diff options
-rw-r--r-- | actions/admin/user/ban.php | 1 | ||||
-rw-r--r-- | actions/admin/user/delete.php | 1 | ||||
-rw-r--r-- | actions/admin/user/makeadmin.php | 1 | ||||
-rw-r--r-- | actions/admin/user/resetpassword.php | 1 | ||||
-rw-r--r-- | actions/admin/user/unban.php | 1 | ||||
-rw-r--r-- | mod/profile/views/default/profile/menu/adminlinks.php | 14 |
6 files changed, 14 insertions, 5 deletions
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php index d64ae28a5..ce2631f54 100644 --- a/actions/admin/user/ban.php +++ b/actions/admin/user/ban.php @@ -14,6 +14,7 @@ // block non-admin users admin_gatekeeper(); + action_gatekeeper(); // Get the user $guid = get_input('guid'); diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php index 300fa5671..ea5f79079 100644 --- a/actions/admin/user/delete.php +++ b/actions/admin/user/delete.php @@ -14,6 +14,7 @@ // block non-admin users admin_gatekeeper(); + action_gatekeeper(); // Get the user $guid = get_input('guid'); diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php index a0826dff0..6466966c9 100644 --- a/actions/admin/user/makeadmin.php +++ b/actions/admin/user/makeadmin.php @@ -15,6 +15,7 @@ // block non-admin users admin_gatekeeper(); + action_gatekeeper(); // Get the user $guid = get_input('guid'); diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php index 6074777fe..60d739cf9 100644 --- a/actions/admin/user/resetpassword.php +++ b/actions/admin/user/resetpassword.php @@ -15,6 +15,7 @@ // block non-admin users admin_gatekeeper(); + action_gatekeeper(); // Get the user $guid = get_input('guid'); diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php index 61c62a47c..7f7ce3157 100644 --- a/actions/admin/user/unban.php +++ b/actions/admin/user/unban.php @@ -14,6 +14,7 @@ // block non-admin users admin_gatekeeper(); + action_gatekeeper(); $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php index c8f825949..ae8197fe0 100644 --- a/mod/profile/views/default/profile/menu/adminlinks.php +++ b/mod/profile/views/default/profile/menu/adminlinks.php @@ -14,16 +14,20 @@ // TODO: Add admin console options here if (isadminloggedin()){ if ($_SESSION['id']!=$vars['entity']->guid){ + + $ts = time(); + $token = generate_action_token($ts); + ?> <?php if ($vars['entity']->isEnabled()) { - ?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("ban"); ?></a><?php + ?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("ban"); ?></a><?php } else { - ?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("unban"); ?></a><?php + ?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("unban"); ?></a><?php } - ?><a href="<?php echo $vars['url']; ?>actions/admin/user/delete?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("delete"); ?></a> - <a href="<?php echo $vars['url']; ?>actions/admin/user/resetpassword?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("resetpassword"); ?></a> - <?php if (!$vars['entity']->admin) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/makeadmin?guid=<?php echo $vars['entity']->guid; ?>"><?php echo elgg_echo("makeadmin"); ?></a> <?php } ?> + ?><a href="<?php echo $vars['url']; ?>actions/admin/user/delete?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("delete"); ?></a> + <a href="<?php echo $vars['url']; ?>actions/admin/user/resetpassword?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("resetpassword"); ?></a> + <?php if (!$vars['entity']->admin) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/makeadmin?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("makeadmin"); ?></a> <?php } ?> <?php } |