diff options
-rwxr-xr-x | boot.php | 1 | ||||
-rw-r--r-- | include/security.php | 6 | ||||
-rw-r--r-- | mod/admin.php | 162 | ||||
-rwxr-xr-x | view/tpl/admin_aside.tpl | 1 | ||||
-rwxr-xr-x | view/tpl/admin_channels.tpl | 50 |
5 files changed, 210 insertions, 10 deletions
@@ -205,6 +205,7 @@ define ( 'PAGE_APPLICATION', 0x0004 ); define ( 'PAGE_DIRECTORY_CHANNEL', 0x0008 ); // system channel used for directory synchronisation define ( 'PAGE_PREMIUM', 0x0010 ); define ( 'PAGE_ADULT', 0x0020 ); +define ( 'PAGE_CENSORED', 0x0040 ); // Site admin has blocked this channel from appearing in casual search results and site feeds define ( 'PAGE_SYSTEM', 0x1000 ); define ( 'PAGE_REMOVED', 0x8000 ); diff --git a/include/security.php b/include/security.php index 6b20e2904..d974efb8f 100644 --- a/include/security.php +++ b/include/security.php @@ -346,9 +346,9 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d) ", + $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", intval($perms_min), - intval(PAGE_ADULT) + intval(PAGE_CENSORED) ); if($r) foreach($r as $rr) @@ -373,7 +373,7 @@ function stream_perms_xchans($perms_min = PERMS_SITE) { $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", intval($perms_min), - intval(PAGE_ADULT) + intval(PAGE_CENSORED) ); if($r) foreach($r as $rr) diff --git a/mod/admin.php b/mod/admin.php index c4a284941..f603525d2 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -24,6 +24,10 @@ function admin_post(&$a){ case 'users': admin_page_users_post($a); break; + case 'channels': + admin_page_channels_post($a); + break; + case 'plugins': if (argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")){ @@ -85,12 +89,13 @@ function admin_content(&$a) { // array( url, name, extra css classes ) $aside = Array( - 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"), - 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"), - 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"), - 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"), - 'hubloc' => Array($a->get_baseurl(true)."/admin/hubloc/", t("Server") , "server"), - 'dbsync' => Array($a->get_baseurl(true)."/admin/dbsync/", t('DB updates'), "dbsync") + 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"), + 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Accounts") , "users"), + 'channels' => Array($a->get_baseurl(true)."/admin/channels/", t("Channels") , "channels"), + 'plugins' => Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"), + 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"), + 'hubloc' => Array($a->get_baseurl(true)."/admin/hubloc/", t("Server") , "server"), + 'dbsync' => Array($a->get_baseurl(true)."/admin/dbsync/", t('DB updates'), "dbsync") ); /* get plugins admin page */ @@ -132,6 +137,9 @@ function admin_content(&$a) { case 'users': $o = admin_page_users($a); break; + case 'channels': + $o = admin_page_channels($a); + break; case 'plugins': $o = admin_page_plugins($a); break; @@ -671,7 +679,7 @@ function admin_page_users(&$a){ intval( $uid ) ); - notice( sprintf( (($account['account_flags'] & ACCOUNT_BLOCKED) ? t("User '%s' unblocked"):t("User '%s' blocked")) , $account[0]['account_email']) . EOL); + notice( sprintf( (($account[0]['account_flags'] & ACCOUNT_BLOCKED) ? t("User '%s' unblocked"):t("User '%s' blocked")) , $account[0]['account_email']) . EOL); }; break; } goaway($a->get_baseurl(true) . '/admin/users' ); @@ -767,6 +775,146 @@ function admin_page_users(&$a){ /** + * Channels admin page + * + * @param App $a + */ +function admin_page_channels_post(&$a){ + $pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() ); + $users = ( x($_POST, 'user') ? $_POST['user'] : Array() ); + + check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); + + if (x($_POST,'page_users_block')){ + foreach($users as $uid){ + q("UPDATE account SET account_flags = (account_flags & %d) where account_id = %d limit 1", + intval(ACCOUNT_BLOCKED), + intval( $uid ) + ); + } + notice( sprintf( tt("%s user blocked/unblocked", "%s users blocked/unblocked", count($users)), count($users)) ); + } + if (x($_POST,'page_users_delete')){ + require_once("include/Contact.php"); + foreach($users as $uid){ + account_remove($uid,true); + } + notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); + } + + if (x($_POST,'page_users_approve')){ + require_once('include/account.php'); + foreach($pending as $hash){ + user_allow($hash); + } + } + if (x($_POST,'page_users_deny')){ + require_once('include/account.php'); + foreach($pending as $hash){ + user_deny($hash); + } + } + goaway($a->get_baseurl(true) . '/admin/users' ); + return; // NOTREACHED +} + +/** + * @param App $a + * @return string + */ +function admin_page_channels(&$a){ + if (argc() > 2) { + $uid = argv(3); + $channel = q("SELECT * FROM channel WHERE channel_id = %d", + intval($uid) + ); + + if (! $channel) { + notice( t('Channel not found') . EOL); + goaway($a->get_baseurl(true) . '/admin/channels' ); + } + + switch(argv(2)){ +// case "delete":{ + // check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); + // delete user + // require_once("include/Contact.php"); + // account_remove($uid,true); + + // notice( sprintf(t("User '%s' deleted"), $account[0]['account_email']) . EOL); + // }; break; + + case "block":{ + check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't'); + q("UPDATE channel SET channel_pageflags = ( channel_pageflags ^ %d ) where channel_id = %d", + intval(PAGE_CENSORED), + intval( $uid ) + ); + + notice( sprintf( (($channel[0]['channel_pageflags'] & PAGE_CENSORED) ? t("Channel '%s' uncensored"): t("Channel '%s' censored")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL); + }; break; + } + goaway($a->get_baseurl(true) . '/admin/users' ); + return ''; // NOTREACHED + + } + + /* get channels */ + + $total = q("SELECT count(*) as total FROM channel where not (channel_pageflags & %d)", + intval(PAGE_REMOVED) + ); + if($total) { + $a->set_pager_total($total[0]['total']); + $a->set_pager_itemspage(100); + } + + $order = " order by channel_name asc "; + + $users = q("SELECT * from channel where not ( channel_pageflags & %d ) $order limit %d , %d ", + intval(PAGE_REMOVED), + intval($a->pager['start']), + intval($a->pager['itemspage']) + ); + + if($users) { + for($x = 0; $x < count($users); $x ++) { + if($users[$x]['channel_pageflags'] & PAGE_CENSORED) + $users[$x]['blocked'] = true; + else + $users[$x]['blocked'] = false; + } + } + + $t = get_markup_template("admin_channels.tpl"); + $o = replace_macros($t, array( + // strings // + '$title' => t('Administration'), + '$page' => t('Channels'), + '$submit' => t('Submit'), + '$select_all' => t('select all'), + '$delete' => t('Delete'), + '$block' => t('Censor'), + '$unblock' => t('Uncensor'), + + '$h_users' => t('Channel'), + '$th_users' => array( t('UID'), t('Name'), t('Address')), + + '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), + '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), + + '$form_security_token' => get_form_security_token("admin_channels"), + + // values // + '$baseurl' => $a->get_baseurl(true), + '$users' => $users, + )); + $o .= paginate($a); + return $o; +} + + +/** * Plugins admin page * * @param App $a diff --git a/view/tpl/admin_aside.tpl b/view/tpl/admin_aside.tpl index fdf070aa2..cb3827bf2 100755 --- a/view/tpl/admin_aside.tpl +++ b/view/tpl/admin_aside.tpl @@ -14,6 +14,7 @@ <ul class='admin linklist'> <li class='admin link button {{$admin.site.2}}'><a href='{{$admin.site.0}}'>{{$admin.site.1}}</a></li> <li class='admin link button {{$admin.users.2}}'><a href='{{$admin.users.0}}'>{{$admin.users.1}}</a><span id='pending-update' title='{{$h_pending}}'></span></li> + <li class='admin link button {{$admin.channels.2}}'><a href='{{$admin.channels.0}}'>{{$admin.channels.1}}</a></li> <li class='admin link button {{$admin.plugins.2}}'><a href='{{$admin.plugins.0}}'>{{$admin.plugins.1}}</a></li> <li class='admin link button {{$admin.themes.2}}'><a href='{{$admin.themes.0}}'>{{$admin.themes.1}}</a></li> <li class='admin link button {{$admin.hubloc.2}}'><a href='{{$admin.hubloc.0}}'>{{$admin.hubloc.1}}</a></li> diff --git a/view/tpl/admin_channels.tpl b/view/tpl/admin_channels.tpl new file mode 100755 index 000000000..2ae2a72d6 --- /dev/null +++ b/view/tpl/admin_channels.tpl @@ -0,0 +1,50 @@ +<script> + function confirm_delete(uname){ + return confirm( "{{$confirm_delete}}".format(uname)); + } + function confirm_delete_multi(){ + return confirm("{{$confirm_delete_multi}}"); + } + function selectall(cls){ + $("."+cls).attr('checked','checked'); + return false; + } +</script> +<div class = "generic-content-wrapper" id='adminpage'> + <h1>{{$title}} - {{$page}}</h1> + + <form action="{{$baseurl}}/admin/channels" method="post"> + <input type='hidden' name='form_security_token' value='{{$form_security_token}}'> + + <h3>{{$h_users}}</h3> + {{if $users}} + <table id='channels'> + <thead> + <tr> + {{foreach $th_users as $th}}<th>{{$th}}</th>{{/foreach}} + <th></th> + <th></th> + </tr> + </thead> + <tbody> + {{foreach $users as $u}} + <tr> + <td class='channel_id'>{{$u.channel_id}}</td> + <td class='channel_name'>{{$u.channel_name}}</td> + <td class='channel_address'>{{$u.channel_address}}</td> + <td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_{{$u.account_id}}" name="user[]" value="{{$u.account_id}}"/></td> + <td class="tools"> + <a href="{{$baseurl}}/admin/users/block/{{$u.account_id}}?t={{$form_security_token}}" title='{{if ($u.blocked)}}{{$unblock}}{{else}}{{$block}}{{/if}}'><i class='icon-ban-circle admin-icons {{if ($u.blocked)}}dim{{/if}}'></i></a> + <a href="{{$baseurl}}/admin/users/delete/{{$u.account_id}}?t={{$form_security_token}}" title='{{$delete}}' onclick="return confirm_delete('{{$u.name}}')"><i class='icon-remove admin-icons'></i></a> + </td> + </tr> + {{/foreach}} + </tbody> + </table> + <div class='selectall'><a href='#' onclick="return selectall('users_ckbx');">{{$select_all}}</a></div> + <div class="submit"><input type="submit" name="page_users_block" value="{{$block}}/{{$unblock}}" /> <input type="submit" name="page_channels_delete" value="{{$delete}}" onclick="return confirm_delete_multi()" /></div> + {{else}} + NO USERS?!? + {{/if}} + </form> +</div> |