src/Module/Admin/Users.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2020, Friendica
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module\Admin;
  23
  24 use Friendica\Content\Pager;
  25 use Friendica\Core\Renderer;
  26 use Friendica\Database\DBA;
  27 use Friendica\DI;
  28 use Friendica\Model\Register;
  29 use Friendica\Model\User;
  30 use Friendica\Module\BaseAdmin;
  31 use Friendica\Util\Temporal;
  32
  33 class Users extends BaseAdmin
  34 {
  35         public static function post(array $parameters = [])
  36         {
  37                 parent::post($parameters);
  38
  39                 $pending     = $_POST['pending']           ?? [];
  40                 $users       = $_POST['user']              ?? [];
  41                 $nu_name     = $_POST['new_user_name']     ?? '';
  42                 $nu_nickname = $_POST['new_user_nickname'] ?? '';
  43                 $nu_email    = $_POST['new_user_email']    ?? '';
  44                 $nu_language = DI::config()->get('system', 'language');
  45
  46                 parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users');
  47
  48                 if ($nu_name !== '' && $nu_email !== '' && $nu_nickname !== '') {
  49                         try {
  50                                 User::createMinimal($nu_name, $nu_email, $nu_nickname, $nu_language);
  51                         } catch (\Exception $ex) {
  52                                 notice($ex->getMessage());
  53                                 return;
  54                         }
  55                 }
  56
  57                 if (!empty($_POST['page_users_block'])) {
  58                         foreach ($users as $uid) {
  59                                 User::block($uid);
  60                         }
  61                         notice(DI::l10n()->tt('%s user blocked', '%s users blocked', count($users)));
  62                 }
  63
  64                 if (!empty($_POST['page_users_unblock'])) {
  65                         foreach ($users as $uid) {
  66                                 User::block($uid, false);
  67                         }
  68                         notice(DI::l10n()->tt('%s user unblocked', '%s users unblocked', count($users)));
  69                 }
  70
  71                 if (!empty($_POST['page_users_delete'])) {
  72                         foreach ($users as $uid) {
  73                                 if (local_user() != $uid) {
  74                                         User::remove($uid);
  75                                 } else {
  76                                         notice(DI::l10n()->t('You can\'t remove yourself'));
  77                                 }
  78                         }
  79
  80                         notice(DI::l10n()->tt('%s user deleted', '%s users deleted', count($users)));
  81                 }
  82
  83                 if (!empty($_POST['page_users_approve'])) {
  84                         foreach ($pending as $hash) {
  85                                 User::allow($hash);
  86                         }
  87                         notice(DI::l10n()->tt('%s user approved', '%s users approved', count($pending)));
  88                 }
  89
  90                 if (!empty($_POST['page_users_deny'])) {
  91                         foreach ($pending as $hash) {
  92                                 User::deny($hash);
  93                         }
  94                         notice(DI::l10n()->tt('%s registration revoked', '%s registrations revoked', count($pending)));
  95                 }
  96
  97                 DI::baseUrl()->redirect('admin/users');
  98         }
  99
 100         public static function content(array $parameters = [])
 101         {
 102                 parent::content($parameters);
 103
 104                 $a = DI::app();
 105
 106                 if ($a->argc > 3) {
 107                         // @TODO: Replace with parameter from router
 108                         $action = $a->argv[2];
 109                         $uid = $a->argv[3];
 110                         $user = User::getById($uid, ['username', 'blocked']);
 111                         if (!DBA::isResult($user)) {
 112                                 notice('User not found' . EOL);
 113                                 DI::baseUrl()->redirect('admin/users');
 114                                 return ''; // NOTREACHED
 115                         }
 116
 117                         switch ($action) {
 118                                 case 'delete':
 119                                         if (local_user() != $uid) {
 120                                                 parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 121                                                 // delete user
 122                                                 User::remove($uid);
 123
 124                                                 notice(DI::l10n()->t('User "%s" deleted', $user['username']));
 125                                         } else {
 126                                                 notice(DI::l10n()->t('You can\'t remove yourself'));
 127                                         }
 128                                         break;
 129                                 case 'block':
 130                                         parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 131                                         User::block($uid);
 132                                         notice(DI::l10n()->t('User "%s" blocked', $user['username']));
 133                                         break;
 134                                 case 'unblock':
 135                                         parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 136                                         User::block($uid, false);
 137                                         notice(DI::l10n()->t('User "%s" unblocked', $user['username']));
 138                                         break;
 139                                 case 'allow':
 140                                         parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 141                                         User::allow(Register::getPendingForUser($uid)['hash'] ?? '');
 142                                         notice(DI::l10n()->t('Account approved.'));
 143                                         break;
 144                                 case 'deny':
 145                                         parent::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
 146                                         User::deny(Register::getPendingForUser($uid)['hash'] ?? '');
 147                                         notice(DI::l10n()->t('Registration revoked'));
 148                                         break;
 149                         }
 150
 151                         DI::baseUrl()->redirect('admin/users');
 152                 }
 153
 154                 /* get pending */
 155                 $pending = Register::getPending();
 156
 157                 $pager = new Pager(DI::l10n(), DI::args()->getQueryString(), 100);
 158
 159                 // @TODO Move below block to Model\User::getUsers($start, $count, $order = 'contact.name', $order_direction = '+')
 160                 $valid_orders = [
 161                         'contact.name',
 162                         'user.email',
 163                         'user.register_date',
 164                         'user.login_date',
 165                         'lastitem_date',
 166                         'user.page-flags'
 167                 ];
 168
 169                 $order = 'contact.name';
 170                 $order_direction = '+';
 171                 if (!empty($_GET['o'])) {
 172                         $new_order = $_GET['o'];
 173                         if ($new_order[0] === '-') {
 174                                 $order_direction = '-';
 175                                 $new_order = substr($new_order, 1);
 176                         }
 177
 178                         if (in_array($new_order, $valid_orders)) {
 179                                 $order = $new_order;
 180                         }
 181                 }
 182                 $sql_order = '`' . str_replace('.', '`.`', $order) . '`';
 183                 $sql_order_direction = ($order_direction === '+') ? 'ASC' : 'DESC';
 184
 185                 $usersStmt = DBA::p("SELECT `user`.*, `contact`.`name`, `contact`.`url`, `contact`.`micro`, `user`.`account_expired`, `contact`.`last-item` AS `lastitem_date`
 186                                 FROM `user`
 187                                 INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self`
 188                                 WHERE `user`.`verified`
 189                                 ORDER BY $sql_order $sql_order_direction LIMIT ?, ?", $pager->getStart(), $pager->getItemsPerPage()
 190                 );
 191                 $users = DBA::toArray($usersStmt);
 192
 193                 $adminlist = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
 194                 $_setup_users = function ($e) use ($adminlist) {
 195                         $page_types = [
 196                                 User::PAGE_FLAGS_NORMAL    => DI::l10n()->t('Normal Account Page'),
 197                                 User::PAGE_FLAGS_SOAPBOX   => DI::l10n()->t('Soapbox Page'),
 198                                 User::PAGE_FLAGS_COMMUNITY => DI::l10n()->t('Public Forum'),
 199                                 User::PAGE_FLAGS_FREELOVE  => DI::l10n()->t('Automatic Friend Page'),
 200                                 User::PAGE_FLAGS_PRVGROUP  => DI::l10n()->t('Private Forum')
 201                         ];
 202                         $account_types = [
 203                                 User::ACCOUNT_TYPE_PERSON       => DI::l10n()->t('Personal Page'),
 204                                 User::ACCOUNT_TYPE_ORGANISATION => DI::l10n()->t('Organisation Page'),
 205                                 User::ACCOUNT_TYPE_NEWS         => DI::l10n()->t('News Page'),
 206                                 User::ACCOUNT_TYPE_COMMUNITY    => DI::l10n()->t('Community Forum'),
 207                                 User::ACCOUNT_TYPE_RELAY        => DI::l10n()->t('Relay'),
 208                         ];
 209
 210                         $e['page_flags_raw'] = $e['page-flags'];
 211                         $e['page-flags'] = $page_types[$e['page-flags']];
 212
 213                         $e['account_type_raw'] = ($e['page_flags_raw'] == 0) ? $e['account-type'] : -1;
 214                         $e['account-type'] = ($e['page_flags_raw'] == 0) ? $account_types[$e['account-type']] : '';
 215
 216                         $e['register_date'] = Temporal::getRelativeDate($e['register_date']);
 217                         $e['login_date'] = Temporal::getRelativeDate($e['login_date']);
 218                         $e['lastitem_date'] = Temporal::getRelativeDate($e['lastitem_date']);
 219                         $e['is_admin'] = in_array($e['email'], $adminlist);
 220                         $e['is_deletable'] = (intval($e['uid']) != local_user());
 221                         $e['deleted'] = ($e['account_removed'] ? Temporal::getRelativeDate($e['account_expires_on']) : False);
 222
 223                         return $e;
 224                 };
 225
 226                 $tmp_users = array_map($_setup_users, $users);
 227
 228                 // Get rid of dashes in key names, Smarty3 can't handle them
 229                 // and extracting deleted users
 230
 231                 $deleted = [];
 232                 $users = [];
 233                 foreach ($tmp_users as $user) {
 234                         foreach ($user as $k => $v) {
 235                                 $newkey = str_replace('-', '_', $k);
 236                                 $user[$newkey] = $v;
 237                         }
 238
 239                         if ($user['deleted']) {
 240                                 $deleted[] = $user;
 241                         } else {
 242                                 $users[] = $user;
 243                         }
 244                 }
 245
 246                 $th_users = array_map(null, [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Type')], $valid_orders);
 247
 248                 $t = Renderer::getMarkupTemplate('admin/users.tpl');
 249                 $o = Renderer::replaceMacros($t, [
 250                         // strings //
 251                         '$title' => DI::l10n()->t('Administration'),
 252                         '$page' => DI::l10n()->t('Users'),
 253                         '$submit' => DI::l10n()->t('Add User'),
 254                         '$select_all' => DI::l10n()->t('select all'),
 255                         '$h_pending' => DI::l10n()->t('User registrations waiting for confirm'),
 256                         '$h_deleted' => DI::l10n()->t('User waiting for permanent deletion'),
 257                         '$th_pending' => [DI::l10n()->t('Request date'), DI::l10n()->t('Name'), DI::l10n()->t('Email')],
 258                         '$no_pending' => DI::l10n()->t('No registrations.'),
 259                         '$pendingnotetext' => DI::l10n()->t('Note from the user'),
 260                         '$approve' => DI::l10n()->t('Approve'),
 261                         '$deny' => DI::l10n()->t('Deny'),
 262                         '$delete' => DI::l10n()->t('Delete'),
 263                         '$block' => DI::l10n()->t('Block'),
 264                         '$blocked' => DI::l10n()->t('User blocked'),
 265                         '$unblock' => DI::l10n()->t('Unblock'),
 266                         '$siteadmin' => DI::l10n()->t('Site admin'),
 267                         '$accountexpired' => DI::l10n()->t('Account expired'),
 268
 269                         '$h_users' => DI::l10n()->t('Users'),
 270                         '$h_newuser' => DI::l10n()->t('New User'),
 271                         '$th_deleted' => [DI::l10n()->t('Name'), DI::l10n()->t('Email'), DI::l10n()->t('Register date'), DI::l10n()->t('Last login'), DI::l10n()->t('Last public item'), DI::l10n()->t('Permanent deletion')],
 272                         '$th_users' => $th_users,
 273                         '$order_users' => $order,
 274                         '$order_direction_users' => $order_direction,
 275
 276                         '$confirm_delete_multi' => DI::l10n()->t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
 277                         '$confirm_delete' => DI::l10n()->t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
 278
 279                         '$form_security_token' => parent::getFormSecurityToken('admin_users'),
 280
 281                         // values //
 282                         '$baseurl' => DI::baseUrl()->get(true),
 283
 284                         '$pending' => $pending,
 285                         'deleted' => $deleted,
 286                         '$users' => $users,
 287                         '$newusername' => ['new_user_name', DI::l10n()->t('Name'), '', DI::l10n()->t('Name of the new user.')],
 288                         '$newusernickname' => ['new_user_nickname', DI::l10n()->t('Nickname'), '', DI::l10n()->t('Nickname of the new user.')],
 289                         '$newuseremail' => ['new_user_email', DI::l10n()->t('Email'), '', DI::l10n()->t('Email address of the new user.'), '', '', 'email'],
 290                 ]);
 291
 292                 $o .= $pager->renderFull(DBA::count('user'));
 293
 294                 return $o;
 295         }
 296 }