From b6eda24adaf3607cf3437be0b8419215b52d662b Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Tue, 15 May 2018 23:25:39 +0100 Subject: [PATCH] Implement user deleting --- build/index.php | 85 ++++++++++++++++++++++++++++++++-- module_index.json | 2 +- modules/feature-user-table.php | 69 +++++++++++++++++++++++++-- 3 files changed, 146 insertions(+), 10 deletions(-) diff --git a/build/index.php b/build/index.php index 49039ae..28594a6 100644 --- a/build/index.php +++ b/build/index.php @@ -396,7 +396,7 @@ if($settings->sessionprefix == "auto") ///////////////////////////////////////////////////////////////////////////// /** The version of Pepperminty Wiki currently running. */ $version = "v0.17-dev"; -$commit = "116b643c6a9d3c6198151880f444507750e5c4cb"; +$commit = "f7f408280f0309e628099c4ba0f0cc59856742f7"; /// Environment /// /** Holds information about the current request environment. */ $env = new stdClass(); @@ -5932,7 +5932,7 @@ register_module([ }); /** - * @api {post} ?action=user-add Add a user + * @api {post} ?action=user-add Create a user account * @apiName UserAdd * @apiGroup Settings * @apiPermission Moderator @@ -6024,14 +6024,28 @@ https://github.com/sbrl/Pepperminty-Wiki/ /** - * @api {post} ?action=user-add Set a user's password + * @api {post} ?action=set-password Set a user's password * @apiName UserAdd * @apiGroup Settings * @apiPermission Moderator * - * @apiParam {string} user The username of the accunt to set the password for. + * @apiParam {string} user The username of the account to set the password for. * @apiParam {string} new-pass The new password for the specified username. */ + + /* + * ███████ ███████ ████████ + * ██ ██ ██ + * ███████ █████ ██ █████ + * ██ ██ ██ + * ███████ ███████ ██ + * + * ██████ █████ ███████ ███████ ██ ██ ██████ ██████ ██████ + * ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ███████ ██ █ ██ ██ ██ ██████ ██ ██ + * ██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ ██ ██ ██ + * ██ ██ ██ ███████ ███████ ███ ███ ██████ ██ ██ ██████ + */ add_action("set-password", function() { global $env, $settings; @@ -6056,13 +6070,74 @@ https://github.com/sbrl/Pepperminty-Wiki/ $settings->users->{$_POST["user"]}->password = hash_password($_POST["new-pass"]); if(!save_settings()) { http_response_code(503); - exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); + exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Nothing has been changed. Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); } exit(page_renderer::render_main("Set Password - $settings->sitename", "

" . htmlentities($_POST["user"]) . "'s password has been set successfully. Go back to the user table.

")); }); + /** + * @api {post} ?action=user-delete Delete a user account + * @apiName UserDelete + * @apiGroup Settings + * @apiPermission Moderator + * + * @apiParam {string} user The username of the account to delete. username. + */ + + /* + * ██ ██ ███████ ███████ ██████ + * ██ ██ ██ ██ ██ ██ + * ██ ██ ███████ █████ ██████ █████ + * ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ██ ██ + * + * ██████ ███████ ██ ███████ ████████ ███████ + * ██ ██ ██ ██ ██ ██ ██ + * ██ ██ █████ ██ █████ ██ █████ + * ██ ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ███████ ██ ███████ + */ + add_action("user-delete", function() { + global $env, $settings; + + if(!$env->is_admin || !$env->is_logged_in) { + http_response_code(403); + exit(page_renderer::render_main("Error - Delete User - $settings->sitename", "

Error: You aren't logged in as a moderator, so you don't have permission to delete a user's account.

")); + } + if(empty($_GET["user"])) { + http_response_code(400); + exit(page_renderer::render_main("Error - Delete User - $settings->sitename", "

Error: No username was provided in the user POST variable.

")); + } + if(empty($settings->users->{$_GET["user"]})) { + http_response_code(404); + exit(page_renderer::render_main("User not found - Delete User - $settings->sitename", "

Error: No user called {$_GET["user"]} was found, so their account can't be delete. Perhaps you spelt their account name incorrectly?

")); + } + + email_user($_GET["user"], "Account Deletion", "Hello, {$_GET["user"]}! + +This is a notification email from $settings->sitename, to let you know that $env->user has deleted your user account, so you won't be able to log in to your account anymore. + +If this was done in error, then please contact a moderator, or $settings->admindetails_name ($settings->sitename's Administrator) - whose email address can be found at the bottom of every page on $settings->sitename. + +--$settings->sitename +Powered by Pepperminty Wiki + +(Received this email in error? Please contact $settings->sitename's administrator as detailed above, as replying to this email may or may not reach a human at the other end)"); + + // Actually delete the account + unset($settings->users->{$_GET["user"]}); + + if(!save_settings()) { + http_response_code(503); + exit(page_renderer::render_main("Server Error - Delete User - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Nothing has been changed. Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); + } + + exit(page_renderer::render_main("Delete User - $settings->sitename", "

" . htmlentities($_GET["user"]) . "'s account has been deleted successfully. Go back to the user table.

")); + }); + + if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "

As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.

"); } ]); diff --git a/module_index.json b/module_index.json index ddda4a1..c5baeb9 100755 --- a/module_index.json +++ b/module_index.json @@ -140,7 +140,7 @@ "author": "Starbeamrainbowlabs", "description": "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding \/ removing accounts.", "id": "feature-user-table", - "lastupdate": 1526409428, + "lastupdate": 1526423111, "optional": false }, { diff --git a/modules/feature-user-table.php b/modules/feature-user-table.php index 8fa3db3..a069ce7 100644 --- a/modules/feature-user-table.php +++ b/modules/feature-user-table.php @@ -72,7 +72,7 @@ register_module([ }); /** - * @api {post} ?action=user-add Add a user + * @api {post} ?action=user-add Create a user account * @apiName UserAdd * @apiGroup Settings * @apiPermission Moderator @@ -164,12 +164,12 @@ https://github.com/sbrl/Pepperminty-Wiki/ /** - * @api {post} ?action=user-add Set a user's password + * @api {post} ?action=set-password Set a user's password * @apiName UserAdd * @apiGroup Settings * @apiPermission Moderator * - * @apiParam {string} user The username of the accunt to set the password for. + * @apiParam {string} user The username of the account to set the password for. * @apiParam {string} new-pass The new password for the specified username. */ @@ -210,13 +210,74 @@ https://github.com/sbrl/Pepperminty-Wiki/ $settings->users->{$_POST["user"]}->password = hash_password($_POST["new-pass"]); if(!save_settings()) { http_response_code(503); - exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); + exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Nothing has been changed. Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); } exit(page_renderer::render_main("Set Password - $settings->sitename", "

" . htmlentities($_POST["user"]) . "'s password has been set successfully. Go back to the user table.

")); }); + /** + * @api {post} ?action=user-delete Delete a user account + * @apiName UserDelete + * @apiGroup Settings + * @apiPermission Moderator + * + * @apiParam {string} user The username of the account to delete. username. + */ + + /* + * ██ ██ ███████ ███████ ██████ + * ██ ██ ██ ██ ██ ██ + * ██ ██ ███████ █████ ██████ █████ + * ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ██ ██ + * + * ██████ ███████ ██ ███████ ████████ ███████ + * ██ ██ ██ ██ ██ ██ ██ + * ██ ██ █████ ██ █████ ██ █████ + * ██ ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ███████ ██ ███████ + */ + add_action("user-delete", function() { + global $env, $settings; + + if(!$env->is_admin || !$env->is_logged_in) { + http_response_code(403); + exit(page_renderer::render_main("Error - Delete User - $settings->sitename", "

Error: You aren't logged in as a moderator, so you don't have permission to delete a user's account.

")); + } + if(empty($_GET["user"])) { + http_response_code(400); + exit(page_renderer::render_main("Error - Delete User - $settings->sitename", "

Error: No username was provided in the user POST variable.

")); + } + if(empty($settings->users->{$_GET["user"]})) { + http_response_code(404); + exit(page_renderer::render_main("User not found - Delete User - $settings->sitename", "

Error: No user called {$_GET["user"]} was found, so their account can't be delete. Perhaps you spelt their account name incorrectly?

")); + } + + email_user($_GET["user"], "Account Deletion", "Hello, {$_GET["user"]}! + +This is a notification email from $settings->sitename, to let you know that $env->user has deleted your user account, so you won't be able to log in to your account anymore. + +If this was done in error, then please contact a moderator, or $settings->admindetails_name ($settings->sitename's Administrator) - whose email address can be found at the bottom of every page on $settings->sitename. + +--$settings->sitename +Powered by Pepperminty Wiki + +(Received this email in error? Please contact $settings->sitename's administrator as detailed above, as replying to this email may or may not reach a human at the other end)"); + + // Actually delete the account + unset($settings->users->{$_GET["user"]}); + + if(!save_settings()) { + http_response_code(503); + exit(page_renderer::render_main("Server Error - Delete User - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Nothing has been changed. Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); + } + + exit(page_renderer::render_main("Delete User - $settings->sitename", "

" . htmlentities($_GET["user"]) . "'s account has been deleted successfully. Go back to the user table.

")); + }); + + if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "

As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.

"); } ]);