diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/admin.php | 590 | ||||
-rw-r--r-- | mod/regmod.php | 168 |
2 files changed, 683 insertions, 75 deletions
diff --git a/mod/admin.php b/mod/admin.php new file mode 100644 index 000000000..6f411bdb1 --- /dev/null +++ b/mod/admin.php @@ -0,0 +1,590 @@ +<?php + /** + * Friendika admin + */ + + +function admin_init(&$a) { + if(!is_site_admin()) { + notice( t('Permission denied.') . EOL); + return; + } +} + +function admin_post(&$a){ + if(!is_site_admin()) { + return login(false); + } + + // urls + if ($a->argc > 1){ + switch ($a->argv[1]){ + case 'site': + admin_page_site_post($a); + break; + case 'users': + admin_page_users_post($a); + break; + case 'logs': + admin_page_logs_post($a); + break; + } + } + + goaway($a->get_baseurl() . '/admin' ); + return; // NOTREACHED +} + +function admin_content(&$a) { + + if(!is_site_admin()) { + return login(false); + } + + /** + * Side bar links + */ + + // array( url, name, extra css classes ) + $aside = Array( + 'site' => Array($a->get_baseurl()."/admin/site/", t("Site") , "site"), + 'users' => Array($a->get_baseurl()."/admin/users/", t("Users") , "users"), + 'plugins'=> Array($a->get_baseurl()."/admin/plugins/", t("Plugins") , "plugins") + ); + + /* get plugins admin page */ + + $r = q("SELECT * FROM `hook` WHERE `hook`='plugin_admin'"); + $aside['plugins_admin']=Array(); + foreach ($r as $h){ + $plugin = explode("/",$h['file']); $plugin = $plugin[1]; + $aside['plugins_admin'][] = Array($a->get_baseurl()."/admin/plugins/".$plugin, $plugin, "plugin"); + } + + $aside['logs'] = Array($a->get_baseurl()."/admin/logs/", t("Logs"), "logs"); + + $t = get_markup_template("admin_aside.tpl"); + $a->page['aside'] = replace_macros( $t, array( + '$admin' => $aside, + '$h_pending' => t('User registrations waiting for confirm'), + '$admurl'=> $a->get_baseurl()."/admin/" + )); + + + + /** + * Page content + */ + $o = ''; + + // urls + if ($a->argc > 1){ + switch ($a->argv[1]){ + case 'site': + $o = admin_page_site($a); + break; + case 'users': + $o = admin_page_users($a); + break; + case 'plugins': + $o = admin_page_plugins($a); + break; + case 'logs': + $o = admin_page_logs($a); + break; + default: + notice( t("Item not found.") ); + } + } else { + $o = admin_page_summary($a); + } + return $o; +} + + +/** + * Admin Summary Page + */ +function admin_page_summary(&$a) { + $r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`"); + $accounts = Array( + Array( t('Normal Account'), 0), + Array( t('Soapbox Account'), 0), + Array( t('Community/Celebrity Account'), 0), + Array( t('Automatic Friend Account'), 0) + ); + $users=0; + foreach ($r as $u){ $accounts[$u['page-flags']][1] = $u['count']; $users+=$u['count']; } + + + $r = q("SELECT COUNT(id) as `count` FROM `register`"); + $pending = $r[0]['count']; + + + + + + $t = get_markup_template("admin_summary.tpl"); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Summary'), + '$users' => Array( t('Registered users'), $users), + '$accounts' => $accounts, + '$pending' => Array( t('Pending registrations'), $pending), + '$version' => Array( t('Version'), FRIENDIKA_VERSION), + '$build' => get_config('system','build'), + '$plugins' => Array( t('Active plugins'), $a->plugins ) + )); +} + + +/** + * Admin Site Page + */ +function admin_page_site_post(&$a){ + if (!x($_POST,"page_site")){ + return; + } + + + $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); + $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); + $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); + $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); + $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); + + + $register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0); + $register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : ''); + + $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); + $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); + $block_public = ((x($_POST,'block_public')) ? True : False); + $force_publish = ((x($_POST,'publish_all')) ? True : False); + $global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : ''); + $global_search_url = ((x($_POST,'directory_search_url'))? notags(trim($_POST['directory_search_url'])) : ''); + $no_multi_reg = ((x($_POST,'no_multi_reg')) ? True : False); + $no_openid = ((x($_POST,'no_openid')) ? True : False); + $no_gravatar = ((x($_POST,'no_gravatar')) ? True : False); + $no_regfullname = ((x($_POST,'no_regfullname')) ? True : False); + $no_utf = ((x($_POST,'no_utf')) ? True : False); + $rino_enc = ((x($_POST,'rino_enc')) ? True : False); + $verifyssl = ((x($_POST,'verifyssl')) ? True : False); + $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['global_search_url'])) : ''); + $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['global_search_url'])) : ''); + $timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60); + + + set_config('config','sitename',$sitename); + if ($banner==""){ + // don't know why, but del_config doesn't work... + q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1", + dbesc("system"), + dbesc("banner") + ); + } else { + set_config('system','banner', $banner); + } + set_config('system','language', $language); + set_config('system','theme', $theme); + set_config('system','maximagesize', $maximagesize); + + set_config('config','register_policy', $register_policy); + set_config('config','register_text', $register_text); + set_config('system','allowed_sites', $allowed_sites); + set_config('system','allowed_email', $allowed_email); + set_config('system','block_public', $block_public); + set_config('system','publish_all', $force_publish); + if ($global_directory==""){ + // don't know why, but del_config doesn't work... + q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1", + dbesc("system"), + dbesc("directory_submit_url") + ); + } else { + set_config('system','directory_submit_url', $global_directory); + } + set_config('system','directory_search_url', $global_search_url); + set_config('system','block_extended_register', $no_multi_reg); + set_config('system','no_openid', $no_openid); + set_config('system','no_gravatar', $no_gravatar); + set_config('system','no_regfullname', $no_regfullname); + set_config('system','proxy', $no_utf); + set_config('system','rino_encrypt', $rino_enc); + set_config('system','verifyssl', $verifyssl); + set_config('system','proxyuser', $proxyuser); + set_config('system','proxy', $proxy); + set_config('system','curl_timeout', $timeout); + + + goaway($a->get_baseurl() . '/admin/site' ); + return; // NOTREACHED + +} + +function admin_page_site(&$a) { + + /* Installed langs */ + $lang_choices = array(); + $langs = glob('view/*/strings.php'); + + if(is_array($langs) && count($langs)) { + if(! in_array('view/en/strings.php',$langs)) + $langs[] = 'view/en/'; + asort($langs); + foreach($langs as $l) { + $t = explode("/",$l); + $lang_choices[$t[1]] = $t[1]; + } + } + + /* Installed themes */ + $theme_choices = array(); + $files = glob('view/theme/*'); + if($files) { + foreach($files as $file) { + $f = basename($file); + $theme_name = ((file_exists($file . '/experimental')) ? sprintf("%s - \x28Experimental\x29", $f) : $f); + $theme_choices[$f] = $theme_name; + } + } + + + /* Banner */ + $banner = get_config('system','banner'); + if($banner == false) + $banner = htmlspecialchars('<a href="http://project.friendika.com"><img id="logo-img" src="images/friendika-32.png" alt="logo" /></a><span id="logo-text"><a href="http://project.friendika.com">Friendika</a></span>'); + + //echo "<pre>"; var_dump($lang_choices); die("</pre>"); + + /* Register policy */ + $register_choices = Array( + REGISTER_CLOSED => t("Closed"), + REGISTER_APPROVE => t("Need approvation"), + REGISTER_OPEN => t("Open") + ); + + $t = get_markup_template("admin_site.tpl"); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Site'), + '$submit' => t('Submit'), + '$baseurl' => $a->get_baseurl(), + + // name, label, value, help string, extra data... + '$sitename' => array('sitename', t("Site name"), $a->config['sitename'], ""), + '$banner' => array('banner', t("Banner/Logo"), $banner, ""), + '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), + '$theme' => array('theme', t("System theme"), get_config('system','theme'), "Default system theme (which may be over-ridden by user profiles)", $theme_choices), + + '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), "Maximum size in bytes of uploaded images. Default is 0, which means no limits."), + + '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices), + '$register_text' => array('register_text', t("Register text"), $a->config['register_text'], "Will be displayed prominently on the registration page."), + '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), "Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains"), + '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), "Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains"), + '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), "Check to block public access to all otherwise public personal pages on this site unless you are currently logged in."), + '$force_publish' => array('publish_all', t("Force publish"), get_config('system','publish_all'), "Check to force all profiles on this site to be listed in the site directory."), + '$global_directory' => array('directory_submit_url', t("Global directory update URL"), get_config('system','directory_submit_url'), "URL to update the global directory. If this is not set, the global directory is completely unavailable to the application."), + '$global_search_url'=> array('directory_search_url', t("Global directory search URL"), get_config('system','directory_search_url'), ""), + + + '$no_multi_reg' => array('no_multi_reg', t("Block multiple registrations"), get_config('system','block_extended_register'), "Disallow users to register additional accounts for use as pages."), + '$no_openid' => array('no_openid', t("No OpenID support"), get_config('system','no_openid'), "Disable OpenID support for registration and logins."), + '$no_gravatar' => array('no_gravatar', t("No Gravatar support"), get_config('system','no_gravatar'), ""), + '$no_regfullname' => array('no_regfullname', t("No fullname check"), get_config('system','no_regfullname'), "If unchecked, force users to registrate with a space between his firsname and lastname in Full name, as an antispam measure"), + '$no_utf' => array('no_utf', t("No UTF-8 Regular expressions"), get_config('system','proxy'), "Default is false (meaning UTF8 regular expressions are supported and working)"), + + '$rino_enc' => array('rino_enc', t("Enable Rino encrypt"), get_config('system','rino_encrypt'),""), + '$verifyssl' => array('verifyssl', t("Verify SSL"), get_config('system','verifyssl'), "If you wish, you can turn on strict certificate checking. This will mean you cannot connect (at all) to self-signed SSL sites."), + '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), + '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), + '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), "Value is in seconds. Set to 0 for unlimited (not recommended)."), + + + )); + +} + + +/** + * Users admin page + */ +function admin_page_users_post(&$a){ + $users=array(); $pending=array(); + foreach($_POST as $k=>$v){ + if (substr($k,0,5)=="user_") $users[] = substr($k,5,strlen($k)-5); + if (substr($k,0,8)=="pending_") $users[] = substr($k,8,strlen($k)-8); + } + + if (x($_POST,'page_users_block')){ + foreach($users as $uid){ + q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s", + intval( $uid ) + ); + } + notice( sprintf( tt("%s user blocked", "%s users blocked", count($users)), count($users)) ); + } + if (x($_POST,'page_users_delete')){ + require_once("include/Contact.php"); + foreach($users as $uid){ + user_remove($uid); + } + notice( sprintf( tt("%s user deleted", "%s users deleted", count($users)), count($users)) ); + } + + if (x($_POST,'page_users_approve')){ + require_once("include/regmod.php"); + foreach($pending as $hash){ + user_allow($hash); + } + } + if (x($_POST,'page_users_deny')){ + require_once("include/regmod.php"); + foreach($pending as $hash){ + user_deny($hash); + } + } + goaway($a->get_baseurl() . '/admin/users' ); + return; // NOTREACHED +} + +function admin_page_users(&$a){ + if ($a->argc>2) { + $uid = $a->argv[3]; + $user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid)); + if (count($user)==0){ + notice( 'User not found' . EOL); + goaway($a->get_baseurl() . '/admin/users' ); + return; // NOTREACHED + } + switch($a->argv[2]){ + case "delete":{ + // delete user + require_once("include/Contact.php"); + user_remove($uid); + + notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); + }; break; + case "block":{ + q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s", + intval( 1-$user[0]['blocked'] ), + intval( $uid ) + ); + }; break; + } + goaway($a->get_baseurl() . '/admin/users' ); + return; // NOTREACHED + + } + + /* get pending */ + $pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email` + FROM `register` + LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid` + LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;"); + + /* get users */ + $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro` , `lastitem`.`changed` AS `lastitem_date` + FROM ( + SELECT `item`.`changed` , `item`.`uid` + FROM `item` + GROUP BY `uid` + ORDER BY `item`.`changed` + ) AS `lastitem` , `user` + LEFT JOIN `contact` ON `user`.`uid` = `contact`.`uid` + WHERE `user`.`verified` =1 + AND `contact`.`self` =1 + AND `lastitem`.`uid` = `user`.`uid` + ORDER BY `contact`.`name` + "); + + function _setup_users($e){ + $accounts = Array( + t('Normal Account'), + t('Soapbox Account'), + t('Community/Celebrity Account'), + t('Automatic Friend Account') + ); + $e['page-flags'] = $accounts[$e['page-flags']]; + $e['register_date'] = relative_date($e['register_date']); + $e['login_date'] = relative_date($e['login_date']); + $e['lastitem_date'] = relative_date($e['lastitem_date']); + return $e; + } + $users = array_map("_setup_users", $users); + + $t = get_markup_template("admin_users.tpl"); + return replace_macros($t, array( + // strings // + '$title' => t('Administration'), + '$page' => t('Users'), + '$submit' => t('Submit'), + '$select_all' => t('select all'), + '$h_pending' => t('User registrations waiting for confirm'), + '$th_pending' => array( t('Request date'), t('Name'), t('Email') ), + '$no_pending' => t('No registrations.'), + '$approve' => t('Approve'), + '$deny' => t('Deny'), + '$delete' => t('Delete'), + '$block' => t('Block'), + '$unblock' => t('Unblock'), + + '$h_users' => t('Users'), + '$th_users' => array( t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account') ), + + '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), + '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), + + + // values // + '$baseurl' => $a->get_baseurl(), + + '$pending' => $pending, + '$users' => $users, + )); + +} + + +/* + * Plugins admin page + */ + +function admin_page_plugins(&$a){ + + /** + * Single plugin + */ + if ($a->argc == 3){ + $plugin = $a->argv[2]; + if (!is_file("addon/$plugin/$plugin.php")){ + notice( t("Item not found.") ); + return; + } + + if (x($_GET,"a") && $_GET['a']=="t"){ + // Toggle plugin status + $idx = array_search($plugin, $a->plugins); + if ($idx){ + unset($a->plugins[$idx]); + uninstall_plugin($plugin); + } else { + $a->plugins[] = $plugin; + install_plugin($plugin); + } + set_config("system","addon", implode(", ",$a->plugins)); + goaway($a->get_baseurl() . '/admin/plugins' ); + return; // NOTREACHED + } + // display plugin details + require_once('library/markdown.php'); + + if (in_array($plugin, $a->plugins)){ + $status="on"; $action= t("Disable"); + } else { + $status="off"; $action= t("Enable"); + } + + $readme=Null; + if (is_file("addon/$plugin/README.md")){ + $readme = file_get_contents("addon/$plugin/README.md"); + $readme = Markdown($readme); + } else if (is_file("addon/$plugin/README")){ + $readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>"; + } + + $t = get_markup_template("admin_plugins_details.tpl"); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Plugins'), + '$toggle' => t('Toggle'), + '$baseurl' => $a->get_baseurl(), + + '$plugin' => $plugin, + '$status' => $status, + '$action' => $action, + '$info' => get_plugin_info($plugin), + + '$readme' => $readme + )); + } + + + + /** + * List plugins + */ + + $plugins = array(); + $files = glob("addon/*/"); + if($files) { + foreach($files as $file) { + if (is_dir($file)){ + list($tmp, $id)=array_map("trim", explode("/",$file)); + $info = get_plugin_info($id); + $plugins[] = array( $id, (in_array($id, $a->plugins)?"on":"off") , $info); + } + } + } + + $t = get_markup_template("admin_plugins.tpl"); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Plugins'), + '$submit' => t('Submit'), + '$baseurl' => $a->get_baseurl(), + + '$plugins' => $plugins + )); +} + + +/** + * Logs admin page + */ + +function admin_page_logs_post(&$a) { + if (x($_POST,"page_logs")) { + + $logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : ''); + $debugging = ((x($_POST,'debugging')) ? true : false); + $loglevel = ((x($_POST,'loglevel')) ? intval(trim($_POST['loglevel'])) : 0); + + set_config('system','logfile', $logfile); + set_config('system','debugging', $debugging); + set_config('system','loglevel', $loglevel); + + + } + + goaway($a->get_baseurl() . '/admin/logs' ); + return; // NOTREACHED +} + +function admin_page_logs(&$a){ + + $log_choices = Array( + LOGGER_NORMAL => 'Normal', + LOGGER_TRACE => 'Trace', + LOGGER_DEBUG => 'Debug', + LOGGER_DATA => 'Data', + LOGGER_ALL => 'All' + ); + + $t = get_markup_template("admin_logs.tpl"); + return replace_macros($t, array( + '$title' => t('Administration'), + '$page' => t('Logs'), + '$submit' => t('Submit'), + '$clear' => t('Clear'), + '$baseurl' => $a->get_baseurl(), + '$logname' => get_config('system','logfile'), + + // name, label, value, help string, extra data... + '$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""), + '$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), "Must be writable by web server. Relative to your Friendika index.php."), + '$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices), + )); +} + diff --git a/mod/regmod.php b/mod/regmod.php index 9873f1094..8e6a577d4 100644 --- a/mod/regmod.php +++ b/mod/regmod.php @@ -1,6 +1,96 @@ <?php +function user_allow($hash) { + $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", + dbesc($hash) + ); + + if(! count($register)) + return false; + + $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($register[0]['uid']) + ); + + if(! count($user)) + killme(); + + $r = q("DELETE FROM `register` WHERE `hash` = '%s' LIMIT 1", + dbesc($register[0]['hash']) + ); + + + $r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d LIMIT 1", + intval($register[0]['uid']) + ); + + $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1", + intval($user[0]['uid']) + ); + if(count($r) && $r[0]['net-publish']) { + $url = $a->get_baseurl() . '/profile/' . $user[0]['nickname']; + if($url && strlen(get_config('system','directory_submit_url'))) + proc_run('php',"include/directory.php","$url"); + } + + push_lang($register[0]['language']); + + $email_tpl = get_intltext_template("register_open_eml.tpl"); + $email_tpl = replace_macros($email_tpl, array( + '$sitename' => $a->config['sitename'], + '$siteurl' => $a->get_baseurl(), + '$username' => $user[0]['username'], + '$email' => $user[0]['email'], + '$password' => $register[0]['password'], + '$uid' => $user[0]['uid'] + )); + + $res = mail($user[0]['email'], sprintf(t('Registration details for %s'), $a->config['sitename']), + $email_tpl, + 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" + . 'Content-type: text/plain; charset=UTF-8' . "\n" + . 'Content-transfer-encoding: 8bit' ); + + pop_lang(); + + if($res) { + info( t('Account approved.') . EOL ); + return true; + } + +} + +function user_deny($hash) { + + $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", + dbesc($hash) + ); + + if(! count($register)) + return false; + + $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($register[0]['uid']) + ); + + $r = q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", + intval($register[0]['uid']) + ); + $r = q("DELETE FROM `contact` WHERE `uid` = %d LIMIT 1", + intval($register[0]['uid']) + ); + $r = q("DELETE FROM `profile` WHERE `uid` = %d LIMIT 1", + intval($register[0]['uid']) + ); + + $r = q("DELETE FROM `register` WHERE `hash` = '%s' LIMIT 1", + dbesc($register[0]['hash']) + ); + notice( sprintf(t('Registration revoked for %s'), $user[0]['username']) . EOL); + return true; + +} function regmod_content(&$a) { @@ -14,7 +104,7 @@ function regmod_content(&$a) { return $o; } - if((! (x($a->config,'admin_email'))) || ($a->config['admin_email'] !== $a->user['email'])) { + if(!is_site_admin()) { notice( t('Permission denied.') . EOL); return ''; } @@ -26,84 +116,12 @@ function regmod_content(&$a) { $hash = $a->argv[2]; - $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", - dbesc($hash) - ); - - - if(! count($register)) - killme(); - - $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", - intval($register[0]['uid']) - ); if($cmd === 'deny') { - - $r = q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", - intval($register[0]['uid']) - ); - $r = q("DELETE FROM `contact` WHERE `uid` = %d LIMIT 1", - intval($register[0]['uid']) - ); - $r = q("DELETE FROM `profile` WHERE `uid` = %d LIMIT 1", - intval($register[0]['uid']) - ); - - $r = q("DELETE FROM `register` WHERE `hash` = '%s' LIMIT 1", - dbesc($register[0]['hash']) - ); - notice( sprintf(t('Registration revoked for %s'), $user[0]['username']) . EOL); - return; - + if (!user_deny($hash)) killme(); } if($cmd === 'allow') { - - if(! count($user)) - killme(); - - $r = q("DELETE FROM `register` WHERE `hash` = '%s' LIMIT 1", - dbesc($register[0]['hash']) - ); - - - $r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d LIMIT 1", - intval($register[0]['uid']) - ); - - $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1", - intval($user[0]['uid']) - ); - if(count($r) && $r[0]['net-publish']) { - $url = $a->get_baseurl() . '/profile/' . $user[0]['nickname']; - if($url && strlen(get_config('system','directory_submit_url'))) - proc_run('php',"include/directory.php","$url"); - } - - push_lang($register[0]['language']); - - $email_tpl = get_intltext_template("register_open_eml.tpl"); - $email_tpl = replace_macros($email_tpl, array( - '$sitename' => $a->config['sitename'], - '$siteurl' => $a->get_baseurl(), - '$username' => $user[0]['username'], - '$email' => $user[0]['email'], - '$password' => $register[0]['password'], - '$uid' => $user[0]['uid'] - )); - - $res = mail($user[0]['email'], sprintf(t('Registration details for %s'), $a->config['sitename']), - $email_tpl, - 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" - . 'Content-type: text/plain; charset=UTF-8' . "\n" - . 'Content-transfer-encoding: 8bit' ); - - pop_lang(); - - if($res) { - info( t('Account approved.') . EOL ); - return; - } + if (!user_allow($hash)) killme(); } } |