Fixes #332: Added tokens and action_gatekeeper()

git-svn-id: https://code.elgg.org/elgg/trunk@2056 36083f99-b078-4883-b0ff-0f9b5a30f544
author: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-06 21:29:37 +0000
committer: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> 2008-09-06 21:29:37 +0000
commit: f918ca09cec807801521059bac987793b3685139 (patch)
tree: 7b2a880f6154daa8242dd3f54ce76b8a77f4f0e5
parent: 01b84b7608d8a5510938438452f79288f24ba3fe (diff)
download: elgg-f918ca09cec807801521059bac987793b3685139.tar.gz
elgg-f918ca09cec807801521059bac987793b3685139.tar.bz2
6 files changed, 14 insertions, 5 deletions
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
index d64ae28a5..ce2631f54 100644
--- a/actions/admin/user/ban.php
+++ b/actions/admin/user/ban.php
@@ -14,6 +14,7 @@
 	
 	// block non-admin users
 	admin_gatekeeper();
+	action_gatekeeper();
 	
 	// Get the user 
 	$guid = get_input('guid');
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
index 300fa5671..ea5f79079 100644
--- a/actions/admin/user/delete.php
+++ b/actions/admin/user/delete.php
@@ -14,6 +14,7 @@
 
 	// block non-admin users
 	admin_gatekeeper();
+	action_gatekeeper();
 	
 	// Get the user 
 	$guid = get_input('guid');
diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php
index a0826dff0..6466966c9 100644
--- a/actions/admin/user/makeadmin.php
+++ b/actions/admin/user/makeadmin.php
@@ -15,6 +15,7 @@
 	
 	// block non-admin users
 	admin_gatekeeper();
+	action_gatekeeper();
 	
 	// Get the user 
 	$guid = get_input('guid');
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
index 6074777fe..60d739cf9 100644
--- a/actions/admin/user/resetpassword.php
+++ b/actions/admin/user/resetpassword.php
@@ -15,6 +15,7 @@
 	
 	// block non-admin users
 	admin_gatekeeper();
+	action_gatekeeper();
 	
 	// Get the user 
 	$guid = get_input('guid');
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
index 61c62a47c..7f7ce3157 100644
--- a/actions/admin/user/unban.php
+++ b/actions/admin/user/unban.php
@@ -14,6 +14,7 @@
 	
 	// block non-admin users
 	admin_gatekeeper();
+	action_gatekeeper();
 	
 	$access_status = access_get_show_hidden_status();
 	access_show_hidden_entities(true);
diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php
index c8f825949..ae8197fe0 100644
--- a/mod/profile/views/default/profile/menu/adminlinks.php
+++ b/mod/profile/views/default/profile/menu/adminlinks.php
@@ -14,16 +14,20 @@
 			// TODO: Add admin console options here
 			if (isadminloggedin()){
 				if ($_SESSION['id']!=$vars['entity']->guid){
+					
+					$ts = time();
+					$token = generate_action_token($ts);
+					
 ?>
 				<?php 
 				if ($vars['entity']->isEnabled()) {
-					?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("ban"); ?></a><?php
+					?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("ban"); ?></a><?php
 				} else { 
-					?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("unban"); ?></a><?php 
+					?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("unban"); ?></a><?php 
 				}
-				?><a href="<?php echo $vars['url']; ?>actions/admin/user/delete?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("delete"); ?></a>				
-				<a href="<?php echo $vars['url']; ?>actions/admin/user/resetpassword?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("resetpassword"); ?></a>				
-				<?php if (!$vars['entity']->admin) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/makeadmin?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("makeadmin"); ?></a> <?php } ?>
+				?><a href="<?php echo $vars['url']; ?>actions/admin/user/delete?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("delete"); ?></a>				
+				<a href="<?php echo $vars['url']; ?>actions/admin/user/resetpassword?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("resetpassword"); ?></a>				
+				<?php if (!$vars['entity']->admin) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/makeadmin?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("makeadmin"); ?></a> <?php } ?>
 				
 <?php 
 				}
author	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-06 21:29:37 +0000
committer	marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>	2008-09-06 21:29:37 +0000
commit	f918ca09cec807801521059bac987793b3685139 (patch)
tree	7b2a880f6154daa8242dd3f54ce76b8a77f4f0e5
parent	01b84b7608d8a5510938438452f79288f24ba3fe (diff)
download	elgg-f918ca09cec807801521059bac987793b3685139.tar.gz elgg-f918ca09cec807801521059bac987793b3685139.tar.bz2