aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/admin/user/ban.php13
-rw-r--r--actions/admin/user/delete.php15
-rw-r--r--actions/admin/user/removeadmin.php5
-rw-r--r--actions/admin/user/resetpassword.php14
-rw-r--r--actions/admin/user/unban.php6
-rw-r--r--languages/en.php3
6 files changed, 37 insertions, 19 deletions
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
index 6622673e6..5ad6c29c5 100644
--- a/actions/admin/user/ban.php
+++ b/actions/admin/user/ban.php
@@ -12,10 +12,15 @@
admin_gatekeeper();
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- if ($obj->ban('banned')) {
+if ($guid == get_loggedin_userid()) {
+ register_error(elgg_echo('admin:user:self:ban:no'));
+ forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->ban('banned')) {
system_message(elgg_echo('admin:user:ban:yes'));
} else {
register_error(elgg_echo('admin:user:ban:no'));
@@ -24,4 +29,4 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
register_error(elgg_echo('admin:user:ban:no'));
}
-forward('pg/admin/user/'); \ No newline at end of file
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
index e8d835722..a5e1886ec 100644
--- a/actions/admin/user/delete.php
+++ b/actions/admin/user/delete.php
@@ -15,13 +15,18 @@ admin_gatekeeper();
// Get the user
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-$name = $obj->name;
-$username = $obj->username;
+if ($guid == get_loggedin_userid()) {
+ register_error(elgg_echo('admin:user:self:delete:no'));
+ forward(REFERER);
+}
+
+$name = $user->name;
+$username = $user->username;
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- if ($obj->delete()) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->delete()) {
system_message(elgg_echo('admin:user:delete:yes', array($name)));
} else {
register_error(elgg_echo('admin:user:delete:no'));
diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php
index 468670940..97bfc396b 100644
--- a/actions/admin/user/removeadmin.php
+++ b/actions/admin/user/removeadmin.php
@@ -11,6 +11,11 @@ admin_gatekeeper();
$guid = get_input('guid');
$user = get_entity($guid);
+if ($guid == get_loggedin_userid()) {
+ register_error(elgg_echo('admin:user:self:removeadmin:no'));
+ forward(REFERER);
+}
+
if (($user instanceof ElggUser) && ($user->canEdit())) {
if ($user->removeAdmin()) {
system_message(elgg_echo('admin:user:removeadmin:yes'));
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
index 24127eb8b..14de69cb6 100644
--- a/actions/admin/user/resetpassword.php
+++ b/actions/admin/user/resetpassword.php
@@ -17,22 +17,22 @@
admin_gatekeeper();
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
$password = generate_random_cleartext_password();
// Always reset the salt before generating the user password.
- $obj->salt = generate_random_cleartext_password();
- $obj->password = generate_user_password($obj, $password);
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
- if ($obj->save()) {
+ if ($user->save()) {
system_message(elgg_echo('admin:user:resetpassword:yes'));
- notify_user($obj->guid,
+ notify_user($user->guid,
$CONFIG->site->guid,
elgg_echo('email:resetpassword:subject'),
- elgg_echo('email:resetpassword:body', array($obj->username, $password)),
+ elgg_echo('email:resetpassword:body', array($user->username, $password)),
NULL,
'email');
} else {
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
index 66173623a..883e074ed 100644
--- a/actions/admin/user/unban.php
+++ b/actions/admin/user/unban.php
@@ -12,10 +12,10 @@ $access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- if ($obj->unban()) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->unban()) {
system_message(elgg_echo('admin:user:unban:yes'));
} else {
register_error(elgg_echo('admin:user:unban:no'));
diff --git a/languages/en.php b/languages/en.php
index 118ad8883..ad6461fd0 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -519,10 +519,12 @@ To remove a widget drag it back to the <b>Widget gallery</b>.",
'admin:user:ban:no' => "Can not ban user",
'admin:user:ban:yes' => "User banned.",
+ 'admin:user:self:ban:no' => "You cannot ban yourself",
'admin:user:unban:no' => "Can not unban user",
'admin:user:unban:yes' => "User un-banned.",
'admin:user:delete:no' => "Can not delete user",
'admin:user:delete:yes' => "The user %s has been deleted",
+ 'admin:user:self:delete:no' => "You cannot delete yourself",
'admin:user:resetpassword:yes' => "Password reset, user notified.",
'admin:user:resetpassword:no' => "Password could not be reset.",
@@ -532,6 +534,7 @@ To remove a widget drag it back to the <b>Widget gallery</b>.",
'admin:user:removeadmin:yes' => "User is no longer an admin.",
'admin:user:removeadmin:no' => "We could not remove administrator privileges from this user.",
+ 'admin:user:self:removeadmin:no' => "You cannot remove your own administrator privileges.",
'admin:menu_items' => 'Menu Items',
'admin:menu_items:configure' => 'Configure main menu items',