"User Organiser", "version" => "0.1", "author" => "Starbeamrainbowlabs", "description" => "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding / removing accounts.", "id" => "feature-user-table", "code" => function() { global $settings, $env; /** * @api {get} ?action=user-table Get the user table * @apiName UserTable * @apiGroup Settings * @apiPermission Moderator */ /* * ██ ██ ███████ ███████ ██████ * ██ ██ ██ ██ ██ ██ * ██ ██ ███████ █████ ██████ █████ * ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ██ ██ * * ████████ █████ ██████ ██ ███████ * ██ ██ ██ ██ ██ ██ ██ * ██ ███████ ██████ ██ █████ * ██ ██ ██ ██ ██ ██ ██ * ██ ██ ██ ██████ ███████ ███████ */ add_action("user-table", function() { global $settings, $env; if(!$env->is_logged_in || !$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "

Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } $content = "

User Table

(Warning! Deleting a user will wipe all their user data! It won't delete any pages they've created, their user page, or their avatar though, as those are part of the wiki itself.)

\n"; foreach($settings->users as $username => $user_data) { $content .= ""; $content .= ""; if(!empty($user_data->email)) $content .= "\n"; else $content .= "\n"; $content .= ""; } $content .= "

Username	Email Address
" . page_renderer::render_username($username) . "	" . htmlentities($user_data->email) . "	(None provided)	"; if(module_exists("feature-user-preferences")) $content .= " \| "; $content .= "Delete User"; $content .= "

\n"; $content .= "

Add User

"; exit(page_renderer::render_main("User Table - $settings->sitename", $content)); }); add_action("user-add", function() { global $settings, $env; if(!$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Error: Unauthorised - Add User - $settings->sitename", "

Only moderators (or better) may create users. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } if(!isset($_POST["user"])) { http_response_code(400); header("content-type: text/plain"); exit("Error: No username specified in the 'user' post parameter."); } $new_username = $_POST["user"]; $new_email = $_POST["email"] ?? null; if(preg_match('/[^0-9a-zA-Z\-_]/', $new_username) !== 0) { http_response_code(400); exit(page_renderer::render_main("Error: Invalid Username - Add User - $settings->sitename", "

The username " . htmlentities($new_username) . " contains some invalid characters. Only a-z, A-Z, 0-9, -, and _ are allowed in usernames. Go back.

")); } if(!empty($new_email) && !filter_var($new_email, FILTER_VALIDATE_EMAIL)) { http_response_code(400); exit(page_renderer::render_main("Error: Invalid Email Address - Add User - $settings->sitename", "

The email address " . htmlentities($new_email) . " appears to be invalid. Go back.

")); } $new_password = generate_password($settings->new_password_length); $user_data = new stdClass(); $user_data->password = hash_password($new_password); if(!empty($new_email)) $user_data->email = $new_email; $settings->users->$new_username = $user_data; // TODO: Save new user's data, display the password to the admin, and send email if we're able to }); if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "

As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.

"); } ]); /** * Generates a new (cryptographically secure) random password that's also readable (i.e. consonant-vowel-consonant). * This implementation may be changed in the future to use random dictionary words instead - ref https://xkcd.com/936/ * @param string $length The length of password to generate. * @return string The generated random password. */ function generate_password($length) { $vowels = "aeiou"; $consonants = "bcdfghjklmnpqrstvwxyz"; $result = ""; for($i = 0; $i < $length; $i++) { if($i % 2 == 0) $result .= $consonants[random_int(0, strlen($consonants) - 1)]; else $result .= $vowels[random_int(0, strlen($vowels) - 1)]; } return $result; }