"User Organiser", "version" => "0.1", "author" => "Starbeamrainbowlabs", "description" => "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding / removing accounts.", "id" => "feature-user-table", "code" => function() { global $settings, $env; /** * @api {get} ?action=user-table Get the user table * @apiName UserTable * @apiGroup Settings * @apiPermission Moderator */ /* * ██ ██ ███████ ███████ ██████ * ██ ██ ██ ██ ██ ██ * ██ ██ ███████ █████ ██████ █████ * ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ██ ██ * * ████████ █████ ██████ ██ ███████ * ██ ██ ██ ██ ██ ██ ██ * ██ ███████ ██████ ██ █████ * ██ ██ ██ ██ ██ ██ ██ * ██ ██ ██ ██████ ███████ ███████ */ add_action("user-table", function() { global $settings, $env; if(!$env->is_logged_in || !$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "

Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } $content = "

User Table

(Warning! Deleting a user will wipe all their user data! It won't delete any pages they've created, their user page, or their avatar though, as those are part of the wiki itself.)

\n"; foreach($settings->users as $username => $user_data) { $content .= ""; $content .= ""; if(!empty($user_data->email)) $content .= "\n"; else $content .= "\n"; $content .= ""; } $content .= "

Username	Email Address
" . page_renderer::render_username($username) . "	" . htmlentities($user_data->email) . "	(None provided)	"; if(module_exists("feature-user-preferences")) $content .= " \| "; $content .= "Delete User"; $content .= "

\n"; $content .= "

Add User

"; exit(page_renderer::render_main("User Table - $settings->sitename", $content)); }); add_action("user-add", function() { global $settings, $env; if(!$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Error: Unauthorised - Add User - $settings->sitename", "

Only moderators (or better) may create users. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } if(!isset($_POST["user"])) { http_response_code(400); header("content-type: text/plain"); exit("Error: No username specified in the 'user' post parameter."); } $new_username = $_POST["user"]; $new_email = $_POST["email"] ?? null; if(preg_match('/[^0-9a-zA-Z\-_]/', $new_username) !== 0) { http_response_code(400); exit(page_renderer::render_main("Error: Invalid Username - Add User - $settings->sitename", "

The username " . htmlentities($new_username) . " contains some invalid characters. Only a-z, A-Z, 0-9, -, and _ are allowed in usernames. Go back.

")); } if(!empty($new_email) && !filter_var($new_email, FILTER_VALIDATE_EMAIL)) { http_response_code(400); exit(page_renderer::render_main("Error: Invalid Email Address - Add User - $settings->sitename", "

The email address " . htmlentities($new_email) . " appears to be invalid. Go back.

")); } $new_password = generate_password($settings->new_password_length); $user_data = new stdClass(); $user_data->password = hash_password($new_password); if(!empty($new_email)) $user_data->email = $new_email; $settings->users->$new_username = $user_data; if(!save_settings()) { http_response_code(503); exit(page_renderer::render_main("Error: Failed to save settings - Add User - $settings->sitename", "

$settings->sitename failed to save the new user's data to disk. Please contact $settings->admindetails_name for assistance (their email address can be found at the bottom of this page).

")); } $welcome_email_result = email_user($new_username, "Welcome!", "Welcome to $settings->sitename, {username}! $env->user has created you an account. Here are your details: Url: " . substr(full_url(), 0, strrpos(full_url(), "?")) . " Username: {username} Password: $new_password It is advised that you change your password as soon as you login. You can do this by clicking the cog next to your name once you've logged in, and scrolling to the 'change password' heading. If you need any assistance, then the help page you can access at the bottom of every page on $settings->sitename has information on most aspects of $settings->sitename. --$settings->sitename, powered by Pepperminty Wiki https://github.com/sbrl/Pepperminty-Wiki/ "); $content = "

Add User

The new user was added to $settings->sitename sucessfully! Their details are as follows:

Username: $new_username
Email Address: $new_email
Password: $new_password

\n"; if($welcome_email_result) $content .= "

An email has been sent to the email address given above containing their login details.

\n"; $content .= "

Go back to the user table.

\n"; http_response_code(201); exit(page_renderer::render_main("Add User - $settings->sitename", $content)); }); if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "

As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.

"); } ]); /** * Generates a new (cryptographically secure) random password that's also readable (i.e. consonant-vowel-consonant). * This implementation may be changed in the future to use random dictionary words instead - ref https://xkcd.com/936/ * @param string $length The length of password to generate. * @return string The generated random password. */ function generate_password($length) { $vowels = "aeiou"; $consonants = "bcdfghjklmnpqrstvwxyz"; $result = ""; for($i = 0; $i < $length; $i++) { if($i % 2 == 0) $result .= $consonants[random_int(0, strlen($consonants) - 1)]; else $result .= $vowels[random_int(0, strlen($vowels) - 1)]; } return $result; }