X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fadmin.php;h=db4d4cff25b8289d1fa9ab275442c13b3d4fd374;hb=77529ccdf10d22340558d3192d536f1b3ff04945;hp=a395027c11604110f22864e7bcc8fa5fe68358d7;hpb=cb05801a9031254f5882038de07a3ee4d5f89dd0;p=friendica.git diff --git a/mod/admin.php b/mod/admin.php index a395027c11..db4d4cff25 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -4,7 +4,11 @@ * Friendica admin */ require_once("include/remoteupdate.php"); - + + +/** + * @param App $a + */ function admin_post(&$a){ @@ -40,9 +44,26 @@ function admin_post(&$a){ goaway($a->get_baseurl(true) . '/admin/plugins/' . $a->argv[2] ); return; // NOTREACHED break; + case 'themes': + $theme = $a->argv[2]; + if (is_file("view/theme/$theme/config.php")){ + require_once("view/theme/$theme/config.php"); + if (function_exists("theme_admin_post")){ + theme_admin_post($a); + } + } + info(t('Theme settings updated.')); + if(is_ajax()) return; + + goaway($a->get_baseurl(true) . '/admin/themes/' . $theme ); + return; + break; case 'logs': admin_page_logs_post($a); break; + case 'dbsync': + admin_page_dbsync_post($a); + break; case 'update': admin_page_remoteupdate_post($a); break; @@ -53,6 +74,10 @@ function admin_post(&$a){ return; // NOTREACHED } +/** + * @param App $a + * @return string + */ function admin_content(&$a) { if(!is_site_admin()) { @@ -60,7 +85,7 @@ function admin_content(&$a) { } if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) - return; + return ""; /** * Side bar links @@ -72,7 +97,8 @@ function admin_content(&$a) { 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"), 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"), 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"), - 'update' => Array($a->get_baseurl(true)."/admin/update/", t("Update") , "update") + 'dbsync' => Array($a->get_baseurl(true)."/admin/dbsync/", t('DB updates'), "dbsync"), + //'update' => Array($a->get_baseurl(true)."/admin/update/", t("Software Update") , "update") ); /* get plugins admin page */ @@ -89,8 +115,11 @@ function admin_content(&$a) { $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs"); $t = get_markup_template("admin_aside.tpl"); - $a->page['aside'] = replace_macros( $t, array( + $a->page['aside'] .= replace_macros( $t, array( '$admin' => $aside, + '$admtxt' => t('Admin'), + '$plugadmtxt' => t('Plugin Features'), + '$logtxt' => t('Logs'), '$h_pending' => t('User registrations waiting for confirmation'), '$admurl'=> $a->get_baseurl(true)."/admin/" )); @@ -120,6 +149,9 @@ function admin_content(&$a) { case 'logs': $o = admin_page_logs($a); break; + case 'dbsync': + $o = admin_page_dbsync($a); + break; case 'update': $o = admin_page_remoteupdate($a); break; @@ -129,12 +161,21 @@ function admin_content(&$a) { } else { $o = admin_page_summary($a); } - return $o; + + if(is_ajax()) { + echo $o; + killme(); + return ''; + } else { + return $o; + } } /** * Admin Summary Page + * @param App $a + * @return string */ function admin_page_summary(&$a) { $r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`"); @@ -142,20 +183,35 @@ function admin_page_summary(&$a) { Array( t('Normal Account'), 0), Array( t('Soapbox Account'), 0), Array( t('Community/Celebrity Account'), 0), - Array( t('Automatic Friend Account'), 0) + Array( t('Automatic Friend Account'), 0), + Array( t('Blog Account'), 0), + Array( t('Private Forum'), 0) ); + $users=0; foreach ($r as $u){ $accounts[$u['page-flags']][1] = $u['count']; $users+= $u['count']; } - logger('accounts: ' . print_r($accounts,true)); + logger('accounts: ' . print_r($accounts,true),LOGGER_DATA); $r = q("SELECT COUNT(id) as `count` FROM `register`"); $pending = $r[0]['count']; + $r = q("select count(*) as total from deliverq where 1"); + $deliverq = (($r) ? $r[0]['total'] : 0); + + $r = q("select count(*) as total from queue where 1"); + $queue = (($r) ? $r[0]['total'] : 0); + + // We can do better, but this is a quick queue status + + $queues = array( 'label' => t('Message queues'), 'deliverq' => $deliverq, 'queue' => $queue ); + + $t = get_markup_template("admin_summary.tpl"); return replace_macros($t, array( '$title' => t('Administration'), '$page' => t('Summary'), + '$queues' => $queues, '$users' => Array( t('Registered users'), $users), '$accounts' => $accounts, '$pending' => Array( t('Pending registrations'), $pending), @@ -168,45 +224,54 @@ function admin_page_summary(&$a) { /** * Admin Site Page + * @param App $a */ function admin_page_site_post(&$a){ if (!x($_POST,"page_site")){ return; } - - $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); - $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); - $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); - $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); + check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); + + $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); + $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); + $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); + $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); + $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); + $maximagelength = ((x($_POST,'maximagelength')) ? intval(trim($_POST['maximagelength'])) : MAX_IMAGE_LENGTH); + $jpegimagequality = ((x($_POST,'jpegimagequality')) ? intval(trim($_POST['jpegimagequality'])) : JPEG_QUALITY); - $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); - $abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0); + $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); + $abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0); - $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : ''); + $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : ''); - $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); - $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); - $block_public = ((x($_POST,'block_public')) ? True : False); - $force_publish = ((x($_POST,'publish_all')) ? True : False); + $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); + $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); + $block_public = ((x($_POST,'block_public')) ? True : False); + $force_publish = ((x($_POST,'publish_all')) ? True : False); $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : ''); - $no_multi_reg = ((x($_POST,'no_multi_reg')) ? True : False); - $no_openid = !((x($_POST,'no_openid')) ? True : False); - $no_gravatar = !((x($_POST,'no_gravatar')) ? True : False); - $no_regfullname = !((x($_POST,'no_regfullname')) ? True : False); - $no_utf = !((x($_POST,'no_utf')) ? True : False); - $no_community_page = !((x($_POST,'no_community_page')) ? True : False); - - $verifyssl = ((x($_POST,'verifyssl')) ? True : False); - $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : ''); - $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : ''); - $timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60); - $dfrn_only = ((x($_POST,'dfrn_only')) ? True : False); - $ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False); - $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False); - $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0); + $thread_allow = ((x($_POST,'thread_allow')) ? True : False); + $newuser_public = ((x($_POST,'newuser_public')) ? True : False); + $no_multi_reg = ((x($_POST,'no_multi_reg')) ? True : False); + $no_openid = !((x($_POST,'no_openid')) ? True : False); + $no_regfullname = !((x($_POST,'no_regfullname')) ? True : False); + $no_utf = !((x($_POST,'no_utf')) ? True : False); + $no_community_page = !((x($_POST,'no_community_page')) ? True : False); + + $verifyssl = ((x($_POST,'verifyssl')) ? True : False); + $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : ''); + $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : ''); + $timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60); + $delivery_interval = ((x($_POST,'delivery_interval')) ? intval(trim($_POST['delivery_interval'])) : 0); + $poll_interval = ((x($_POST,'poll_interval')) ? intval(trim($_POST['poll_interval'])) : 0); + $maxloadavg = ((x($_POST,'maxloadavg')) ? intval(trim($_POST['maxloadavg'])) : 50); + $dfrn_only = ((x($_POST,'dfrn_only')) ? True : False); + $ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False); + $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False); + $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0); if($ssl_policy != intval(get_config('system','ssl_policy'))) { if($ssl_policy == SSL_POLICY_FULL) { @@ -249,7 +314,9 @@ function admin_page_site_post(&$a){ } } set_config('system','ssl_policy',$ssl_policy); - + set_config('system','delivery_interval',$delivery_interval); + set_config('system','poll_interval',$poll_interval); + set_config('system','maxloadavg',$maxloadavg); set_config('config','sitename',$sitename); if ($banner==""){ // don't know why, but del_config doesn't work... @@ -262,7 +329,14 @@ function admin_page_site_post(&$a){ } set_config('system','language', $language); set_config('system','theme', $theme); + if ( $theme_mobile === '---' ) { + del_config('system','mobile-theme'); + } else { + set_config('system','mobile-theme', $theme_mobile); + } set_config('system','maximagesize', $maximagesize); + set_config('system','max_image_length', $maximagelength); + set_config('system','jpeg_quality', $jpegimagequality); set_config('config','register_policy', $register_policy); set_config('system','account_abandon_days', $abandon_days); @@ -280,10 +354,11 @@ function admin_page_site_post(&$a){ } else { set_config('system','directory_submit_url', $global_directory); } - set_config('system','directory_search_url', $global_search_url); + set_config('system','thread_allow', $thread_allow); + set_config('system','newuser_public', $newuser_public); + set_config('system','block_extended_register', $no_multi_reg); set_config('system','no_openid', $no_openid); - set_config('system','no_gravatar', $no_gravatar); set_config('system','no_regfullname', $no_regfullname); set_config('system','no_community_page', $no_community_page); set_config('system','no_utf', $no_utf); @@ -300,7 +375,11 @@ function admin_page_site_post(&$a){ return; // NOTREACHED } - + +/** + * @param App $a + * @return string + */ function admin_page_site(&$a) { /* Installed langs */ @@ -319,12 +398,19 @@ function admin_page_site(&$a) { /* Installed themes */ $theme_choices = array(); + $theme_choices_mobile = array(); + $theme_choices_mobile["---"] = t("No special theme for mobile devices"); $files = glob('view/theme/*'); if($files) { foreach($files as $file) { $f = basename($file); $theme_name = ((file_exists($file . '/experimental')) ? sprintf("%s - \x28Experimental\x29", $f) : $f); - $theme_choices[$f] = $theme_name; + if (file_exists($file . '/mobile')) { + $theme_choices_mobile[$f] = $theme_name; + } + else { + $theme_choices[$f] = $theme_name; + } } } @@ -361,50 +447,120 @@ function admin_page_site(&$a) { '$advanced' => t('Advanced'), '$baseurl' => $a->get_baseurl(true), - // name, label, value, help string, extra data... + // name, label, value, help string, extra data... '$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), ""), - '$banner' => array('banner', t("Banner/Logo"), $banner, ""), + '$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), - '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices), - '$ssl_policy' => array('ssl_policy', t("SSL link policy"), (string) intval(get_config('system','ssl_policy')), t("Determines whether generated links should be forced to use SSL"), $ssl_choices), + '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - change theme settings"), $theme_choices), + '$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile-theme'), t("Theme for mobile devices"), $theme_choices_mobile), + '$ssl_policy' => array('ssl_policy', t("SSL link policy"), (string) intval(get_config('system','ssl_policy')), t("Determines whether generated links should be forced to use SSL"), $ssl_choices), '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), + '$maximagelength' => array('maximagelength', t("Maximum image length"), get_config('system','max_image_length'), t("Maximum length in pixels of the longest side of uploaded images. Default is -1, which means no limits.")), + '$jpegimagequality' => array('jpegimagequality', t("JPEG image quality"), get_config('system','jpeg_quality'), t("Uploaded JPEGS will be saved at this quality setting [0-100]. Default is 100, which is full quality.")), '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices), - '$register_text' => array('register_text', t("Register text"), htmlentities($a->config['register_text'], ENT_QUOTES), t("Will be displayed prominently on the registration page.")), - '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), + '$register_text' => array('register_text', t("Register text"), htmlentities($a->config['register_text'], ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), + '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently logged in.")), '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")), '$global_directory' => array('directory_submit_url', t("Global directory update URL"), get_config('system','directory_submit_url'), t("URL to update the global directory. If this is not set, the global directory is completely unavailable to the application.")), + '$thread_allow' => array('thread_allow', t("Allow threaded items"), get_config('system','thread_allow'), t("Allow infinite level threading for items on this site.")), + '$newuser_public' => array('newuser_public', t("No default permissions for new users"), get_config('system','newuser_public'), t("New users will have no private permissions set for their posts by default, making their posts public until they change it.")), '$no_multi_reg' => array('no_multi_reg', t("Block multiple registrations"), get_config('system','block_extended_register'), t("Disallow users to register additional accounts for use as pages.")), '$no_openid' => array('no_openid', t("OpenID support"), !get_config('system','no_openid'), t("OpenID support for registration and logins.")), - '$no_gravatar' => array('no_gravatar', t("Gravatar support"), !get_config('system','no_gravatar'), t("Search new user's photo on Gravatar.")), '$no_regfullname' => array('no_regfullname', t("Fullname check"), !get_config('system','no_regfullname'), t("Force users to register with a space between firstname and lastname in Full name, as an antispam measure")), - '$no_utf' => array('no_utf', t("UTF-8 Regular expressions"), !get_config('system','no_utf'), t("Use PHP UTF8 regular expressions")), - '$no_community_page' => array('no_community_page', t("Show Community Page"), !get_config('system','no_community_page'), t("Display a Community page showing all recent public postings on this site.")), - '$ostatus_disabled' => array('ostatus_disabled', t("Enable OStatus support"), !get_config('system','ostatus_disable'), t("Provide built-in OStatus \x28identi.ca, status.net, etc.\x29 compatibility. All communications in OStatus are public, so privacy warnings will be occasionally displayed.")), - '$diaspora_enabled' => array('diaspora_enabled', t("Enable Diaspora support"), get_config('system','diaspora_enabled'), t("Provide built-in Diaspora network compatibility.")), - '$dfrn_only' => array('dfrn_only', t('Only allow Friendica contacts'), get_config('system','dfrn_only'), t("All contacts must use Friendica protocols. All other built-in communication protocols disabled.")), + '$no_utf' => array('no_utf', t("UTF-8 Regular expressions"), !get_config('system','no_utf'), t("Use PHP UTF8 regular expressions")), + '$no_community_page' => array('no_community_page', t("Show Community Page"), !get_config('system','no_community_page'), t("Display a Community page showing all recent public postings on this site.")), + '$ostatus_disabled' => array('ostatus_disabled', t("Enable OStatus support"), !get_config('system','ostatus_disable'), t("Provide built-in OStatus \x28identi.ca, status.net, etc.\x29 compatibility. All communications in OStatus are public, so privacy warnings will be occasionally displayed.")), + '$diaspora_enabled' => array('diaspora_enabled', t("Enable Diaspora support"), get_config('system','diaspora_enabled'), t("Provide built-in Diaspora network compatibility.")), + '$dfrn_only' => array('dfrn_only', t('Only allow Friendica contacts'), get_config('system','dfrn_only'), t("All contacts must use Friendica protocols. All other built-in communication protocols disabled.")), '$verifyssl' => array('verifyssl', t("Verify SSL"), get_config('system','verifyssl'), t("If you wish, you can turn on strict certificate checking. This will mean you cannot connect (at all) to self-signed SSL sites.")), '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), - '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), - '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")), - + '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), + '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")), + '$delivery_interval' => array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")), + '$poll_interval' => array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")), + '$maxloadavg' => array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")), + '$form_security_token' => get_form_security_token("admin_site"), )); } +function admin_page_dbsync(&$a) { + + $o = ''; + + if($a->argc > 3 && intval($a->argv[3]) && $a->argv[2] === 'mark') { + set_config('database', 'update_' . intval($a->argv[3]), 'success'); + $curr = get_config('system','build'); + if(intval($curr) == intval($a->argv[3])) + set_config('system','build',intval($curr) + 1); + info( t('Update has been marked successful') . EOL); + goaway($a->get_baseurl(true) . '/admin/dbsync'); + } + + if($a->argc > 2 && intval($a->argv[2])) { + require_once('update.php'); + $func = 'update_' . intval($a->argv[2]); + if(function_exists($func)) { + $retval = $func(); + if($retval === UPDATE_FAILED) { + $o .= sprintf( t('Executing %s failed. Check system logs.'), $func); + } + elseif($retval === UPDATE_SUCCESS) { + $o .= sprintf( t('Update %s was successfully applied.', $func)); + set_config('database',$func, 'success'); + } + else + $o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $func); + } + else + $o .= sprintf( t('Update function %s could not be found.'), $func); + return $o; + } + + $failed = array(); + $r = q("select * from config where `cat` = 'database' "); + if(count($r)) { + foreach($r as $rr) { + $upd = intval(substr($rr['k'],7)); + if($upd < 1139 || $rr['v'] === 'success') + continue; + $failed[] = $upd; + } + } + if(! count($failed)) + return '

' . t('No failed updates.') . '

'; + + $o = replace_macros(get_markup_template('failed_updates.tpl'),array( + '$base' => $a->get_baseurl(true), + '$banner' => t('Failed Updates'), + '$desc' => t('This does not include updates prior to 1139, which did not return a status.'), + '$mark' => t('Mark success (if update was manually applied)'), + '$apply' => t('Attempt to execute this update step automatically'), + '$failed' => $failed + )); + + return $o; + +} + /** * Users admin page + * + * @param App $a */ function admin_page_users_post(&$a){ $pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() ); $users = ( x($_POST, 'user') ? $_POST['user'] : Array() ); - + + check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); + if (x($_POST,'page_users_block')){ foreach($users as $uid){ q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s", @@ -436,7 +592,11 @@ function admin_page_users_post(&$a){ goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } - + +/** + * @param App $a + * @return string + */ function admin_page_users(&$a){ if ($a->argc>2) { $uid = $a->argv[3]; @@ -444,10 +604,11 @@ function admin_page_users(&$a){ if (count($user)==0){ notice( 'User not found' . EOL); goaway($a->get_baseurl(true) . '/admin/users' ); - return; // NOTREACHED + return ''; // NOTREACHED } switch($a->argv[2]){ case "delete":{ + check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); // delete user require_once("include/Contact.php"); user_remove($uid); @@ -455,6 +616,7 @@ function admin_page_users(&$a){ notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); }; break; case "block":{ + check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s", intval( 1-$user[0]['blocked'] ), intval( $uid ) @@ -463,7 +625,7 @@ function admin_page_users(&$a){ }; break; } goaway($a->get_baseurl(true) . '/admin/users' ); - return; // NOTREACHED + return ''; // NOTREACHED } @@ -539,6 +701,7 @@ function admin_page_users(&$a){ '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), + '$form_security_token' => get_form_security_token("admin_users"), // values // '$baseurl' => $a->get_baseurl(true), @@ -551,10 +714,12 @@ function admin_page_users(&$a){ } -/* +/** * Plugins admin page + * + * @param App $a + * @return string */ - function admin_page_plugins(&$a){ /** @@ -564,10 +729,12 @@ function admin_page_plugins(&$a){ $plugin = $a->argv[2]; if (!is_file("addon/$plugin/$plugin.php")){ notice( t("Item not found.") ); - return; + return ''; } if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/plugins', 'admin_themes', 't'); + // Toggle plugin status $idx = array_search($plugin, $a->plugins); if ($idx !== false){ @@ -581,7 +748,7 @@ function admin_page_plugins(&$a){ } set_config("system","addon", implode(", ",$a->plugins)); goaway($a->get_baseurl(true) . '/admin/plugins' ); - return; // NOTREACHED + return ''; // NOTREACHED } // display plugin details require_once('library/markdown.php'); @@ -625,7 +792,9 @@ function admin_page_plugins(&$a){ '$admin_form' => $admin_form, '$function' => 'plugins', '$screenshot' => '', - '$readme' => $readme + '$readme' => $readme, + + '$form_security_token' => get_form_security_token("admin_themes"), )); } @@ -654,10 +823,16 @@ function admin_page_plugins(&$a){ '$submit' => t('Submit'), '$baseurl' => $a->get_baseurl(true), '$function' => 'plugins', - '$plugins' => $plugins + '$plugins' => $plugins, + '$form_security_token' => get_form_security_token("admin_themes"), )); } +/** + * @param array $themes + * @param string $th + * @param int $result + */ function toggle_theme(&$themes,$th,&$result) { for($x = 0; $x < count($themes); $x ++) { if($themes[$x]['name'] === $th) { @@ -673,6 +848,11 @@ function toggle_theme(&$themes,$th,&$result) { } } +/** + * @param array $themes + * @param string $th + * @return int + */ function theme_status($themes,$th) { for($x = 0; $x < count($themes); $x ++) { if($themes[$x]['name'] === $th) { @@ -686,9 +866,12 @@ function theme_status($themes,$th) { } return 0; } - +/** + * @param array $themes + * @return string + */ function rebuild_theme_table($themes) { $o = ''; if(count($themes)) { @@ -704,10 +887,12 @@ function rebuild_theme_table($themes) { } -/* +/** * Themes admin page + * + * @param App $a + * @return string */ - function admin_page_themes(&$a){ $allowed_themes_str = get_config('system','allowed_themes'); @@ -724,7 +909,7 @@ function admin_page_themes(&$a){ foreach($files as $file) { $f = basename($file); $is_experimental = intval(file_exists($file . '/experimental')); - $is_unsupported = 1-(intval(file_exists($file . '/unsupported'))); + $is_supported = 1-(intval(file_exists($file . '/unsupported'))); // Is not used yet $is_allowed = intval(in_array($f,$allowed_themes)); $themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed); } @@ -732,7 +917,7 @@ function admin_page_themes(&$a){ if(! count($themes)) { notice( t('No themes found.')); - return; + return ''; } /** @@ -743,10 +928,11 @@ function admin_page_themes(&$a){ $theme = $a->argv[2]; if(! is_dir("view/theme/$theme")){ notice( t("Item not found.") ); - return; + return ''; } if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't'); // Toggle theme status @@ -759,7 +945,7 @@ function admin_page_themes(&$a){ set_config('system','allowed_themes',$s); goaway($a->get_baseurl(true) . '/admin/themes' ); - return; // NOTREACHED + return ''; // NOTREACHED } // display theme details @@ -772,14 +958,22 @@ function admin_page_themes(&$a){ } $readme=Null; - if (is_file("view/$theme/README.md")){ - $readme = file_get_contents("view/$theme/README.md"); + if (is_file("view/theme/$theme/README.md")){ + $readme = file_get_contents("view/theme/$theme/README.md"); $readme = Markdown($readme); - } else if (is_file("view/$theme/README")){ - $readme = "
". file_get_contents("view/$theme/README") ."
"; + } else if (is_file("view/theme/$theme/README")){ + $readme = "
". file_get_contents("view/theme/$theme/README") ."
"; } $admin_form=""; + if (is_file("view/theme/$theme/config.php")){ + require_once("view/theme/$theme/config.php"); + if(function_exists("theme_admin")){ + $admin_form = theme_admin($a); + } + + } + $screenshot = array( get_theme_screenshot($theme), t('Screenshot')); if(! stristr($screenshot[0],$theme)) @@ -797,19 +991,21 @@ function admin_page_themes(&$a){ '$status' => $status, '$action' => $action, '$info' => get_theme_info($theme), - '$function' => 'themes', + '$function' => 'themes', '$admin_form' => $admin_form, '$str_author' => t('Author: '), - '$str_maintainer' => t('Maintainer: '), + '$str_maintainer' => t('Maintainer: '), '$screenshot' => $screenshot, - '$readme' => $readme + '$readme' => $readme, + + '$form_security_token' => get_form_security_token("admin_themes"), )); } /** - * List plugins + * List themes */ $xthemes = array(); @@ -828,17 +1024,21 @@ function admin_page_themes(&$a){ '$function' => 'themes', '$plugins' => $xthemes, '$experimental' => t('[Experimental]'), - '$unsupported' => t('[Unsupported]') + '$unsupported' => t('[Unsupported]'), + '$form_security_token' => get_form_security_token("admin_themes"), )); } /** * Logs admin page + * + * @param App $a */ function admin_page_logs_post(&$a) { if (x($_POST,"page_logs")) { + check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs'); $logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : ''); $debugging = ((x($_POST,'debugging')) ? true : false); @@ -855,7 +1055,11 @@ function admin_page_logs_post(&$a) { goaway($a->get_baseurl(true) . '/admin/logs' ); return; // NOTREACHED } - + +/** + * @param App $a + * @return string + */ function admin_page_logs(&$a){ $log_choices = Array( @@ -890,7 +1094,6 @@ readable."); $size = 5000000; $seek = fseek($fp,0-$size,SEEK_END); if($seek === 0) { - fgets($fp); // throw away the first partial line $data = escape_tags(fread($fp,$size)); while(! feof($fp)) $data .= escape_tags(fread($fp,4096)); @@ -913,9 +1116,14 @@ readable."); '$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""), '$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Friendica top-level directory.")), '$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices), + + '$form_security_token' => get_form_security_token("admin_logs"), )); } +/** + * @param App $a + */ function admin_page_remoteupdate_post(&$a) { // this function should be called via ajax post if(!is_site_admin()) { @@ -934,6 +1142,10 @@ function admin_page_remoteupdate_post(&$a) { killme(); } +/** + * @param App $a + * @return string + */ function admin_page_remoteupdate(&$a) { if(!is_site_admin()) { return login(false);