"User Organiser", "version" => "0.1.3", "author" => "Starbeamrainbowlabs", "description" => "Adds a organiser page that lets moderators (or better) control the registered user accounts, and perform administrative actions such as password resets, and adding / removing accounts.", "id" => "feature-user-table", "code" => function() { global $settings, $env; /** * @api {get} ?action=user-table Get the user table * @apiName UserTable * @apiGroup Settings * @apiPermission Moderator */ /* * ██ ██ ███████ ███████ ██████ * ██ ██ ██ ██ ██ ██ * ██ ██ ███████ █████ ██████ █████ * ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ██ ██ * * ████████ █████ ██████ ██ ███████ * ██ ██ ██ ██ ██ ██ ██ * ██ ███████ ██████ ██ █████ * ██ ██ ██ ██ ██ ██ ██ * ██ ██ ██ ██████ ███████ ███████ */ add_action("user-table", function() { global $settings, $env; if(!$env->is_logged_in || !$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "
Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.
")); } $content = "(Warning! Deleting a user will wipe all their user data! It won't delete any pages they've created, their user page, or their avatar though, as those are part of the wiki itself.)
Username | Email Address | ||
---|---|---|---|
" . page_renderer::render_username($username) . " | "; if(!empty($user_data->emailAddress)) $content .= "" . htmlentities($user_data->emailAddress) . " | \n"; else $content .= "(None provided) | \n"; $content .= ""; if(module_exists("feature-user-preferences")) $content .= " | "; $content .= "Delete User"; $content .= " |
Only moderators (or better) may create users. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.
")); } if(!isset($_POST["user"])) { http_response_code(400); header("content-type: text/plain"); exit("Error: No username specified in the 'user' post parameter."); } $new_username = $_POST["user"]; $new_email = $_POST["email"] ?? null; if(preg_match('/[^0-9a-zA-Z\-_]/', $new_username) !== 0) { http_response_code(400); exit(page_renderer::render_main("Error: Invalid Username - Add User - $settings->sitename", "The username " . htmlentities($new_username) . "
contains some invalid characters. Only a-z
, A-Z
, 0-9
, -
, and _
are allowed in usernames. Go back.
The email address " . htmlentities($new_email) . "
appears to be invalid. Go back.
$settings->sitename failed to save the new user's data to disk. Please contact ".htmlentities($settings->admindetails_name)." for assistance (their email address can be found at the bottom of this page).
")); } $welcome_email_result = email_user($new_username, "Welcome!", "Welcome to $settings->sitename, {username}! $env->user has created you an account. Here are your details: Url: " . substr(full_url(), 0, strrpos(full_url(), "?")) . " Username: {username} Password: $new_password It is advised that you change your password as soon as you login. You can do this by clicking the cog next to your name once you've logged in, and scrolling to the 'change password' heading. If you need any assistance, then the help page you can access at the bottom of every page on $settings->sitename has information on most aspects of $settings->sitename. --$settings->sitename, powered by Pepperminty Wiki https://github.com/sbrl/Pepperminty-Wiki/ "); $content = "The new user was added to $settings->sitename successfully! Their details are as follows:
$new_username
".htmlentities($new_email)."
".htmlentities($new_password)."
An email has been sent to the email address given above containing their login details.
\n"; $content .= "Go back to the user table.
\n"; http_response_code(201); exit(page_renderer::render_main("Add User - $settings->sitename", $content)); }); /** * @api {post} ?action=set-password Set a user's password * @apiName UserAdd * @apiGroup Settings * @apiPermission Moderator * * @apiParam {string} user The username of the account to set the password for. * @apiParam {string} new-pass The new password for the specified username. */ /* * ███████ ███████ ████████ * ██ ██ ██ * ███████ █████ ██ █████ * ██ ██ ██ * ███████ ███████ ██ * * ██████ █████ ███████ ███████ ██ ██ ██████ ██████ ██████ * ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ███████ ██ █ ██ ██ ██ ██████ ██ ██ * ██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ ██ ██ ██ * ██ ██ ██ ███████ ███████ ███ ███ ██████ ██ ██ ██████ */ add_action("set-password", function() { global $env, $settings; if(!$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "Error: You aren't logged in as a moderator, so you don't have permission to set a user's password.
")); } if(empty($_POST["user"])) { http_response_code(400); exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "Error: No username was provided via the 'user' POST parameter.
")); } if(empty($_POST["new-pass"])) { http_response_code(400); exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "Error: No password was provided via the 'new-pass' POST parameter.
")); } if(empty($settings->users->{$_POST["user"]})) { http_response_code(404); exit(page_renderer::render_main("User not found - Set Password - $settings->sitename", "Error: No user called '".htmlentities($_POST["user"])."' was found, so their password can't be set. Perhaps you forgot to create the user first?
")); } $settings->users->{$_POST["user"]}->password = hash_password($_POST["new-pass"]); if(!save_settings()) { http_response_code(503); exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "Error: $settings->sitename couldn't save the settings back to disk! Nothing has been changed. Please context ".htmlentities($settings->admindetails_name).", whose email address can be found at the bottom of this page.
")); } exit(page_renderer::render_main("Set Password - $settings->sitename", "" . htmlentities($_POST["user"]) . "'s password has been set successfully. Go back to the user table.
")); }); /** * @api {post} ?action=user-delete Delete a user account * @apiName UserDelete * @apiGroup Settings * @apiPermission Moderator * * @apiParam {string} user The username of the account to delete. username. */ /* * ██ ██ ███████ ███████ ██████ * ██ ██ ██ ██ ██ ██ * ██ ██ ███████ █████ ██████ █████ * ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ██ ██ * * ██████ ███████ ██ ███████ ████████ ███████ * ██ ██ ██ ██ ██ ██ ██ * ██ ██ █████ ██ █████ ██ █████ * ██ ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ███████ ██ ███████ */ add_action("user-delete", function() { global $env, $settings; if(!$env->is_admin || !$env->is_logged_in) { http_response_code(403); exit(page_renderer::render_main("Error - Delete User - $settings->sitename", "Error: You aren't logged in as a moderator, so you don't have permission to delete a user's account.
")); } if(empty($_GET["user"])) { http_response_code(400); exit(page_renderer::render_main("Error - Delete User - $settings->sitename", "Error: No username was provided in the user
POST variable.
Error: No user called ".htmlentities($_GET["user"])." was found, so their account can't be delete. Perhaps you spelt their account name incorrectly?
")); } email_user($_GET["user"], "Account Deletion", "Hello, {$_GET["user"]}! This is a notification email from $settings->sitename to let you know that $env->user has deleted your user account, so you won't be able to log in to your account anymore. If this was done in error, then please contact a moderator, or $settings->admindetails_name ($settings->sitename's Administrator) - whose email address can be found at the bottom of every page on $settings->sitename. --$settings->sitename Powered by Pepperminty Wiki (Received this email in error? Please contact $settings->sitename's administrator as detailed above, as replying to this email may or may not reach a human at the other end)"); // Actually delete the account unset($settings->users->{$_GET["user"]}); if(!save_settings()) { http_response_code(503); exit(page_renderer::render_main("Server Error - Delete User - $settings->sitename", "Error: $settings->sitename couldn't save the settings back to disk! Nothing has been changed. Please context ".htmlentities($settings->admindetails_name).", whose email address can be found at the bottom of this page.
")); } exit(page_renderer::render_main("Delete User - $settings->sitename", "" . htmlentities($_GET["user"]) . "'s account has been deleted successfully. Go back to the user table.
")); }); if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "As a moderator on $settings->sitename, you can use the User Table to administrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.
"); } ]); /** * Generates a new (cryptographically secure) random password that's also readable (i.e. consonant-vowel-consonant). * This implementation may be changed in the future to use random dictionary words instead - ref https://xkcd.com/936/ * @param string $length The length of password to generate. * @return string The generated random password. */ function generate_password($length) { $vowels = "aeiou"; $consonants = "bcdfghjklmnpqrstvwxyz"; $result = ""; for($i = 0; $i < $length; $i++) { if($i % 2 == 0) $result .= $consonants[random_int(0, strlen($consonants) - 1)]; else $result .= $vowels[random_int(0, strlen($vowels) - 1)]; } return $result; }