aboutsummaryrefslogtreecommitdiff
path: root/actions/admin/user
diff options
context:
space:
mode:
Diffstat (limited to 'actions/admin/user')
-rw-r--r--actions/admin/user/ban.php15
-rw-r--r--actions/admin/user/delete.php23
-rw-r--r--actions/admin/user/makeadmin.php4
-rw-r--r--actions/admin/user/removeadmin.php9
-rw-r--r--actions/admin/user/resetpassword.php20
-rw-r--r--actions/admin/user/unban.php10
6 files changed, 41 insertions, 40 deletions
diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
index 6622673e6..209ece2a0 100644
--- a/actions/admin/user/ban.php
+++ b/actions/admin/user/ban.php
@@ -9,13 +9,16 @@
* @subpackage Administration.User
*/
-admin_gatekeeper();
-
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:ban:no'));
+ forward(REFERER);
+}
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- if ($obj->ban('banned')) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->ban('banned')) {
system_message(elgg_echo('admin:user:ban:yes'));
} else {
register_error(elgg_echo('admin:user:ban:no'));
@@ -24,4 +27,4 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
register_error(elgg_echo('admin:user:ban:no'));
}
-forward('pg/admin/user/'); \ No newline at end of file
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
index 375f8b809..7cfbd0925 100644
--- a/actions/admin/user/delete.php
+++ b/actions/admin/user/delete.php
@@ -9,20 +9,21 @@
* @subpackage Administration.User
*/
-// block non-admin users - require since this action is not registered
-// @todo why isn't this action registered?
-admin_gatekeeper();
-
// Get the user
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
+
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:delete:no'));
+ forward(REFERER);
+}
-$name = $obj->name;
-$username = $obj->username;
+$name = $user->name;
+$username = $user->username;
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- if ($obj->delete()) {
- system_message(sprintf(elgg_echo('admin:user:delete:yes'), $name));
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->delete()) {
+ system_message(elgg_echo('admin:user:delete:yes', array($name)));
} else {
register_error(elgg_echo('admin:user:delete:no'));
}
@@ -33,7 +34,7 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
// forward to user administration if on a user's page as it no longer exists
$forward = REFERER;
if (strpos($_SERVER['HTTP_REFERER'], $username) != FALSE) {
- $forward = "pg/admin/user/";
+ $forward = "admin/users/newest";
}
forward($forward);
diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php
index f8a426a41..54b0b7070 100644
--- a/actions/admin/user/makeadmin.php
+++ b/actions/admin/user/makeadmin.php
@@ -11,8 +11,6 @@
* @subpackage Administration.User
*/
-admin_gatekeeper();
-
$guid = get_input('guid');
$user = get_entity($guid);
@@ -26,4 +24,4 @@ if (($user instanceof ElggUser) && ($user->canEdit())) {
register_error(elgg_echo('admin:user:makeadmin:no'));
}
-forward($_SERVER['HTTP_REFERER']);
+forward(REFERER);
diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php
index 9e8c55ac9..8cebc7078 100644
--- a/actions/admin/user/removeadmin.php
+++ b/actions/admin/user/removeadmin.php
@@ -6,11 +6,14 @@
* @subpackage Administration.User
*/
-admin_gatekeeper();
-
$guid = get_input('guid');
$user = get_entity($guid);
+if ($guid == elgg_get_logged_in_user_guid()) {
+ register_error(elgg_echo('admin:user:self:removeadmin:no'));
+ forward(REFERER);
+}
+
if (($user instanceof ElggUser) && ($user->canEdit())) {
if ($user->removeAdmin()) {
system_message(elgg_echo('admin:user:removeadmin:yes'));
@@ -21,4 +24,4 @@ if (($user instanceof ElggUser) && ($user->canEdit())) {
register_error(elgg_echo('admin:user:removeadmin:no'));
}
-forward($_SERVER['HTTP_REFERER']);
+forward(REFERER);
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
index c70410201..d019a7f55 100644
--- a/actions/admin/user/resetpassword.php
+++ b/actions/admin/user/resetpassword.php
@@ -14,25 +14,23 @@
* @subpackage Administration.User
*/
-admin_gatekeeper();
-
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
$password = generate_random_cleartext_password();
// Always reset the salt before generating the user password.
- $obj->salt = generate_random_cleartext_password();
- $obj->password = generate_user_password($obj, $password);
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
- if ($obj->save()) {
+ if ($user->save()) {
system_message(elgg_echo('admin:user:resetpassword:yes'));
- notify_user($obj->guid,
- $CONFIG->site->guid,
+ notify_user($user->guid,
+ elgg_get_site_entity()->guid,
elgg_echo('email:resetpassword:subject'),
- sprintf(elgg_echo('email:resetpassword:body'), $obj->username, $password),
+ elgg_echo('email:resetpassword:body', array($user->username, $password)),
NULL,
'email');
} else {
@@ -42,4 +40,4 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
register_error(elgg_echo('admin:user:resetpassword:no'));
}
-forward($_SERVER['HTTP_REFERER']); \ No newline at end of file
+forward(REFERER); \ No newline at end of file
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
index 2bc609b5c..7a772a0d3 100644
--- a/actions/admin/user/unban.php
+++ b/actions/admin/user/unban.php
@@ -6,16 +6,14 @@
* @subpackage Administration.User
*/
-admin_gatekeeper();
-
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- if ($obj->unban()) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->unban()) {
system_message(elgg_echo('admin:user:unban:yes'));
} else {
register_error(elgg_echo('admin:user:unban:no'));
@@ -26,4 +24,4 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
access_show_hidden_entities($access_status);
-forward($_SERVER['HTTP_REFERER']);
+forward(REFERER);
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-15 17:36:02 +0000