6 files changed, 194 insertions, 0 deletions
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
new file mode 100644
index 000000000..209ece2a0
--- /dev/null
+++ b/actions/admin/user/ban.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Bans a user.
+ *
+ * User entities are banned by setting the 'banned' column
+ * to 'yes' in the users_entity table.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+	register_error(elgg_echo('admin:user:self:ban:no'));
+	forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->ban('banned')) {
+		system_message(elgg_echo('admin:user:ban:yes'));
+	} else {
+		register_error(elgg_echo('admin:user:ban:no'));
+	}
+} else {
+	register_error(elgg_echo('admin:user:ban:no'));
+}
+
+forward(REFERER);
+\ No newline at end of file
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
new file mode 100644
index 000000000..7cfbd0925
--- /dev/null
+++ b/actions/admin/user/delete.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Delete a user.
+ *
+ * The user will be deleted recursively, meaning all entities
+ * owned or contained by the user will also be removed.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+// Get the user
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+	register_error(elgg_echo('admin:user:self:delete:no'));
+	forward(REFERER);
+}
+
+$name = $user->name;
+$username = $user->username;
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->delete()) {
+		system_message(elgg_echo('admin:user:delete:yes', array($name)));
+	} else {
+		register_error(elgg_echo('admin:user:delete:no'));
+	}
+} else {
+	register_error(elgg_echo('admin:user:delete:no'));
+}
+
+// forward to user administration if on a user's page as it no longer exists
+$forward = REFERER;
+if (strpos($_SERVER['HTTP_REFERER'], $username) != FALSE) {
+	$forward = "admin/users/newest";
+}
+
+forward($forward);
diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php
new file mode 100644
index 000000000..54b0b7070
--- /dev/null
+++ b/actions/admin/user/makeadmin.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Grants admin privileges to a user.
+ *
+ * In >=1.7.1, admin is flagged by setting the admin
+ * column in the users_entity table.
+ *
+ * In <1.7.1, admin is a piece of metadata on the user object.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->makeAdmin()) {
+		system_message(elgg_echo('admin:user:makeadmin:yes'));
+	} else {
+		register_error(elgg_echo('admin:user:makeadmin:no'));
+	}
+} else {
+	register_error(elgg_echo('admin:user:makeadmin:no'));
+}
+
+forward(REFERER);
diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php
new file mode 100644
index 000000000..8cebc7078
--- /dev/null
+++ b/actions/admin/user/removeadmin.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Revokes admin privileges from a user.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+	register_error(elgg_echo('admin:user:self:removeadmin:no'));
+	forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->removeAdmin()) {
+		system_message(elgg_echo('admin:user:removeadmin:yes'));
+	} else {
+		register_error(elgg_echo('admin:user:removeadmin:no'));
+	}
+} else {
+	register_error(elgg_echo('admin:user:removeadmin:no'));
+}
+
+forward(REFERER);
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
new file mode 100644
index 000000000..d019a7f55
--- /dev/null
+++ b/actions/admin/user/resetpassword.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * Reset a user's password.
+ *
+ * This is an admin action that generates a new salt and password
+ * for a user, then emails the password to the user's registered
+ * email address.
+ *
+ * NOTE: This is different to the "reset password" link users
+ * can use in that it does not first email the user asking if
+ * they want to have their password reset.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	$password = generate_random_cleartext_password();
+
+	// Always reset the salt before generating the user password.
+	$user->salt = generate_random_cleartext_password();
+	$user->password = generate_user_password($user, $password);
+
+	if ($user->save()) {
+		system_message(elgg_echo('admin:user:resetpassword:yes'));
+
+		notify_user($user->guid,
+			elgg_get_site_entity()->guid,
+			elgg_echo('email:resetpassword:subject'),
+			elgg_echo('email:resetpassword:body', array($user->username, $password)),
+			NULL,
+			'email');
+	} else {
+		register_error(elgg_echo('admin:user:resetpassword:no'));
+	}
+} else {
+	register_error(elgg_echo('admin:user:resetpassword:no'));
+}
+
+forward(REFERER);
+\ No newline at end of file
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
new file mode 100644
index 000000000..7a772a0d3
--- /dev/null
+++ b/actions/admin/user/unban.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Unbans a user.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
+ */
+
+$access_status = access_get_show_hidden_status();
+access_show_hidden_entities(true);
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->unban()) {
+		system_message(elgg_echo('admin:user:unban:yes'));
+	} else {
+		register_error(elgg_echo('admin:user:unban:no'));
+	}
+} else {
+	register_error(elgg_echo('admin:user:unban:no'));
+}
+
+access_show_hidden_entities($access_status);
+
+forward(REFERER);