', 'sitename')),
  89                                 'preamble' => $preamble,
  90                                 'body'     => $body]);
  91                 }
  92
  93                 if (!empty($_POST['page_users_block'])) {
  94                         // @TODO Move this to Model\User:block($users);
  95                         DBA::update('user', ['blocked' => 1], ['uid' => $users]);
  96                         notice(L10n::tt('%s user blocked', '%s users blocked', count($users)));
  97                 }
  98
  99                 if (!empty($_POST['page_users_unblock'])) {
 100                         // @TODO Move this to Model\User:unblock($users);
 101                         DBA::update('user', ['blocked' => 0], ['uid' => $users]);
 102                         notice(L10n::tt('%s user unblocked', '%s users unblocked', count($users)));
 103                 }
 104
 105                 if (!empty($_POST['page_users_delete'])) {
 106                         foreach ($users as $uid) {
 107                                 if (local_user() != $uid) {
 108                                         User::remove($uid);
 109                                 } else {
 110                                         notice(L10n::t('You can\'t remove yourself'));
 111                                 }
 112                         }
 113
 114                         notice(L10n::tt('%s user deleted', '%s users deleted', count($users)));
 115                 }
 116
 117                 if (!empty($_POST['page_users_approve'])) {
 118                         require_once 'mod/regmod.php';
 119                         foreach ($pending as $hash) {
 120                                 user_allow($hash);
 121                         }
 122                 }
 123
 124                 if (!empty($_POST['page_users_deny'])) {
 125                         require_once 'mod/regmod.php';
 126                         foreach ($pending as $hash) {
 127                                 user_deny($hash);
 128                         }
 129                 }
 130
 131                 $a->internalRedirect('admin/users');
 132         }
 133
 134         public static function content(array $parameters = [])
 135         {
 136                 parent::content($parameters);
 137
 138                 $a = self::getApp();
 139
 140                 if ($a->argc > 3) {
 141                         // @TODO: Replace with parameter from router
 142                         $action = $a->argv[2];
 143                         $uid = $a->argv[3];
 144                         $user = User::getById($uid, ['username', 'blocked']);
 145                         if (!DBA::isResult($user)) {
 146                                 notice('User not found' . EOL);
 147                                 $a->internalRedirect('admin/users');
 148                                 return ''; // NOTREACHED
 149                         }
 150
 151                         switch ($action) {
 152                                 case 'delete':
 153                                         if (local_user() != $uid) {
 154                                                 parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 155                                                 // delete user
 156                                                 User::remove($uid);
 157
 158                                                 notice(L10n::t('User "%s" deleted', $user['username']));
 159                                         } else {
 160                                                 notice(L10n::t('You can\'t remove yourself'));
 161                                         }
 162                                         break;
 163                                 case 'block':
 164                                         parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 165                                         // @TODO Move this to Model\User:block([$uid]);
 166                                         DBA::update('user', ['blocked' => 1], ['uid' => $uid]);
 167                                         notice(L10n::t('User "%s" blocked', $user['username']));
 168                                         break;
 169                                 case 'unblock':
 170                                         parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 171                                         // @TODO Move this to Model\User:unblock([$uid]);
 172                                         DBA::update('user', ['blocked' => 0], ['uid' => $uid]);
 173                                         notice(L10n::t('User "%s" unblocked', $user['username']));
 174                                         break;
 175                         }
 176
 177                         $a->internalRedirect('admin/users');
 178                 }
 179
 180                 /* get pending */
 181                 $pending = Register::getPending();
 182
 183                 $pager = new Pager($a->query_string, 100);
 184
 185                 // @TODO Move below block to Model\User::getUsers($start, $count, $order = 'contact.name', $order_direction = '+')
 186                 $valid_orders = [
 187                         'contact.name',
 188                         'user.email',
 189                         'user.register_date',
 190                         'user.login_date',
 191                         'lastitem_date',
 192                         'user.page-flags'
 193                 ];
 194
 195                 $order = 'contact.name';
 196                 $order_direction = '+';
 197                 if (!empty($_GET['o'])) {
 198                         $new_order = $_GET['o'];
 199                         if ($new_order[0] === '-') {
 200                                 $order_direction = '-';
 201                                 $new_order = substr($new_order, 1);
 202                         }
 203
 204                         if (in_array($new_order, $valid_orders)) {
 205                                 $order = $new_order;
 206                         }
 207                 }
 208                 $sql_order = '`' . str_replace('.', '`.`', $order) . '`';
 209                 $sql_order_direction = ($order_direction === '+') ? 'ASC' : 'DESC';
 210
 211                 $usersStmt = DBA::p("SELECT `user`.*, `contact`.`name`, `contact`.`url`, `contact`.`micro`, `user`.`account_expired`, `contact`.`last-item` AS `lastitem_date`
 212                                 FROM `user`
 213                                 INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self`
 214                                 WHERE `user`.`verified`
 215                                 ORDER BY $sql_order $sql_order_direction LIMIT ?, ?", $pager->getStart(), $pager->getItemsPerPage()
 216                 );
 217                 $users = DBA::toArray($usersStmt);
 218
 219                 $adminlist = explode(',', str_replace(' ', '', Config::get('config', 'admin_email')));
 220                 $_setup_users = function ($e) use ($adminlist) {
 221                         $page_types = [
 222                                 User::PAGE_FLAGS_NORMAL    => L10n::t('Normal Account Page'),
 223                                 User::PAGE_FLAGS_SOAPBOX   => L10n::t('Soapbox Page'),
 224                                 User::PAGE_FLAGS_COMMUNITY => L10n::t('Public Forum'),
 225                                 User::PAGE_FLAGS_FREELOVE  => L10n::t('Automatic Friend Page'),
 226                                 User::PAGE_FLAGS_PRVGROUP  => L10n::t('Private Forum')
 227                         ];
 228                         $account_types = [
 229                                 User::ACCOUNT_TYPE_PERSON       => L10n::t('Personal Page'),
 230                                 User::ACCOUNT_TYPE_ORGANISATION => L10n::t('Organisation Page'),
 231                                 User::ACCOUNT_TYPE_NEWS         => L10n::t('News Page'),
 232                                 User::ACCOUNT_TYPE_COMMUNITY    => L10n::t('Community Forum'),
 233                                 User::ACCOUNT_TYPE_RELAY        => L10n::t('Relay'),
 234                         ];
 235
 236                         $e['page_flags_raw'] = $e['page-flags'];
 237                         $e['page-flags'] = $page_types[$e['page-flags']];
 238
 239                         $e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
 240                         $e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
 241
 242                         $e['register_date'] = Temporal::getRelativeDate($e['register_date']);
 243                         $e['login_date'] = Temporal::getRelativeDate($e['login_date']);
 244                         $e['lastitem_date'] = Temporal::getRelativeDate($e['lastitem_date']);
 245                         $e['is_admin'] = in_array($e['email'], $adminlist);
 246                         $e['is_deletable'] = (intval($e['uid']) != local_user());
 247                         $e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
 248
 249                         return $e;
 250                 };
 251
 252                 $tmp_users = array_map($_setup_users, $users);
 253
 254                 // Get rid of dashes in key names, Smarty3 can't handle them
 255                 // and extracting deleted users
 256
 257                 $deleted = [];
 258                 $users = [];
 259                 foreach ($tmp_users as $user) {
 260                         foreach ($user as $k => $v) {
 261                                 $newkey = str_replace('-', '_', $k);
 262                                 $user[$newkey] = $v;
 263                         }
 264
 265                         if ($user['deleted']) {
 266                                 $deleted[] = $user;
 267                         } else {
 268                                 $users[] = $user;
 269                         }
 270                 }
 271
 272                 $th_users = array_map(null, [L10n::t('Name'), L10n::t('Email'), L10n::t('Register date'), L10n::t('Last login'), L10n::t('Last item'), L10n::t('Type')], $valid_orders);
 273
 274                 $t = Renderer::getMarkupTemplate('admin/users.tpl');
 275                 $o = Renderer::replaceMacros($t, [
 276                         // strings //
 277                         '$title' => L10n::t('Administration'),
 278                         '$page' => L10n::t('Users'),
 279                         '$submit' => L10n::t('Add User'),
 280                         '$select_all' => L10n::t('select all'),
 281                         '$h_pending' => L10n::t('User registrations waiting for confirm'),
 282                         '$h_deleted' => L10n::t('User waiting for permanent deletion'),
 283                         '$th_pending' => [L10n::t('Request date'), L10n::t('Name'), L10n::t('Email')],
 284                         '$no_pending' => L10n::t('No registrations.'),
 285                         '$pendingnotetext' => L10n::t('Note from the user'),
 286                         '$approve' => L10n::t('Approve'),
 287                         '$deny' => L10n::t('Deny'),
 288                         '$delete' => L10n::t('Delete'),
 289                         '$block' => L10n::t('Block'),
 290                         '$blocked' => L10n::t('User blocked'),
 291                         '$unblock' => L10n::t('Unblock'),
 292                         '$siteadmin' => L10n::t('Site admin'),
 293                         '$accountexpired' => L10n::t('Account expired'),
 294
 295                         '$h_users' => L10n::t('Users'),
 296                         '$h_newuser' => L10n::t('New User'),
 297                         '$th_deleted' => [L10n::t('Name'), L10n::t('Email'), L10n::t('Register date'), L10n::t('Last login'), L10n::t('Last item'), L10n::t('Permanent deletion')],
 298                         '$th_users' => $th_users,
 299                         '$order_users' => $order,
 300                         '$order_direction_users' => $order_direction,
 301
 302                         '$confirm_delete_multi' => L10n::t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
 303                         '$confirm_delete' => L10n::t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
 304
 305                         '$form_security_token' => parent::getFormSecurityToken('admin_users'),
 306
 307                         // values //
 308                         '$baseurl' => $a->getBaseURL(true),
 309
 310                         '$pending' => $pending,
 311                         'deleted' => $deleted,
 312                         '$users' => $users,
 313                         '$newusername' => ['new_user_name', L10n::t('Name'), '', L10n::t('Name of the new user.')],
 314                         '$newusernickname' => ['new_user_nickname', L10n::t('Nickname'), '', L10n::t('Nickname of the new user.')],
 315                         '$newuseremail' => ['new_user_email', L10n::t('Email'), '', L10n::t('Email address of the new user.'), '', '', 'email'],
 316                 ]);
 317
 318                 $o .= $pager->renderFull(DBA::count('user'));
 319
 320                 return $o;
 321         }
 322 }