"User Organiser", "version" => "0.1", "author" => "Starbeamrainbowlabs", "description" => "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding / removing accounts.", "id" => "feature-user-table", "code" => function() { global $settings, $env; /** * @api {get} ?action=user-table Get the user table * @apiName UserTable * @apiGroup Settings * @apiPermission Moderator */ /* * ██ ██ ███████ ███████ ██████ * ██ ██ ██ ██ ██ ██ * ██ ██ ███████ █████ ██████ █████ * ██ ██ ██ ██ ██ ██ * ██████ ███████ ███████ ██ ██ * * ████████ █████ ██████ ██ ███████ * ██ ██ ██ ██ ██ ██ ██ * ██ ███████ ██████ ██ █████ * ██ ██ ██ ██ ██ ██ ██ * ██ ██ ██ ██████ ███████ ███████ */ add_action("user-table", function() { global $settings, $env; if(!$env->is_logged_in || !$env->is_admin) { http_response_code(401); exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "
Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.
")); } $content = "(Warning! Deleting a user will wipe all their user data! It won't delete any pages they've created, their user page, or their avatar though, as those are part of the wiki itself.)
Username | Email Address | ||
---|---|---|---|
" . page_renderer::render_username($username) . " | "; if(!empty($user_data->email)) $content .= "" . htmlentities($user_data->email) . " | \n"; else $content .= "(None provided) | \n"; $content .= ""; if(module_exists("feature-user-preferences")) $content .= " | "; $content .= "Delete User"; $content .= " |
Only moderators (or better) may create users. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.
")); } if(!isset($_POST["user"])) { http_response_code(400); header("content-type: text/plain"); exit("Error: No username specified in the 'user' post parameter."); } $new_username = $_POST["user"]; $new_email = $_POST["email"] ?? null; // TODO: Validate & sanitize username / email $new_password = generate_password($settings->new_password_length); $user_data = new stdClass(); $user_data->password = hash_password($new_password); if(!empty($new_email)) $user_data->email = $new_email; $settings->users->$new_username = $user_data; // TODO: Save new user's data, display the password to the admin, and send email if we're able to }); if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.
"); } ]); /** * Generates a new (cryptographically secure) random password that's also readable (i.e. consonant-vowel-consonant). * This implementation may be changed in the future to use random dictionary words instead - ref https://xkcd.com/936/ * @param string $length The length of password to generate. * @return string The generated random password. */ function generate_password($length) { $vowels = "aeiou"; $consonants = "bcdfghjklmnpqrstvwxyz"; $result = ""; for($i = 0; $i < $length; $i++) { if($i % 2 == 0) $result .= $consonants[random_int(0, strlen($consonants) - 1)]; else $result .= $vowels[random_int(0, strlen($vowels) - 1)]; } return $result; }