AlternC/bureau/admin/adm_deactivate.php

<?php 
/*
 ----------------------------------------------------------------------
 LICENSE

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License (GPL)
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 To read the license please visit http://www.gnu.org/copyleft/gpl.html
 ----------------------------------------------------------------------
*/

/**
 * Page used by administrators to deactivate an account
 * and redirect its domains
 * 
 * @copyright AlternC-Team 2000-2017 https://alternc.com/
 */

require_once("../class/config.php");

include_once("head.php");

if (!$admin->enabled) {
	$msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
	echo $msg->msg_html_all();
	exit;
}
$fields = array (
	"uid"    		=> array ("request",  "integer", ""),
	"submit"    		=> array ("post", "string", ""),
	"redirect"    		=> array ("post", "string", ""),
);
getFields($fields);

if (!$uid) {
	$msg->raise("ERROR", "admin", _("Account not found"));
	echo $msg->msg_html_all();
	include_once("foot.php");
	exit();
}

if (!$admin->checkcreator($uid)) {
	$msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
	echo $msg->msg_html_all();
	include_once("foot.php");
	exit();
}

if (!$r=$admin->get($uid)) {
	$msg->raise("ERROR", "admin", _("User does not exist"));
	echo $msg->msg_html_all();
	include_once("foot.php");
	exit();
}

$confirmed = ($submit == _("Confirm"))?true:false;


if (! ($confirmed ) ) {
  print '<h2>' . _('WARNING: experimental feature, use at your own risk') . '</h2>';
  __("The following domains will be deactivated and redirected to the URL entered in the following box. A backup of the domain configuration will be displayed as a serie of SQL request that you can run to restore the current configuration if you want. Click confirm if you are sure you want to deactivate all this user's domains.");

  ?>
  <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
     <?php csrf_get(); ?>
  <input type="hidden" name="uid" value="<?php ehe($uid); ?>" />
  <?php __("Redirection URL:") ?> <input type="text" name="redirect" class="int" value="http://example.com/" />
  <input type="submit" name="submit" class="inb" value="<?php __("Confirm")?>" />
  <input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='adm_list.php'"/>
  </form><?php

  print "<h3>" . _("Domains of user: ") . $r["login"] . "</h3>";
} else {
  if (empty($redirect)) {
    $msg->raise("ERROR", "admin", _("Missing redirect url."));
    echo $msg->msg_html_all();
    include_once("foot.php");
    exit();
  } 
}

// this string will contain an SQL request that will be printed at the end of the process and that can be used to reload the old domain configuration
$backup = "";

# 1. list the domains of the user
# 1.1 list the domains
global $cuid;
$old_cuid = $cuid;
$cuid = $uid;
$domains = $dom->enum_domains();

if ($confirmed) {
  print "<pre>";
  printf(_("-- Redirecting all domains and subdomains of the user %s to %s\n"), $r['login'], $redirect);
}

reset($domains);
# 1.2 foreach domain, list the subdomains
foreach ($domains as $key => $domain) {
  if (!$confirmed) print '<h4>' . $domain . '</h4><ul>';
  $dom->lock();
  $r=$dom->get_domain_all($domain);
  $dom->unlock();
  # 2. for each subdomain
  if (is_array($r['sub'])) {
    foreach ($r['sub'] as $k => $sub) {
# shortcuts
      $type = $sub['type'];
      $dest = $sub['dest'];
      $sub = $sub['name'];
# if it's a real website
      if ($type == $dom->type_local) {
	if (!$confirmed) {
	  print "<li>";
	  if ($sub) {
	    print $sub . '.';
	  }
	  print "$domain -> $dest</li>";
	} else {

# 2.1 keep a copy of where it was, in an SQL request
	  $backup .= "UPDATE `sub_domaines` SET `type`='$type', valeur='$dest',web_action='UPDATE' WHERE `domaine`='$domain' AND sub='$sub';\n";
	  
# 2.2 change the subdomain to redirect to http://spam.koumbit.org/
	  $dom->lock();
	  if (!$dom->set_sub_domain($domain, $sub, $dom->type_url, "edit", $redirect)) {
          print "-- error in $sub.$domain: ";
          echo $msg->msg_html("ERROR");
	  }
	  $dom->unlock();
	}
      }
    }
  }
  if (!$confirmed) print '</ul>';
}

# 3. wrap up (?)
if ($confirmed) {
  print "-- The following is a serie of SQL request you can run, as root, to revert the user's domains to their previous state.\n";
  print $backup;
  print "</pre>";
}
$cuid = $old_cuid;

include_once("foot.php");

?>
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`<?php`
correct html tags on adm_deactivate 2007-08-26 20:06:39 +00:00			`/*`
			`----------------------------------------------------------------------`
			`LICENSE`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00
correct html tags on adm_deactivate 2007-08-26 20:06:39 +00:00			`This program is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU General Public License (GPL)`
			`as published by the Free Software Foundation; either version 2`
			`of the License, or (at your option) any later version.`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00
correct html tags on adm_deactivate 2007-08-26 20:06:39 +00:00			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`To read the license please visit http://www.gnu.org/copyleft/gpl.html`
			`----------------------------------------------------------------------`
			`*/`
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere 2017-10-12 15:54:48 +00:00
			`/**`
			`* Page used by administrators to deactivate an account`
			`* and redirect its domains`
			`*`
			`* @copyright AlternC-Team 2000-2017 https://alternc.com/`
			`*/`

correct html tags on adm_deactivate 2007-08-26 20:06:39 +00:00			`require_once("../class/config.php");`

Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("head.php");`

Register globals 2012-08-21 08:06:04 +00:00			`if (!$admin->enabled) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));`
classe admin / fichiers section admin associés 2017-08-15 15:03:56 +00:00			`echo $msg->msg_html_all();`
Register globals 2012-08-21 08:06:04 +00:00			`exit;`
			`}`
			`$fields = array (`
			`"uid" => array ("request", "integer", ""),`
			`"submit" => array ("post", "string", ""),`
			`"redirect" => array ("post", "string", ""),`
			`);`
			`getFields($fields);`

experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`if (!$uid) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("ERROR", "admin", _("Account not found"));`
classe admin / fichiers section admin associés 2017-08-15 15:03:56 +00:00			`echo $msg->msg_html_all();`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("foot.php");`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`exit();`
			`}`
Register globals 2012-08-21 08:06:04 +00:00
			`if (!$admin->checkcreator($uid)) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));`
classe admin / fichiers section admin associés 2017-08-15 15:03:56 +00:00			`echo $msg->msg_html_all();`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("foot.php");`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`exit();`
			`}`

			`if (!$r=$admin->get($uid)) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("ERROR", "admin", _("User does not exist"));`
classe admin / fichiers section admin associés 2017-08-15 15:03:56 +00:00			`echo $msg->msg_html_all();`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("foot.php");`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`exit();`
			`}`

Register globals 2012-08-21 08:06:04 +00:00			`$confirmed = ($submit == _("Confirm"))?true:false;`


			`if (! ($confirmed ) ) {`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`print '<h2>' . _('WARNING: experimental feature, use at your own risk') . '</h2>';`
			`__("The following domains will be deactivated and redirected to the URL entered in the following box. A backup of the domain configuration will be displayed as a serie of SQL request that you can run to restore the current configuration if you want. Click confirm if you are sure you want to deactivate all this user's domains.");`

			`?>`
Register globals 2012-08-21 08:06:04 +00:00			`<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">`
[wip] securing all forms through CSRF management (requires a new table) 2016-05-20 12:21:47 +00:00			`<?php csrf_get(); ?>`
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-22 18:14:26 +00:00			`<input type="hidden" name="uid" value="<?php ehe($uid); ?>" />`
Fix #1299 2012-08-20 08:49:22 +00:00			`<?php __("Redirection URL:") ?> <input type="text" name="redirect" class="int" value="http://example.com/" />`
			`<input type="submit" name="submit" class="inb" value="<?php __("Confirm")?>" />`
modifs liste des admins, debut d'ergo pour cette partie 2010-04-29 10:43:32 +00:00			`<input type="button" class="inb" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='adm_list.php'"/>`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`</form><?php`

			`print "<h3>" . _("Domains of user: ") . $r["login"] . "</h3>";`
			`} else {`
Register globals 2012-08-21 08:06:04 +00:00			`if (empty($redirect)) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("ERROR", "admin", _("Missing redirect url."));`
classe admin / fichiers section admin associés 2017-08-15 15:03:56 +00:00			`echo $msg->msg_html_all();`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("foot.php");`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`exit();`
Register globals 2012-08-21 08:06:04 +00:00			`}`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`}`

[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere 2017-10-12 15:54:48 +00:00			`// this string will contain an SQL request that will be printed at the end of the process and that can be used to reload the old domain configuration`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`$backup = "";`

			`# 1. list the domains of the user`
			`# 1.1 list the domains`
			`global $cuid;`
			`$old_cuid = $cuid;`
			`$cuid = $uid;`
			`$domains = $dom->enum_domains();`

			`if ($confirmed) {`
			`print "<pre>";`
			`printf(_("-- Redirecting all domains and subdomains of the user %s to %s\n"), $r['login'], $redirect);`
			`}`

			`reset($domains);`
			`# 1.2 foreach domain, list the subdomains`
			`foreach ($domains as $key => $domain) {`
			`if (!$confirmed) print '<h4>' . $domain . '</h4><ul>';`
			`$dom->lock();`
classe admin / fichiers section admin associés 2017-08-15 15:03:56 +00:00			`$r=$dom->get_domain_all($domain);`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`$dom->unlock();`
			`# 2. for each subdomain`
modifs liste des admins, debut d'ergo pour cette partie 2010-04-29 10:43:32 +00:00			`if (is_array($r['sub'])) {`
			`foreach ($r['sub'] as $k => $sub) {`
			`# shortcuts`
			`$type = $sub['type'];`
			`$dest = $sub['dest'];`
			`$sub = $sub['name'];`
			`# if it's a real website`
			`if ($type == $dom->type_local) {`
			`if (!$confirmed) {`
			`print "<li>";`
			`if ($sub) {`
			`print $sub . '.';`
			`}`
			`print "$domain -> $dest</li>";`
			`} else {`

			`# 2.1 keep a copy of where it was, in an SQL request`
Correction de bugs Correction d'identations 2011-03-06 19:11:49 +00:00			$backup .= "UPDATE `sub_domaines` SET `type`='$type', valeur='$dest',web_action='UPDATE' WHERE `domaine`='$domain' AND sub='$sub';\n";
modifs liste des admins, debut d'ergo pour cette partie 2010-04-29 10:43:32 +00:00
			`# 2.2 change the subdomain to redirect to http://spam.koumbit.org/`
			`$dom->lock();`
			`if (!$dom->set_sub_domain($domain, $sub, $dom->type_url, "edit", $redirect)) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`print "-- error in $sub.$domain: ";`
			`echo $msg->msg_html("ERROR");`
modifs liste des admins, debut d'ergo pour cette partie 2010-04-29 10:43:32 +00:00			`}`
			`$dom->unlock();`
experimental feature: a harsh mass-redirection script that can be used to temporarly turn off (by redirecting them) a user's subdomains (all of them) temporarly, because a SQL dump is showed to allow the admin to restore the previous state. experimental, because the SQL dump should probably be hidden from the admin and that this whole thing should probably be called something else than "deactivate" and might be better somewhere else than in adm_list.php. harsh, because there could be other ways to deal with evil users. this is the best solution I have found for accounts that are victims of spambots. 2006-08-12 00:04:12 +00:00			`}`
			`}`
			`}`
			`}`
			`if (!$confirmed) print '</ul>';`
			`}`

			`# 3. wrap up (?)`
			`if ($confirmed) {`
			`print "-- The following is a serie of SQL request you can run, as root, to revert the user's domains to their previous state.\n";`
			`print $backup;`
			`print "</pre>";`
			`}`
			`$cuid = $old_cuid;`
correct html tags on adm_deactivate 2007-08-26 20:06:39 +00:00
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("foot.php");`

correct html tags on adm_deactivate 2007-08-26 20:06:39 +00:00			`?>`