chore: move user actions to user_action.php

2025-03-11 14:10:06 +01:00 · 2023-07-05 03:30:16 -04:00 · 2023-07-05 03:30:16 -04:00 · 81fcaf65d6
commit 81fcaf65d6
parent 265b85d489
6 changed files with 61 additions and 29 deletions
--- a/includes/common.php
+++ b/includes/common.php
@ -53,7 +53,11 @@ function urlForReport(Paste $paste) : string {
    return "/report.php?id={$paste->id}";
 }

-function urlForMember(User $user) : string {
+function urlForMember(int | User $user) : string {
+    if (is_int($user)) {
+        $user = User::find($user);
+    }
+
    if (PP_MOD_REWRITE) {
        return '/user/' . urlencode($user->username);
    }
--- a/public/admin/common.php
+++ b/public/admin/common.php
@ -17,6 +17,9 @@ if (!isset($_SESSION['admin_login'])) {
    if (isset($_POST['paste_id'])) {
        flashError('You must authenticate to perform that action.');
        $_SESSION['redirect_back'] = urlForPaste($_POST['paste_id']);
+    } elseif (isset($_POST['user_id'])) {
+        flashError('You must authenticate to perform that action.');
+        $_SESSION['redirect_back'] = urlForMember($_POST['user_id']);
    }

    header('Location: .');
--- a/public/admin/paste_action.php
+++ b/public/admin/paste_action.php
@ -17,6 +17,10 @@ if (!$paste) {
    die();
 }

+if (!verifyCsrfToken()) {
+    flashError('Invalid CSRF token (do you have cookies enabled?)');
+}
+
 if (isset($_POST['hide'])) {
    if (!can('hide', $paste)) {
        flashError('You do not have permission to hide this paste.');
--- a/public/admin/user_action.php
+++ b/public/admin/user_action.php
@ -0,0 +1,46 @@
+<?php
+define('IN_PONEPASTE', 1);
+require_once(__DIR__ . '/common.php');
+
+use PonePaste\Models\User;
+
+if (empty($_POST['user_id'])) {
+    echo "Error: No User ID specified.";
+    die();
+}
+
+$user = User::find((int) $_POST['user_id']);
+
+if (!$user) {
+    echo "Error: User not found.";
+    die();
+}
+
+if (!verifyCsrfToken()) {
+    flashError('Invalid CSRF token (do you have cookies enabled?)');
+}
+
+$can_administrate = can('administrate', $user);
+
+if (!$can_administrate) {
+    flashError('Error: You do not have permission to administrate this user.');
+} else {
+    if (isset($_POST['reset_password'])) {
+        $new_password = pp_random_password();
+        $user->password = pp_password_hash($new_password);
+        $user->save();
+
+        flashSuccess('Password reset to ' . $new_password);
+    } elseif (isset($_POST['change_role'])) {
+        if ($user->role === User::ROLE_MODERATOR) {
+            $user->role = 0;
+        } elseif ($user->role === 0) {
+            $user->role = User::ROLE_MODERATOR;
+        }
+
+        $user->save();
+        flashSuccess('Role changed.');
+    }
+}
+
+header('Location: ' . urlForMember($user));
--- a/public/user.php
+++ b/public/user.php
@ -28,35 +28,9 @@ if (!$profile_info) {

 $can_administrate = can('administrate', $profile_info);

-if ($can_administrate) {
-    if (isset($_POST['reset_password'])) {
-        if (!verifyCsrfToken()) {
-            flashError('Invalid CSRF token (do you have cookies enabled?)');
-        } else {
-            $new_password = pp_random_password();
-            $profile_info->password = pp_password_hash($new_password);
-            $profile_info->save();
-
-            flashSuccess('Password reset to ' . $new_password);
-        }
-    } elseif (isset($_POST['change_role'])) {
-        if (!verifyCsrfToken()) {
-            flashError('Invalid CSRF token (do you have cookies enabled?)');
-        } else {
-            if ($profile_info->role === User::ROLE_MODERATOR) {
-                $profile_info->role = 0;
-            } elseif ($profile_info->role === 0) {
-                $profile_info->role = User::ROLE_MODERATOR;
-            }
-            $profile_info->save();
-            flashSuccess('Role changed.');
-        }
-    }
-}
-
 $p_title = $profile_username . "'s Public Pastes";

-// There has to be a way to do the sum in SQL rather than PHP, but I can't figure out ho to do it in Eloquent.
+// There has to be a way to do the sum in SQL rather than PHP, but I can't figure out how to do it in Eloquent.
 $total_pfav = array_sum(
    array_column(
        Paste::select('id')
--- a/theme/bulma/user_profile.php
+++ b/theme/bulma/user_profile.php
@ -52,8 +52,9 @@ if ($is_current_user && isset($_GET['tab']) && $_GET['tab'] === 'favourites') {
                    <?php if ($can_administrate): ?>
                        <div>
                            <p>Admin Actions:</p>
-                            <form method="post">
+                            <form method="post" action="/admin/user_action.php">
                                <input type="hidden" name="csrf_token" value="<?= $csrf_token ?>">
+                                <input type="hidden" name="user_id" value="<?= $profile_info->id ?>">
                                <button class="button is-small is-success" type="submit" name="reset_password">Reset
                                    Password
                                </button>